CINXE.COM

Have I Been Pwned: FAQs

<!DOCTYPE html> <html> <head> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0"> <title>Have I Been Pwned: FAQs</title> <meta property="og:title" content="Have I Been Pwned: FAQs" /> <meta name="description" content="Have I Been Pwned allows you to search across multiple data breaches to see if your email address or phone number has been compromised."> <meta property="og:description" content="Have I Been Pwned allows you to search across multiple data breaches to see if your email address or phone number has been compromised." /> <meta property="og:url" content="https://haveibeenpwned.com/FAQs" /> <meta property="og:image" content="https://haveibeenpwned.com/Content/Images/SocialLogo.png" /> <meta property="fb:app_id" content="553845121487108" /> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.4.1/css/bootstrap.min.css" integrity="sha512-Dop/vW3iOtayerlYAqCgkVr2aTr2ErwwTYOvRFUpzl2VhCMJyjQF0Q9TjUXIo6JhuM/3i0vVEt2e/7QQmnHQqw==" crossorigin="anonymous" referrerpolicy="no-referrer" /> <link rel="alternate" type="application/rss+xml" title="Have I Been Pwned latest breaches" href="https://feeds.feedburner.com/HaveIBeenPwnedLatestBreaches" /> <link href="/content/css/pwned?v=H9CfOVJ6Jfx0M2H0_s0R1zhl6dA5Zhah2ccHVRuXN_Q1" rel="stylesheet"/> <link href="//cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css" rel="stylesheet" integrity="sha384-wvfXpqpZZVQGK6TAh5PVlGOfQNHSoD2xbE+QkPxCAFlNEevoEH3Sl0sibVcOQVnN" crossorigin="anonymous" /> <link rel="shortcut icon" href="/favicon.ico"> <script type="text/javascript" nonce="iL0jVswy9LWbWbLcnytlJIWR"> !(function (cfg){function e(){cfg.onInit&&cfg.onInit(n)}var x,w,D,t,E,n,C=window,O=document,b=C.location,q="script",I="ingestionendpoint",L="disableExceptionTracking",j="ai.device.";"instrumentationKey"[x="toLowerCase"](),w="crossOrigin",D="POST",t="appInsightsSDK",E=cfg.name||"appInsights",(cfg.name||C[t])&&(C[t]=E),n=C[E]||function(g){var f=!1,m=!1,h={initialize:!0,queue:[],sv:"8",version:2,config:g};function v(e,t){var n={},i="Browser";function a(e){e=""+e;return 1===e.length?"0"+e:e}return n[j+"id"]=i[x](),n[j+"type"]=i,n["ai.operation.name"]=b&&b.pathname||"_unknown_",n["ai.internal.sdkVersion"]="javascript:snippet_"+(h.sv||h.version),{time:(i=new Date).getUTCFullYear()+"-"+a(1+i.getUTCMonth())+"-"+a(i.getUTCDate())+"T"+a(i.getUTCHours())+":"+a(i.getUTCMinutes())+":"+a(i.getUTCSeconds())+"."+(i.getUTCMilliseconds()/1e3).toFixed(3).slice(2,5)+"Z",iKey:e,name:"Microsoft.ApplicationInsights."+e.replace(/-/g,"")+"."+t,sampleRate:100,tags:n,data:{baseData:{ver:2}},ver:undefined,seq:"1",aiDataContract:undefined}}var n,i,t,a,y=-1,T=0,S=["js.monitor.azure.com","js.cdn.applicationinsights.io","js.cdn.monitor.azure.com","js0.cdn.applicationinsights.io","js0.cdn.monitor.azure.com","js2.cdn.applicationinsights.io","js2.cdn.monitor.azure.com","az416426.vo.msecnd.net"],o=g.url||cfg.src,r=function(){return s(o,null)};function s(d,t){if((n=navigator)&&(~(n=(n.userAgent||"").toLowerCase()).indexOf("msie")||~n.indexOf("trident/"))&&~d.indexOf("ai.3")&&(d=d.replace(/(\/)(ai\.3\.)([^\d]*)$/,function(e,t,n){return t+"ai.2"+n})),!1!==cfg.cr)for(var e=0;e<S.length;e++)if(0<d.indexOf(S[e])){y=e;break}var n,i=function(e){var a,t,n,i,o,r,s,c,u,l;h.queue=[],m||(0<=y&&T+1<S.length?(a=(y+T+1)%S.length,p(d.replace(/^(.*\/\/)([\w\.]*)(\/.*)$/,function(e,t,n,i){return t+S[a]+i})),T+=1):(f=m=!0,s=d,!0!==cfg.dle&&(c=(t=function(){var e,t={},n=g.connectionString;if(n)for(var i=n.split(";"),a=0;a<i.length;a++){var o=i[a].split("=");2===o.length&&(t[o[0][x]()]=o[1])}return t[I]||(e=(n=t.endpointsuffix)?t.location:null,t[I]="https://"+(e?e+".":"")+"dc."+(n||"services.visualstudio.com")),t}()).instrumentationkey||g.instrumentationKey||"",t=(t=(t=t[I])&&"/"===t.slice(-1)?t.slice(0,-1):t)?t+"/v2/track":g.endpointUrl,t=g.userOverrideEndpointUrl||t,(n=[]).push((i="SDK LOAD Failure: Failed to load Application Insights SDK script (See stack for details)",o=s,u=t,(l=(r=v(c,"Exception")).data).baseType="ExceptionData",l.baseData.exceptions=[{typeName:"SDKLoadFailed",message:i.replace(/\./g,"-"),hasFullStack:!1,stack:i+"\nSnippet failed to load ["+o+"] -- Telemetry is disabled\nHelp Link: https://go.microsoft.com/fwlink/?linkid=2128109\nHost: "+(b&&b.pathname||"_unknown_")+"\nEndpoint: "+u,parsedStack:[]}],r)),n.push((l=s,i=t,(u=(o=v(c,"Message")).data).baseType="MessageData",(r=u.baseData).message='AI (Internal): 99 message:"'+("SDK LOAD Failure: Failed to load Application Insights SDK script (See stack for details) ("+l+")").replace(/\"/g,"")+'"',r.properties={endpoint:i},o)),s=n,c=t,JSON&&((u=C.fetch)&&!cfg.useXhr?u(c,{method:D,body:JSON.stringify(s),mode:"cors"}):XMLHttpRequest&&((l=new XMLHttpRequest).open(D,c),l.setRequestHeader("Content-type","application/json"),l.send(JSON.stringify(s)))))))},a=function(e,t){m||setTimeout(function(){!t&&h.core||i()},500),f=!1},p=function(e){var n=O.createElement(q),e=(n.src=e,t&&(n.integrity=t),n.setAttribute("data-ai-name",E),cfg[w]);return!e&&""!