Check If Your Passwords Have Been Leaked
Search billions of breach records to see if your passwords are compromised. We use k-anonymity to check your credentials without ever seeing your actual password.
Your password is hashed locally. Only a 5-character hash prefix is sent to our server. We never see or store your password.
How k-anonymity keeps your password safe
We never see your password. Here is how our privacy-preserving check works.
Your password is hashed locally
Your password never leaves your device in plain text. It is hashed using SHA-1 in your browser before any network request is made.
Only a partial hash is sent
We send only the first 5 characters of the hash to our server. This means we never see your full password hash and cannot reverse-engineer your password.
You check the results locally
We return all matching hashes with the same prefix. Your browser checks locally whether your full hash appears in the results. The match happens entirely on your device.
Why leaked passwords matter
A single leaked password can cascade into multiple compromised accounts.
Credential stuffing attacks
Hackers use leaked passwords to try logging into other services. If you reuse passwords, one breach can compromise all your accounts.
Password spraying
Attackers use commonly leaked passwords against large numbers of accounts. If your password appears in breach databases, you are a prime target.
Identity theft
Leaked passwords combined with email addresses give attackers a foothold into your digital life, potentially leading to financial fraud and identity theft.
Corporate breaches
Employees reusing personal passwords at work expose entire organizations. A single leaked credential can be the entry point for a major corporate breach.
Frequently Asked Questions
Stop using compromised passwords
Check your passwords against billions of breach records and get alerts when your credentials are exposed in new breaches.