Help Guides

How do I check if my email has been in a data breach?

Data breaches happen all the time, usually through no fault of yours. Checking whether your email has been caught up in one is quick, free, and safe, and the fix is simpler than most people expect.

Quick Answer

Visit haveibeenpwned.com (it is safe), enter your email address, and click "pwned?". If any breaches come up, change your password on those sites, change it anywhere else you reuse the same password, and turn on two-factor authentication on your important accounts.

Worried you might have been hacked? Please do not feel silly. This is common and we help people through it all the time. Give us a call.

Work through these in order

1

Visit haveibeenpwned.com

Open your web browser and type haveibeenpwned.com into the address bar. Make sure you type it exactly, and check the address bar shows a padlock symbol. This is a well-known and legitimate site run by a respected security researcher named Troy Hunt. It is completely free and does not ask for any personal details beyond your email address. The site is used by security teams at Microsoft, the FBI, and governments around the world. It is safe to use.

2

Enter your email address

On the homepage, you will see a large box that says "Your email address". Type in the email address you want to check and click "pwned?". The site will search through public records of data breaches to see if your email has ever been caught up in one. This takes a few seconds.

3

Read the results carefully

If you get a green screen saying "Good news", your email has not appeared in any known breach. If you get a red screen saying "Oh no, pwned!", your email has been caught up in one or more data breaches. Scroll down the page to see which websites were breached, when, and what kind of data was exposed (usually passwords, email addresses, sometimes phone numbers or security questions). Do not panic. Being in a breach is common and does not mean someone has already used your account.

Would you rather we handled this?

We take care of this during visits across Ajax, Pickering, Whitby and Oshawa. One visit, flat fee, no jargon.

Book a Visit
4

Change the passwords for any affected accounts

For each breached website in the list, log in to that website directly and change your password to something new and strong. Do not reuse the old one. If you use the same password on other websites, change it there too, because attackers will almost certainly try it elsewhere. Our strong password guide covers what a good password looks like, and our password manager guide explains how to keep track of them without having to remember each one.

5

Turn on two-factor authentication

The single most effective thing you can do after a breach is turn on two-factor authentication (sometimes called 2FA) on your email, bank, and any account with payment details. This means that even if an attacker learns your password, they still cannot get in without also having your phone. Our two-factor guide walks through setup. This one change is worth more than changing every password on its own.

6

Subscribe to notifications for your email

While you are on haveibeenpwned.com, click "Notify me" in the top menu and enter your email again. From then on, if your email appears in any new breach in the future, the site will email you automatically so you can act quickly. This is free, safe, and one of the most useful things you can set up in the whole process.

Why this matters

When a website gets hacked, the attackers usually walk away with a big list of email addresses and passwords. They then try those combinations on other websites (email providers, banks, shopping sites) on the assumption that people reuse passwords. This is how most "hacked" accounts actually happen. Checking whether your email is in any known breach tells you which passwords you need to change urgently.

When to call us instead

Call us if the breach check came up with a long list and you are feeling overwhelmed, if you are not sure how to change passwords on specific sites, or if you want someone to go through the whole thing with you calmly. This is exactly what our online safety tuneup covers, and if you suspect an account has actually been accessed, our hacked account guide covers the emergency steps. We help people in Ajax, Pickering, Whitby and Oshawa through this every week.

Get help today

We run breach checks, lock down accounts, and set up two-factor across Durham Region. Calm, patient, no lectures.

Get Help Today

Related guides

FAQ

Common questions about data breaches

Is haveibeenpwned.com safe to use?

Yes. It is run by Troy Hunt, a respected security researcher, and is used by Microsoft, the FBI and government agencies. It never asks for your password, only your email address, and it never contacts you unless you explicitly sign up for notifications. We recommend it to our customers.

My email shows up in several breaches. Does that mean I am hacked?

Not necessarily. It means your email and some information (often a password) was exposed at some point in the past. Whether anyone actually used it depends on whether you changed the password afterwards. Changing any reused passwords and turning on two-factor authentication is the right response, and after that you are safe even if your details are still floating around on the dark web.

Should I pay for a data breach monitoring service?

Usually not. Haveibeenpwned.com is free, reliable, and sends you notifications automatically. Paid services mostly just repackage the same information with a fancier interface. Spend the money on a good password manager instead if you want to upgrade your security.

Worried your email has been breached?

We will check it calmly and help you lock things down, right across Durham Region.

Request a Visit Call 289-278-EASY