Has your email been in a data breach?
Type your email below and we’ll instantly check it against 800+ confirmed UK and global data breaches — covering billions of leaked records. You’ll see exactly which breaches your email appeared in, what was exposed, your risk score, and what to do next.
Drop your email in the box below — we check it against 800+ confirmed breaches and show your full risk report in under a second.
Quick Answers
How do I check if my email has been hacked?
Type your email into the checker above — it’s free, no signup. We compare your address against billions of records from 800+ verified UK and global data breaches and show you exactly which sites leaked your data, what was exposed, when it happened, and your overall risk score.
Is my email on the dark web?
If your email has appeared in a known data breach, it has almost certainly been resold on dark-web markets and pastebin-style dump sites. Our checker tells you which breaches it appeared in and whether your data has been seen on public paste sites.
How can I check if my password has been leaked?
If our breach checker shows your email was exposed in a breach where “Passwords” is listed in the leaked data, you should assume the password you used on that site is now public. Change it everywhere you’ve reused it, and turn on multi-factor authentication.
Will checking my email expose me to more risk?
No. We hash your email server-side using SHA-256 before logging anything, and we never share your address with anyone. The breach data we check against is already public — looking at it doesn’t put you at any additional risk.
Is this the same as Have I Been Pwned?
Both services are excellent and we recommend cross-checking with HaveIBeenPwned. We use the XposedOrNot breach database, which has overlapping but not identical coverage and includes some breaches HIBP doesn’t. Together they give you the most complete picture.
My company email is breached — what do I do?
If your work email appears in this report, your employer may be at risk too. Tell your IT team or security officer immediately, change any reused passwords, and turn on MFA on all work systems. UK businesses should consider Managed Detection & Response and Cyber Essentials certification.
What our UK email breach checker does
The Connection Technologies email breach checker is a free, UK-built security tool that compares your email address against a continuously updated database of more than 800 verified data breaches — covering everything from massive incidents like LinkedIn and Adobe to smaller, lesser-known leaks. In total the database holds over 12 billion exposed records.
When you check your email, you don’t just get a yes/no answer. You get a full breach history including:
Every breach your email appears in
The full list, by name and year — from the 2009 RockYou leak through to the latest 2024-2025 incidents — sorted newest first.
What was exposed in each one
Passwords, names, phone numbers, IP addresses, physical addresses, dates of birth, payment data — every category leaked is listed for each breach.
Your overall risk score
A weighted Low / Medium / High / Critical rating that takes into account how many breaches you’re in, what was leaked, and how recent the exposures are.
Tailored next steps
Specific actions based on what was exposed — change reused passwords, watch for phishing, monitor your bank statements, get MFA set up, and more.
Year-by-year breach history
See the year of your first breach exposure and your most recent — useful for understanding your historical risk pattern.
Affected industries
See which sectors leaked your data — finance, healthcare, retail, telecoms, social media — so you know where to tighten up your account security first.
How to read your email-breach check results
Your results page is split into three parts — read them in order, top to bottom:
The headline summary card
A coloured banner at the top tells you the overall picture in one glance: green = no breaches found, amber = low risk (1-2 breaches), orange = medium risk (3-4 breaches), red = high risk (5+ breaches), dark red = critical (10+ breaches). The card also shows your total breach count, paste count, and risk label.
Your tailored next steps
Below the headline you’ll see a list of recommendations — each one is specifically tailored to what was exposed in your breaches. If passwords leaked, you’ll see “change every password you reuse”. If financial data leaked, you’ll see “monitor your bank statements”. Don’t skip these — they’re the most important part of the report.
The breach detail list
Every breach your email appeared in, listed in reverse chronological order. Each entry shows the breach name, year, total records exposed, what data leaked, and a short description of what happened. Use this to identify accounts you may have forgotten about and need to secure (or close).
Email breach risk levels explained
Our checker classifies your overall risk into four bands. Here’s what each band means and how worried you should be:
1-2 breaches, older data
You should still take action — change reused passwords and turn on MFA — but you’re in a relatively safe position.
