Check your credit report today

Get peace of mind by checking your credit report. It’s free, forever.

Check your report

I have a stolen password - what should I do?

Found out you have a stolen password? Here's what to do.

Fixing stolen password

Check your credit report today

Get peace of mind by checking your credit report. It’s free, forever.

Check your report

If your dark web scan shows you have had a password stolen, it means they are available for criminals to use. While this doesn't mean criminals have already hacked into your accounts, it does mean you're vulnerable to identity fraud.

You should take action quickly to limit further damage. Here's what to do next:

1. Change your passwords for all your accounts

If you’re still using this password and you can see which account has been hacked, change it there first. But if like many people, you’ve used this password for lots of sites, you’ll need to change it for your other accounts too.

2. Prioritise your most important accounts

Changing passwords can be time-consuming, so prioritise these accounts:

  • Any account that provides access to other sites (e.g. your email account, password managers, Facebook, Google)
  • Financial accounts (e.g. your bank account, credit card account, PayPal, ClearScore and investment platforms)
  • Sites that hold your payment details (e.g. Amazon and other online shopping sites)
  • Government sites such as myGov which also has access to your Super

3. Use a different password for every account

To maintain security of your accounts, you need to use different passwords for every account, and make them as long as possible. Try joining three random words together for a stronger password.

4. Use a password manager

To keep track of all your passwords, you could try using a free password manager or a high-quality paid product with extra features.

5. Turn on two-factor authentication

We also recommend that you turn on two-factor authentication (2FA) on all your important accounts, including your ClearScore account. You can turn this on in your ClearScore account under ‘Login and security’. Two-factor authentication adds another layer of protection, by asking you to re-confirm your identity using something other than a password. This could be a text to your phone, or an authentication app, for example. Two-factor authentication is a must for your email, banking, social, PayPal, ClearScore and password manager accounts.

If your identity has been compromised on the dark web, you should also continue to monitor your credit report at least monthly to ensure nobody has taken credit out in your name. ClearScore also provides free alerts to let you know if there are new enquiries for credit under your name. Check your report here.


Stephen Smyth has worked in financial services since 1999, specialising in consumer credit. He has worked in banks and consumer credit companies in the United Kingdom, France, Spain, India, South African and has lived in Australia since 2013. He believes that people around the world can benefit from services liked ClearScore to make finances clearer, easier to understand and to find better deals to save money.