What does it mean if a scam email includes my real password?
The password was obtained from a data breach. It does not mean your device is hacked — but you should change that password immediately.
Last reviewed: 1 June 2026
Explanation
Sextortion and blackmail emails that include one of your actual passwords are designed to shock you into believing the sender has hacked your device. They claim to have filmed you through your webcam, accessed your contacts, or installed spyware. In almost every case, the password was taken from a past data breach and included to make the threat credible. These emails are sent in bulk to thousands of people at a time. No footage exists, no device was compromised. The appropriate response is to change the exposed password everywhere it was used and enable two-factor authentication — not to pay the demanded ransom.
Common red flags
- Email displays a password you recognise
- Claims to have recorded you through your webcam
- Demands payment in Bitcoin to prevent release of footage
- Gives a short deadline to increase panic
What to do now
- Do not pay — there is almost certainly no footage
- Change the exposed password immediately on all sites where you used it
- Enable two-factor authentication on important accounts
- Check haveibeenpwned.com to see which breach exposed your password
Frequently asked questions
Should I cover my webcam?
Covering your webcam is a reasonable precaution. In this type of scam, the sender almost certainly has no actual footage, but a camera cover removes the possibility entirely.