3-4 breaches, mixed data
Your email is in active criminal databases. Treat any password from these sites as compromised. Audit your accounts.
5-9 breaches, recent activity
You’re a credential-stuffing target. Move to a password manager today, MFA everywhere, and monitor for phishing.
10+ breaches, sensitive data
Significant exposure. Consider identity-monitoring, freeze your credit file at the major UK bureaus, and review every account.
What to do if your email has been in a data breach
Don’t panic. A breach result doesn’t mean your accounts are currently being attacked — it means data linked to your email has been leaked at some point. The right response is methodical, not frantic. Work through these eight steps in order:
Identify which password you used on each breached site
Look at the breach list. For any site where “Passwords” is in the exposed-data column, write down which password you used (or last used). If you can’t remember, assume you used a password you’ve reused elsewhere.
Change that password — everywhere you’ve reused it
This is the single most important step. Credential stuffing is when attackers take leaked email/password combos and try them on hundreds of other sites. Reused passwords are the #1 cause of account takeover in the UK. If you used the same password on, say, your old MySpace account and on your current Gmail — change Gmail today.
Move to a password manager
The fix isn’t “use a stronger password”. It’s “use a unique password for every account”. A password manager (1Password, Bitwarden, Apple Passwords, Google Password Manager) generates and remembers them for you. Most are free for personal use.
Turn on multi-factor authentication (MFA) on every important account
MFA blocks 99% of credential-stuffing attacks even if a hacker has your password. Prioritise: email account, banking, work accounts, social media (Facebook/Instagram/Twitter/LinkedIn), Apple ID / Google account, and any account that holds payment data.
Watch for phishing for the next 90 days
Once your details are in criminal hands, you’ll see an uptick in phishing emails — fake delivery notices, fake “your account has been compromised” alerts, fake password-reset links. Treat any unexpected email asking you to click a link or log in as suspicious until you can verify it independently.
If financial data was exposed, monitor your bank account weekly
For 6 months after a breach involving payment or banking data, check your statements every week for unfamiliar transactions. Most UK banks let you turn on instant transaction alerts via push notification — switch them on.
If a work email was breached, tell your IT team today
Don’t wait. Your employer needs to know so they can rotate your work credentials, audit which systems you can access, and watch for signs of compromise. UK GDPR also requires data-breach notification to the ICO within 72 hours in some cases.
Re-run this check every 3-6 months
New breaches are added to the database regularly. Bookmark this page and re-check your most-used email addresses every quarter to stay on top of new exposures.
UK business owner? Get your team breach-proof from £103/month
Connection Technologies provides Cyber Essentials certification, 24/7 Managed Detection & Response (MDR) and SIEM monitoring for UK businesses. The same controls that block 80% of attacks like the ones in this breach database.
What types of data get exposed in email breaches?
Every breach is different, and the impact on you depends entirely on what was leaked. Here are the most common categories of data exposed in the breaches we track — and the real-world consequences of each:
Email addresses + passwords
The most common combination. Even if the password was hashed, weak hashes (MD5, SHA-1, unsalted) can be cracked in seconds with modern GPU clusters. Once cracked, your email/password pair is fed into credential-stuffing tools that try the combo on banks, email providers, social media, and crypto exchanges. This is how 80% of UK account takeovers start.
Names, addresses, dates of birth
The “trinity” of identity-theft data. With a name, postal address and date of birth, fraudsters can apply for loans in your name, bypass bank security questions, hijack your mobile number through SIM-swap, and impersonate you to government services. Combined with a leaked email, this is the foundation of most modern UK identity fraud cases.
Phone numbers
Leaked phone numbers feed two attack types: (1) SMS phishing (smishing) — scam texts pretending to be from your bank, HMRC, Royal Mail, etc. — and (2) SIM-swap attacks, where the attacker convinces your mobile provider to transfer your number to their SIM, intercepting MFA codes. Use our UK Phone Number Checker to identify suspicious incoming calls.
