How to check if your accounts have been in a data breach
Why this matters
Billions of usernames and passwords from past breaches circulate on the dark web. Attackers use them in automated credential-stuffing attacks against banks, email providers, and social media. If your credentials appear in a breach and you haven’t changed them, you may already be compromised.
Checking takes two minutes and tells you exactly which breaches your email appeared in and what data was exposed.
How to do it
- Go to haveibeenpwned.com and enter your email address.
- For each breach listed, change the password for that service immediately. Use your password manager to generate a new unique password.
- If the breach included your password and you reused it anywhere else, change it on those sites too.
- Enable breach monitoring: Have I Been Pwned offers free email alerts when your address appears in a new breach. Enter your email and confirm the subscription.
- Check any other email addresses you use regularly.
What you don’t need
You don’t need to pay for a “dark web monitoring” service — Have I Been Pwned’s free alerts are the industry standard and cover all the same data. Your password manager (Bitwarden, 1Password) also provides breach alerts in the same free tier.
You've checked your primary email and acted on any results shown.
Frequently asked questions
Is Have I Been Pwned safe to use?
Yes. It was created by Troy Hunt, a respected Microsoft Regional Director and security researcher. It doesn't store your search queries.
What should I do if my email appears in a breach?
Change the password for that account immediately (to a unique one from your password manager), and check whether you reused that password elsewhere.
Want a personalized plan that fits your devices, habits, and concerns?
Start the 90-second assessment