==e||"undefined"==n[w]||(n[w]=e),n.onload=a,n.onerror=i,n.onreadystatechange=function(e,t){"loaded"!==n.readyState&&"complete"!==n.readyState||a(0,t)},cfg.ld&&cfg.ld<0?O.getElementsByTagName("head")[0].appendChild(n):setTimeout(function(){O.getElementsByTagName(q)[0].parentNode.appendChild(n)},cfg.ld||0),n};p(d)}cfg.sri&&(n=o.match(/^((http[s]?:\/\/.*\/)\w+(\.\d+){1,5})\.(([\w]+\.){0,2}js)$/))&&6===n.length?(d="".concat(n[1],".integrity.json"),i="@".concat(n[4]),l=window.fetch,t=function(e){if(!e.ext||!e.ext[i]||!e.ext[i].file)throw Error("Error Loading JSON response");var t=e.ext[i].integrity||null;s(o=n[2]+e.ext[i].file,t)},l&&!cfg.useXhr?l(d,{method:"GET",mode:"cors"}).then(function(e){return e.json()["catch"](function(){return{}})}).then(t)["catch"](r):XMLHttpRequest&&((a=new XMLHttpRequest).open("GET",d),a.onreadystatechange=function(){if(a.readyState===XMLHttpRequest.DONE)if(200===a.status)try{t(JSON.parse(a.responseText))}catch(e){r()}else r()},a.send())):o&&r();try{h.cookie=O.cookie}catch(k){}function e(e){for(;e.length;)!function(t){h[t]=function(){var e=arguments;f||h.queue.push(function(){h[t].apply(h,e)})}}(e.pop())}var c,u,l="track",d="TrackPage",p="TrackEvent",l=(e([l+"Event",l+"PageView",l+"Exception",l+"Trace",l+"DependencyData",l+"Metric",l+"PageViewPerformance","start"+d,"stop"+d,"start"+p,"stop"+p,"addTelemetryInitializer","setAuthenticatedUserContext","clearAuthenticatedUserContext","flush"]),h.SeverityLevel={Verbose:0,Information:1,Warning:2,Error:3,Critical:4},(g.extensionConfig||{}).ApplicationInsightsAnalytics||{});return!0!==g[L]&&!0!==l[L]&&(e(["_"+(c="onerror")]),u=C[c],C[c]=function(e,t,n,i,a){var o=u&&u(e,t,n,i,a);return!0!==o&&h["_"+c]({message:e,url:t,lineNumber:n,columnNumber:i,error:a,evt:C.event}),o},g.autoExceptionInstrumented=!0),h}(cfg.cfg),(C[E]=n).queue&&0===n.queue.length?(n.queue.push(e),n.trackPageView({})):e();})({ src: "https://js.monitor.azure.com/scripts/b/ai.3.gbl.min.js", // name: "appInsights", // Global SDK Instance name defaults to "appInsights" when not supplied // ld: 0, // Defines the load delay (in ms) before attempting to load the sdk. -1 = block page load and add to head. (default) = 0ms load after timeout, // useXhr: 1, // Use XHR instead of fetch to report failures (if available), // dle: true, // Prevent the SDK from reporting load failure log crossOrigin: "anonymous", // When supplied this will add the provided value as the cross origin attribute on the script tag // onInit: null, // Once the application insights instance has loaded and initialized this callback function will be called with 1 argument -- the sdk instance (DON'T ADD anything to the sdk.queue -- As they won't get called) // sri: false, // Custom optional value to specify whether fetching the snippet from integrity file and do integrity check cfg: { // Application Insights Configuration connectionString: "InstrumentationKey=9744aaee-21f7-42b6-95b2-8ebc0f2bcfeb;IngestionEndpoint=https://westus-0.in.applicationinsights.azure.com/;LiveEndpoint=https://westus.livediagnostics.monitor.azure.com/", disableExceptionTracking: true, // Disable the default exception tracking } }); window.appInsights.trackPageView(); </script> </head> <body > <div class="bodyGradient"> <header class="navbar navbar-inverse navbar-static-top"> <div class="container"> <div class="navbar-header"> <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a href="/" class="navbar-brand">';--</a> </div> <div class="navbar-collapse collapse"> <ul class="nav navbar-nav navbar-right"> <li ><a href="/">Home</a></li> <li ><a href="/NotifyMe" class="notifyOfPwning" data-toggle="modal" data-target="#notifyMeModal" data-remote="false">Notify me</a></li> <li ><a href="/DomainSearch">Domain search</a></li> <li ><a href="/PwnedWebsites">Who's been