Quick Tip: Check If Your Info Was in a Data Breach, and What to Do Next
Your email login info might be in a data breach without you knowing. Here’s how to check, what it means, and what to do next to protect your accounts.
You can find out whether your email address has been part of any known data breaches by visiting HaveIBeenPwned.com. This free site, run by security expert Troy Hunt, checks your email against a database of nearly 15 billion compromised accounts from 893 breaches. If your email appears, it lists the known affected services and the data that was exposed (such as passwords, phone numbers, or addresses).
What Does It Mean To be “Pwned”?
To be "pwned" means your personal data, like your email address, passwords, or other private details, was stolen or exposed in a data breach. It’s a term that originally came from a typo of "owned," used in gaming and hacker culture to mean being defeated or taken over.
When you're pwned, it doesn't necessarily mean you've been directly hacked, but that your information was caught up in a breach of a service you use. That stolen data often ends up for sale on the dark web, making it easier for criminals to try to break into your accounts elsewhere, especially if you reuse passwords. That's why checking if you've been pwned helps you know when it's time to change passwords and secure your accounts before someone else tries to misuse your info.
The site has recently been updated to include dashboards, custom links for quick checks, and automatic alerts for future breaches.
If your email has been breached, here’s what to do:
Change your password immediately on the affected site. If you can remember it, it’s not a good password.
Delete old accounts you no longer use.
Stop reusing passwords across multiple websites.
Create strong, unique passwords using a password manager like 1Password or Bitwarden.
Use Two-Factor Authentication (2FA) app-based (like Authy) wherever possible for extra protection.
Use passwordless logins when available (via Google, Apple, etc.). Passwordless logins let you sign in using accounts like Google or Apple, and skip passwords entirely. They’re fast and secure, but tie access to that provider. Great for convenience, but protect that main account well.
Use passkeys [paid subs post] , a new secure login method that doesn’t require traditional passwords, supported by Apple, Google, and others. Passkeys enable secure logins using biometrics or a device PIN, eliminating the need to remember or worry about stolen passwords. They’re fast and safe, but not yet supported everywhere, and can be tricky across platforms.
As online threats evolve, so must your habits. Checking your email for breaches is a good start, but upgrading your login practices is the real key to staying safe.
Please Support My Work
I can’t do this work without your support. Please consider becoming a paid subscriber.