How to Check If Your Email Has Been Hacked (And What to Do)

Why Your Email Is Probably Already Compromised

This is not alarmism. It is statistics. As of 2026, over 16 billion email accounts have been exposed in data breaches worldwide. The average internet user has over 100 online accounts, and many of those services have been breached at some point. The mathematical reality is that most people's email addresses — and in many cases their passwords — are already circulating in breach databases.

The question is not whether your email has been exposed. The question is how many times, what data was included, and what you need to do about it.

This guide walks you through exactly how to check, what the results mean, and what actions to take depending on what you find.

Method 1: Have I Been Pwned (Free)

Have I Been Pwned (HIBP) is the gold standard for free breach checking. Created by security researcher Troy Hunt, it indexes data from known breaches and allows you to check if your email address appears in any of them.

How to Use It

• Go to haveibeenpwned.com
• Enter your email address in the search box
• Click "pwned?"
• Review the results

Understanding the Results

If your email has been found in breaches, HIBP will list each breach with:

• The breached service — which company was hacked
• The date of the breach — when the breach occurred
• The type of data exposed — which may include email addresses, passwords, phone numbers, IP addresses, dates of birth, and more
• The number of accounts affected — giving you a sense of the breach's scale

A typical result for a long-time internet user might show 5 to 15 breaches. Do not panic if you see a large number — what matters is what data was exposed and whether you have already addressed it.

Limitations of Have I Been Pwned

HIBP only includes breaches that have been publicly identified and catalogued. There are important gaps:

• Undisclosed breaches — many companies discover breaches but do not report them publicly for months or years
• Unreported breaches — some breaches are never publicly disclosed
• Dark web-only data — HIBP does not actively scan the dark web for new data dumps
• Recent breaches — there is a delay between when a breach occurs and when it appears in HIBP's database

HIBP is an excellent starting point but should not be your only check.

Method 2: Google Password Checkup (Free)

If you use Google Chrome and save passwords in your Google account, Chrome has a built-in password checkup feature.

How to Use It

• Open Chrome and go to passwords.google.com
• Click "Go to Password Checkup" or "Check passwords"
• Verify your identity
• Review the results

What It Checks

Google Password Checkup compares your saved passwords against a database of known breaches. It flags:

• Compromised passwords — passwords that have appeared in known data breaches
• Reused passwords — passwords you are using on multiple sites
• Weak passwords — passwords that are too short or too simple

This is particularly useful because it checks your actual passwords, not just your email address. Even if your email was not in a specific breach, your password might have been exposed through a different account that used the same password.

Limitations

This only works if you save passwords in Chrome. If you use a separate password manager, check that manager's breach monitoring feature instead. NordPass includes built-in breach monitoring that checks your stored credentials against known breach databases.

Method 3: Dark Web Monitoring (Paid — Recommended)

Free tools check known, catalogued breaches. Paid dark web monitoring services actively scan live dark web forums, closed marketplaces, and Telegram channels for your data in real time.

Why This Matters

The time gap between a breach occurring and appearing in public databases like HIBP can be months or years. During that gap, your data may be actively traded and exploited on the dark web. Real-time monitoring closes this gap.

Our Recommendation: MyDataRemoval

MyDataRemoval combines dark web monitoring with data broker removal. It scans dark web forums, paste sites, and underground marketplaces for your email addresses, passwords, and other personal information. When it finds a match, you receive an alert with details about what was found and where.

In our testing, MyDataRemoval detected two breach exposures that had not yet appeared in Have I Been Pwned — a data gap of approximately three months. For those three months, we would not have known about the exposure without active monitoring.

For a detailed look at how dark web monitoring works, read our dark web monitoring explainer. For our full evaluation of MyDataRemoval, see our MyDataRemoval review.

Method 4: Check for Signs of Active Compromise

Beyond database checks, there are warning signs that your email account itself may be actively compromised:

Check Your Sent Folder

Look for emails you did not send. Attackers often use compromised email accounts to send spam or phishing emails. Check your Sent folder and Trash for unfamiliar messages.

Check Account Recovery Settings

Go to your email account's security settings and verify:

• Recovery email addresses — are they all yours?
• Recovery phone numbers — are they all yours?
• Connected apps and third-party access — do you recognize all of them?

If you find unfamiliar recovery methods or connected apps, your account may be compromised.

Check Login Activity

Most email providers show recent login activity:

• Gmail: Go to the bottom of your inbox, click "Details" in the lower right corner
• Outlook: Go to account.microsoft.com, then Security, then Sign-in Activity
• Yahoo: Go to login.yahoo.com, then Recent Activity
• ProtonMail: Go to Settings, then Security, then Security Logs

Look for logins from unfamiliar locations, devices, or IP addresses. If you see a login from a country you have never visited, your account has likely been compromised.

