Have I Been Pwned

Have I Been Pwned is a free data breach notification service created by Microsoft regional director and security expert Troy Hunt in 2013, maintaining a comprehensive database of billions of leaked account credentials from hundreds of known data breaches, enabling individuals and organizations to check whether their email addresses, phone numbers, and passwords have been exposed in security incidents and take appropriate protective actions such as changing compromised credentials. The breach database catalogs major data breaches including the Collection number one leak of seven hundred seventy-three million email and password combinations, the LinkedIn breach of one hundred sixty-four million accounts, the Adobe breach of one hundred fifty-three million accounts, the Dropbox breach, the MySpace breach, and hundreds of other incidents, with each breach entry documenting the incident date, number of compromised accounts, types of data exposed such as email addresses, passwords, names, dates of birth, physical addresses, phone numbers, and the attack method. The email search accepts a single email address and returns all known breach exposures associated with that address, without revealing the specific compromised data publicly, protecting user privacy while informing them of risk. The password search uses a privacy-preserving k-anonymity model that sends only the first five characters of a SHA-1 hash to the API, receiving a list of matching hash suffixes to check locally, ensuring the full password is never transmitted. The domain monitoring feature alerts domain owners when email addresses on their domains appear in new breaches. The notification system sends automated alerts when monitored addresses appear in future breaches. The API enables integration into security workflows and password managers. Designed for individuals, IT administrators, and security professionals.