pwned</a></li> <li ><a href="/Passwords">Passwords</a></li> <li class="dropdown "> <a href="#" class="dropdown-toggle" data-toggle="dropdown">API</a> <ul class="dropdown-menu"> <li ><a href="/API/v3">Overview</a></li> <li ><a href="/API/Key">API key</a></li> </ul> </li> <li class="dropdown active "> <a href="#" class="dropdown-toggle" data-toggle="dropdown">About</a> <ul class="dropdown-menu"> <li ><a href="/About">Who, what &amp; why</a></li> <li ><a href="/Privacy">Privacy</a></li> <li class="active" ><a href="/FAQs">FAQs</a></li> <li ><a href="/Pastes">Pastes</a></li> <li ><a href="/OptOut">Opt-out</a></li> <li><a href="https://twitter.com/haveibeenpwned" rel="noopener">Twitter</a></li> <li><a href="https://www.facebook.com/haveibeenpwned/">Facebook</a></li> <li><a rel="me" href="https://infosec.exchange/@haveibeenpwned">Mastodon</a></li> <li><a href="https://haveibeenpwned.uservoice.com/" rel="noopener">Suggest a feature</a></li> <li><a href="http://feeds.feedburner.com/HaveIBeenPwnedLatestBreaches" rel="noopener"><i class="fa fa-rss"></i> Breaches</a></li> </ul> </li> <li ><a href="/Donate">Donate <i class="fa fa-bitcoin"></i> <i class="fa fa-paypal payPalLogo"></i></a></li> </ul> </div> </div> </header> <div class="secondaryHeader"> <div class="container"> <h1>FAQs</h1> <h2> Need to know something about Have I Been Pwned (HIBP)? </h2> </div> </div> </div> <div class="container"> <a id="PwnedDefinition"></a><h3>What does &quot;pwned&quot; mean?</h3> <p> The word &quot;pwned&quot; has origins in video game culture and is a <a href="https://en.wikipedia.org/wiki/Leetspeak" rel="noopener">leetspeak</a> derivation of the word &quot;owned&quot;, due to the proximity of the &quot;o&quot; and &quot;p&quot; keys. It's typically used to imply that someone has been controlled or compromised, for example &quot;I was pwned in the Adobe data breach&quot;. Read more about <a href="https://www.inverse.com/gaming/pwned-meaning-definition-origins-video-games-internet-hackers" rel="noopener">how &quot;pwned&quot; went from hacker slang to the internet's favourite taunt</a>. </p> <hr /> <a id="DataSource"></a><h3>What is a &quot;breach&quot; and where has the data come from?</h3> <p> A &quot;breach&quot; is an incident where data is inadvertently exposed in a vulnerable system, usually due to insufficient access controls or security weaknesses in the software. HIBP aggregates breaches and enables people to assess where their personal data has been exposed. </p> <hr /> <a id="StoredPasswords"></a><h3>Are user passwords stored in this site?</h3> <p> When email addresses from a data breach are loaded into the site, no corresponding passwords are loaded with them. Separately to the pwned address search feature, the <a href="/Passwords">Pwned Passwords</a> service allows you to check if an individual password has previously been seen in a data breach. No password is stored next to any personally identifiable data (such as an email address) and every password is SHA-1 hashed (<a href="https://www.troyhunt.com/introducing-306-million-freely-downloadable-pwned-passwords/">read why SHA-1 was chosen in the Pwned Passwords launch blog post</a>.) </p> <hr /> <a id="SendPasswords"></a><h3>Can I send users their exposed passwords?</h3> <p> No. Any ability to send passwords to people puts both them and myself at greater risk. This topic is discussed at length in the blog post on <a href="https://www.troyhunt.com/here-are-all-the-reasons-i-dont-make-passwords-available-via-have-i-been-pwned/">all the reasons I don't make passwords available via this service</a>. </p> <hr /> <a id="DownloadAllEmail"></a><h3>Is a list of everyone's email address or username available?</h3> <p> The public search facility cannot return anything other than the results for a single user-provided email address or username at a time. Multiple breached accounts can be retrieved by the <a href="/DomainSearch">domain search feature</a> but only after successfully verifying that the person performing the search is authorised to access assets on the domain. </p> <hr /> <a id="NoPasswords"></a><h3>What about breaches where passwords aren't leaked?