A security breach is an incident where confidential, sensitive, or protected information is accessed, stolen, or disclosed by an unauthorized party. This can happen to any organization—from a small business to a large corporation or government agency—and often involves personal data like names, email addresses, phone numbers, and, critically, passwords.

When a company suffers a security breach, hackers often steal a database containing user credentials. If you've used the same password on multiple sites, a breach on one site can lead to a security cascade that affects all your other accounts. This is the primary risk of password reuse.

Here’s how these types of hacks typically work:

1. Breach of a site: A hacker successfully breaches a site with weaker security, such as an old email provider, an old forum, an obscure online store, or a hobbyist site. They steal the database of email addresses and passwords.
2. Credential stuffing: The hacker then takes the stolen list of email address and password pairs and uses automated bots to try them on other popular sites (e.g., social media, banking, email, or e-commerce sites), including Angeleno Account. This automated process is known as a credential stuffing attack. The bots "stuff" the same credentials into thousands of login forms, hoping to find a match.
3. Account takeover: If you reused your password, the bot will successfully log in to your account on the new site. The attacker now has full control of your account. A compromised account allows an attacker to potentially steal your identity and target your financial accounts. And it could also allow them to amplify their attack by using your account to harm your contacts or target your accounts for other online services.

Protecting your Angeleno Account

Angeleno Account tracks security breaches that occur on other sites and apps. It uses web scanners and scrapers to search for your Angeleno Account email address and password in published security breaches. It also has a dedicated security team infiltrating criminal communities to gain access to breach data that isn’t otherwise available.

If Angeleno Account identifies that your account’s email address and password were part of a breach on another site or app, it protects your account from bad actors creating an account or signing in to your account. You will see an error message when you try to create an account, sign in, or change or reset your password with a breached email address and password.

Note: Angeleno Account’s ability to protect your account by blocking reused email address and password combinations that are breached on other sites and apps is a best effort. Angeleno Account cannot guarantee that it will detect all breaches of all other sites and apps to protect your account. To protect your Angeleno Account from these types of breaches, please see Angeleno Account’s recommendations in the How to protect yourself from future threats section below.

I got notified of a breach on another site

If you got an error message or received an email from Angeleno Account notifying you of a breach on another site, please:

1. Reset your Angeleno Account password immediately

   For your security, all login attempts to your Angeleno Account are currently blocked until you successfully reset your password. This is a mandatory step to protect your data. Use the "Forgot password?" link on the login page to create a new and unique password that you have never used before. Resetting your password

2. Review and update any accounts on other sites or apps

   If you are reusing this compromised password on any other site or app, please change those passwords immediately as they may also be vulnerable to compromise.

How to protect yourself from future threats

We strongly recommend adopting the following best practices to enhance your security:

• Use unique passwords for each account: Create a unique, strong password for every single online account. This prevents a breach on one site from affecting your accounts on other sites.
• Utilize a password manager: A password manager can securely store, generate, and autofill unique and complex passwords for all your accounts, making it easy to follow the "unique password" rule without having to memorize multiple passwords.
• Enable multi-factor authentication (MFA): Where available, always enable multi-factor authentication (MFA), also called two-factor authentication (2FA), or 2-step verification (2SV). MFA enhances your account security by requiring a second step when logging in, such as entering a code sent to your phone, after you enter your password. This makes it significantly harder for attackers to gain access, even if they manage to steal your password. Here’s a guide on how to enable MFA on Angeleno Account.

Can Angeleno Account tell me which other site was breached?

Angeleno Account utilizes a third party to enhance security by monitoring for data breaches. This third party stores email addresses and passwords that have been breached on other sites and apps and compares them to your Angeleno Account email address and password every time you try to create an account, sign in, or change or reset your password. However, for privacy and security reasons, the third party does not disclose the source (other sites or apps) of these breaches, and Angeleno Account is not provided with information on where the breach occurred. Angeleno Account does not have this information to share with you.