SpyCloud Guides
spycloud.comGet a demo
Start typing to search…

Communicating with Exposed Users

🔑

How to use this page

  • Replace placeholders like [First Name], [Your Company], CompanyName, [URL], [support link], and dates before sending.
  • Choose a transparency level that fits your support capacity and brand voice.

🧭 Choosing Your Transparency Level

Choosing a more transparent message arms your customers with the information they need to secure any other online accounts that might use the same password. Knowing more detail about their exposed account may lead them to choose a stronger password or take other security precautions. A message of this type may also include information about the potential risks of account takeover:

  • Exposure of personally identifiable information like addresses, credit card number and social security number
  • Takeover of other accounts that use the same or similar password

At the same time, the transparency may raise additional questions that your support team may not be equipped to handle. For example: if you name the site or service that was breached, you may receive inquiries related to that site that your front lines may not be able to answer without creating additional training materials or standard responses.

Choosing a less transparent message may cut down on user concerns, but leaves the consumer more vulnerable to account takeover across their other online accounts. In addition, an uninformed user may be more inclined to choose a variation of an already-exposed password to replace the previous one because they underestimate the seriousness of the exposure.

Whichever level of transparency you choose, we do not recommend understating the risk. We have seen companies deploy notifications that suggest the encryption method for a set of breached passwords cannot be hacked, and that the company “does not believe” that users’ passwords were exposed. The purpose of your notification should be to prompt users to implement a more secure, previously-unused password or take other measures to protect their accounts from fraudulent actions or purchases.

✉️ Communication Templates

🧺 Generic, Proactive Message (regardless of exposure type)

Generic Template

Subject: Notice Regarding Your Account Security

Hi [First Name],

As part of our commitment to keeping your account safe, we are asking customers to proactively update their CompanyName password.

Your next steps:

  1. Log into your account at [URL].
  2. Follow the prompt to reset your password.
  3. Choose a strong, unique password that you don’t use elsewhere.

For your protection, your current password will expire on [Insert Date]. After this date, you’ll be required to reset your password before accessing your account.

If you need assistance, please visit [support link].

Thank you for taking this important step to help protect your account,
The CompanyName Security Team

🦠 Malware-Infected User

▲ HIGH TRANSPARENCY

Subject:
Reset Your CompanyName Password
or
Action Required: Secure Your Account

Hi [First Name],

One of our cybersecurity monitoring tools identified a malware infection on a device recently used to access your CompanyName account. As a result, it is likely that the login information for your CompanyName account might have been compromised.

We strongly encourage you to reset your password to protect your CompanyName account. But first, we recommend installing antivirus protection to remove the malware, deleting browser and cookie history, running a scan to clean your machine, and then resetting your password on CompanyName.com.

You can reset your password in three easy steps:

  1. Go to CompanyName.com
  2. Where you would normally click to sign in, click "Forgot Password?"
  3. Create a new, strong password that is unique to your CompanyName account

We also recommend that you enable two-factor authentication (where a code is sent to you as an additional verification step) to help ensure the safety of your online accounts. You can enable this for your CompanyName account under your Account Settings.

It’s possible that the malware may have compromised your login credentials for other sites as well. You can follow the steps above for any other sites and services you use online and create a strong, unique password for each.

We take your security and privacy very seriously, and will immediately reach out if we notice anything unusual in the future.

Thank you,
The CompanyName Security Team

▼ LOW TRANSPARENCY

Subject: Important Notice Regarding Your Account Security

Hi [First Name],

We’re reaching out to let you know that we’ve detected unusual activity related to your account.

As a precaution, we recommend that you:

  1. Reset your password immediately to ensure your account remains secure.
  2. Avoid reusing passwords from other sites or services.
  3. Review your recent account activity.

Protecting your information is our top priority. Taking these steps now can help reduce the risk of account misuse.

If you have questions or need help updating your password, visit [support link].

Thank you,
The CompanyName Security Team

🧷 Third-Party Breach-Exposed User

▲ HIGH TRANSPARENCY

Subject: Action Required: Secure Your Account

Hi [First Name],

We’ve identified that your email address and password were found in a data breach of a third-party service not affiliated with [Your Company].

Although this activity did not originate within our systems, we recommend you take the following steps to protect your account:

  • Reset your [Your Company] password by going to CompanyName.com and clicking Forgot Password?
  • Choose a strong, unique password that you haven’t used elsewhere.
  • Enable multi-factor authentication to add an extra layer of protection.
  • If you use the same password on other services, we strongly recommend updating those as well.

Your security is important to us, and we’re committed to helping you take proactive steps to stay protected.

If you need help, visit [support link].

Thank you,
The CompanyName Security Team

▼ LOW TRANSPARENCY

Subject: Action Required: Reset Your Password

Hi [First Name],

We’ve updated our security policies and your password no longer meets our minimum requirements.

Take the following steps to reset your password:

  1. Reset your [Your Company] password by visiting CompanyName.com and clicking Forgot Password?
  2. Ensure you are not reusing this password on any other accounts.
  3. Enable multi-factor authentication (MFA) if it’s not already active.

Your security is important to us, and we’re committed to helping you take proactive steps to stay protected.

If you need help, visit [support link].

Thank you,
The CompanyName Security Team

🎣 Phished User

▲ HIGH TRANSPARENCY

Subject: Action Required: Secure Your Account

Hi [First Name],

As part of our continuous security monitoring, we’ve identified that your credentials were likely compromised in a phishing attack. This type of threat tricks users into revealing login information on fraudulent websites designed to look legitimate.

While our systems remain secure, this incident increases the risk of unauthorized access to your account.

To protect yourself, please take the following steps:

  • Reset your [Your Company] password by visiting CompanyName.com and clicking Forgot Password?
  • Ensure your new password is unique and not used anywhere else.
  • Enable multi-factor authentication (MFA) if it’s not already active.
  • Be cautious of suspicious emails and links, especially those requesting login information.

We’re here to help. If you have questions or need assistance securing your account, please contact our support team.

Thank you for acting quickly,
The CompanyName Security Team

▼ LOW TRANSPARENCY

Subject: Important Security Recommendation for Your Account

Hi [First Name],

We’ve identified signs that your account credentials may have been exposed through a third-party incident. While we have no indication of unauthorized access at this time, we recommend taking precautionary steps to protect your account.

Here’s what you should do:

  1. Reset your [Your Company] password by visiting CompanyName.com and clicking Forgot Password?
  2. Ensure your new password is unique and not used anywhere else.
  3. Enable multi-factor authentication (MFA) if it’s not already active.

These steps will help safeguard your account and personal information. If you have questions or need assistance securing your account, please contact our support team.

Thank you for acting quickly to protect your account,
The CompanyName Security Team


Updated 2 months ago