Have You Been Hacked?

a quick check, not a verdict

Find out if your details have turned up in a known breach

When a company you have an account with is breached, the login details people used there can end up on public lists. It is rarely anything the account holder did, and it does not mean someone is in your account today. It does mean the details are known, and that is worth knowing so you can decide what to change.

The two checks below run against Have I Been Pwned, the independent service that catalogues data from public breaches. They are private by design, explained underneath each one, and they tell you where you stand without any drama.

Check a password

Has this password appeared in a breach?

Type a password to check it against the Pwned Passwords database. We never see it: your browser turns it into a fingerprint and sends only the first five characters of that fingerprint, so the password itself never leaves this device.

Checks run against Have I Been Pwned's Pwned Passwords service using k-anonymity. Avoid pasting a password you are about to keep using; if it shows up here, change it.

Check an email address

Has this email appeared in a breach?

Enter an email address to see which known breaches it has been found in. The lookup runs on our server against Have I Been Pwned, so the address is checked in confidence and is not stored.

Coming soon

The email breach check is being finalised and will be available here shortly. In the meantime the password check works now, and if you would like us to run a breach check across your firm's whole email domain, ask us and we will do it for you.

Signs worth paying attention to

No single sign is proof, but a few together are a reason to look closer. Treat these as prompts to check, not causes for alarm.

A sign-in alert, password reset or new-device notification you did not start.
Contacts receiving messages from you that you did not send.
Email rules or forwarding you did not set up, or items disappearing from your inbox.
Being locked out of an account whose password you know is correct.
A password or email that shows up in the checks above.

What to do if a check comes back positive

A match is a prompt, not an emergency. Work through these in order and you will have closed the gap.

Change the password on that account, and anywhere else you have used the same one. A password manager makes a unique password per account practical.
Turn on two-step verification where it is offered. Even a known password is far less use to anyone without the second step.
Check the account's own activity: recent sign-ins, connected devices, and any forwarding or rules you did not create. Remove anything you do not recognise.
Watch for follow-on attempts. Breached details are often used to make convincing phishing messages. Be deliberate about links and attachments for a while.

If any of this involves a work account, tell whoever looks after your IT before you do anything else, so it can be handled properly across the firm.

Worried about more than one account?

If you are a regulated firm and you want a clear picture of where your people's details have been exposed, and what to do about it, we will run a breach check across your domain and talk you through what it means. No alarm, no pressure, just an honest read of where you stand.

Talk to us about your firm

get in touch

Talk to us about how your firm runs IT.

Wealth managers, chartered accountants and other regulated firms across the UK come to us when IT and security need to be brought under one accountable team. Tell us where you are now, and we will tell you what good looks like.

Call Us

+44 (0) 333 358 0560

Email

hello@novixit.co.uk

Our Locations

Edinburgh (HQ) & London

Contacts

/ Have You Been Hacked? /