Taking Action on Breaches

Immediate Steps

When your credentials appear in a breach:

  1. Change Passwords Immediately Change the password on the compromised service AND any other service where you've used the same password.

  2. Enable 2FA If not already enabled, add two-factor authentication to the compromised account.

  3. Review Account Activity Check for unauthorized logins, changes, or suspicious activity.

  4. Rotate Related Credentials If the breach included API keys or tokens, rotate them immediately.

  5. Monitor for Fraud If financial information was exposed, watch credit reports and bank accounts.

Organization-Wide Response

For Administrators:

  • Review all accounts the affected user has access to

  • Check audit logs for suspicious activity

  • Force password reset if necessary

  • Update security policies based on breach patterns

  • Communicate with affected team members

For Compliance:

  • Document the breach detection and response

  • Assess whether regulatory notification is required

  • Update risk registers

  • Include in security awareness training

Dismissing False Positives

Occasionally, breach alerts may be:

  • Old breaches you've already addressed

  • Test accounts or disposable addresses

  • Unverified or duplicate reports

Sentry allows you to:

  • Mark alerts as "Resolved" when actions are completed

  • "Dismiss" false positives with a note

  • View alert history to prevent duplicate investigations

PreviousBreach detectionNextAlert Workflow

Last updated