Payment card data
If a breach exposed full or partial card numbers, expiry dates and CVVs, your card is at immediate risk. Most banks will replace the card free of charge if you call and tell them. Even partial card data (last 4 digits) is dangerous — it’s enough to bypass some “verify your card” challenges.
Physical addresses, geo-locations, IP addresses
Used for targeted phishing (“Hi, your delivery to [your address] is delayed…”), package theft, and to build profiles for social-engineering attacks. A leaked IP address can be cross-referenced with public ISP records to estimate your physical location even when no street address was leaked.
Security question answers
This is one of the worst possible leaks. If a breach exposed your “mother’s maiden name”, “first pet’s name”, or “high school” answers, those answers are now public for every other site you’ve used the same security questions on. The fix: never use real answers to security questions. Use random strings stored in your password manager.
Hashed passwords (different risk levels)
Not all hashed passwords are equal. Modern hashes (bcrypt, Argon2, scrypt with proper salting) are still very hard to crack even when leaked. Older hashes (unsalted MD5, SHA-1) are essentially equivalent to plaintext — they can be cracked in seconds. Our breach detail page shows the password risk level for each breach so you know how urgently to act.
Major UK-relevant data breaches you should know about
Here are some of the largest data breaches affecting UK users in recent memory. Run your email through the checker above to see if you appear in any of these — or in any of the other 800+ breaches we track:
| Breach | Year | Records exposed | What was leaked |
|---|---|---|---|
| LinkedIn (scraped) | 2021 | 700M | Email, name, location, employment history, phone numbers |
| Facebook (scraped) | 2019 | 533M | Phone number, name, gender, location, relationship status |
| MyHeritage | 2017 | 92M | Email + bcrypt password hash |
| Adobe | 2013 | 153M | Email, encrypted password, password hint (often plaintext) |
| LinkedIn (original) | 2012 | 164M | Email + unsalted SHA-1 password (mostly cracked) |
| Yahoo | 2013-14 | 3 billion | Email, name, DOB, password hash, security questions |
| RockYou | 2009 | 32M | Email + plaintext passwords (foundational breach) |
| Collection #1-5 | 2019 | 2.7 billion | Combined credential-stuffing dataset of email+password pairs |
| BT (Cisco breach affecting BT) | 2024 | tens of millions | Customer support data including email, name, partial account info |
| Three UK | 2016 | 133K UK customers | Names, addresses, account info — accessed by fraudsters |
| TalkTalk | 2015 | 157K UK customers | Name, address, DOB, partial bank details, email |
| British Airways | 2018 | 429K UK customers | Full payment card data including CVV — landed BA a £20M ICO fine |
| Equifax | 2017 | 147M (15M UK) | Name, DOB, address, credit-history details, partial card data |
| Marriott / Starwood | 2018 | 383M | Passport numbers, email, payment cards, travel records |
| Dropbox | 2012 | 68M | Email + bcrypt hash |
| MyFitnessPal | 2018 | 144M | Email + SHA-1 password hash (mostly cracked) + username |
If your email appears in even one of these, change the password you used on that site (and any site where you reused it) and turn on MFA. If you appear in many, your email is in active credential-stuffing rotation — treat every account as needing immediate password rotation and MFA setup.
How to protect yourself from future email data breaches
You can’t undo a leaked password — but you can stop the same leak ever damaging you again. Five rules to live by:
1. Use a unique password for every account
If you remember only one thing from this page, make it this. Password reuse turns one breach into ten. A password manager (free for personal use) generates strong unique passwords and types them in for you — most users find it actually easier than remembering passwords.
2. Turn on multi-factor authentication everywhere it’s offered
MFA is the #1 control that stops breached credentials being used against you. Authenticator apps (Google Authenticator, Microsoft Authenticator, Authy, 1Password) are stronger than SMS codes — but SMS MFA is still vastly better than no MFA at all.
3. Use email aliases for sign-ups
Services like Apple’s Hide My Email, Firefox Relay, SimpleLogin and DuckDuckGo Email Protection let you create a unique alias for every site you sign up to. If one alias gets breached, you delete it — your real email is never exposed. Apple’s version is built into iOS and free.