</h3> <p> Occasionally, a breach will be added to the system which doesn't include credentials for an online service. This may occur when data <em>about</em> individuals is leaked and it may not include a username and password. However this data still has a privacy impact; it is data that those impacted would not reasonably expect to be publicly released and as such they have a vested interest in having the ability to be notified of this. </p> <hr /> <a id="BreachVerification"></a><h3>How is a breach verified as legitimate?</h3> <p> There are often &quot;breaches&quot; announced by attackers which in turn are exposed as hoaxes. There is a balance between making data searchable early and performing sufficient due diligence to establish the legitimacy of the breach. The following activities are usually performed in order to validate breach legitimacy: </p> <ol> <li>Has the impacted service publicly acknowledged the breach?</li> <li>Does the data in the breach turn up in a Google search (i.e. it's just copied from another source)?</li> <li>Is the structure of the data consistent with what you'd expect to see in a breach?</li> <li>Have the attackers provided sufficient evidence to demonstrate the attack vector?</li> <li>Do the attackers have a track record of either reliably releasing breaches or falsifying them?</li> </ol> <hr /> <a id="Pastes"></a><h3>What is a &quot;paste&quot; and why include it on this site?</h3> <p> A &quot;paste&quot; is information that has been &quot;pasted&quot; to a publicly facing website designed to share content such as <a href="http://pastebin.com">Pastebin</a>. These services are favoured by hackers due to the ease of anonymously sharing information and they're frequently the first place a breach appears. </p> <p> HIBP searches through pastes that are broadcast by the accounts in <a href="https://twitter.com/i/lists/203915919">the Paste Sources Twitter list</a> and reported as having emails that are a potential indicator of a breach. Finding an email address in a paste <em>does not</em> immediately mean it has been disclosed as the result of a breach. Review the paste and determine if your account has been compromised then take appropriate action such as changing passwords. </p> <hr /> <a id="MissingPaste"></a><h3>My email was reported as appearing in a paste but the paste now can't be found</h3> <p> Pastes are often transient; they appear briefly and are then removed. HIBP usually indexes a new paste within 40 seconds of it appearing and stores the email addresses that appeared in the paste along with some metadata such as the date, title and author (if they exist). The paste itself is not stored and cannot be displayed if it no longer exists at the source. </p> <hr /> <a id="EmailNotPwned"></a><h3>My email was not found &mdash; does that mean I haven't been pwned?</h3> <p> Whilst HIBP is kept up to date with as much data as possible, it contains but a small subset of all the records that have been breached over the years. Many breaches never result in the public release of data and indeed many breaches even go entirely undetected. &quot;Absence of evidence is not evidence of absence&quot; or in other words, just because your email address wasn't found here doesn't mean that is hasn't been compromised in another breach. An address that was previously found in HIBP will no longer appear if it has been <a href="/OptOut">opted-out</a> or the data was <a href="#RetiredBreach">retired</a>. </p> <hr /> <a id="PlusAliasing"></a><h3>How does HIBP handle &quot;plus aliasing&quot; in email addresses?</h3> <p> Some people choose to create accounts using a pattern known as "plus aliasing" in their email addresses. This allows them to express their email address with an additional piece of data in the alias, usually reflecting the site they've signed up to such as test+netflix@example.com or test+amazon@example.com. There is presently <a href="https://haveibeenpwned.uservoice.com/forums/275398-general/suggestions/6774229-enable-search-and-notifications-for-email-addresse">a UserVoice suggestion</a> requesting support of this pattern in HIBP. However, as explained in that suggestion, usage of plus aliasing is <em>extremely</em> rare, appearing in approximately only 0.03% of addresses loaded into HIBP. Vote for the suggestion and follow its progress if this feature is important to you. </p> <hr /> <a id="DataStorage"></a><h3>How is the data stored?