Free Security Tool

Have You Been Breached?

Check if your email address or password has been exposed in a known data breach. Powered by Have I Been Pwned.

What Is a Data Breach?

A data breach occurs when an unauthorized party gains access to a system and extracts sensitive data. This can include email addresses, passwords, phone numbers, physical addresses, credit card numbers, and social security numbers.

Major breaches have affected billions of user accounts across companies of every size. Even if you use strong passwords, your credentials can be exposed when a service you use is compromised. Attackers then sell or publish these stolen databases, making the data available to anyone.

That is why checking for breaches is critical. If your credentials appear in a known breach, attackers may already have your password and can attempt to access your other accounts using a technique called credential stuffing.

How k-Anonymity Protects You

When you check a password on this page, it never leaves your browser. Here is exactly what happens:

  1. 1

    Hash locally

    Your browser computes a SHA-1 hash of the password entirely on your device.

  2. 2

    Send only 5 characters

    Only the first 5 characters of the 40-character hash are sent to the Pwned Passwords API. This is far too little to reverse-engineer your password.

  3. 3

    Get a range of hashes

    The API returns hundreds of hash suffixes that share the same prefix. Your browser checks locally whether the full hash matches any of them.

  4. 4

    Result stays private

    The API never sees your password, never sees the full hash, and cannot determine which entry you were looking for. This is k-anonymity.

What To Do If You Have Been Breached

Change compromised passwords immediately

Start with the breached service, then change the same password anywhere else you reused it.

Enable two-factor authentication

Add 2FA to every account that supports it. Even if your password leaks, 2FA blocks unauthorized access.

Use a password manager

Generate a unique, strong password for every account. A password manager remembers them all so you do not have to.

Watch for phishing attempts

After a breach, attackers may target you with phishing emails that appear to come from the breached service.

Monitor your accounts

Check bank statements, credit reports, and login activity for anything suspicious in the weeks following a breach.

Need a strong replacement password? Try our Password Generator

Frequently Asked Questions

Stay Secure Online

Checking for breaches is just the first step. Generate strong passwords and explore our full suite of free security and productivity tools.

Password GeneratorBrowse All Tools