Have I Been Pwned?

Password Security with Passwarden

Length: 18

What Is Have I Been Pwned

Have I Been Pwned is a free resource for internet users to quickly assess if their online accounts have been “pwned” (compromised) in a data breach. It’s a neat and really simple service. All the data on this site is aggregated from security breaches occurring on various websites and internet services.


Have I Been Pwned helps victims of data breaches learn of the leak and have enough time to change their passwords. The site also serves a more global purpose — to highlight the severity of the risks of online attacks on today's internet. 

Where does Have I Been Pwned get the information of the breach?

Have I Been Pwned aggregates the info about password data breaches from all over the web. Some breaches are acknowledged by hackers, others are announced by attackers themselves. To verify the legitimacy of the leak, HIBP checks the following:


  1. Has the attacked service publicly acknowledged the breach?
  2. Does the data in the breach turn up in a Google search, indicating that it's just copied from another source, or is it unique?
  3. Are the structure and type of the information consistent with what you'd expect to see in such a breach?
  4. Have the attackers provided enough evidence to show the attack vector?
  5. Do the attackers have a track record of releasing breaches (or falsifying them)?

Why Check your Passwords
 with Have I Been Pwned

Data breaches are particularly dangerous for your security. In them, your passwords and corresponding email addresses are exposed, allowing anyone access to your personal and corporate emails. From there, an attacker can do whatever they want — from breaching your accounts that are linked to the address, to using it for spam purposes.

For this reason, it’s highly recommended to regularly check your email addresses using Have I Been Pwned to see if your passwords have been found in recent data breaches. And if a password has been compromised, make sure to change it on every service and site where you used it, ASAP.

Is it Safe to Use Have I Been Pwned?

It’s important to note that Have I Been Pwned is completely safe. When email addresses from a data leak are loaded into the Have I Been Pwned database, no corresponding usernames or passwords are loaded with them. 

User passwords are not stored in HIBP or Passwarden sites, neither can we see combinations of exposed usernames + email addresses. The breached email addresses of accounts are listed in Windows Azure table storage.

Generate Strong Passwords with Passwarden

Passwarden can generate unique, strong passwords (with a number of settings options), securely store them for you, and autofill them when necessary. Learn more about Passwarden password generating.

Generate, Protect, and Manage Passwords