Use this feature to check if your email address, phone number, or password has ever been compromised from an online service and leaked public by criminals.
Our search function allows you to check details for over 11 billion accounts compromised from 522 confirmed breached websites.
Data breaches have been going on since the Internet has been in public use, and the number of breaches increases each year. In 2020 alone, nearly 4,000 individual data (emails, passwords, phone numbers etc.) breaches were publicly reported, which resulted in billions of records containing personal data being compromised. Source: https://www.varonis.com/blog/data-breach-statistics
The statistics show that the average time for a breach to be identified as 228 days means attackers could potentially use stolen personal data for over seven months before the theft of that data was known. One way for individuals to limit the potential impact of data breaches is to check to see if their details have been compromised.
The Have I Been Pwned website has collated stolen personal information about emails and other data compromised that has appeared on the Internet that you can check using our simple search function. You can check to see if your email address is compromised and part of one of the many leaked breaches datasets and see if any of your passwords have been compromised (pwned). Our search facility accesses the database of aggregated breach data and makes it easy to understand the risks that you may face if you are affected.
Remember, if the search results show that your personal information like email or password has been compromised, don't panic.
Not all stolen personal data is included in the database we use. Only compromised leaked personal data that attackers have published on public-facing internet sites and identified as being credible is included. Criminals will usually not publish high-value personal data such as credit card details until they have attempted to exploit the information for fraudulent purposes. Often, stolen data is never revealed, especially if the thieves are a foreign state agency rather than common criminals. Data stolen from recent breaches may also not be published right away. This is why it is essential to follow good security practices, even if the search results give the all-clear for your email address.
Also, not all usernames are unique. If the username for an online service is not an individual email address, then there is a chance that someone else may have chosen a username that you regularly use. This can result in your username being listed against a breached service that you have never knowingly used.