Email Breach Checker
Check if your email address has appeared in known data breaches. Get a detailed risk assessment and recommendations to protect your accounts.
Breaches Found?
If your credentials have been exposed, it's time for a comprehensive security review. Our team can help secure your infrastructure.
About the Breach Checker
An email breach checker takes the email address you enter and looks it up against the UK and global breach corpora that have been published in the last decade. The corpora are aggregated from leaked credential dumps that attackers post to dark-web forums and that researchers index. If your address shows up in any of those dumps, the checker tells you which breach, when it was published, and what was exposed (typically email plus password hash, sometimes plus address, phone, or partial card data).
The first thing to understand is that a positive breach result is not your fault. Almost every UK business email lands in a breach corpus eventually, because the breaches are on third-party services you used (LinkedIn, Adobe, Dropbox, Canva, MyFitnessPal). The checker is for working out what to do next: which passwords to rotate, which accounts to enable MFA on, which credentials are still in active use that should not be.
What this tool will not tell you is whether the breach has been actively exploited against you. That requires a separate assessment of your account activity, your authentication logs, and your sign-in history. If you find your address in a breach and you are uncertain whether your accounts have been compromised, that is the conversation to have with your IT team or with us.
Common questions
Is the breach checker free to use?
Yes. The basic check is free and unlimited. You can run it for any email address you control. We do not store the addresses you check.
Does a breach result mean my account was hacked?
No. It means your email address appeared in a published breach corpus, usually because a third-party service you used was compromised. Whether your account was specifically targeted requires looking at your authentication logs.
What should I do if my email is in a breach?
Rotate the password on the breached service, rotate the password anywhere you reused it, and enable multi-factor authentication on every account that supports it. The reused-password check is the one most people skip.
How does this relate to Cyber Essentials?
Cyber Essentials requires that your password policy stops attackers using stolen credentials. MFA on key accounts and unique passwords per service are the controls. The breach checker is the warning that those controls need attention right now.
Beyond the free check
Cyber Essentials Certification
Government-backed certification covering password and account-management controls.
Learn more24/7 Threat Monitoring (MDR)
Continuous detection of credential theft and account-takeover activity beyond what a one-off check can spot.
Learn morePassword Security Checker
Test the strength of a candidate password before you set it on an account.
Learn more