Find the Right Plan

From quick email searches to large-scale domain monitoring and high-throughput APIs, choose a plan that fits how you use HIBP.

Choose Your Plan

Three tiers designed for different needs: Core for direct email search and monitoring your own domains, Pro for direct and k-anonymity email search plus monitoring your own and your customers’ domains, and High RPM for high-volume, high-throughput email searching.

Free:

Core

Search email addresses on your own domains. Simple API access for direct email search.

From $4.39
Per month, paid annually
See Core plans
New

Pro

Search across your own and your customers’ domains. Includes k-anonymity email search.

From $379
Per month, paid annually
See Pro plans

High RPM

High-throughput API for fast email searches. Supports k-anonymity email search.

From $1,150
Per month, paid annually
See High RPM plans

‡ Max domains only counts domains with more than 10 breached addresses.

Core Plans

Core provides straightforward access to search for breached email addresses across your own domains. It’s designed for simple, direct email lookups via the API with domain monitoring capabilities. Ideal for organisations that want visibility into their own exposure without additional complexity.

Save up to 17% with annual billing
Plan RPM Max Domain Size † Max Domains ‡ Price
Core 1
 10 25 breached addresses 1 domain
$4.39
per month 		Subscribe
Core 2
 50 100 breached addresses 3 domains
$21.59
per month 		Subscribe
Core 3
 100 500 breached addresses 5 domains
$36.99
per month 		Subscribe
Core 4
 500 Unlimited 10 domains
$159
per month 		Subscribe
Core 5
 1,000 Unlimited 20 domains
$319
per month 		Subscribe

† Domain sizes are measured by the number of breached addresses on the domain, that is the number of unique email addresses on the domain that have appeared in data breaches. Always add domains to your dashboard before choosing a Core subscription to ensure the correct size is chosen.

‡ Max domains only counts domains with more than 10 breached addresses.

Pro Plans New

Pro expands on Core by enabling monitoring across both your own and your customers’ domains. It adds k-anonymity email search along with features to manage domains at scale, making it well suited to enterprises and MSPs. This tier is built for broader visibility and operational use across multiple organisations.

Save up to 19% with annual billing
Plan Email RPM Max Domains ‡ Price
Pro 1
 1,000 50 domains
$379
per month 		Subscribe
Pro 2
 2,000 100 domains
$699
per month 		Subscribe
Pro 3
 4,000 200 domains
$1,299
per month 		Subscribe
Pro 4
 8,000 400 domains
$2,499
per month 		Subscribe
Pro 5
 16,000 800 domains
$4,599
per month 		Subscribe

‡ Max domains only counts domains with more than 10 breached addresses.

High RPM Plans

High RPM is designed for high-volume API usage focused on fast, scalable email address searches. It supports both direct and k-anonymity email search with significantly higher throughput limits. This tier is ideal for use cases that prioritise performance and large-scale querying over domain-based monitoring.

Save up to 17% with annual billing
Plan Email RPM Price
High RPM 4000
 4,000
$1,150
per month 		Subscribe
High RPM 8000
 8,000
$2,299
per month 		Subscribe
High RPM 12000
 12,000
$3,449
per month 		Subscribe
High RPM 16000
 16,000
$4,333
per month 		Subscribe
High RPM 24000
 24,000
$5,833
per month 		Subscribe

Need Enterprise-Grade Services?

Enterprise gives you full flexibility with everything in the public plans plus white-label deployment, real-time breach callbacks and no API rate limits. It also includes invoiced billing, custom documentation, support for security and procurement reviews, and dedicated support to help you integrate and operate at scale.

Frequently Asked Questions

This is the number of unique email addresses on your domain that have appeared in known data breaches. For example, if 50 addresses ending in @example.com are found in breach data, your domain has 50 breached email addresses. This is not the total number of email accounts or employees in your organisation, only those exposed in breaches. You can freely check your domain's breach count at any time by adding it to your dashboard.

Core is designed for searching breached email addresses and monitoring your own domains. It supports direct email search via the API and lets you track breaches affecting domains you control. Pro includes everything in Core, plus support for monitoring customer domains, k-anonymity email search for improved privacy, bulk domain enrolment, auto subdomain verification and access to stealer log data. It’s designed for organisations and MSPs managing domains at scale or on behalf of others.

You’ll need a Pro plan. Core is intended for monitoring domains you control yourself and does not permit use on behalf of third parties under the terms of use. Pro is designed for MSPs and organisations managing customer domains, with support for customer domain monitoring, bulk domain enrolment and automated verification, along with k-anonymity email search and access to stealer log data for working at scale.

Each plan includes a limit on the number of domains you can monitor. If you exceed this limit, you won’t be able to search any domains until you either upgrade to a higher-tier plan or remove domains to return within your allowance. Some plans also include a limit on the size of each domain, based on the number of breached email addresses it contains. If a domain exceeds this limit, you won’t be able to search that domain unless you upgrade to a plan that supports larger domains.

Yes, you can upgrade to a Pro or High RPM plan at any time via the Subscription link on your dashboard. When you upgrade, any unused portion of your current subscription is applied as a prorated credit towards the new plan, so you only pay the difference.