What is Have I Been Pwned?

A free service by security researcher Troy Hunt that checks if your email appears in known data breaches. It uses publicly known breach data.'

What should I do if my email was breached?

Change the password on the breached service. If you reuse the same password elsewhere, change those too. Enable 2FA. Use a password manager with unique passwords.'

Is Have I Been Pwned safe?

Yes. You enter your email; it checks against breach databases. No password is sent. The site is widely used and trusted by security professionals.'

Search guides

How to check if email was breached

We'll check if your email was found in any breaches and tell you what to do if it was.

Category: How-to · Security basics
Time: 5–15 min
Last reviewed: Mar 7, 2026

What you'll need

Your email address
Web browser

At a glance

Go to haveibeenpwned.com and enter your email address.
Check the results—breaches listed mean your email (and possibly password) was exposed.
Change the password on any breached service and enable 2FA.
Use a password manager and unique passwords for each account.

Quick triage — pick your path

Get started

Choose the option that matches what you see. You can jump straight to that section.

Follow this guide Work through the full procedure.
Check breaches You want to check your email now.
What to do if breached Your email was found in a breach.

Steps

Goal: Check if your email was exposed in a breach and take action if it was.

Go to haveibeenpwned.com. Enter your email and click “pwned?”
Good: Results load. Proceed to Check results.

Check

Goal: Check breach and paste results.

Review the breach list. If any breaches are shown, your email was exposed. Check Pastes too.
Good: No breaches—you are done. Bad: Breaches found. Proceed to If breached.

If breached

Goal: Change passwords and secure accounts.

Change the password on each breached service. Enable 2FA. Use a password manager with unique passwords.
Good: Passwords changed, 2FA on. Proceed to Verification.

Verification

You have checked your email on Have I Been Pwned.
If breached: passwords changed on affected services, 2FA enabled where possible.
Password manager in use with unique passwords per account.

When to get help

If you see suspicious activity on your accounts (e.g. unauthorized logins), change passwords immediately and enable 2FA. Consider a credit freeze if financial data was exposed. For 2FA setup, see Enable two-factor authentication.

Reviewed by Blackbox Atlas

Frequently asked questions

What is Have I Been Pwned?: A free service by security researcher Troy Hunt that checks if your email appears in known data breaches. It uses publicly known breach data.'
What should I do if my email was breached?: Change the password on the breached service. If you reuse the same password elsewhere, change those too. Enable 2FA. Use a password manager with unique passwords.'
Is Have I Been Pwned safe?: Yes. You enter your email; it checks against breach databases. No password is sent. The site is widely used and trusted by security professionals.'

Rate this guide

Was this helpful?