In The Event Of
Get started free

Account security

How to secure your email after a data breach

Your email account is one of the most important you own. Whoever controls it can reset passwords, intercept security codes, and reach your other accounts. If your details have been breached, secure your inbox first.

Last updated: 31 May 2026Independent guidance, Australia-first
Find accounts using this email

The short answer

After a breach, secure your email in this order: change to a long, unique passphrase, turn on multi-factor authentication, check your recovery email and phone, sign out of all other sessions, review forwarding rules and filters, remove unrecognised connected apps, check recent login activity, and then secure the other accounts that use this email. The forwarding-rules step is the one people miss. It is how attackers keep reading your mail after a password change.

In The Event Of is an Australian digital footprint manager that helps you find the accounts linked to your email, see your breach exposure, and get a prioritised plan of what to do after a breach or a life change.

Australian & independentThird-party security assessmentSources cited

Key takeaways

  • Your email is the recovery channel for everything else, secure it first.
  • A long, unique passphrase plus MFA are the two essential steps.
  • Check email forwarding rules: attackers use them to keep reading your mail.
  • Sign out of all sessions and review connected apps and recent activity.
  • Then work outward to the other accounts that rely on this email address.

Why it matters

Why your email account matters most

Most of your other accounts use your email for password resets and security codes. That makes the inbox a master key: an attacker who controls it can work their way into your banking, shopping and social accounts. The good news is that the Australian Cyber Security Centre's email account recovery guidance gives a clear, ordered set of steps.

The checklist

Secure your email, step by step

Email security checklist

  • Change your password to a long, unique passphrase, the ACSC recommends at least 15 characters made of four or more random words.
  • Turn on multi-factor authentication (an authenticator app or passkey is stronger than SMS).
  • Check your recovery email and phone number are accurate and under your control, attackers change these to keep a back door.
  • Sign out of all other devices and sessions to remove any existing access.
  • Review email forwarding rules and filters, and remove any you do not recognise.
  • Remove unrecognised connected apps that have access to your mailbox.
  • Check recent login activity for unfamiliar locations or devices.
  • Secure the other high-risk accounts that use this email, banking and government first.

The step most people miss: forwarding rules

The ACSC warns that cybercriminals often set up rules to forward your incoming email to another account, so they keep receiving your messages, including security codes, even after you change the password. Remove any forwarding rule or filter you do not recognise.

Step detail

Passphrase and MFA

Start with the password. ACSC guidance is that passphrases are most effective when they are long, unpredictable and unique. Then turn on multi-factor authentication, which the ACSC calls one of the most effective ways to protect an account. It means a stolen password alone is not enough to log in.

Step detail

Sessions, connected apps and recent activity

After changing the password, sign out everywhere so any existing attacker session is cut off. Then review the apps connected to your account, Google lets you see and remove third-party access, and check recent sign-ins. Microsoft's recent activity page shows where your account has been used in the last 30 days, which helps you spot unfamiliar access.

Then work outward

Secure the accounts that use this email

Once the inbox is locked down, address the accounts that depend on it. Start with the most sensitive, banking and government services, and work down. To do that efficiently you first need to know which accounts use the email: see how to find accounts linked to your email and the broader breach response guide.

Which accounts rely on this email?

In The Event Of maps the accounts tied to your email and ranks them by risk, so you know which to secure first after locking down your inbox.

Find accounts using this email

Using In The Event Of

How In The Event Of helps

Securing your inbox is step one; knowing what depends on it is step two. In The Event Of discovers the accounts linked to your email, flags breach exposure, and gives you a prioritised checklist with direct links to each service's security settings, so the “secure everything else” step becomes a guided list rather than a guessing game. You make the changes; the tool tracks what is done.

FAQ

Frequently asked questions

Does a breached email mean my inbox was hacked?
Not necessarily. It often just means your email address appeared in another company's breached data. But if the breach exposed a password you also use on your email, or you reused passwords, treat the inbox as compromised and secure it immediately.
What should I check first?
Change your passphrase, turn on multi-factor authentication, then check your recovery details, email forwarding rules, recent login activity and connected apps. The forwarding-rules check matters because an attacker can keep reading your mail even after you change the password.
Why are email forwarding rules so important?
The Australian Cyber Security Centre warns that cybercriminals often set up rules to forward incoming email to another account, so they keep receiving your messages, including security codes, after you regain access. Removing any forwarding rule you do not recognise closes that back door.
I changed my password but still see suspicious activity. What now?
Sign out of all sessions/devices, then re-check forwarding rules, connected apps and recovery details, as an attacker may have changed them. If you cannot regain control, use your provider's account-recovery process and contact IDCare (1800 595 160) for free guidance.

Sources

Where this information comes from

  1. Australian Cyber Security Centre, Recover a compromised email account
  2. Australian Cyber Security Centre, Passphrases
  3. Australian Cyber Security Centre, Multi-factor authentication
  4. Google, Manage connections between your Google Account & third parties
  5. Microsoft, The recent activity page
  6. NIST SP 800-63B, Digital Identity Guidelines (passphrases and MFA)
  7. US CISA, Multi-factor authentication (about 99% less likely to be hacked)

Related guides

Email in a data breach

Data breaches

Best footprint tools (AU)

Tools & comparisons

Find accounts linked to your email

Digital footprint

Digital footprint checklist

Digital footprint

Password manager vs breach monitor

Tools & comparisons

What data companies store

Digital footprint

Moving house address checklist

Life admin

All guides Australian data breach guides

Disclaimer: If you cannot regain control of your email account, use your provider's official recovery process and seek help from IDCare. This guide is general information only and is not legal, financial, or security advice. It is based on publicly available sources at the time of writing and may not reflect the most recent developments. In The Event Of Pty Ltd (ABN 38 687 352 647) is an independent Australian company and is not affiliated with the third-party services named in this guide.