Has your data been leaked?
Two free checks: your email address, whose breach report is sent to you by email (never shown here, so only you can read it), and a password, tested entirely in your browser without ever being transmitted. Each one comes with an action plan.
Your email address
Check whether your address appears in known breaches. The report is sent to you by email, it is not shown here.
Your password
Your password never leaves your browser: only the first 5 characters of its SHA-1 hash are sent (k-anonymity model from Have I Been Pwned.
Why it matters
When a service is hacked, the stolen passwords end up in databases shared among attackers. If a password you use appears in one of these databases, anyone can try it on your other accounts, that is credential stuffing. Knowing that a password has already leaked is a good reason never to reuse it again.
In 2025, one in two data breaches reported to the CNIL stemmed from a hack.
Source: CNIL, 2025 annual report.
Privacy: two different approaches
The password test never leaves your browser: it is turned into a SHA-1 hash there, and only its first five characters are sent to Have I Been Pwned, which returns every password sharing that start of the hash. The final comparison happens on your device. This method, known as k-anonymity, means no password is ever transmitted.
The email address check, on the other hand, requires querying a breach database (XposedOrNot): your address is sent to it for the duration of the test, without being kept. Above all, the result is never shown on screen: it is sent to the address you entered, so that only the owner of that inbox can read it. It is therefore impossible to check someone else's address.
What to do next
Depending on the results, each tool shows you an action plan that you can receive by email. The reflexes that count:
- Change the password everywhere you have used it, and never go back to it.
- Turn on two-factor authentication (2FA) on the accounts concerned.
- Adopt a password manager to generate a unique one per service.
To understand how these databases are built, read Infostealers: the silent threat and the roll of dishonor of France's worst 2026 data breaches. The details, jargon-free, are in my book « Être en cybersécurité ».

Don't miss the next analysis