Want to find out if your personal data was exposed to hackers in a security breach? Have I Been Pwned is a safe and legitimate website that can tell you if any of your passwords are compromised. Not only can you search Have I Been Pwned to find out whether your email address, username, password, or other private information is floating around the dark web, you can also receive alerts if your accounts are found in future data breaches. This minHour article will show you how to safely search for your accounts on Have I Been Pwned,
Checking your Email Address
Type https://haveibeenpwned.com/ in your browser and hit ↵ Enter.
Enter your email address into the email address box.
Click pwned?.
This will search the database to see if your email address is in it.
- You can also press the key.
Review the results.
If your email address was found in a breach, then you will see red screen with the message saying, “Oh no – Pwned!” You can scroll down to see the list of data breaches and pasts that you were involved in.
- If your email address was not involved in a data breach, then you will see a green screen that says, “Good news – no pwnage found!”Just because your email address was not found does not necessarily mean that it was never involved in a data breach, it just means that it was not found in Have I Been Pwned.
- Just because your email address was not found does not necessarily mean that it was never involved in a data breach, it just means that it was not found in Have I Been Pwned.
- If you were involved in a breach, then you should change the password for the sites that it says that you were breached in and change the password anywhere else you used it if your password was also leaked in the breach.
- Note that sensitive data breaches won’t appear on this list. Sensitive breaches are breaches that you probably don’t want anybody to know that you’re in if you are in them (like the Ashley Madison breach). If you want to see sensitive breaches, then you will have to subscribe for notifications and click on the link in the verification email that you receive.
Subscribing for Notifications
Navigate to haveibeenpwned.com.
Click on the “Notify Me” tab near the top of the page.
Enter your email address into the box that says, “enter your email address”.
Complete the CAPTCHA.
Click on notify me of pwnage.
Go to your email inbox.
Have I Been Pwned will send a confirmation email to you with a link that you have to click in order to verify your email.
Open the email from Have I Been Pwned.
Click on the Verify my email button.
You may have to scroll down to see it.
Review the results.
After clicking on the verification link, you will be subscribed to receive emails if your email address is ever involved in a future data breach.
- You will also be able to see if you have been involved in any sensitive data breaches here. Sensitive data breaches are data breaches from sites that you probably don’t want anybody else to know about. For privacy reasons, these breaches will only show up on this page once you verify your email, they will not appear on the public search page.
Using Pwned Passwords
Navigate to haveibeenpwned.com/Passwords.
- You can also navigate to the home page, and then click on the “Passwords” tab at the top of the page.
Enter a password into the Password box.
Click pwned?.
Review the results.
If the password has appeared in a data breach, then a message will appear saying “Oh no – pwned!”, and it will tell you how many times it has appeared before. If the password has not appeared in a data breach, then a message will appear that says “Good news – no pwnage found!”.
- If a password that you use has been pwned, then you should not use it anymore and immediately change it anywhere you do use it.
- Just because a password wasn’t found in the Pwned Passwords database does not mean that it is a good password.
Tips
- You can opt-out of Have I Been Pwned by navigating to the Opt-out page and following the on-screen instructions.
- You can not find out what password was used for what email address and vice-versa. This is for security reasons, and the email addresses and passwords are not even stored together, so it would be impossible anyways.
- If you use 1Password, then all of your accounts and passwords are already checked through Have I Been Pwned with Watchtower.
Warnings
- If one of your passwords has been compromised, then don’t use that password anymore.
- If one of your accounts has been compromised, then you should immediately change the password for that account and change the password on any of you other accounts that use the same password.
Note: You should use a different password for every account that you use. You can use a password manager or book to help you remember all of them.