Guides

How to check if your email has been in a data breach

If you have used the same email address for more than a few years, it has almost certainly appeared in at least one data breach. The question is not usually whether you have been exposed, but which breaches, what was leaked, and whether you have done anything about it.

Here is how to check for free, understand the result, and close the gaps — no paid service required.

Check your exposure in six steps

  1. Search Have I Been Pwned. Go to haveibeenpwned.com and enter your email address. It is a free, respected service run by a security researcher, and it is the source most breach-monitoring tools (including Clearly) rely on. It will list every known breach your address has appeared in.
  2. Read what was actually exposed. Each breach entry lists the data classes that leaked — passwords, phone numbers, physical addresses, dates of birth, and so on. A breach that exposed only your email is far less urgent than one that exposed passwords or financial details. Note the worst ones.
  3. Change the password on every breached account. For any account tied to a breach that exposed passwords, change that password now. Assume the leaked one is public forever.
  4. Fix password reuse everywhere else. This is the step most people skip and the one that matters most. If you reused a leaked password anywhere else, attackers will try it on your email, your bank, and your shopping accounts (this is called credential stuffing). A password manager makes it realistic to give every account its own password.
  5. Turn on two-factor authentication. Even if a password leaks, two-factor authentication (2FA) stops a stranger from logging in. Enable it on your email first — it is the account that can reset all the others — then your bank and any account with payment details.
  6. Set up ongoing monitoring. A one-time check goes stale the moment the next breach happens. Set up continuous monitoring so you are told the moment an account you care about turns up in a new breach, with the specific next step. That is exactly what Clearly does, for free.

Breaches are relentless and companies rarely warn you in time. The goal is not to panic at every headline — it is to make sure a leaked password can never quietly become a hijacked account.