How to Check if Your Email or Password Has Been Stolen
- Tech 4 Grown-Ups
- 5 hours ago
- 4 min read
Right now, without you knowing it, your email address and password may already be in the hands of hackers. Not because you did anything wrong. But because a company you trusted was breached, and your data was stolen along with millions of others. Today I am going to show you how to find out in 60 seconds, exactly what to do if your information has been compromised, and how to make sure it never happens again.
What Is a Data Breach — And Why Should You Care?
A data breach happens when hackers break into a company's computer systems and steal the personal information of their customers — including email addresses, passwords, phone numbers, and sometimes credit card details.
You do not have to do anything wrong for this to happen to you. The company you trusted — a retailer, a streaming service, a healthcare provider, gets hacked, and your information goes with it.
Here is the scale of the problem:
LinkedIn was breached in 2021 — 700 million user records stolen
Adobe was breached — 153 million user records exposed
Yahoo suffered the largest breach in history — 3 billion accounts compromised
Major Canadian retailers, banks, and healthcare systems have all experienced breaches in recent years
Once your email and password are stolen, they are sold on the dark web, often in bulk lists, to criminals who use them to try logging into your bank, your email, your Amazon account, and anywhere else you might reuse that password.
Step 1: Check If Your Email Has Been Stolen — Right Now
There is a free, trusted website used by security professionals and governments worldwide called Have I Been Pwned — created by renowned cybersecurity expert Troy Hunt.
Here is how to use it:
Open your browser and go to haveibeenpwned.com
Type your email address into the search box
Click "pwned?"
Within seconds, the site will tell you:
✅ "Good news — no pwnage found" — Your email address has not appeared in any known breach
🔴 "Oh no — pwned!" — Your email address was found in one or more data breaches
If your email has been found, the site will list every breach it appeared in, what data was stolen, and when it happened. Read through the list carefully.
Check every email address you own — personal, work, any older addresses you may not use regularly anymore.
Step 2: Check If Your Specific Passwords Have Been Stolen
Have I Been Pwned also has a separate tool that checks whether a specific password has been exposed — without ever seeing your full password.
On haveibeenpwned.com, click "Passwords" in the top menu
Type a password you use — start with your most common one
Click "pwned?"
If it shows a number, for example, "this password has been seen 47,832 times", that password is on hacker lists right now and must be changed immediately on every account where you use it.
Step 3: What To Do If Your Email Was Found in a Breach
Do not panic — but do act today. Follow these steps in order:
1. Change your password immediately on the breached account
Go to that website → Settings → Security → Change Password
Create a new password that is at least 12 characters long
Use a mix of letters, numbers, and symbols
Do NOT reuse a password you use anywhere else
2. Change your password on every other account where you used the same
password
This is the most important step. Hackers take a stolen email and password and automatically try it on hundreds of other sites — your bank, Amazon, Netflix, and more. If you reuse passwords, every account with that same password is now at risk.
3. Turn on Two-Factor Authentication (2FA)
Two-factor authentication means that even if someone has your password, they cannot get into your account without also having access to your phone.
Here is how to turn it on for the three most important accounts:
Gmail:
Go to myaccount.google.com
Click "Security"
Under "How you sign in to Google," click "2-Step Verification"
Click "Get started" and follow the prompts
Choose "Text message" — Google will send a code to your phone every time you sign in from a new device
Facebook:
Go to Settings & Privacy → Settings → Security and Login
Click "Two-Factor Authentication"
Click "Edit" and choose "Text Message (SMS)"
Follow the prompts to add your phone number
Your email provider (if not Gmail):
Go to Settings → Security → Two-Factor Authentication — the process is similar on Outlook, Yahoo Mail, and most other providers
Step 4: Never Reuse Passwords Again — The Simple Solution
The reason most people get into trouble is reusing the same password across multiple accounts. It is completely understandable, who can remember 30 different passwords?
The solution is a password manager — a secure app that remembers all your passwords for you, so you only have to remember one master password.
The two best options for beginners are:
Password Manager | Cost | Why It's Good for You |
Bitwarden | Free | Simple interface, trusted by security professionals worldwide |
1Password | ~$3/month | Extremely easy to use, excellent support |
Once set up, your password manager will automatically suggest a unique, unguessable password for every new account you create — and fill it in for you automatically so you never have to remember it.
What You Should Do in the Next 30 Minutes
Go to haveibeenpwned.com and check every email address you own
Check your most commonly used passwords using the Passwords tool
Change any compromised passwords immediately
Turn on Two-Factor Authentication on Gmail and Facebook today — those two alone protect most people's digital lives
You do not need to be a tech expert to do any of this. Every step above is designed to be straightforward and doable right now.
Have you checked Have I Been Pwned before? What did you find? Leave a comment, your experience helps others know what to look for.
Comments