220 Million Hacked Accounts. Is Yours One Of Them?


Hacked email address checking service windowThe past couple of years have seen a number of high-profile attacks by hackers on some of the world's best-known web sites. You can't have failed to notice news coverage of the Ashley Madison hack recently, in which the details of some 30 million extramarital thrill-seekers were leaked.

Whether you've been a customer of Ashley Madison, Adobe, Sony, Snapchat, Gawker, or any other affected system, there's a web site that maintains a searchable database of hacked (also known as "owned", or "pwned" in hacker-speak) email addresses. So if you want to check that your email address isn't one of 220 million in the database, just head to https://haveibeenpwned.com/ in order to find out.

In most cases, you can just type in your email address for an instant result. Understandably, though, because of the sensitive nature of the most recent hack, you'll need to sign up for the site's free alert service. If your details were on the AM database, you'll then receive a notification. Simply typing friends and colleagues' addresses in order to discover whether they were on the list won't work.


Please rate this article: 

Your rating: None
Average: 4.4 (21 votes)


Just tried it with a couple of email addresses that I never use. For one of them I got the following:

Oh no — pwned!
Not pwned on any breached sites, but found 1 paste. A "paste" is information that has been published to a publicly facing website designed to share content, usually anonymously. Often these are indicators of a data breach so review the paste and determine if your account has been compromised then take appropriate action such as changing passwords. Pastes are often removed shortly after having been posted. Read more on the pastes page.
The paste is dated last October.
I clicked the paste title which links to this page http://pastebin.com/ZwUh4tcG, where I was told that the paste had been removed.
I found myself pwnd at three sites I never use any more, so now I can do what I should have done a long time ago and delete the accounts.

Excellent information. And if you are lucky enough to be on this list what should one do to protect themselves from being hacked or exploited?

Change your password.

As an aside, I had to dig out my Gizmo password to post this. Gizmo wouldn't let me log in, because there was no account with my name. So I tried to recreate the account, but I couldn't use my name, because it was already used.

And this is why people use throwaway emails.

Just how safe is it to register at this site??

"Just because you're paranoid doesn't mean they aren't out to get you."

Read their FAQ at https://haveibeenpwned.com/FAQs and then decide for yourself.

And this is why I friggin hate it when websites demand you make an account to do even the most basic things like downloading forum post attachments for something you'll only ever need once and after that you never have to be on that site again. I once got fed up with it and asked a moderator to delete my account when I was done and he went "but why would I do that? Just forget you have it". That's like how startssl wants you to pay up before they'll revoke your ssl cert. All this sort of nonsense is getting really annoying.

And of course, the people who are most affected by that problem are the ones who will use the same password for as many sites as possible - if one random forum site is hacked, that login information could potentially be tried on numerous websites and might work there too.

I know what you mean, but only the Ashley Madison account requires registration, and the rationale for that sis discussed here: http://www.troyhunt.com/2015/07/heres-how-im-going-to-handle-ashley.html

What is an email user do if his/her account has been pwned?

Change the password on your other accounts if you have used the same password on other sites.  

How serious it is say if your name is in the Ashley Madison depends on your public profile.

Depends on your mindset, conscience and/or what you might have used it to register for. So, either panic, run for the hills or just laugh it off. :) MC - Site Manager

What would be really great is if someone could show us how to run though the list

You will find it under the API menu> Who is using it

Ruby Gem or

That way we could check a list of email addresses, I know I would like to check the people at the club I service


It does have a domain checker which looks good though for people that take care of work emails