Every week or so, news of yet another company’s data breach breaks. Often, the news stories will include a list of what data was or wasn’t compromised: emails, credit card numbers, addresses, etc.
So, you might assume that if a news story doesn’t include “passwords” on the list of compromised data after a breach, there’s no rush to go reset yours.
But actually, resetting your password for any compromised account, regardless of whether that password was exposed, is exactly what you should do.
Why you should update your password for any compromised account
Even though 91% of people know that reusing passwords across accounts is bad, 59% of people still reuse their passwords—even between personal and work accounts.
There’s a chance the password you’re using on a compromised account is also being used elsewhere. And if someone already has your email address or other personal information from one breach, and then gets your reused password through another, they can put two and two together to hack your accounts.
It’s also possible that the breadth or depth of a breach may not be apparent or reported until months later, so passwords may indeed have been involved. Why take the risk?
The bottom line: No matter the extent of a company’s data breach, you should go change that password ASAP.
Here are a few more tips for creating strong passwords, and other smart password practices