// Guides
Data leak — am I affected?
A data leak is the unauthorised disclosure of data — such as credentials — online. Leaked passwords are tried automatically across many services (credential stuffing). Checking and securing is therefore central.
Updated: 2026-06-19
Immediate steps
- 1Check whether your e-mail address appears in known leaks (e.g. HPI Identity Leak Checker, Have I Been Pwned).
- 2Change passwords of affected services — no reuse across accounts.
- 3Use a password manager so every account has its own password.
- 4Enable 2FA everywhere it is offered.
- 5Preserve unusual activity and login notifications (screenshots, timestamps).
- 6If online banking is affected: inform your bank and monitor accounts.
What not to do
- Do not keep using leaked passwords — not even slightly modified.
- Do not pay for “leak removal” offers — once leaked, data cannot be reliably deleted from the net.
- Do not ignore warnings — an old leak can be used for takeovers years later.
When professional help makes sense
We check discreetly whether and where your access or company data is circulating, prioritise hardening and can set up ongoing monitoring — without promising to “delete” leaked data.
Get in touchCommon questions
- What does a hit in the leak check mean?
- That your address appears in a known dataset. First change the passwords of the affected and most important services and enable 2FA.
- Can leaked data be deleted?
- No — once distributed, data cannot be reliably retrieved. Hardening and monitoring make sense, not paying for deletion promises.
- How often should I check?
- Regularly — or via ongoing monitoring that reports new hits automatically.