A supplier we use got hit in a breach earlier this year. I changed my password with them immediately. I felt relieved and moved on.
Three weeks later I found out attackers had used that breach to get into my connected email account because I never revoked the OAuth access the supplier's app had. The password reset failed to protect me.
That's what nobody explains: modern attacks can bypass your new password. They use the backdoors you leave open when you reset. Whether it be Gmail forwarding rules, OAuth grants to third-party apps, or recovery email addresses. All these things survive password resets and give attackers persistent access.
What actually helps after a breach:
**Revoke active sessions first, before you change the password** — otherwise whoever's in stays in
**Audit OAuth grants** — myaccount.google.com/permissions — remove anything you don't recognise
**Check your email for forwarding rules you didn't set** — attackers love these because they're invisible
Most small business owners I talk to have never heard of any of this. The services that are supposed to protect you (Aura, LifeLock) just send you an alert and leave you to figure it out.
Happy to answer any questions about what to actually do after a breach if anyone's been through a similar experience .