Skip to content
← UserSearch.comLog in ↗

HaveIBeenPwned

HaveIBeenPwned is an integrated data source (a Module) in UserSearch. When you run a search against it, it checks an email address against a catalogue of known data breaches and tells you which of those breaches the address appears in. It does not return passwords.

Use it when you want to establish whether an email address has been exposed in a public breach, and in which incidents, as part of an OSINT search.

For an email address you look up, HaveIBeenPwned reports the set of known breaches that address was found in. Each breach is a named incident (for example, a specific website or service that was compromised), typically with the date it occurred and the classes of data involved.

Crucially, it reports presence in a breach, not credentials: you learn that an address was exposed and where, but the Module does not hand back the leaked password itself.

HaveIBeenPwned powers these search types:

  • Public Leaks — as an email breach-check Module alongside other breach and leak sources.
  • Email — available when you search an email address, including through the AI Agent surface.

Because it takes an email address as input, you will typically reach it after choosing the Public Leaks or Email search type. It can also run as one of the sources inside a OneScan, which fans a single email out across several Modules at once; when it does, the Data Source column in your results attributes each row to HaveIBeenPwned.

  1. Start a search and choose the Public Leaks or Email search type.
  2. Enter the email address you want to check.
  3. Select the HaveIBeenPwned Module (or run a OneScan with it enabled).
  4. Review the returned breaches in the results table.

Data source: haveibeenpwned.com

Verified against UserSearch v2.0.20