Cactus

Has your password been breached?

Check a password against billions of credentials exposed in known data breaches. Your password is hashed in your browser and never leaves your device.

Tip: avoid checking a password you actively use on a sensitive account - test a variation, or change it if it shows up here.

Frequently asked questions

How do I know if my password has been leaked?

Enter it here. We check it against billions of leaked passwords privately - your password is hashed in your browser and never sent to us in full (k-anonymity).

Is it safe to type my password into this checker?

Yes. Your password never leaves your device in full; only a short, hashed prefix is sent, so we never see your actual password.

What should I do if my password was breached?

Change it immediately on that site and anywhere you reused it, turn on two-factor authentication, and switch to a unique passphrase.

How our checks work