Have I been pwned? 4 steps to take if your email has been compromised

person with device and text pwned
Luciano Mondragon
Luciano Mondragon
16 May 2024
5 min read

If your email has been pwned, your personal information is in danger. This article guides you on what to do next. (PLUS! 5 tips on how to avoid getting pwned in the first place.)

What’s the meaning of ‘Have I been pwned?’

The term ‘pwned’ was originally coined by gamers to mean ‘owned’ (the ‘o’ being replaced by a ‘p’ due to their proximity on your keyboard). And when it comes to the question ‘Have I been pwned?’, ‘pwned’ means that someone has taken control of your email address, or a user profile that has been created with it.

Hacking an account is possibly the first step of identity theft, with online accounts often containing sensitive personal information, such as your credit card number, phone number, home address, and full name.

Identity theft can cause financial damage, intense personal stress, and a plethora of legal problems. And if your email account and password end up in the wrong hands, criminals can access your personal details and purchase goods in your name. Things can get even worse, though. Because if you have reused the same password and email on other accounts, criminals can access these profiles as well, increasing the risk of identity theft exponentially.

How does your email get pwned?

Your login credentials can be stolen in a number of ways – and there’s a significant data breach almost every week. So, it’s a good idea to regularly check if your information has been stolen in a data breach with F-Secure’s free Identity Theft Checker. But it doesn’t stop at data breaches. As your accounts can also be hacked through malware attacks, or through phishing scams.

But there’s no need to panic. If your account has been pwned, here are four things you can do to mitigate the risk:

1. Make sure your antivirus and operating system are up to date

Viruses and spyware can steal personal information and login credentials. Having up-to-date antivirus and operating systems on your devices is the best way to avoid having to ask the question: ‘Have I been pwned?’ The majority of core software that we use is regularly updated by vendors to prevent hackers from utilizing flaws and vulnerabilities. And so, turn on automatic updates, which can save you from a lot of trouble if you do not yet have them enabled.

2. Scan your device for malware

If there is malware on your device, changing your account password isn’t enough. That’s because a cyber attack can steal your newly created password using malware already installed on your device. So, before you change any passwords, run a virus scan. If the scan detects an infection, deal with it first. If you already changed passwords, change them again. Because they might have already been compromised. And read our latest malware tips for more in-depth advice on how to protect yourself.

3. Now, change your passwords

Changing your password is the most important thing to do if your account has been pwned. If you have reused your password on other accounts, you should change passwords for those accounts as well.

Criminals will try to access accounts with payment details and other valuable data. But if the attacker has already changed your password to in a hacked account, don’t panic. You may still be able to restore your account through the “forgot your password” function.

4. Check your email settings

If your email account has been pwned, criminals can set it to automatically forward your messages to the attacker and to send malware, phishing scams, or spam. So, check your settings and see if you find anything alarming.

You might also want to send an email to your contacts or post on social media that your email has been pwned, to warn against opening any attachments sent by you. This can save your contacts from being infected by malware.

6 ways to avoid asking ‘Have I been pwned?’

Dealing with a compromised email address is possible, but the best course of action is to never let it happen in the first place. And you can cut that risk significantly by following these simple steps:

  1. Pay attention to the sender addresses of emails and SMS messages; don’t fall for phishing or smishing

  2. Be cautious when you open files, links, or install programs. Your bank or authorities don’t ask you to authenticate information online. Most likely you didn’t win a lottery prize either, and the “hot singles in your area” would probably use other methods to contact you

  3. Enabling two-factor authentication is essential in protecting your online accounts. That’s why many banks and service providers use it. Follow their example when possible

  4. Set your email address under 24/7 breach monitoring, and you’ll get alerts when a data breach including your personal information has occurred. This gives you time to change the password before anyone can get into your account

  5. Rather than retrospectively installing an antivirus app after being pwned, get ahead of cyber scammers by never letting it happen in the first place. F-Secure Total comes with numerous ways to protect against cyber attacks, including Browsing Protection, which enables you to stay safe from harmful and dangerous web pages—ensuring your security and privacy. And you can try it for free for 30 days, with no credit card required.

  6. And finally, always use unique passwords. You can create unique passwords for free with F-Secure Strong Password Generator. Get a password manager, and you can then save all these passwords securely. This way they are always with you, and you can copy paste or autofill them when needed. It’s easier, safer, and faster.

devices secured illustration

Keep identity theft scams at bay

Protect your personal data with F-Secure Total

total app on different devices

Protect your email account with F‑Secure Total

F‑Secure online protection helps you avoid your email getting compromised. Block malware and get real-time alerts if a data breach threatens your accounts. Create and save unique passwords with a password manager and you’re well protected against security incidents.

  • 24/7 online identity and data breach monitoring.

  • Password manager with private data protection.

  • Award-winning antivirus and malware protection.

  • Unlimited VPN service to safeguard your privacy.

Read more about Total