</h3> <p> The breached accounts sit in Windows Azure table storage which contains nothing more than the email address or username and a list of sites it appeared in breaches on. If you're interested in the details, it's all described in <a href="https://www.troyhunt.com/working-with-154-million-records-on/">Working with 154 million records on Azure Table Storage – the story of Have I Been Pwned</a> </p> <hr /> <a id="Logging"></a><h3>Is anything logged when people search for an account?</h3> <p> Nothing is explicitly logged by the website. The only logging of any kind is via Google Analytics, <a href="https://azure.microsoft.com/en-gb/services/application-insights/">Application Insights</a> performance monitoring and any diagnostic data implicitly collected if an exception occurs in the system. </p> <hr /> <a id="DupeUsernames"></a><h3>Why do I see my username as breached on a service I never signed up to?</h3> <p> When you search for a username that is not an email address, you may see that name appear against breaches of sites you never signed up to. Usually this is simply due to someone else electing to use the same username as you usually do. Even when your username appears very unique, the simple fact that there are several billion internet users worldwide means there's a strong probability that most usernames have been used by other individuals at one time or another. </p> <hr /> <a id="UnknownService"></a><h3>Why do I see my email address as breached on a service I never signed up to?</h3> <p> When you search for an email address, you may see that address appear against breaches of sites you don't recall ever signing up to. There are many possible reasons for this including your data having been acquired by another service, the service rebranding itself as something else or someone else signing you up. For a more comprehensive overview, see <a href="https://www.troyhunt.com/why-am-i-in-a-data-breach-for-a-site-i-never-signed-up-for/">Why am I in a data breach for a site I never signed up to?</a> </p> <hr /> <a id="NoAccessToEmail"></a><h3>Can I receive notifications for an email address I don't have access to?</h3> <p> No. For privacy reasons, all notifications are sent to the address being monitored so you can't monitor someone else's address nor can you monitor an address you no longer have access to. You can always perform an on-demand search of an address, but <a href="#SensitiveBreach">sensitive breaches</a> and <a href="#RetiredBreach">retired breaches</a> will not be returned. </p> <hr /> <a id="NotificationService"></a><h3>Does the notification service store email addresses?</h3> <p> Yes, it has to in order to track who to contact should they be caught up in a subsequent data breach. Only the email address, the date they subscribed on and a random token for verification is stored. </p> <hr /> <a id="RemoveBreachAgainstAddress"></a><h3>Can a breach be removed against my email address after I've changed the password?</h3> <p> HIBP provides a record of which breaches an email address has appeared in regardless of whether the password has consequently been changed or not. The fact the email address was in the breach is an immutable historic fact; it cannot later be changed. If you don't want <em>any</em> breach to publicly appear against the address, use <a href="/OptOut">the opt-out feature</a>. </p> <hr /> <a id="HIBPEmailAddress"></a><h3>What email address are notifications sent from?</h3> <p> All emails sent by HIBP come from noreply@haveibeenpwned.com. If you're expecting an email (for example, the verification email sent when signing up for notifications) and it doesn't arrive, try white-listing that address. 99.x% of the time email doesn't arrive in someone's inbox, it's due to the destination mail server bouncing it. </p> <hr /> <a id="EmailHarvesting"></a><h3>How do I know the site isn't just harvesting searched email addresses?</h3> <p> You don't, but it's not. The site is simply intended to be a free service for people to assess risk in relation to their account being caught up in a breach. As with any website, if you're concerned about the intent or security, don't use it. </p> <hr /> <a id="DeepLink"></a><h3>Is it possible to &quot;deep link&quot; directly to the search for an account?</h3> <p> Sure, you can construct a link so that the search for a particular account happens automatically when it's loaded, just pass the name after the &quot;account&quot; path. <a href="/account/test@example.com">Here's an example</a>: </p> <pre><code>https://haveibeenpwned.com/account/test@example.com</code></pre> <hr /> <a id="SubmitBreach"></a><h3>How can I submit a data breach?