What happens if your account is hacked? - The impact of data leaks Link to heading

A data leak doesn’t just mean that someone else knows your password. The consequences can spread like a chain reaction. Often, they strike months or years later, when we have long forgotten the original event.

How does data get leaked? Link to heading

When a website’s database is hacked, the user data stored in it is leaked - email addresses, passwords, and possibly personal information. This data is usually:

1. Sold on the dark web to other criminals
2. Published on data leak collection sites
3. Used for automated attacks -credential stuffing, targeted phishing

Leaked databases remain in circulation for years. Data from a 2018 leak will still be actively used in 2025.

What can happen to leaked data? Link to heading

Account takeover Link to heading

If the password is reused, the attacker will try to use it to log in to other sites - email, banking, social media. This was discussed in more detail in the second part of the series.

Targeted phishing Link to heading

Leaked data enables personalized attacks. If the attacker knows your name, address, and which bank you have an account in, they can write a much more credible message than a generic phishing email.

Identity theft Link to heading

If your complete personal data (name, address, date of birth, tax ID) is leaked, the attacker can take out loans, sign contracts, or commit other abuses in your name. I have experienced this myself. It was a very unpleasant experience.

Blackmail Link to heading

Some data leaks may involve sensitive content, such as private messages, photos, and health information. These can also be used for blackmail.

When will you find out that you are affected? Link to heading

Often not for months. Hacked companies that stored the data do not always disclose everything immediately; sometimes they delay reporting the incident for legal or reputational reasons. Victims typically find out when:

• Their password manager or browser alerts them to the leak
• They receive a strange login notification from a service
• Someone else acts on their behalf
• They check the haveibeenpwned.com website

What should you do if you are affected? Link to heading

Immediately:

1. Change the password for the affected account to a unique, strong password
2. Change the password everywhere else you have used the same password
3. Enable two-factor authentication if you haven’t already
4. Check your account activity for unknown logins and changes

If financial data has also been leaked:

• Notify your bank
• Request a new card
• Monitor your account activity over the next few weeks

If your personal identification data has been leaked:

• Report it to the National Authority for Data Protection and Freedom of Information (NAIH)
• Consider credit monitoring

How can you prevent the most damage? Link to heading

Prevention is easier than cure:

• Use a unique password for each account - if one is leaked, the others remain secure
• Enable 2FA - a password alone is not enough to log in
• Check regularly on haveibeenpwned.com
• Notifications enabled - many services send emails when there is an unknown login attempt

Summary Link to heading

The impact of a data leak rarely stops at the original account. The real damage depends on how unique your account login details are - identical passwords, identical email addresses, lack of 2FA. The basic rules discussed so far are all designed to break this chain reaction.

This article is part of a series that aims to explain the basics of online security in simple terms.