Direct and indirect risks to your accounts.
Normally, it’s just the one account.
However, there are scenarios where more might be at risk.
Become a Patron of Ask Leo! and go ad-free!
Data breaches exposing multiple accounts?
It’s rare that a data breach includes more than one account. A breached account rarely impacts the security of your other accounts unless it happens to be the sign-in account or recovery account for other services. Regardless, if your account is involved in a breach, change its password just in case.
Breach does not mean access
Let’s clear something up first: just because your account was involved in a breach doesn’t mean your account has been compromised.
Most breaches leak data, it’s true, but that data rarely allows hackers into your account. It simply exposes things like your email address and maybe some other data, but not enough to gain access. Even when you hear the phrase “hashed passwords” being included in the breach, that generally does not mean hackers have your password.
I’ve used words like rarely and generally above because sometimes when security isn’t done properly, hackers can use information in a breach to gain direct access to your account. It’s rare these days, but still possible.
Worse, we generally don’t know exactly what the ramifications of a breach are until long after it’s passed.
Hence, the common advice is to change your password and add two-factor authentication to further secure your account, just in case.
Accounts on a device don’t relate
You said you have multiple accounts on the phone. That really has nothing to do with how at-risk the other accounts might be.
That they’re on your phone is generally irrelevant. If one account is part of a breach, even if the account is actually hacked, the other accounts on your phone are usually unaffected.
Of course, if your phone is itself hacked, then everything on the phone is at risk. Hacks are extremely rare while you’re in possession of your phone. If you lose your phone or it inexplicably stops working, contact your mobile provider right away.
The slightly risky scenario
There is one scenario where the risks are somewhat higher, but a number of things have to happen.
- One of your accounts is involved in a data breach. (This is common.)
- That breach exposes your password or enough other information for a hacker to actually hack into your account. (This is rare.)
- That account is the sign-in, “alternate email”, or backup account for one or more of your other accounts. (This is common if the breached account is an email account.)
- Hackers realize #3. (Neither rare nor common, although it happens on occasion.)
In this scenario, the hackers can now reset the passwords on the linked accounts and hack into those as well.
As I said, it’s not common, as a number of things have to line up. It’s not something I worry about when one of my email accounts is involved in a breach.
And it has nothing to do with what’s on your phone.
One breach, multiple accounts
To be complete, there’s one data-breach scenario I’ve never heard of happening that could put multiple accounts at risk.
That’s if the breached service included information about multiple accounts of yours. Password vaults come to mind.
But re-read what I just said: I’ve never heard of it happening. Reputable password vaults do security right. Even if they were breached (which, I’ll say yet again, has not to my knowledge happened for any of the major players) the data any hackers would get would be useless, encrypted blobs of random data.
If you’re notified that an account of yours is involved in a breach, change the password. You might not technically need to, but it’s an easy and simple way to minimize any impact.
As for your other accounts, treat them as you would all your accounts:
- Strong password.
- Different password for every account.
- Two-factor authentication for those accounts that support it.
Something else you can do? Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.