First, what a breach actually is

When a company you gave your email to gets hacked, the stolen customer list usually ends up traded or dumped online. That list might hold just email addresses, or emails plus passwords, phone numbers, home addresses — whatever the company kept. That's a data breach, and you don't have to do anything wrong to be in one. You just had an account at the wrong place at the wrong time.

Breaches are common enough that the question isn't really "was I in one?" It's "which ones, and what got out?"

How to check in 30 seconds

Use our free Exposure Scanner. Type in your email address and it checks the Have I Been Pwned database — the most complete public record of known breaches, run by a well-respected security researcher. You'll see which breaches included your address and what kinds of data each one leaked.

Two things worth knowing about that check: it doesn't require an account, and we don't log or store the address you enter — it's checked, answered, and discarded. That's a claim you can verify.

Reading your results without panicking

Not all breaches are equal. What matters is what leaked, not how many breaches you're in:

The three fixes that actually matter

1. Change the password — everywhere you used it

Change the password on the breached account, and on any other account where you used the same or a similar password. This single step closes off the most common way breach data gets used against people.

2. Turn on two-factor authentication

Two-factor authentication (2FA) means a stolen password alone isn't enough to get in. Turn it on for your email account first — whoever controls your email can reset everything else — then banking, then the rest. App-based codes beat text-message codes, but text-message 2FA still beats nothing.

3. Get a password manager, so this stops being a recurring problem

The reason breaches hurt is password reuse, and the realistic fix isn't "memorize 80 unique passwords" — it's a password manager that generates and remembers them for you. Set it up once, and the next breach you're in becomes a non-event: one throwaway password leaks, nothing else is touched.

What not to bother with

You'll see advice to buy identity-theft insurance, credit monitoring subscriptions, or "dark web scans" after a breach. Most of it sells fear back to you at a monthly rate. A credit freeze (free, at each credit bureau) does more than most paid monitoring if you're worried about identity theft — and the three fixes above do more than everything else combined.

Check yourself now

It takes half a minute: run the Exposure Scanner. If you want a plan for your whole setup — devices, accounts, the works — the Hardening Generator builds one around your answers, entirely in your browser.