Konsaltix
Get Help Now
Breach Detection Tool

Have I BeenPwned?

Check whether your password or email address has appeared in a publicly known data breach. Powered by Troy Hunt'sHaveIBeenPwned.com database of over 13 billion compromised accounts.

How Your Privacy Is Protected

Your password is SHA-1 hashed inside your browser. Only the first 5 characters of the 40-character hash are sent to HIBP β€” making it mathematically impossible for anyone (including HIBP or Konsaltix) to reconstruct your password from the request. This is called k-anonymity.

πŸ”¬ How does k-anonymity keep my password private?

When you type a password, your browser computes itsSHA-1 hash β€” a fixed-length "fingerprint" of the password. For example, the passwordpasswordalways produces the hash5BAA61E4C9B93F3F0682250B6CF8331B7EE68FD8

Only the first 5 characters(5BAA6) are sent to HIBP. The API returns roughly 500 different hash suffixes that all begin with those 5 characters. Your browser then checks β€” entirely locally β€” whether 1E4C9B93F3F0682250B6CF8331B7EE68FD8 appears in that list.

HIBP sees only 5BAA6, which matches hundreds of thousands of possible passwords. Theycannot determine which password you checked β€” that's the k-anonymity guarantee. Troy Hunt documented this model in detail attroyhunt.com.

πŸ›‘οΈ If Your Password or Email Was Found β€” Do This Now

1

Change the password immediately

Change it on every site where you used the same password β€” attackers try breached credentials across every major service within hours.

2

Enable two-factor authentication

Even if your password is stolen, 2FA blocks an attacker from logging in. Use an authenticator app, not SMS where possible.

3

Generate a stronger replacement

Use ourfree Password Generatorto create a cryptographically random replacement no attacker can guess.

4

Run a full account audit

OurAccount Defense Checklistwalks you through every step to lock down your online presence.