Password Exposure Check

A password is exposed when it has been compromised in a data breach and is now part of public databases used by cybercriminals.

How does this happen?

  • Attacks on companies: Hackers access databases from websites, social networks, online stores, etc.
  • Massive leaks: Companies like Yahoo, LinkedIn, Adobe, and many others have suffered security breaches
  • Databases sold: These passwords are sold on the dark web or publicly released

Why is it dangerous?

  • Dictionary attacks: Hackers test these known passwords on multiple sites
  • Password reuse: If you use the same password on several sites, all are compromised
  • Social engineering: They can use your information for more sophisticated attacks

Password status:
How does this verification work securely?

Your password is never sent in full over the Internet. The process is completely secure:

  1. Local encryption: Your password is converted into a SHA-1 code (hash) on your device
  2. Partial query: Only the first 5 characters of the hash are sent to the HaveIBeenPwned API
  3. Local verification: The API returns thousands of hashes matching those 5 characters, and your device locally checks if your full hash is on the list
This method, called "k-Anonymity," ensures your actual password never leaves your device and even we cannot know it.