Unsplash

As a security precaution, our system checks email and password combinations against a <a href="https://haveibeenpwned.com/" rel="nofollow noopener noreferrer" target="_blank">registry of accounts</a> that have previously been compromised. These accounts become compromised when a website or application suffers a data breach.

If our system finds a match, we reset the password for the account and trigger a reset password email. This prevents hackers from using an email and password combination found in a data breach from another service (like LinkedIn, Facebook, etc.) to try to gain access to Unsplash accounts.

If this has happened to you, here is what you should do:

Send a reset password email by going to <a href="https://unsplash.com/users/password/new" rel="nofollow noopener noreferrer" target="_blank">https://unsplash.com/users/password/new</a>

Check your email and follow the link to reset your password

When setting a new password, <b>use a password that is completely unique to your Unsplash account</b>. Do not reuse a password from another account you use, like Facebook, Twitter, etc. or your account will be insecure.

Check your email(s) against the <a href="https://haveibeenpwned.com/" rel="nofollow noopener noreferrer" target="_blank">HaveIBeenPwned.com project</a> to see what accounts you have on other websites or apps might have been compromised in data breaches.

1. Send a reset password email by going to <a href="https://unsplash.com/users/password/new" rel="nofollow noopener noreferrer" target="_blank">https://unsplash.com/users/password/new</a>
2. Check your email and follow the link to reset your password
3. When setting a new password, <b>use a password that is completely unique to your Unsplash account</b>. Do not reuse a password from another account you use, like Facebook, Twitter, etc. or your account will be insecure.
4. Check your email(s) against the <a href="https://haveibeenpwned.com/" rel="nofollow noopener noreferrer" target="_blank">HaveIBeenPwned.com project</a> to see what accounts you have on other websites or apps might have been compromised in data breaches.

If you have questions, you can reach us at <a href="mailto:support@unsplash.com" rel="nofollow noopener noreferrer" target="_blank">support@unsplash.com</a>.

Note: Unsplash does not store your password directly and has no knowledge of your other accounts. We store a <a href="https://en.wikipedia.org/wiki/Cryptographic_hash_function#Password_verification" rel="nofollow noopener noreferrer" target="_blank">cryptographic hash</a> of your password which can be used to compare against a known list of compromised email and password combinations. This is the same approach used by other industry standard sites <a href="https://github.blog/2018-07-31-new-improvements-and-best-practices-for-account-security-and-recoverability/" rel="nofollow noopener noreferrer" target="_blank">like Github</a>.

What to do when our system detects a compromised password on your Unsplash account