Email Breach Check
Check whether your email address has appeared in a publicly known data breach. We use a k-anonymity model - Only the first 5 characters of a hashed version of your email are ever sent to any external service. Your full email address stays private.
What To Do If Your Email Was Breached
Finding your email in a breach is alarming, but swift action limits the damage. Follow this checklist:
- Change your password immediately on the affected service and any other site where you reused that password.
- Enable two-factor authentication (2FA) on the affected account and ideally on all important accounts.
- Use a unique password per site - A password manager like Bitwarden or 1Password makes this easy.
- Watch for phishing emails that may reference information from the breach to appear legitimate.
- Check your financial accounts if payment card data was exposed.
- Monitor your credit if personal details like your name, address, or SSN were included.
- Report suspicious activity to the breached service and, if financial fraud occurred, to your bank.
How We Protect Your Privacy
| Step | What Happens |
|---|---|
| 1 | Your email is hashed using SHA-1. |
| 2 | Only the first 5 characters of the hash are sent to the breach database API. |
| 3 | The API returns a list of hash suffixes - Never any email addresses. |
| 4 | We check whether your full hash matches any in the returned list - Entirely on our server. |
| 5 | Your full email address never leaves your browser in plain text. |
ⓘ All breach data sourced from haveibeenpwned.com by Troy Hunt, used under the HIBP API.