Check if your email address has been compromised in a data breach. Powered by Have I Been Pwned.
Use a different password for every account. A password manager makes this easy.
Two-factor authentication adds a second layer of protection even if your password is compromised.
Sign up for breach notifications at haveibeenpwned.com to get alerted when your email appears in a breach.
A data breach occurs when unauthorized individuals gain access to sensitive data, typically from a website or service. This can include email addresses, passwords, personal information, and financial data.
Immediately change your password for any accounts using that email, especially if you reused passwords. Enable two-factor authentication (2FA) on all important accounts. Consider using a password manager to generate unique passwords for each account.
We check your email against the Have I Been Pwned database, which collects data from publicly disclosed breaches. This database contains billions of records from thousands of data breaches.
Yes. We only send your email to the Have I Been Pwned API to check for breaches. We don't store your email or any results. The check is performed securely over HTTPS.
Sometimes your data appears in breaches from services you used years ago, or from companies that had your data through third parties. Some breaches are from credential stuffing lists compiled from multiple sources.
VAS scans your application for security vulnerabilities - exposed API keys, database misconfigurations, missing security headers, and more.
Run Full Security Scan