Check Email Forwarding Rules

Sophisticated attackers set up email forwarding rules to silently copy your incoming email to their address. Check your email settings for any forwarding rules you did not create:

• Gmail: Settings, then "See all settings," then "Forwarding and POP/IMAP"
• Outlook: Settings, then "View all Outlook settings," then "Mail," then "Forwarding"

What to Do If Your Email Has Been Breached

The actions you take depend on what was exposed. Here is a prioritized response plan:

If Your Password Was Exposed

Priority: Immediate

• Change the password on the breached service immediately. Use your password manager to generate a strong, unique password.
• Change the password on any other account that used the same password. This is the most critical step. Credential stuffing attacks try your stolen password on hundreds of other services within hours.
• Enable 2FA on all affected accounts. This prevents future unauthorized access even if your new password is compromised. See our 2FA setup guide for step-by-step instructions.
• Check your password manager for reused passwords. NordPass and other password managers have audit features that identify password reuse across accounts. Fix every instance.

If Your Email Address Was Exposed (But Not Password)

Priority: High (but less urgent)

• Expect increased phishing attempts. Exposed email addresses are sold to spammers and phishers. Be extra cautious with emails that ask you to click links or provide information.
• Verify your email account security settings. Check recovery methods, connected apps, and login activity as described above.
• Consider email aliases. Services like Apple's Hide My Email or SimpleLogin let you create unique email addresses for each service, so a breach at one service does not expose your primary address.

If Financial Data Was Exposed

Priority: Critical

• Contact your bank immediately. Report the potential exposure and request enhanced monitoring or new account numbers.
• Freeze your credit with all three bureaus (US) or contact your national credit authority.
• Monitor your financial statements weekly for at least three months.
• Set up transaction alerts on all financial accounts for immediate notification of any charges.

If Personal Information Was Exposed (SSN, Address, Phone)

Priority: High

• Freeze your credit — this is the most effective protection against identity fraud.
• Sign up for data broker removal with MyDataRemoval to reduce your public information footprint.
• Enable enhanced monitoring on all financial and identity-related accounts.
• File an identity theft report at identitytheft.gov (US) if you suspect your SSN has been misused.

Preventing Future Breaches

You cannot prevent companies from being hacked, but you can minimize the impact:

Use Unique Passwords Everywhere

This is the single most effective prevention measure. If every account has a unique password, a breach at one service cannot compromise any other. Use NordPass or another password manager to make this effortless.

Enable 2FA on Every Account

Even if a password is exposed, 2FA blocks unauthorized access. This is your safety net.

Minimize Your Data Footprint

• Do not give services more information than they need
• Use email aliases for non-critical accounts
• Delete accounts you no longer use
• Use MyDataRemoval to remove your data from data brokers
• Consider which services truly need your real name, phone number, and address

Monitor Continuously

Set up notifications with Have I Been Pwned (free) for new breach alerts on your email address. Consider MyDataRemoval for real-time dark web monitoring that catches breaches before they appear in public databases.

Keep Software Updated

Many breaches exploit vulnerabilities in outdated software. Keep your operating system, browser, email app, and all other software up to date. Enable automatic updates where possible.

Frequently Asked Questions

How do I know if my email was hacked versus just part of a data breach?

A data breach means a company's database was stolen, and your email was in it. Your email account itself may not be compromised — the attackers have your email address (and possibly password) but may not have logged into your account. If your account was directly hacked, you would see unfamiliar login activity, sent emails you did not write, or changed settings.

Should I create a new email address if mine has been in multiple breaches?

Usually not necessary. Changing your email address is disruptive — you need to update every account that uses it. Instead, secure your existing email with a strong unique password and 2FA, and use email aliases for new accounts going forward.

How often should I check if my email has been breached?

Sign up for notifications at haveibeenpwned.com — you will be emailed automatically when your address appears in a new breach. For continuous monitoring, MyDataRemoval provides real-time alerts. There is no need to manually check regularly if you have notifications set up.

Can I find out who hacked my email?

In most cases, no. Data breaches are carried out by organized criminal groups and nation-state actors who are difficult to identify and prosecute. Focus on securing your accounts rather than identifying the attacker.

Is it safe to enter my email on Have I Been Pwned?

Yes. Have I Been Pwned is run by Troy Hunt, a respected and well-known security researcher. The service has been endorsed by multiple government cybersecurity agencies including the FBI and the UK's National Crime Agency. Your email is not stored when you search — it is only compared against the breach database.

What if I find my password in a breach but I already changed it?

If you have already changed the password on the affected account and every other account that used the same password, you are protected from that specific breach. Ensure 2FA is enabled as an additional safety net. The breach record will remain on HIBP permanently, but it does not indicate ongoing risk if you have already remediated.

My email provider says my account is secure. Should I still check?

Yes. Your email provider only knows about security events on their own platform. They do not know if your email and password were exposed in a breach at a completely different service. Third-party breach databases like HIBP and dark web monitoring services provide visibility that your email provider cannot.

The Bottom Line

Checking if your email has been compromised takes less than two minutes with free tools like Have I Been Pwned. If you find breaches — and statistically, you will — the response is straightforward: change affected passwords, enable 2FA, and set up ongoing monitoring.

For comprehensive protection, combine free tools (HIBP notifications) with paid monitoring (MyDataRemoval) and a password manager (NordPass). This stack gives you visibility into past breaches, real-time alerts for new ones, and the tools to respond quickly.

Do not wait for a suspicious charge or a locked account to discover you have been breached. Check today, fix what you find, and set up monitoring so you never have to wonder again.

Written by Thomas — NorwegianSpark SA. We test everything we recommend. Affiliate links are disclosed.