Enter your password below to check if it has appeared in
known breaches and released on to the dark web.
FAQ
Common questions
Is it safe to type my real password here?
Yes. Your password is never transmitted to any server and is processed locally in your device's web browser.
How is the password checked?
Your password is never sent to our server. This tool uses SHA-1 hashing and the k-Anonymity model to ensure privacy when checking against known breaches. If your password has been breached, consider changing it immediately.
Why does a breached password matter?
Even without an associated email or username, a password appearing in a breach means that attackers know it has been used before. They can use it for credential stuffing attacks, trying the password across multiple accounts. If a password is frequently found in breaches, it is considered insecure and should be replaced.
What should I do if my password is breached?
If your password has been found in breaches, you should change it immediately, especially if you have reused it on multiple sites. Use a password manager to create strong, unique passwords for each account and enable multi-factor authentication (MFA) where possible to add an extra layer of security.