Have I Been Pwned

What is Have I Been Pwned?

Have I Been Pwned (HIBP) is a free service that lets you check whether your email address or phone number has been leaked in a known data breach. It is maintained by security researcher Troy Hunt and used by governments, banks, and millions of individuals around the world.

Why it matters

Most major online fraud starts with a leaked password. When your email and password appear together in a breach, scammers try that same combination across hundreds of other services; banking, email, social media. This is called credential stuffing, and it is one of the most common fraud vectors today.

HIBP does not fix the problem, but it tells you which of your accounts are likely compromised, so you can change those passwords immediately.

How to use it

1. Enter your email address on the HIBP website.
2. If your email appears in any breaches, HIBP will list the services where it was leaked and the date.
3. For each listed service, go change your password, especially if you reused that password anywhere else.
4. Consider enabling two-factor authentication on all critical accounts.

Is it safe to use?

Yes. HIBP is widely trusted across the security community, doesn't store the emails you search, and is used by the Australian and UK governments for official security checks. Entering your email on the site does not expose you to additional risk.

If you find your email in a breach, it is not your fault. It means a service you used had its security compromised. Your job now is simply to change affected passwords before scammers can use them.