Data breaches expose millions of username and password combinations every year. If your email and password combination appears in a breach, attackers will try it on every other site you use (credential stuffing). Checking regularly lets you change exposed passwords before damage is done.

How to Check for Breaches

  1. Use our Breach Check tool. Enter your email address to see if it appears in any known breaches.
  2. The tool queries the HaveIBeenPwned database, which contains over 12 billion breached accounts.
  3. If found, the results show which sites were breached, when, and what data was exposed (passwords, phone numbers, etc.).
  4. Change the password for the listed site immediately if you have not already.
  5. If you reused that password elsewhere, change it everywhere it was used.

How Is This Safe?

Our tool uses k-anonymity for password checks: only the first 5 characters of the hashed password are sent to the API. Your full password never leaves your device. Email address checks send the email to HaveIBeenPwned, which is a trusted privacy-focused service run by security researcher Troy Hunt.

How Do I Know If I Was in a Data Breach?

  • Use our Breach Check to search by email
  • Watch for breach notification emails from sites you use
  • Enable haveibeenpwned.com notifications for your email address
  • Monitor your credit report for signs of identity theft from breached data

People Also Ask

How do I tell if my passwords are compromised?
Run your email through our Breach Check tool. Also check your browser's built-in password manager - Chrome and Safari both flag passwords found in breaches.
Where to check leaked passwords on iPhone?
Go to Settings > Passwords. iOS automatically flags passwords involved in known data breaches with a warning icon.

Related: What is a data breach? | Password managers | Breach Check