What Should I Do Now?

• You should change the password on your account for the sites or services listed below. You can use the tools and guidance at the top of this page to help.
• If you have used the same password on other sites or services, consider changing the password on those accounts too.
• If the email address was leaked recently, you might see an increase in the number of unexpected messages in your Inbox. Be cautious about following links from senders you don't recognise or those asking for any sensitive details from you such as passwords or payment information. You can find some more guidance on spotting malicious emails on the NCSC website.
• You can signup to be automatically alerted if your email address is ever leaked in the future, by using the service Have I Been Pwned. The service is free and you only need to provide your email address to use it. Follow the 'Notify Me' link in the main menu.

Who Leaked It?

This doesn't necessarily mean one of your online accounts has been compromised, other people may be using the same password. However, any account that uses this password is at risk.

What Should I Do Now?

• Immediately change the password on any accounts where it's used. You can use the tools and guidance at the top of this page to help.
• If you have used a very similar password on any accounts, it should be changed there too.
• Check any important sites or services where you were using the password, for activity that you don't recognise. Contact the site or service if there are any signs your account was accessed by someone else.
• Consider using multi- or two-factor authentication (MFA or 2FA) on all online accounts to provide additional protection is your password is leaked. You can find some more guidance on setting up this layer of protection on the NCSC website.
• On many popular services you can enable 'sign in alerts' that will notify you whenever your account is accessed.