</h3> <p> If you've come across a data breach which you'd like to submit, <a href="https://www.troyhunt.com/contact/">get in touch with me</a>. Check out what's currently loaded into HIBP on <a href="/PwnedWebsites">the pwned websites page</a> first if you're not sure whether the breach is already in the system. </p> <hr /> <a id="SensitiveBreach"></a><h3>What is a &quot;sensitive breach&quot;?</h3> <p> HIBP enables you to discover if your account was exposed in <em>most</em> of the data breaches by directly searching the system. However, certain breaches are particularly sensitive in that someone's presence in the breach may adversely impact them if others are able to find that they were a member of the site. These breaches are classed as &quot;sensitive&quot; and may not be publicly searched. </p> <p> A sensitive data breach can only be searched by the <em>verified owner</em> of the email address being searched for. This is done via <a href="/NotifyMe" class="notifyOfPwning subscribe" data-toggle="modal" data-target="#notifyMeModal" data-remote="false">the notification system</a> which involves sending a verification email to the address with a unique link. When that link is followed, the owner of the address will see <em>all</em> data breaches and pastes they appear in, including the sensitive ones. </p> <p> There are presently 76 sensitive breaches in the system including Adult FriendFinder (2015), Adult FriendFinder (2016), Adult-FanFiction.Org, Ashley Madison, Beautiful People, Bestialitysextaboo, Brazzers, BudTrader, Carding Mafia (December 2021), Carding Mafia (March 2021), CityJerks, Cocospy, Color Dating, CrimeAgency vBulletin Hacks, CTARS, CyberServe, Date Hot Brunettes, DC Health Link, Doxbin, Doxbin (TOoDA) and 56 more. </p> <hr /> <a id="RetiredBreach"></a><h3>What is a &quot;retired breach&quot;?</h3> <p> After a security incident which results in the disclosure of account data, the breach may be loaded into HIBP where it then sends notifications to impacted subscribers and becomes searchable. In very rare circumstances, that breach may later be permanently remove from HIBP where it is then classed as a &quot;retired breach&quot;. </p> <p> A retired breach is typically one where the data does not appear in other locations on the web, that is it's not being traded or redistributed. Deleting it from HIBP helps to provide those impacted with some assurance that their data can no longer be found. For more background, read <a href="https://www.troyhunt.com/have-i-been-pwned-opting-out-vtech-and/">Have I Been Pwned, opting out, VTech and general privacy things</a>. </p> <p> There are presently 2 retired breaches in the system which are Ticketek and VTech. </p> <hr /> <a id="UnverifiedBreach"></a><h3>What is an &quot;unverified&quot; breach?</h3> <p> Some breaches may be flagged as &quot;unverified&quot;. In these cases, whilst there is legitimate data within the alleged breach, it may not have been possible to establish legitimacy beyond reasonable doubt. Unverified breaches are still included in the system because regardless of their legitimacy, they still contain personal information about individuals who want to understand their exposure on the web. Further background on unverified breaches can be found in the blog post titled <a href="https://www.troyhunt.com/introducing-unverified-breaches-to-have-i-been-pwned">Introducing unverified breaches to Have I Been Pwned</a>. </p> <hr /> <a id="FabricatedBreach"></a><h3>What is a &quot;fabricated&quot; breach?</h3> <p> Some breaches may be flagged as &quot;fabricated&quot;. In these cases, it is highly unlikely that the breach contains legitimate data sourced from the alleged site but it may still be sold or traded under the auspices of legitimacy. Often these incidents are comprised of data aggregated from other locations (or may be entirely fabricated), yet still contain actual email addresses unbeknownst to the account holder. Fabricated breaches are still included in the system because regardless of their legitimacy, they still contain personal information about individuals who want to understand their exposure on the web. Further background on unverified breaches can be found in the blog post titled <a href="https://www.troyhunt.com/introducing-fabricated-data-breaches-to-have-i-been-pwned">Introducing &quot;fabricated&quot; breaches to Have I Been Pwned</a>. </p> <hr /> <a id="SubscriptionFreeBreach"></a><h3>What is a &quot;subscription free&quot; breach?