Jak zkontrolovat If Your Password Has Been Leaked

Data breaches happen constantly. Major companies, small apps, and online services get hacked, and millions of usernames and passwords end up circulating on the dark web. The unsettling truth is that some of your credentials may already be out there — and you might not know it.

This guide walks you through how to check whether your passwords have been exposed, which tools to trust, and exactly what to do if you find a compromised account.

Proč byste měli Check for Leaked Passwords

When a company suffers a data breach, the stolen data often includes email addresses and hashed (or sometimes plaintext) passwords. Attackers use this data for:

• Credential stuffing — Trying your leaked email/password combo on hundreds of other sites
• Targeted attacks — Using your information to craft phishing emails
• Account takeover — Accessing your email, banking, or social media accounts directly

If you reuse passwords across services, a single breach can cascade into a much larger problem.

Tool 1: Have I Been Pwned (HIBP)

Have I Been Pwned is the most widely trusted breach-checking service, created by security researcher Troy Hunt. It aggregates data from known breaches and lets you search by email address.

Jak používat it

1. Go to haveibeenpwned.com
2. Enter your email address
3. Click "pwned?"
4. Review the list of breaches your email appeared in

What the results mean

• Green ("No pwnage found") — Your email was not found in any known breach databases
• Red ("Oh no — pwned!") — Your email appeared in one or more breaches. The page lists which services were breached and what data was exposed (email, password hash, IP address, etc.)

Password-specific check

HIBP also has a Pwned Passwords section where you can check if a specific password has appeared in any breach. This uses a technique called k-anonymity — only a partial hash is sent to the server, so your full password is never transmitted.

Tool 2: Google Password Checkup

If you use Google Chrome or have a Google account, Google's Password Checkup is built into your workflow.

Jak používat it

1. Go to passwords.google.com
2. Sign in with your Google account
3. Click "Go to Password Checkup"
4. Click "Check passwords"

Google will scan all saved passwords and flag any that:

• Appeared in known data breaches
• Are reused across multiple sites
• Are considered weak

Výhody

• Automatically checks passwords saved in Chrome
• Provides direct links to change compromised passwords
• Runs continuously in the background if you use Chrome

Tool 3: Built-in Browser and OS Checks

Apple (Safari / iCloud Keychain)

• Go to Settings > Passwords on iPhone/iPad or System Settings > Passwords on Mac
• Compromised passwords are flagged with a warning icon
• Apple checks your passwords against known breach databases automatically

Firefox Monitor

• Visit monitor.firefox.com
• Enter your email to check for breaches
• Sign up for alerts when new breaches include your email

Co dělat If Your Password Was Leaked

Finding your credentials in a breach can be alarming, but the steps to fix it are straightforward.

Step 1: Change the compromised password immediately

Log into the affected service and change your password. Use a strong, unique password — at least 12 characters, ideally a passphrase.

Step 2: Change it everywhere you reused it

If you used the same password on other sites, change it on every single one. This is the most critical step, because attackers try leaked credentials across many services automatically.

Step 3: Enable dvoufaktorové ověření (2FA)

Turn on 2FA for the affected account and any other important accounts. An authenticator app (like Google Authenticator, Authy, or a hardware key) is more secure than SMS-based 2FA.

Step 4: Check for unauthorized activity

Review recent login history, connected devices, and account activity. Look for:

• Logins from unfamiliar locations or devices
• Changes to account settings (email, phone number, recovery options)
• Unauthorized purchases or messages

Step 5: Consider a správce hesel

If this breach exposed a password you use across multiple services, it is a clear sign to adopt a password manager. Tools like 1Password, Bitwarden, or built-in browser managers generate unique passwords for every account.

Jak předejít Future Leaks

Practice	Why It Helps
Use unique passwords for every account	Limits damage to one service per breach
Enable 2FA on all important accounts	Stops attackers even if they have your password
Use a password manager	Makes unique passwords practical
Monitor your email with HIBP alerts	Get notified as soon as a new breach includes you
Never share passwords in plain text	Prevents credentials from sitting in chat histories

That last point matters more than people realize. Sending a password through Messenger or iMessage means it lives in a chat log indefinitely. If you need to share credentials, use a service like LOCK.PUB to create a password-protected memo with an expiration time. The information disappears after the set period.

How Often Should You Check?

• Set up HIBP email notifications — You will receive an alert any time your email appears in a new breach
• Run Google Password Checkup every 3-6 months if you use Chrome
• Review Apple/Firefox breach warnings when they appear in your settings

Do not wait for a suspicious login notification. Proactive checking is far more effective than reacting after damage has been done.

Časté otázky

Is Have I Been Pwned safe to use?

Yes. HIBP is run by Troy Hunt, a respected security researcher. The service does not store your searches, and the Pwned Passwords feature uses k-anonymity so your full password is never sent to the server.

What if my email is in a breach but I have already changed my password?

Your email will still show up in historical breach records. As long as you have changed the password since the breach date and are not reusing it elsewhere, you are protected.

Can I remove my data from breach databases?

No. Once data has been leaked, it cannot be pulled back. The only effective response is to change your credentials and enable additional security measures.

Take Action Now

Check your email at haveibeenpwned.com right now. If any accounts are compromised, change those passwords today. And if you need to share new credentials securely, create a secret memo on LOCK.PUB with an expiration — keep passwords out of chat histories.

Create a Secret Memo -->