Dosh dilemma – Chris’ ‘compromised’ account leaves him at a crossroads

Chris received an email from a well-known online shopping site, saying: “Your account password may have been compromised in a recent data breach." 

Now he’s stuck.

Chris uses the same password across multiple websites, including shopping, email and even banking. That means if one password is leaked, all his accounts could be at risk.

But then again, what if this email is a scam, just another phishing attempt trying to trick him into giving up personal information?

Chris isn’t sure what to do next.

Firstly Chris, you’re right to be cautious in these situations, as you can never be too sure.

When it comes to online security, it’s always best to pause and verify before clicking anything.

Here’s what Chris, and anyone else facing this kind of dilemma, should do.

Verify the email is legit

Before doing anything, double-check the email’s authenticity.

• don’t click any links in the email, as even if it looks official, it could be a fake
• instead, go directly to the retailer’s website by typing the address into the browser
• look for any alerts or blog posts confirming a recent breach
• if you’re still unsure, call the company’s customer service team to ask whether the email is real

Change the password immediately

If the breach is confirmed, or even suspected, quick action is key.

• log into the shopping site through the official website and change the password to a strong, unique one
• if the same password was used on any other sites, including email, social media and online banking, change those too

A good password should be long, use a mix of characters and be completely different from others.

Turn on two-factor authentication (2FA)

Enable 2FA wherever possible, especially on important accounts like:

• email
• online banking
• shopping and payment services

This adds an extra layer of security that makes it harder for anyone else to access your account, even if they have your password.

Keep an eye out for suspicious activity

Monitor accounts for anything unusual:

• check recent orders, saved payment details and login history
• review recent credit or debit card transactions
• set up notifications or alerts for login attempts or purchases, most shopping sites and banks offer this feature

Use a password manager

To avoid this situation in the future, Chris should start using a password manager. These tools:

• create strong, unique passwords for every website
• store them securely, so you don’t have to remember them all
• make logging in faster and safer across devices

By using a password manager, you’ll no longer need to rely on that one ‘go-to’ password.

Chris’ dilemma confirms how reusing passwords for speed and convenience can backfire. But by taking a few smart, simple steps, you can regain control, protect your accounts and build stronger habits going forward.