The free, gold-standard breach checker maintained by security researcher Troy Hunt since 2013. Used by browsers, password managers, and governments worldwide. Indexes 859 breaches and 14.8 billion compromised accounts.
Have I Been Pwned (HIBP) was launched in 2013 by Australian security researcher Troy Hunt as a side project, originally just a way to centralize information about a few major breaches in one searchable database. Twelve years later it has become the most-trusted free tool in the category, indexing 859 breaches covering 14.8 billion accounts. Mozilla Monitor, 1Password, BitWarden, the FBI, the UK government, and dozens of password managers and browsers all rely on HIBP's underlying data through its API. The service is operated by one person with help from a small group of trusted contributors and verifiers.
For consumers, HIBP is the simplest possible interaction: type your email, see which breaches it appeared in, and (separately) check whether specific passwords have appeared in any breach. The "Notify Me" feature emails you when your address shows up in a new breach. There is no paid tier, no upsell, no insurance, no restoration support. HIBP's usefulness is intentionally bounded: it tells you exactly what happened and stops there. For a full picture of what to do next, you need to combine HIBP with other resources.
There is no consumer paid tier. HIBP is entirely free for personal email lookups, password checks, and notify-me subscriptions. The only paid offerings are API access for developers (rate-limited tiers starting at $3.95/mo) and enterprise domain monitoring for companies.
Positive sentiment. Security professionals overwhelmingly recommend HIBP as the first stop for any breach concern. The transparency, public-good ethos, and personal involvement of Troy Hunt build trust that paid services have to manufacture. Users praise the absence of upsell, the simplicity of the interface, and the seriousness with which Troy treats breach verification. Many reviews specifically thank Troy by name and characterize the service as essential public infrastructure.
Negative sentiment. The negative reviews are unusual: they often come from people who misunderstood what HIBP is for. Complaints about "no help when my identity was stolen" reflect a service-expectation mismatch, HIBP never claimed to provide that help. Some users want a mobile app that does not exist. The 3.7 Trustpilot rating from 59 reviews reflects a small and somewhat self-selected sample, security-aware users tend not to leave reviews on free tools.
You want to check if your email or specific passwords have been exposed in known breaches, this is the fastest, most trusted way to find out. You want a one-time check or periodic notify-me alerts without paying anything. You are a security-aware user who would distrust commercial ID protection brands.
You want continuous monitoring across SSN, credit cards, financial accounts, and other PII beyond email and passwords. You want insurance, restoration support, or any kind of help if identity theft occurs. You need a mobile app to manage alerts on your phone.
HIBP is the most important free tool in this category and arguably the most important free security service for individuals on the entire internet. The fact that it is run by one person as essentially a public service, with no paywall and no ulterior motive, is remarkable.
Use it. Whatever else you decide about long-term identity protection, run your email and your most-important passwords through HIBP today. If you find exposure, take action (rotate passwords, lock credit). HIBP is the first step.
Treat it as one tool among many. HIBP tells you what happened, not what to do about it. Pair it with a password manager, credit monitoring, and (optionally) a paid ID protection service if you want active monitoring and insurance.