Email Breach Checker

Check whether a password appears in known breach corpora using the free Pwned Passwords k-anonymity API, and use our educational email tab for provider-specific security tips. Your password is never sent in full; email analysis runs only in your browser.

Breach awareness & email security

Password tab: real HIBP range lookup. Email tab: format & domain guidance (no paid email API on this page).

Mode
Privacy: Only the first 5 hexadecimal characters of your password’s SHA-1 hash are sent to Have I Been Pwned’s range API. Your full hash and password never leave this page intact.

Uses k-anonymity against the public Pwned Passwords dataset.

How it works
  1. Your browser hashes the password with SHA-1 (Web Crypto API).
  2. Only the first 5 characters of the hash are sent to https://api.pwnedpasswords.com/range/{first5}.
  3. The API returns hash suffixes and occurrence counts; your browser checks whether the rest of your hash appears.

Only the first 5 characters of your password’s SHA-1 hash are sent. Your actual password never leaves your browser.

Data breaches and why email & password hygiene matters

When a service is compromised, attackers may publish or trade databases containing email addresses, password hashes, and other personal data. Even if your provider was not breached, password reuse means a leak on one site can unlock accounts elsewhere. An email breach checker mindset starts with knowing whether your secrets have appeared in public corpuses — which is why tools like Have I Been Pwned exist.

K-anonymity and Pwned Passwords

The Pwned Passwords API uses k-anonymity: you send only a short prefix of a password hash, and the server returns many possible suffix matches. Your browser determines whether your full suffix is in the list. That design means your password is not transmitted in clear text and the full hash is not exposed in the request — a practical balance between privacy and public-interest breach awareness.

Email security beyond “was I pwned?”

Strong email security combines unique passwords, two-factor authentication, reviewing connected apps, and monitoring sign-in alerts. Major providers (Google, Microsoft, Yahoo, Apple, Proton, and others) offer recovery options and activity logs — use them regularly. This page’s email tab highlights provider-specific habits; for an actual email leak checker against breach data, use the official HIBP site with your own account controls in mind.

Quick habits

  • Prefer a password manager and unique passwords per site.
  • Turn on MFA on email first — it protects password resets everywhere.
  • After major breaches, rotate passwords for affected services and check reuse.

More free online tools

Age Calculator

DOB & milestones

Loan / EMI Calculator

Repayment estimates

Salary / Tax Calculator

Take-home insights

BMI Calculator

Body mass index

Percentage Calculator

Quick % math

Currency Converter

Live conversion helper

Time & Date Calculator

Durations & differences

Profit / Margin Calculator

Pricing & margins

Background Remover

Cut out backgrounds

Image Compressor

Smaller file sizes

Image Resizer

Change dimensions

JPG ↔ PNG Converter

Convert formats

Photo Enhancer

Improve your photos

Passport Photo Maker

ID & visa sizes

Password Generator

Strong random passwords

Password Strength Checker

Analyse a password

Hash Generator

Digest strings

Random String Generator

Tokens & keys

Email Breach Checker

You are here