Tech Tips and How-To Guides

Guides in Plain Language

← Back to Tech Tips

How to Check If Your Passwords Have Been Compromised

SecurityBeginnerPublished 2026-01-29

Data breaches happen constantly. When a company's database is compromised, the usernames and passwords stored in it often end up posted online for attackers to use. Checking whether your accounts have been exposed takes less than a minute and tells you exactly where you need to take action.

Use Have I Been Pwned

Go to haveibeenpwned.com and enter your email address. The site, run by security researcher Troy Hunt, checks your email against a database of known breaches. It is free, safe, and does not store your email address.

If your email shows up in a breach, the site will tell you which service was compromised and what type of data was exposed. Some breaches only exposed email addresses. Others included passwords, phone numbers, or physical addresses.

What to do if your account was in a breach

  1. Change your password on the affected service immediately.
  2. If you used the same password anywhere else, change it on those accounts too.
  3. Enable two-factor authentication on the affected account if you have not already.
  4. Watch for unusual activity on the account and any accounts that share the same credentials.

Check your passwords too

haveibeenpwned.com also has a Passwords section where you can check whether a specific password appears in known breach data. If your password is in the list, stop using it everywhere, even if your email address was not in a breach.