🛡️

Data Breach Checker

Check if your password has appeared in a known data breach using the Have I Been Pwned k-anonymity API. Your password is never sent — only a partial hash.

🔒 Security Tools Free Browser-based

Tool

Your password is never sent. Only the first 5 characters of its SHA-1 hash are transmitted to the Have I Been Pwned k-anonymity API. The rest is matched locally in your browser.

Password to Check

What to do if your password is compromised

🔄 Change the password immediately

🔐 Use a unique password for every site

🧩 Use a password manager

📱 Enable two-factor authentication

How the K-Anonymity Model Works

This tool uses the Have I Been Pwned Pwned Passwords API with a k-anonymity model designed by Troy Hunt. Here is the process: your password is hashed with SHA-1 in your browser, only the first 5 hex characters are sent to the API, and the API returns all hashes with that same prefix. Your browser then checks if the full hash appears in the response — your actual password never leaves your device.

What is Have I Been Pwned?

Fact	Detail
Created by	Troy Hunt (security researcher)
Passwords database	800 million+ leaked passwords
API	Free, public, k-anonymity protected
Updated	Continuously as new breaches are discovered

Why Check Breached Passwords?

Attackers use credential stuffing — taking known password/email pairs from breaches and trying them on other sites. Even if your account on the breached site was not valuable, reusing that password anywhere else is a serious risk. Check every password you use and replace any that appear in breach databases.

'Not necessarily — it means the password has not appeared in a known breach database yet. A password can be short, predictable, or guessable without ever being in a breach. Always use a long, random, unique password for every site.'], ]" />