Free email breach check
Check if your email domain appears in public breach records.
Enter your email address. Only the domain portion (e.g. gmail.com) is checked — your full address is never sent to our server or stored. Results come from the public Have I Been Pwned breach catalogue.
Privacy note: only the domain portion of your email (e.g. gmail.com) is sent to our server. Your full email address stays in your browser.
What this check shows
This tool checks whether the domain of your email address has appeared in public breach records. For example, if you enter [email protected], we check whether example.com shows up in the public Have I Been Pwned database — meaning accounts using that domain were exposed in a known breach.
The result also shows recent high-profile breaches that exposed email addresses, so you can see which types of accounts are most at risk.
Why domain-only? Why not check my full email?
Sending your full email address to a third-party server creates unnecessary privacy risk. By checking only the domain, we can give you useful breach context without handling your personal address. For a check of your specific email address, use haveibeenpwned.com directly — it is a free, trusted service that uses k-anonymity to protect your address during the lookup.
What to do after finding a breach
If your email domain or specific address appeared in a breach: change the password on any affected site, use a unique password for each account, enable two-factor authentication where available, and watch for phishing attempts using information from the breach. A password manager makes it easier to maintain unique passwords across all your accounts.