Pwned Passwords

Check if your password has appeared in known data breaches

Good news — no pwnage found!

This password wasn't found in any of the Pwned Passwords loaded into Have I Been Pwned. That doesn't necessarily mean it's a good password, merely that it's not indexed on this site.

Oh no — pwned!

This password has been seen 0 times before in data breaches!

This password has previously appeared in a data breach and should never be used. If you've ever used it anywhere before, change it immediately!

Why check for pwned passwords?

Password reuse is extremely common and puts your accounts at risk. When credentials are exposed in data breaches, attackers can use these known email and password combinations to access your other accounts.

NIST guidelines specifically recommend checking user passwords against previously breached datasets. This service provides a simple, secure way to comply with these guidelines.

The dangers of password reuse

Credential Stuffing

Attackers automate login attempts using leaked credentials from other sites, exploiting password reuse habits.

Data Breaches

Large-scale breaches expose millions of passwords, which are often used across multiple services.

Password Patterns

Even when users modify passwords between sites, attackers can easily predict common patterns.

Reliable Service Performance

13B+

Monthly Requests

>99.9%

Cache Hit Ratio

335

Edge Locations

Globally Distributed Performance

Our password checking service handles over 13 billion requests monthly, delivered through Cloudflare's global network for high availability.

With a cache hit ratio over 99.9%, the service provides lightning-fast responses regardless of your location, ensuring a seamless experience when checking password security.

The service is delivered via 335 edge locations distributed across 125+ countries, minimising latency for users worldwide.

Cloudflare Edge Locations Map

API & Integration

API Access

Integrate Pwned Passwords into your own applications with our freely available API. Prevent users from selecting vulnerable passwords and improve your security posture.

View API Documentation

Download & Integrate

The best way to get the most up-to-date passwords is via the API. Alternatively, use the free and open source Pwned Passwords downloader to take the entire corpus offline and run it yourself.

Access on GitHub

Partners

Cloudflare

Powered by Cloudflare

The Pwned Passwords service is made possible by Cloudflare's generous support. They provide the global infrastructure to serve billions of requests securely and efficiently.

Learn More
1Password

Password Management

Use a password manager to generate and store strong, unique passwords for all your accounts. 1Password helps protect your data with industry-leading security.

Start using 1Password

Support This Service

Have I Been Pwned is a free resource for the entire community. If you find this service valuable, please consider supporting it with a donation.

Donate