</h3> <p> Some breaches may be flagged as &quot;subscription free&quot;. When using <a href="/DomainSearch">the domain search feature</a>, larger domains normally require a subscription in order to see the search results. Breaches that are flagged as subscription free are searchable without needing a subscription, regardless of how large the domain is. This flag has no impact on searches by email address. </p> <hr /> <a id="SpamList"></a><h3>What is a &quot;spam list&quot;?</h3> <p> Occasionally, large volumes of personal data are found being utilised for the purposes of sending targeted spam. This often includes many of the same attributes frequently found in data breaches such as names, addresses, phones numbers and dates of birth. The lists are often aggregated from multiple sources, <a href="https://www.troyhunt.com/have-i-been-pwned-and-spam-lists-of-personal-information"> frequently by eliciting personal information from people with the promise of a monetary reward </a>. Whilst the data may not have been sourced from a breached system, the personal nature of the information and the fact that it's redistributed in this fashion unbeknownst to the owners warrants inclusion here. <a href="https://www.troyhunt.com/have-i-been-pwned-and-spam-lists-of-personal-information"> Read more about spam lists in HIBP </a>. </p> <hr /> <a id="Malware"></a><h3>What is a &quot;malware&quot; breach?</h3> <p> Data breaches in HIBP aren't always the result of a security compromise of an online service and occasionally, data obtained by malware campaigns is also loaded. For example, <a href="https://www.troyhunt.com/data-from-the-emotet-malware-is-now-searchable-in-have-i-been-pwned-courtesy-of-the-fbi-and-nhtcu/"> the US FBI and Dutch NHTCU provided HIBP with data from the Emotet malware in April 2021 </a>. The risk posed to individuals in these incidents is different (their personal device may be compromised) hence the presence of this flag in HIBP. </p> <hr /> <a id="StealerLogs"></a><h3>What are &quot;stealer logs&quot;?</h3> <p> Stealer logs are the result of malicious software running on infected machines that collect email addresses, passwords and the website they're entered into at login. HIBP indexes stealer logs and stores the domain names of the websites they appear against. This is searchable via <a href="/NotifyMe">the notification service</a> and via <a href="/API/v3#StealerLogsForEmail">a dedicated API</a>. <a href="https://troyhunt.com/experimenting-with-stealer-logs-in-have-i-been-pwned">Read more about stealer logs in HIBP</a>. </p> <hr /> <a id="PwnedPasswordFound"></a><h3>What does it mean if my password is in Pwned Passwords?</h3> <p> If a password is found in the <a href="/Passwords">Pwned Passwords service</a>, it means it has previously appeared in a data breach. HIBP does not store any information about who the password belonged to, only that it has previously been exposed publicly and how many times it has been seen. A Pwned Password should no longer be used as its exposure puts it at higher risk of being used to login to accounts using the now-exposed secret. </p> <hr /> <a id="HackedAfterSearch"></a><h3>I searched for my email address on HIBP and then I was hacked, what gives?!</h3> <p> First of all, <a href="#Logging">searches are not logged</a> so there's no collection of addresses. Any searches that <em>are</em> performed are done so over an encrypted connection so nobody has access to the web traffic other than those hosting the HIBP services. Even if they did, <em>it's only an email address</em> and not enough to gain access to someone's online accounts. If <a href="/Passwords">Pwned Passwords</a> has also been used to search for a password, it's anonymised before being sent to HIBP so even a search for both email address and password doesn't provide a usable credential pair. Correlation does not imply causation; it's a coincidence. </p> <hr /> <a id="BlogPosts"></a><h3>It's a bit light on detail here, where can I get more info?