How to Check If Your Email Was Hacked (Free Tools)
Affiliate disclosure: This article contains affiliate links. If you click a link and make a purchase, we may earn a commission at no extra cost to you. Our editorial recommendations are never influenced by commissions — read our full disclosure policy.
The Free Starting Point: Have I Been Pwned
Go to haveibeenpwned.com right now. Type in your email address. Click the button.
Have I Been Pwned was created by security researcher Troy Hunt and indexes breach data from thousands of publicly known data breaches. It is free, it does not store your search, and it tells you exactly which breaches contain your email.
If your email appears, you will see: the name of the breach, the date it occurred, and what data was included (email, password, phone number, etc.).
What the Results Mean
"Good news — no pwnage found." Your email has not appeared in any breach in Have I Been Pwned's database. This does not mean you are completely safe — not all breaches are indexed — but it is a good sign.
Your email appeared in 1-2 breaches from several years ago. Reasonably common. Check whether your password for those services is still used anywhere else, change it if so, and move on.
Your email appeared in 5+ breaches. Your data is widely distributed. Prioritise a password manager to ensure no password is reused, and consider setting up ongoing monitoring via a service like Aura or Dashlane's dark web monitoring.
Additional Free Tools
Firefox Monitor (monitor.firefox.com) — similar to Have I Been Pwned, operated by Mozilla. Offers ongoing alerts when your email appears in new breaches.
Google Account Dashboard — if you use Gmail, Google will show you any security events and can alert you to suspected account compromise.
Your email provider's security page — most major email providers (Gmail, Outlook, ProtonMail) show you recent login history and active sessions. Check for logins from unexpected locations.
Setting Up Ongoing Monitoring
Checking manually is better than not checking. Automated monitoring is better than manual.
Paid identity protection services like Aura and Dashlane Premium monitor breach databases continuously and alert you within minutes when your data appears. They also monitor the dark web — forums and marketplaces where stolen data is sold — which contains breach data before it becomes publicly known.
If your data has appeared in multiple breaches, this ongoing monitoring is worth the monthly cost.
The Password Manager Reminder
If any of your email addresses appear in breaches, the single most important action is installing a password manager and making sure no password is reused across sites. A breach of one site cannot cascade into a breach of everything else if every site has a unique password.
Reviewed by Thomas — NorwegianSpark SA.
Reviewed by Thomas — NorwegianSpark · Last updated: 1 April 2026