# Monitoring exposed credentials

Every year, thousands of websites suffer from data breaches. The credentials on these websites are often included in such data breaches, and criminals attempt to use these credentials to compromise other websites in hopes that the same credentials are reused.
To protect our users, Stripe proactively monitors the dark web for data exposed from other websites' breaches. When we find a credential in the exposed data that matches your Stripe credentials, we will disable your password so that an attacker can't use the same breached data to sign in as you.
When this happens, we will send you an email that looks like this:
You will need to&nbsp;[reset your password](https://dashboard.stripe.com/reset)&nbsp;before you can sign into the Stripe Dashboard again.
## Frequently asked questions
### If I receive the email, does this mean Stripe experienced a data breach?
No. If you received the email above, then your credentials were exposed in a past data breach from&nbsp;**another**&nbsp;website, and you&nbsp;**reused**&nbsp;the same credentials on Stripe. For your protection, we've temporarily disabled Dashboard access to your Stripe account until you reset your password.
### If I receive the email, does this mean my account has been hacked?
Stripe is proactively monitoring for leaked credentials from past data breaches that may be used to compromise your account. So far, we have no reason to believe your account has been accessed without your authorization.
However, you should double check&nbsp;[security history](https://dashboard.stripe.com/settings/security_history)&nbsp;to see if any unauthorized activity has occurred on your account.
### Does this affect my ability to process payments?
We do not make any changes to your ability to process payments as a result of this monitoring program.
### How do I make sure my credentials are protected in the future?
We strongly recommend that you use a unique password for Stripe and don't reuse it elsewhere. To facilitate remembering unique passwords, we suggest a password manager. For more details, see our&nbsp;best practices for storing your Stripe password.
Furthermore,&nbsp;enabling two-step authentication—if you haven't already done so—will ensure that compromising your password alone is insufficient to compromise your account.
### Why am I not allowed to use a certain password when resetting it?
Stripe will not permit you to change your password to something already known to be exposed in a data breach.
We&nbsp;**strongly recommend**&nbsp;that you&nbsp;use a password manager&nbsp;and let it generate a secure password for you.
However, if you choose&nbsp;to not use a password manager, we recommend that you choose at least four random words from the dictionary and use them as your password. You can use websites such as&nbsp;[correcthorse.pw](https://correcthorse.pw/)&nbsp;to securely generate such passwords.
### How do I find where my data has been breached?
Websites like&nbsp;[Have I Been Pwned](https://haveibeenpwned.com/)&nbsp;are designed to specifically monitor data breaches on behalf of users and may be able to provide more information on any data breach that affected you.