</h3> <p> The design and build of this project has been extensively documented on <a href="https://www.troyhunt.com">troyhunt.com</a> under the <a href="https://www.troyhunt.com/tag/have-i-been-pwned-3f/">Have I Been Pwned tag</a>. These blog posts explain much of the reasoning behind the various features and how they've been implemented on Microsoft's Windows Azure cloud platform. </p> </div> <div class="modal fade" id="notifyMeModal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <div class="modal-dialog"> <div class="modal-content"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">&times;</button> <h4 class="modal-title">Notify me</h4> </div> <div class="modal-body" id="notifyMeContainer"> <div class="panel-collapse in" id="notifySubmission"> <form action="/NotifyMe" id="notifyMeForm" method="post" role="form"> <p> Get notified when future pwnage occurs and your account is compromised. </p> <div class="form-group row"> <div class="col-lg-7"> <input class="form-control" data-val="true" data-val-maxlength="The field Email must be a string or array type with a maximum length of &#39;255&#39;." data-val-maxlength-max="255" data-val-regex="That doesn&#39;t look like a valid email address" data-val-regex-pattern="^(?!^.{256})[^\x00-\x1F\*\x7F]+@[^\x00-\x1F\*\x7F]+$" data-val-required="Can&#39;t do much without an email address" id="NotifyEmail" maxlength="255" name="NotifyEmail" placeholder="enter your email address" type="email" value="" /> </div> </div> <div class="form-group row"> <script src="https://www.google.com/recaptcha/api.js" async defer></script> <div class="g-recaptcha" data-sitekey="6Lcb0woTAAAAAJAbo3ToF_yAJMKMsZgSATbQTRmI"></div> </div> <div class="form-group row"> <p class="termsOfUse">Using Have I Been Pwned is subject to <a href="/TermsOfUse" target="_blank">the terms of use</a></p> </div> <div class="validation-summary-valid alert alert-danger" data-valmsg-summary="true" id="notifyError"><ul><li style="display:none"></li> </ul></div> <div class="form-group row" id="notificationSubmitRow"> <input type="submit" value="notify me of pwnage" class="btn btn-primary" /><i class="fa fa-3x fa-cog fa-spin fa-loader" id="notificationLoading" style="display: none;"></i> </div> </form> </div> <div class="panel-collapse collapse" id="notifySuccess"> <p> You've just been sent a verification email, all you need to do now is confirm your address by clicking on the link when it hits your mailbox and you'll be automatically notified of future pwnage. In case it doesn't show up, check your junk mail and if you <em>still</em> can't find it, you can always repeat this process. </p> <hr /> <p class="text-center" id="postNotificationCallsToAction"> <a class="btn btn-primary" id="addAnotherNotification">add another address</a> <a class="socialLink" href="https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fhaveibeenpwned.com" rel="noopener"><i class="fa fa-facebook-square fa-3x"></i></a> <a class="socialLink" href="https://twitter.com/intent/tweet?url=https%3A%2F%2Fhaveibeenpwned.com&amp;text=Have%20you%20been%20pwned%3F%20Get%20told%20when%20you%20are%20with%20a%20free%20%40haveibeenpwned%20subscription" rel="noopener"><i class="fa fa-twitter-square fa-3x"></i></a> </p> </div> </div> </div> </div> </div> <footer> <div class="container text-center"> <hr /> <p> <a href="/Privacy">Privacy policy</a> | <a href="/TermsOfUse">Terms of use</a> </p> <p> <a href="https://www.facebook.com/haveibeenpwned" rel="noopener"><i class="fa fa-facebook-square fa-3x"></i></a> <a href="https://twitter.com/haveibeenpwned" rel="noopener"><i class="fa fa-twitter-square fa-3x"></i></a> <a href="https://www.troyhunt.com/contact/" rel="noopener"><i class="fa fa-envelope fa-3x"></i></a> </p> </div> </footer> <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js" integrity="sha512-v2CJ7UaYy4JwqLDIrZUI/4hqeoQieOmAZNXBeQyjo21dadnwR+8ZaIJVT8EE2iyI61OV8e6M8PP2/4hpQINQ/g==" crossorigin="anonymous" referrerpolicy="no-referrer"></script> <script nonce="iL0jVswy9LWbWbLcnytlJIWR">(window.jQuery) || document.write('<script src="/scripts/jquery"><\/script>');</script> <script src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.4.1/js/bootstrap.min.js" integrity="sha512-oBTprMeNEKCnqfuqKd6sbvFzmFQtlXS3e0C/RGFV0hD6QzhHV+ODfaQbAlmY6/q0ubbwlAM/nCJjkrgA3waLzg==" crossorigin="anonymous" referrerpolicy="no-referrer"></script> <script nonce="iL0jVswy9LWbWbLcnytlJIWR">($.fn.modal) || document.write('<script src="/scripts/bootstrap"><\/script>');</script> <script src="/scripts/pwned?v=KkF8OaBJocrSdvf45kkWgo5tWa402SohbJylL0Etpeg1"></script> </body> </html>

Pages: 1 2 3 4 5 6 7 8 9 10