How to Find Out If Your Email Was in a Data Breach
A step-by-step guide to checking whether your email address has appeared in a known data breach, understanding what was exposed, securing affected accounts, and setting up free alerts so you find out immediately next time.
Check if your email has appeared in a known breach
Most breaches are discovered months or years after they happen. The tools below check your address against billions of leaked records and return results instantly.
- Go to haveibeenpwned.com and enter your email address in the search bar
- The site checks your address against a database of over 13 billion compromised accounts across hundreds of known breaches
- If your address appears, you will see a list of breaches including the site name, date, and which data types were exposed
- No account is required and your email address is not stored by the service
- Check every address you use, including old or rarely used ones
- Bitwarden, 1Password, and Proton Pass all include breach monitoring across your saved accounts
- In Bitwarden: go to Reports, then Data Breach Report
- In 1Password: open Watchtower in the sidebar to see flagged accounts
- These tools check each individual account, not just your email, so they catch breaches tied to usernames or site-specific logins
- Note: Google's Dark Web Report was shut down in January 2026 and no longer sends breach alerts
Understand what was exposed and how serious it is
Not all breaches carry the same risk. Whether a leaked record is dangerous depends on what data was included, how old the breach is, and whether you reused the affected password elsewhere.
- Each HIBP result shows the breach name, the date it occurred, and the data classes exposed
- Verified breach means HIBP has confirmed the data is real, not fabricated or inflated
- Sensitive breach flags sites in categories considered more private, such as health data, financial accounts, or adult content
- Data classes like Passwords, Credit card numbers, or Government IDs are significantly more serious than Email addresses alone
- A breach from several years ago with no password data is low risk if you no longer use that service
- If only your email address was exposed: low immediate risk, but expect more targeted spam and phishing attempts
- If passwords were exposed: high risk, especially if you reused that password on any other account
- Passwords in breaches are usually hashed, but weak or commonly used passwords can be cracked within minutes using automated tools
- If financial data, a Social Security number, or a physical address was exposed: place a credit freeze at Equifax, Experian, and TransUnion to block new account openings in your name
Secure the affected accounts immediately
Speed matters here. If a password was leaked, assume it has already been tested against your other accounts. Automated tools do this within hours of a breach becoming public.
- Go to the affected site and change your password immediately, even if the breach is old
- Do not reuse the previous password anywhere
- If you used the same password on other accounts, change those too. A leaked password is automatically tested across thousands of other sites
- Use a password manager to generate a unique, random password for each account. Bitwarden is free, open source, and works across all devices
- Two-factor authentication (2FA) means a stolen password alone cannot access your account
- Go to the security settings of each affected account and enable 2FA
- Use an authenticator app such as Authy or the one built into your password manager rather than SMS where possible
- SMS codes can be intercepted. Authenticator apps generate codes locally and are more secure
- Prioritize your email account first. It controls password resets for everything else
- On Gmail: go to the bottom of the inbox and click Details to see recent sign-in locations and devices
- On most accounts: go to Settings, then Security, then Active sessions or Devices to revoke any you do not recognize
- Check your sent folder and inbox rules for anything you did not create. Attackers often set up forwarding rules quietly after gaining access
- If you find unauthorized access, change your password and 2FA method before signing out other sessions
Set up free alerts so you find out immediately next time
New breaches are added to public databases continuously. A one-time check is not enough. These tools will notify you automatically when your address appears in a newly discovered breach.
- Go to haveibeenpwned.com/NotifyMe and enter your email address
- HIBP will send you a notification email whenever your address appears in a newly added breach
- The service is free. No account is required, only email verification
- Subscribe each email address you use separately, including aliases and work addresses
- Notifications arrive quickly after a breach is processed, often the same day it becomes public
- Bitwarden, 1Password, and Proton Pass check your saved accounts against breach databases on an ongoing basis
- This covers individual site logins, not just your email address, so you get alerted even for accounts on services you had forgotten about
- 1Password Watchtower also flags weak passwords, reused passwords, and accounts where 2FA is available but not yet enabled
- Setting this up once means future breaches surface automatically without you needing to check manually
Finding your email in a breach does not mean your accounts have been accessed. It means the data was exposed by the company that stored it, which may have happened years before you found out. The risk level depends entirely on what was leaked and whether you have since changed the affected password. Completing Sections 1 and 3 (checking all your addresses and securing any accounts with exposed passwords) handles the most urgent part. Setting up notifications in Section 4 means you will not need to rely on news coverage or a company notification email to find out the next time your data is involved.