4. Treat every “verify your account” email as suspicious
The single biggest post-breach attack is phishing. If you get an email from your bank, your employer, Royal Mail, HMRC, etc. asking you to click a link to verify or update something — don’t click. Open a new browser tab and log into the service directly. If they really need to tell you something, it’ll be in your normal account dashboard.
5. Re-check your email every 3-6 months
New breaches are added to our database monthly. Bookmark this page and re-run a check on each of your active email addresses every quarter. Tick the “email me my report” box and we’ll send a fresh copy to your inbox each time.
For UK businesses: this is just the start
If your work email shows up in this checker, the implications go beyond your personal accounts. A breached work email can be used to:
- Send phishing emails to your colleagues that look like they came from you
- Bypass corporate spam filters because the sender is in the address book
- Impersonate you for invoice fraud (the most common UK SME loss — £200K+ average)
- Recon your company’s email-naming convention to target other staff
- Re-use leaked passwords against your company VPN, Microsoft 365 or Google Workspace
The fix for businesses isn’t a single tool — it’s a layered defence. Connection Technologies provides three services that work together to neutralise the breached-email attack chain:
Cyber Essentials & Plus
The UK government’s baseline security standard. Five controls — including MFA, patching and access control — that block 80% of common attacks. From £103/month.
Managed Detection & Response (MDR)
24/7/365 human-led threat hunting on your endpoints, email and cloud. We see the credential-stuffing attempt before it succeeds and shut down the attacker session.
SIEM Security Monitoring
Centralised log analysis across all your IT systems. Surfaces the early-warning signs (impossible-travel logins, mass password-spray, anomalous downloads) that breaches start with.
Business IT Support
UK-based help desk that handles password resets, MFA enrolment, and post-breach account lockdown for your team — fast, on the phone, no scripts.
Get a free cyber-security quote in under 5 minutes
Tell us about your business and we’ll send a tailored quote across MDR, Cyber Essentials, SIEM and IT Support — no commitment, no pushy sales.
Frequently Asked Questions
Is the email breach checker really free?
Yes — completely free, with no signup required. We don’t ask for your name, phone number or any personal details. The only optional step is the “email me my report” tick box, which lets us send the report to your inbox and add you (with your consent) to our occasional UK cyber-security newsletter. You can unsubscribe in one click anytime.
How can I check if my email has been pwned for free in the UK?
Use the checker at the top of this page — it’s UK-built, free, and powered by the XposedOrNot breach database (800+ verified breaches, 12 billion records). For maximum coverage we also recommend cross-checking the same email at haveibeenpwned.com as the two databases overlap but aren’t identical.
What is the difference between an email breach and an email leak?
In practice the terms are used interchangeably — both refer to your email address (and usually a password or other personal data) appearing in a public dataset that came out of a third-party site being hacked. Strictly, a “breach” is the original incident at the affected company; a “leak” is when the stolen data is later published publicly. From your perspective the response is the same: change reused passwords, turn on MFA, watch for phishing.
How do I know if my email and password have been hacked together?
If our checker shows your email in a breach where “Passwords” is listed in the exposed-data column, you should assume the password you used on that site is now public. The breach detail also tells you whether the password was stored as plaintext, weak hash (MD5/SHA-1) or strong hash (bcrypt/Argon2). Plaintext and weak-hash passwords are immediate risks; strong-hash passwords are slower for attackers to crack but should still be changed.
Can I check someone else’s email address?
You can — the breach data is public, so checking any email address doesn’t expose them to additional risk. This is useful if you’re an IT or security professional auditing your team, or if you’re a parent / family member helping a less technical user check their accounts. Please don’t use this to harass or “out” people.
What does the risk score mean?
The risk score is a weighted summary of how exposed your email is. It takes into account the number of breaches, how recent they were, the type of data exposed (passwords and financial data weight higher than just email + name), and whether the passwords were strongly hashed. The score maps to four labels: Low (1-2 older breaches), Medium (3-4 breaches), High (5-9 breaches with sensitive data), Critical (10+ breaches or recent sensitive-data exposure).
