Data leaks: how to check if your personal data has been compromised

With the myriad of personal information leaks that occur each year, it’s not uncommon for your information to be available in databases for sale in dark corners of the Internet. Learn how to check if your account or password has been compromised here.

Apple and Google password managers offer the ability to regularly check accounts for known data breaches and compare them to your saved iOS/Safari or Android/Chrome logins and passwords. But that’s not the only way to increase the privacy of your accounts.

However, not all users use the tool, they simply ignore the feature or have not yet stored the account in the systems offered by the company. This is where Have I Been Pwned comes in.

2021 04 22 Facebook data leak

More than 500 million Facebook accounts from 2019 were leaked in 2021 / © NextPit (inspired by MvdV)

The site matches publicly leaked databases, which contain more than 11 billion accounts at the time of this writing, against a user-provided email address or phone number.


This is how you can check if your personal data has been leaked


The site checks if your email address or phone number is in a publicly accessible database. / © NextPit

  1. Go to
  2. Enter an email address or phone number in international format (with country code and country code) in the text field
  3. click button bent?

If your data is not in a known data breach, the website will display the message “Good news: No pwnage found! / No breached accounts.”

However, if a login is found in a leaked database, the message “Oh no, pwned!” is displayed, followed by a list of known leaks that contain it.

The list of leaked databases indicates what information is included, for example, email, password, address, IP addresses, date of birth, phone number, and a brief summary of how the data was protected and distributed.

What you can do as a victim of a data breach

Based on the results of “Have I Been Pwned,” the first thing you should do is get rid of duplicate passwords for leaked services used on other sites and replace them with unique, hard-to-guess combinations.

After that, it is important to check that the payment information is included, e.g. B. debit or credit card number – and check with the responsible company. It also checks if abnormal transactions have occurred during this period and if action needs to be taken accordingly.

If so, unfortunately the data is already public and there is not much you can do. Another security measure is also to change the answers in password recovery systems that use data contained in the leaks: questions like “In what city were you born?” Unfortunately, this is a tedious process that no useful tool can do for you.

This way you avoid being a victim of new password data leaks

The only sure way to avoid being included in password databases is not to create logs. Even removing as much personal information as possible from already used services is not a guarantee, as some leaks contain data that companies should have removed.

To minimize the damage from future leaks, we reiterate the recommendation to use unique, hard-to-guess passwords. Here, browsers’ built-in password hint tools not only help prevent combinations like “123456” but also sync passwords across multiple connected devices. Oh, and enable two-factor authentication whenever possible.

The data of 500 million Facebook accounts was leaked

In April 2021, the information of more than 500 million Facebook logins suddenly circulated on the Internet. According to the social network itself, the data was not obtained by hacking its systems, but through a tool that tracked the platform using existing resources.

The company says it denied access to the feature used in September 2019 and recommends using the privacy check available on Facebook. The data included in this leak includes name, gender, date of birth, city of residence, marital and employment status, usually accompanied by phone numbers and, in some cases, email addresses.

As if this data leak earlier this month wasn’t enough, two weeks later a new search tool was released that shows how to get to emails associated with user accounts. In parallel, the Belgian site received DataNews an internal Facebook email directing PR teams to attribute the outages to a “general industry issue” to downplay the case in early April.


Ironically, an internal FB email with an anti-leak strategy was leaked / © Facebook/DataNews

Despite trying to manipulate public opinion, the truth is that other services suffered major leaks in the same month, including LinkedIn and Clubhouse. Unfortunately, this is not the last time that personal data will circulate, even with the mechanisms established by the General Data Protection Regulation (RGPD) or .

Have you tried Have I Been Pwnd before? What are your tips to bring some security online?