Email Breach Checker
Billions of accounts have been exposed in data breaches. Enter your email address to see which known breaches included it. We never store the address you check.
What it means to be "in a breach"
When a company you have an account with gets hacked, the stolen data usually includes your email address alongside whatever else the service stored: passwords (hopefully hashed), names, phone numbers, addresses, sometimes payment details. That data gets sold, traded, and eventually published in collections that anyone can download. Being in a breach does not mean your email account itself was hacked; it means some service you signed up for leaked your details.
The real risks that follow a breach
Two things happen after your address appears in a dump. First, if a password leaked with it, bots try that combination on hundreds of other sites within hours, which is why reused passwords are dangerous. Second, your address lands on spam and phishing target lists, and the phishing gets smarter: attackers know which services you use, so the fake "reset your password" email references a site you actually have an account with.
The fix is the same either way: unique passwords per account (our generator helps), two-factor authentication on anything important, and healthy suspicion of unexpected emails, even convincing ones.
Frequently Asked Questions
Where does the breach data come from?
Results come from XposedOrNot, a free public service that indexes publicly known data breaches. It aggregates hundreds of confirmed incidents covering billions of exposed accounts.
Do you store the email address I check?
No. The address is forwarded over an encrypted connection to the breach database for the lookup and is not saved, logged, or used for marketing by us. It is not added to any mailing list.
My email was found in a breach. What should I do?
Change your password on the breached site right away, plus anywhere you reused that password. Enable two-factor authentication on your important accounts, especially email. Then stay alert for phishing: attackers use breach data to send convincing fake emails that reference services you actually use.