Browser-only breach tool

Breach Response Checklist

Turn a breach notice or suspicious login into a prioritized response plan: first-hour actions, next-day cleanup, account rotations, and evidence notes without entering secrets.

Check password strengthGenerate a passphrase2FA recovery checklistSecure note templateEmergency access checklistPasslock for MacBreach FAQ

Incident risk

82/100

High. The checklist sorts urgent containment before cleanup.

Risk

82/100

High

Urgency

Breach notice

Response speed

Rotate

12

Account groups

Response plan

Copy this into a private vault or export a local text file. It intentionally avoids passwords, card numbers, and account names.

Breach response checklist

Risk level: 82/100 (High)
Affected account type: Email
Password reused: Not sure
2FA status: Not sure
Payment info exposed: Not sure
Recovery email access: Yes
Device compromise concern: Not sure
Urgency: Breach notice

Prioritized checklist:
1. [Do first] Secure the recovery email - Confirm you can access the inbox, rotate its password, enable strong 2FA, remove unknown forwarding rules, and review recovery phone or email settings.
2. [First hour] Change the email password - Use a unique password or passphrase, save it in a private password manager, and do not reuse the old password pattern.
3. [First hour] Rotate reused-password accounts - Change accounts that share this password first: email, banking, work, cloud storage, social accounts, shopping accounts, and password managers.
4. [First hour] Turn on two-factor authentication - Enable an authenticator app, passkey, or hardware key. Save backup codes in a private vault after setup.
5. [First hour] Revoke unknown sessions and tokens - Sign out of other devices, remove unknown app passwords, disconnect suspicious third-party apps, and regenerate API keys if this account has them.
6. [First hour] Protect payment methods - Review recent transactions, freeze or replace exposed cards, enable bank alerts, and save support case numbers.
7. [Next 24 hours] Review account history - Check profile changes, recovery settings, shipping addresses, connected apps, recent downloads, inbox rules, and security notifications.
8. [Next 24 hours] Save evidence and support notes - Keep breach notices, suspicious login emails, transaction IDs, screenshots, support tickets, dates, and names of representatives you contacted.
9. [Next 24 hours] Document the new baseline - Record which accounts were changed, which sessions were revoked, which 2FA methods are active, and where backup codes are stored.

Accounts to rotate:
- Email
- Recovery email
- Password manager
- Banking and payment accounts
- Work or school accounts
- Cloud storage
- Primary social accounts
- Shopping accounts with saved cards
- Saved-card shopping accounts
- Bank or card portal
- Device sign-in account
- Browser sync account

Evidence/support notes:
- Save the original breach notice or suspicious-login email.
- Write down first-seen time, last-known-good login, and support ticket numbers.
- Keep screenshots of unauthorized changes before correcting them.
- Record every password rotation and 2FA change after it is done.
- Track card freezes, replacement card dates, disputes, and bank case IDs.

Do not add passwords, card numbers, backup codes, or private recovery secrets to this export unless it is stored in a private vault.
Generated locally by https://passlock.to/tools/breach-response-checklist

First-hour actions

  • Secure the recovery email
  • Change the email password
  • Rotate reused-password accounts
  • Turn on two-factor authentication
  • Revoke unknown sessions and tokens
  • Protect payment methods

Next-24-hour actions

  • Review account history
  • Save evidence and support notes
  • Document the new baseline

Accounts to rotate

  • Email
  • Recovery email
  • Password manager
  • Banking and payment accounts
  • Work or school accounts
  • Cloud storage
  • Primary social accounts
  • Shopping accounts with saved cards
  • Saved-card shopping accounts
  • Bank or card portal
  • Device sign-in account
  • Browser sync account

Evidence and support notes

  • Save the original breach notice or suspicious-login email.
  • Write down first-seen time, last-known-good login, and support ticket numbers.
  • Keep screenshots of unauthorized changes before correcting them.
  • Record every password rotation and 2FA change after it is done.
  • Track card freezes, replacement card dates, disputes, and bank case IDs.

Prioritized checklist

1
Do first

Secure the recovery email

Confirm you can access the inbox, rotate its password, enable strong 2FA, remove unknown forwarding rules, and review recovery phone or email settings.

Most account resets chain through email.

2
First hour

Change the email password

Use a unique password or passphrase, save it in a private password manager, and do not reuse the old password pattern.

The affected credential should stop working before more cleanup begins.

3
First hour

Rotate reused-password accounts

Change accounts that share this password first: email, banking, work, cloud storage, social accounts, shopping accounts, and password managers.

Credential stuffing works because attackers try exposed passwords on other services.

4
First hour

Turn on two-factor authentication

Enable an authenticator app, passkey, or hardware key. Save backup codes in a private vault after setup.

A second factor reduces damage if the password was exposed again.

5
First hour

Revoke unknown sessions and tokens

Sign out of other devices, remove unknown app passwords, disconnect suspicious third-party apps, and regenerate API keys if this account has them.

Password changes do not always kill existing sessions or integrations.

6
First hour

Protect payment methods

Review recent transactions, freeze or replace exposed cards, enable bank alerts, and save support case numbers.

Payment exposure needs a parallel financial cleanup track.

7
Next 24 hours

Review account history

Check profile changes, recovery settings, shipping addresses, connected apps, recent downloads, inbox rules, and security notifications.

Attackers often leave persistence in settings rather than obvious account activity.

8
Next 24 hours

Save evidence and support notes

Keep breach notices, suspicious login emails, transaction IDs, screenshots, support tickets, dates, and names of representatives you contacted.

Clear evidence makes bank, employer, platform, or identity-support conversations faster.

9
Next 24 hours

Document the new baseline

Record which accounts were changed, which sessions were revoked, which 2FA methods are active, and where backup codes are stored.

A written baseline keeps the response from turning into guesswork later.

Does this need login?

No. It runs in the browser and only uses broad incident conditions.

What should I do first?

Secure email and recovery paths, change the affected password, revoke sessions, then rotate reused-password accounts.

Should I export the plan?

Export only a secret-free checklist, then store any sensitive notes in a private vault.

Passlock for Mac · $14 lifetime

Done. Now lock it down for real.

The browser is fine for one-off checks. The app keeps your passwords, passkeys, and notes locked behind your Mac — offline by default, no cloud account, no subscription.

  • Master lock for your whole vaultLock everything behind one Mac-native gate when you step away.
  • 4 lock types, including Touch ID & passkeysPick the unlock method per item — password, Touch ID, passkey, or master.
  • Offline & native macOS KeychainNo subscription, no cloud account, no sync server reading your secrets.
See all featuresOne-time payment · macOS 14+ · Works offline
Passlock

Vault

All items

Unlocked

Bank · login

support@bank.com

iCloud

you@icloud.com

GitHub

@you

Email · personal

you@kitze.io

Master lock activeOffline · iCloud Keychain