๐ Security Breach Check
Check if your email or password has been compromised in data breaches using the Have I Been Pwned API with privacy protection.
Privacy & Security
Password Check (Free): Uses k-anonymity - only the first 5 characters of your password's SHA-1 hash are sent. Your actual password never leaves your device.
Email Check (Requires API Key): Your email is sent directly to Have I Been Pwned's secure API with your API key. We don't store or log any data.
API Key Setup: Email checking requires a paid HIBP API key. Add your key to hibp-config.js in the EMAIL headers section.
Get API Key: Visit haveibeenpwned.com/API/Key to purchase an API key.
Local Hash Database
For enhanced privacy and offline checking, you can download the complete hash database locally using the official HIBP downloader tool.
Installation Instructions:
# Install .NET SDK first (if not installed)
# Download from: https://dotnet.microsoft.com/download
# Install the HIBP downloader tool
dotnet tool install --global haveibeenpwned-downloader
# Download all SHA1 hashes to a single file
haveibeenpwned-downloader.exe pwnedpasswords
# Download all NTLM hashes
haveibeenpwned-downloader.exe -n pwnedpasswords_ntlm
Local File Check
Upload your downloaded hash file for local checking (no internet required):
API Information
- SHA1 Hashes: 11+ billion compromised passwords
- NTLM Hashes: Windows-specific hash format
- Rate Limits: 1 request per 1.5 seconds (free tier)
- Privacy: K-anonymity ensures your password never leaves your device
- Pwned Passwords API: Free, CORS-enabled, k-anonymity protected
- Breached Account API: Free, CORS-enabled, no API key required
- Rate Limits: 1 request per minute (free tier)
- Privacy: Your data never leaves your device
API Key Configuration
Email checking requires a paid HIBP API key. Configure it here:
Don't have an API key? Get one here
Testing & Debugging
Test the functionality and check for any issues: