HaveIBeenPwned
HaveIBeenPwned is an integrated data source (a Module) in UserSearch. When you run a search against it, it checks an email address against a catalogue of known data breaches and tells you which of those breaches the address appears in. It does not return passwords.
Use it when you want to establish whether an email address has been exposed in a public breach, and in which incidents, as part of an OSINT search.
What it returns
Section titled “What it returns”For an email address you look up, HaveIBeenPwned reports the set of known breaches that address was found in. Each breach is a named incident (for example, a specific website or service that was compromised), typically with the date it occurred and the classes of data involved.
Crucially, it reports presence in a breach, not credentials: you learn that an address was exposed and where, but the Module does not hand back the leaked password itself.
Where it appears in UserSearch
Section titled “Where it appears in UserSearch”HaveIBeenPwned powers these search types:
- Public Leaks — as an email breach-check Module alongside other breach and leak sources.
- Email — available when you search an email address, including through the AI Agent surface.
Because it takes an email address as input, you will typically reach it after choosing the Public Leaks or Email search type. It can also run as one of the sources inside a OneScan, which fans a single email out across several Modules at once; when it does, the Data Source column in your results attributes each row to HaveIBeenPwned.
How to access it
Section titled “How to access it”- Start a search and choose the Public Leaks or Email search type.
- Enter the email address you want to check.
- Select the HaveIBeenPwned Module (or run a OneScan with it enabled).
- Review the returned breaches in the results table.
Official site
Section titled “Official site”Data source: haveibeenpwned.com
Reliability
Section titled “Reliability”Verified against UserSearch v2.0.20