Email breach checker

What this does

Submits an email address to the XposedOrNot public breach-data API and returns any known breaches it appears in — including breach name, date, record count, industry, password-risk rating, and the categories of data exposed (passwords, names, addresses, IPs, etc.).

Under the hood the query runs through our Cloudflare Worker with Turnstile and rate limiting in front of it, so the upstream API isn’t abused by anyone using this page.

Privacy

• The email you enter is not logged — not to our Worker, not to KV, not to any analytics.
• It’s passed directly to the XposedOrNot API over TLS and discarded once the response is rendered.
• Their privacy policy is linked from xposedornot.com.

If you’re checking a sensitive address, we still recommend running this from a private browsing window to avoid auto-complete history.

Why XposedOrNot instead of HaveIBeenPwned

HaveIBeenPwned’s breach-lookup API requires a paid key ($3.50/mo). XposedOrNot is free, open-access, and maintains its own breach index that broadly overlaps with HIBP. We may add HIBP as an optional enhanced source in the future.

Interpreting results

• No known breaches — The email was not found in XposedOrNot’s dataset. This is not a guarantee of safety. Private dumps, paste leaks, and newly reported breaches may not be indexed.
• Found in N breaches — Each breach lists what data was exposed. If Passwords is in the list, assume that credential is compromised wherever you reuse it.
• Password risk — XposedOrNot’s estimate of how recoverable the passwords in that breach are (plaintext / easy-to-crack / hard).

What to do if your email is in a breach

1. Change the password on the breached site first, then anywhere you reused that password.
2. Enable 2FA (prefer a TOTP app like 1Password, Authy, or a hardware key over SMS).
3. Move to a password manager and use unique, long passwords per site.
4. Watch for phishing that references the breached site — attackers often follow breaches with credential-stuffing and phishing waves.