The internet isn’t safe. That’s a fact that you can’t avoid or ignore, especially if you plan on trusting online services with your most sensitive data. As you read this, attempts are made to break into computer systems across the globe. You might have already been the victim of a data breach and not even know it.

Thankfully, there are ways you can check if your data is at risk in a data breach. Online services like Have I Been Pwned, and DeHashed will let you check for any mention of your personal data, like email addresses or passwords, in previous data breaches. 

Table of Contents
    How To Know if YOur Data Has Been Compromised in a Data Breach

    Have I Been Pwned

    If you want to quickly check whether your data is at risk in a data breach, you can try using Have I Been Pwned. Run by security expert Troy Hunt, the Have I Been Pwned database includes (at the time of publication) 416 website breaches and over nine billion breached accounts.

    The Have I Been Pwned service allows you to search the database for any logged examples of email addresses or passwords in compromised data breach databases. We’d always recommend using extreme caution before putting your password into a web form, even with a service like this.

    That said, if your password has been compromised, it’s already at risk anyway. We’d advise regularly changing your passwords and using a top password manager to allow you to use multiple, strong passwords for each of your accounts.

    Pwned Passwords window

    If your email address or password is located in any of the site’s recorded data breaches, it’ll alert you. With passwords, this won’t include any information on which sites have been compromised, but it will tell you how often the password itself has appeared in data breaches.

    It’s possible that, if you use a fairly common or insecure password, that other people use the same password, too. Users with “password123” or similarly poor passwords, take note and change immediately.

    Breaches you were pwned in window

    For email addresses, HIBP will provide you with a little bit more detail. This includes extra information on which sites or breaches the email address was detected. For security reasons, information on certain breaches is limited.

    If you want to be informed of any future data breaches, click Notify Me at the top of the HIBP website. You’ll then receive an email notification whenever your email address is detected in future leaks.


    While Have I Been Pwned provides a fairly basic search for emails and passwords, the DeHashed data breach search engine is far more powerful. Not only does it allow you to search for emails and passwords, but it also lets you check for any kind of data, including your name or phone number.

    With over 11 billion records, it has a wider set of searchable data for users. It supports powerful search arguments like wildcards or regex expressions. There’s also a list of breached sites you can check first, with over 24,000 searchable databases.

    DeHashed directory search

    Like HIBP, DeHashed is completely free to use, although certain results are censored on the free plan. If you want complete access to the DeHashed database, it’ll cost you $1.99 for a single day, $3.49 for seven days, or $9.99 for 30 days.

    • To use DeHashed, type your search data into the prominent search bar on the main DeHashed site page. This could be an email address, name, phone number, password, or other sensitive data. Click Search to begin the search.
    DeHashed search page
    • DeHashed will provide a list of matching results on a typical search page. Censored results will be marked, and you’ll need to be logged in with a relevant subscription to be able to view these. You’ll also need a subscription to view extra detail about any breaches.
    DeHashed results page
    • If you want to know if a particular website has featured in a breach, head to the DeHashed breach list, click Ctrl + F, and type your domain name. This should, in most modern web browsers, allow you to search the page for any matching results.
    DeHashed breach list

    While it costs extra for unrestricted searches, DeHashed provides a wider set of data for you to search for breaches. 

    BreachAlarm [discontinued]

    If DeHashed is a little too complicated for you to use, then BreachAlarm is another single-search service that works similar to Have I Been Pwned. It’s a much more limited service, with over 900 million email accounts listed in the various breach databases it holds.

    BreachAlarm is easy to use, with an easy-to-read breach list that users can check and, like HIBP and DeHashed, a search engine for you to use to check your data. There’s also a data breach search for businesses to use, which lets you search for any mention of a related domain name.

    • To use BreachAlarm, head to either the home search or the business search (accessible from the site’s top menu). In the search bar, type either your email address or domain name, then click Check Now to begin the search.
    Check Now search bar
    • For your protection, BreachAlarm will only provide results about any potential matches to the email address you provide. Click to confirm the CAPTCHA, then accept the terms by clicking I Understand.
    I'm not a robot captcha checkbox and I Understand button
    • Once accepted, BreachAlarm will provide you with a quick rundown on whether your information has been found in previous data breaches. Check your email address for more information but, if you want to receive updates on future breaches, click Active Email Watchdog for Free in the pop-up window.
    Password compromised alert

    The emailed results will include the date your email address was compromised, but it won’t provide you with information on where the data breach occurred. For further information, you’ll need to use one of the other services listed.

    Keeping Your Data Safe Online

    There isn’t a foolproof way to keep your data safe from data breaches. Every time you register your details with any kind of online service, that data is given away and might be compromised in the future. 

    To stay as safe as possible, you should also consider using a password manager like LastPass or Dashlane to help you generate secure passwords for each of your accounts. Be sure to also check services like these regularly to stay informed of any new data breaches that occur.