What do I do if my work email is in a breach?
Tell your IT team or security officer immediately — don’t wait. They’ll need to: (1) rotate any work credentials you’ve reused from other sites, (2) check whether your account shows any signs of compromise (impossible-travel logins, unauthorised email rules, mass downloads), (3) decide whether the breach triggers an ICO notification under UK GDPR (it might if customer data could have been accessed). For UK businesses we recommend Cyber Essentials certification and 24/7 MDR — both substantially reduce the impact of breached credentials.
Will the company that breached my data tell me directly?
UK GDPR requires companies to notify affected users “without undue delay” if there’s a high risk to your rights and freedoms — but in practice many breaches are reported to the ICO without the affected users ever being individually emailed. Reasons range from “we don’t know exactly which users were affected” to “we don’t have your current email address”. A breach checker like this one is often how users find out their email was leaked years after the original incident.
Should I delete my email account if it’s been in many breaches?
Generally no. Deleting your email account would lock you out of every other service signed up with that address — and your data is already public, so deletion doesn’t help. The right response is: change reused passwords, turn on MFA on the email account itself (most important), and start using email aliases for any new sign-ups so future breaches don’t expose your real address.
How often is the breach database updated?
The XposedOrNot breach database we query is updated continuously as new breaches are confirmed and verified. We cache responses for 12 hours per email to be a good citizen of their API (they have a 1-request-per-second global rate limit) — so if you check the same email twice within 12 hours, you’ll see the same result. After 12 hours we re-fetch in case any new breaches have been added.
Is this GDPR-safe?
Yes. We hash your email server-side with SHA-256 before logging anything, so the audit log only contains an irreversible hash plus a masked display form (e.g. “j***@example.com”) for support purposes. Your raw email is only stored if you explicitly tick the opt-in box, in which case we record your consent IP and verbatim consent text for GDPR audit defensibility. You can unsubscribe in one click anytime via the link in any email we send you.
What if my email isn’t in any breach — am I safe?
You’re in a good position, but you’re not bulletproof. New breaches happen all the time and the breach databases only know about leaks that have been publicly disclosed. There are plenty of unreported / not-yet-disclosed breaches in criminal hands. Stay safe by: (1) using unique passwords per account (password manager), (2) turning on MFA everywhere, (3) treating unsolicited emails with suspicion, and (4) re-running this check every 3-6 months.
Why does my email show up in a breach for a site I never signed up to?
Three common reasons: (1) Scraped data — sites like LinkedIn and Facebook had public profile data scraped by bots and dumped on hacking forums. You don’t need to have been hacked, just to have had a profile. (2) Combo lists — credential-stuffing combo lists aggregate stolen email/password pairs from many breaches; your email may appear in one even if you’ve never visited the listed site. (3) Marketing-data brokers — some breaches are of data brokers who bought your email from a site you DID sign up to.
Does this work for company / domain-wide checks?
Not in this consumer-facing tool — it checks one email at a time. If you’re a UK business and want to check every staff email at your domain, talk to us about a domain-level audit as part of an MDR or Cyber Essentials engagement — we can run it as a one-off or build it into ongoing monitoring. Request a quote here.
Why are you offering a free tool — what’s the catch?
No catch. Connection Technologies is a UK telecoms and IT-services business — we make our money from Business IT Support, MDR, Cyber Essentials and our Hypercloud VoIP phone systems. Useful free tools (this one, our UK Phone Number Checker, our Coverage Checker) help potential customers find us when they need a serious cyber-security partner. That’s the entire business model.
Related guides & tools
UK Phone Number Checker
Free reverse-lookup for any UK phone number. Identify scam-prone ranges, see the Ofcom range holder, classify the number type.
Cyber Essentials & Plus
UK government baseline security standard. Certification from £103/month, full audit support included.
Managed Detection & Response
24/7 threat hunting and incident response — UK-based SOC, transparent pricing.
SIEM Security Monitoring
Centralised log analysis and security event correlation across your entire IT estate.