When your credentials are exposed, speed is survival. This guide walks through a full rapid re-key operation from forcing global sign outs and rotating passwords to rebuilding 2FA, aliasing emails, and setting up honeypots. You’ll learn exactly how to contain the breach, neutralize the damage, and rebuild stronger security compartments across every account you own.
You’ve been breached. They Got In. Now What? Time to move fast hot shot.
When the Walls Fall Down
Breaches don’t really feel like anything. There’s no dramatic music or flashing red lights. Maybe your login isn’t working. Maybe a friend messages you: “Did you just email me this weird link?”
That’s the moment your day goes sideways.
Credentials are compromised. Could be one account or maybe your whole stack. You don’t know and it doesn’t matter. You can’t hesitate. Every second you delay someone is digging deeper in your backside using your own keys. Rapid re-keying is your emergency response when your perimeter’s already broken.
You have to Pivot.
You don’t have time to confirm. You contain, sever, and rebuild. This is not the time to worry about recovery. This is about control. You have to take it back before someone else locks you out completely.
Phase 1: Contain the Bleed
First move is to cut access and isolate systems.
1. Force Global Sign Out
If you still have access, trigger a session kill across all devices. Most major providers (Google, Microsoft, Apple, Facebook, etc) support session invalidation under security settings. It logs out every device, even theirs. If the platform doesn’t offer it then you have to assume it’s already gone.
2. Change Passwords Immediately
Create new, strong passwords that shares no patterns with the old ones. 21+ characters, longer is better. Don’t reuse phrases, suffixes, or structures. You shouldn’t even be creating them yourself anyway. Use a passphrase generator. Ideally generate them offline. Don’t trust cloud password managers when you’re under siege.
Make sure you re-authenticate on trusted devices only and be sure to clear any saved logins you might have in browsers.
3. Lock Down Connected Services
Check what apps, extensions, and services have OAuth or token based access to your breached account. Revoke every one of them. Even the legit ones. They’ll reconnect later. Right now, you’re slicing the web they used to spider across your digital life.
Phase 2: Rotate Everything
Your password isn’t the only key. You’ve got recovery emails, backup phone numbers, 2FA codes. If you only change the login and leave the rest exposed, you’re just repainting the door while the back window’s wide open.
1. Swap Recovery Paths
Replace recovery emails with clean burner accounts. Never use the same recovery email across multiple identities. Same for recovery phone numbers, burn and swap.
2. Rebuild 2FA
If you’re using SMS or email based 2FA, you’re not secure. Period. Move to app based 2FA like Aegis or even better use hardware keys like Yubikey.
If you have any doubts if your 2FA seed was compromised, don’t regenerate the QR code. Purge and rebind. Force total re-authentication.
3. Increase Security
Enable “Advanced Protection” or “Security Keys only” mode if available. Platforms such as Google and Apple already have it and hopefully it will be standard in the future.
4. Check Audit Logs
Most platforms can show you login history, IP addresses, device types for your accounts. Comb through it. Look for logins outside your norm. Time, device, country anything off. Don’t just glance. Screenshot everything. You might need it for timeline reconstruction or legal defense later.
Phase 3: Obfuscate and Rebuild
Once you’ve stopped the bleeding and closed the holes, it’s time to make anything they took worthless.
1. Change Usernames Where You Can
Where possible, change the username or alias tied to the account. Breach data gets sold pretty fast and even if the password has been changed, that handle will still keep showing up on dark web scans. Give it up, that alias is toast. Usernames and aliases should act like fuses. When one gets hot, you pull it.
2. Move to Aliased Email Addresses
If your main email was compromised, you’re going to have to start fresh with a new one. Don’t delete your old one just yet. It will be useful as a honeypot in the next phase and just to make sure that you don’t have any dependent accounts you will accidently lock yourself out of. Be sure your contacts know you will no longer be checking or responding from that account.
This time with your new email account instead of having your online accounts use your main email directly, start using aliasing services like SimpleLogin or Addy. That way you can kill specific email addresses tied to breached accounts without sacrificing your main inbox. It also allows you to rotate your addresses on a regular frequency without the headache.
3. Segment Your Digital Life
Don’t rebuild everything identically. This is your moment to split roles and create silos for financial, personal, publishing, research, etc. Each with unique emails, passwords, and logins. That way if this happens again, it doesn’t bleed across your whole digital identity.
Phase 4: Monitor and Prepare for Aftershocks
Re-keying is the first step but the aftermath of a breach can drag on for awhile. Some attackers hold data. Some sell it. Some wait. You need to operate as if you’re still in the crosshairs for at least the next 90 days minimum.
1. Freeze Your Credit
If any personal information was compromised such as your name, home address, or social then you are going to want to freeze your credit as a precaution. This will prevent the attackers from opening new credit cards or taking out loans using your identity. Also, keep an eye on your credit report and watch your mailbox for anything strange.
2. Set Up Honeypots
Create canary tokens such as links or DNS beacons that alert you if someone accesses them. Put them in old cloud drives or accounts you suspect are compromised. If they trip, you’ll know the breach is still live.
3. Run Deep Leaks Scans
Use breach checking services (real ones and not just HaveIBeenPwned) to look for your credentials across dark web dumps. Tools like Intelligence X, LeakPeek, or a paid service like DeHashed can give deeper insights and many of them let you set up real time credential leak alerts.
When reviewing the dumps what you want to see is the old password before you rotated. That means they’ve only got old data. If you find your new password in a data dump then you have big problems. You re-keyed and they still have live access.
4. Watch for Social Engineering Fallout
Sometimes the attackers just use your data to go after your contact list. They can use your name, your email, your phone number, whatever they got a hold of. Warn your close circle. Tell them to verify any message from you through an alternate channel. Make sure they know how to be sure it’s really you. Your grandma doesn’t deserve to lose her savings account trying to help someone they thought was you.
Re-Key Kits: Build It Before You Need It
Speed matters. You won’t want to waste time downloading authenticator apps or writing passwords on scrap paper while your accounts are being scraped. Have a pre-built re-key kit ready:
- Local password vault (KeePassXC, not cloud)
- Secure 2FA app
- Encrypted USB with:
- Backup email credentials
- Unique recovery docs
- Hardware token backup seeds
- Offline incident response checklist
- Alias email generator ready to deploy
Treat this kit like a fire extinguisher. Have one just in case. The air gapped vault I gave a how to guide on may be a good fit to go with this kit.
Final Word
If you’re reading this after the breach, it’s not too late. You’re still standing. You still have hands on the keyboard. That means you still have power. Use it before someone else does.
If you have yet to have the pleasure then now’s your opportunity to build the kit, run the drills, and harden the perimeter.
Lock down. Re-key. Reclaim.
-GHOST
Written by GHOST, creator of the Untraceable Digital Dissident project.
This is part of the Untraceable Digital Dissident series — tactical privacy for creators and rebels.
Explore more privacy tactics at untraceabledigitaldissident.com.