How to Protect Your Email From Data Breaches
Data breaches aren't a maybe — they're a when. Companies you trust will get hacked, and your address will end up in a leaked database. You can't prevent that, but you can make sure a breach exposes as little as possible.
Why breaches matter for your inbox
When a service is breached, attackers often get your email plus a password (or its hash). They then try that combination on other sites — “credential stuffing.” If you reuse passwords, one leak can unlock many accounts. And your leaked address becomes a fresh target for spam and phishing.
How to limit the blast radius
- Never reuse passwords. A unique password per site means one breach stays contained. Use a password manager.
- Turn on two-factor authentication wherever it's offered — especially your primary email.
- Compartmentalize addresses. A breach of a shopping site that only ever saw a throwaway or alias address can't connect to your bank login.
- Use disposable addresses for low-trust sign-ups, so the leaked address is one you've already abandoned.
After a breach: a short checklist
- Change the password on the breached site, and anywhere you reused it.
- Enable 2FA if you hadn't already.
- Watch for phishing that references the breached service — attackers exploit the news. See how to spot a phishing email.
- Check a breach-notification service periodically to know where your address has surfaced.
Assume every address you hand out will leak eventually. Then it's obvious why you'd give low-trust sites a disposable one and keep your real address for the few accounts that truly matter.
For everyday habits that support this, read 12 email privacy tips and disposable email vs. aliases.