Data Breach Checker: Has Your Email Been Compromised?

This free data breach checker scans your email address against a database of known breaches, powered by Have I Been Pwned. If your email appears in any breaches, you will see exactly what data was exposed, how serious the risk is, and what steps to take next. Your email is checked securely through our server. We do not store, log, or share any email addresses entered into this tool.

What Is a Data Breach?

A data breach occurs when sensitive, protected, or confidential information is accessed, stolen, or released by an unauthorised party. This can include email addresses, passwords, credit card numbers, phone numbers, and even government-issued IDs like social security numbers or passport numbers.

A personal data breach does not necessarily mean someone has already misused your information. It means your data was included in a set of records that was exposed, whether through hacking, accidental disclosure, or insider theft. However, once your data is out there, it can be traded on underground forums, used for phishing attacks, or used to attempt to log into your accounts.

The types of data breaches vary widely. Some involve only email addresses and usernames. Others expose passwords, financial data, or identity documents. The severity of a breach depends on what type of data was exposed and how many records were affected.

How Do Data Breaches Happen?

Data breaches happen through several common methods:

• Hacking and exploitation: attackers find vulnerabilities in a company’s systems and extract their user database. This is the most common cause of large-scale breaches.
• Credential stuffing: attackers take stolen credentials (usernames and passwords leaked from one breach) and try them on other websites. Because many people reuse passwords, this often works. A credential leak from one service can lead to compromised accounts on dozens of others.
• Phishing: employees or users are tricked into revealing login credentials, which attackers then use to access internal systems. Learn more about how phishing works.
• Insider threats: a current or former employee with access to sensitive data intentionally or accidentally exposes it.
• Misconfigured databases: some breaches happen because a company leaves a database publicly accessible on the internet with no password protection. No hacking is required; the data was simply left in the open.
• Malware and infostealers: malicious software installed on a company’s systems (or on individual devices) can silently extract data over time. Infostealer malware specifically targets stored passwords, browser cookies, and session tokens.

In most large-scale breaches, the company storing your data is the one that was compromised. You may have done nothing wrong yourself, but if you had an account with that service, your data was included in the exposure.

Biggest Data Breaches in Recent Years

Data breaches affect companies of all sizes, including some of the largest services in the world. Here are a few well-known examples of data breaches that exposed millions of accounts:

• Yahoo (2013-2014): the largest breach in history, affecting all 3 billion user accounts. Exposed passwords, security questions, and personal details. Details on Wikipedia.
• LinkedIn (2021): data from 700 million users (over 90% of all members) was scraped and posted for sale. Included email addresses, phone numbers, and professional details.
• Facebook (2019): phone numbers and personal data of 533 million users across 106 countries were found in a publicly accessible database.
• Adobe (2013): 153 million user records exposed, including email addresses, poorly encrypted passwords, and password hints.
• Canva (2019): 137 million users affected. Exposed email addresses, usernames, names, and bcrypt-hashed passwords.

These are just a handful of examples. According to the breach notification database maintained by Have I Been Pwned, over 14 billion accounts have been compromised across hundreds of known breaches. If you have used the internet for any period of time, there is a reasonable chance at least one of your accounts has been affected.

How to Know If Your Email Has Been Compromised

There are several ways to find out if your email has been compromised in a data breach:

• Use the data breach checker above. Enter your email address and it will scan known breach databases instantly. This is the fastest way to perform an email breach check and find out if your email has been compromised. You will see exactly which services were breached and what data was exposed.
• Watch for breach notification emails. Companies are legally required in many jurisdictions to notify affected users after a breach. If you receive one of these emails, take it seriously. Verify it is genuine (check the sender domain carefully) before clicking any links.
• Look for signs of account compromise. If you notice login alerts from locations you do not recognise, password reset emails you did not request, or messages sent from your account that you did not write, your credentials may have been exposed in a breach and used by someone else.
• Check for a password leak. A password leak check is especially important because exposed passwords are the most directly exploitable type of breach data. If a service you used was breached and passwords were included, change that password immediately, and change it on any other site where you used the same one.

You do not need to wait until something goes wrong. Running a regular email breach check (every few months) is a simple habit that can alert you to new exposures before they are used against you.

What to Do After a Data Breach

If the checker above shows that your email was found in one or more breaches, here is what you should do, in order of priority:

1. Change your passwords for the affected services immediately. Use a password manager to create strong, unique passwords for every account. If you reused the same password anywhere else, change it there too.
2. Enable multi-factor authentication (MFA) on every account that supports it, starting with your primary email, banking, and social media. MFA means a stolen password alone is not enough to access your account. Learn how to set up MFA.
3. Review your financial accounts if credit card data, bank account numbers, or other financial information was exposed. Monitor statements for unauthorised charges and consider placing a fraud alert or credit freeze.
4. Be alert for phishing. Breached email addresses and phone numbers are frequently used to send targeted phishing emails and smishing (SMS phishing) messages. Be extra cautious with any unexpected emails, especially those asking you to click links or provide personal information. Learn how to spot phishing.
5. Keep your devices updated. Stolen credentials are often used alongside malware attacks. Keeping your software patched closes the vulnerabilities attackers rely on.
6. Check your other email addresses. If you use more than one email address, run each one through the data breach checker above. Breaches often affect older accounts you may have forgotten about.

Test your phishing awareness with our interactive quiz

How This Data Breach Checker Works

This email leak checker is powered by the Have I Been Pwned (HIBP) database, created by security researcher Troy Hunt. HIBP is the most comprehensive public breach notification service and data leak checker available, cataloguing data from hundreds of confirmed breaches and billions of compromised records. If you have ever wondered “have I been breached?”, this is the most reliable way to find out.

When you enter your email address, our tool securely checks it against the HIBP database and returns a list of any breaches your email appears in. Unlike a basic data breach lookup, our checker also provides a risk assessment based on the type and recency of exposed data, plain-language explanations of what each data type means for you, and specific recommendations based on your results.

Your email address is sent securely through our server and is never stored, logged, or shared. We do not have access to your breached passwords or any other compromised data. The tool only checks whether your email address appears in known breach records.

For more information about how breach data is collected and verified, visit the Have I Been Pwned about page.