How to Check if Your Password Has Been Exposed
Why It Matters
If you’re concerned that your password may have been exposed in a data breach, you can safely check it using a trusted tool. This article explains how to do that and what to do if your password has been compromised.
Why Check Your Password?
Passwords sometimes appear in data breaches when websites or services are hacked. If your password has been exposed, it may be easier for attackers to access your accounts.
How to Check Your Password Safely
There are tools that let you check whether your password appears in databases of stolen passwords.
Booth IT Security recommends using Have I Been Pwned (https://haveibeenpwned.com/Passwords).
As of November 2025, the site contains more than 1.3 billion passwords that have appeared in data breaches or are known to be weak (for example, “Password123”).
When you enter a password into this tool:
- Your password is hashed (converted into a scrambled code).
- The site does not see your actual password.
- The hash is compared against the database to see if it has appeared in a breach.
If Your Password Is Not Found
You will see a message indicating that the password was not found in any known breaches.
If Your Password Is Found
You will see a message indicating how many times it has appeared in data breaches.
What to Do if Your Password Is Found
If your password appears in the database:
-
Change it immediately.
-
Do not reuse it on other accounts.
-
Create a new, strong, and unique password.
For tips on creating a secure, easy-to-remember password, see:
Tips for good password management
https://it.chicagobooth.edu/TDClient/30/Portal/KB/ArticleDet?ID=20427
If you have questions or concerns about your password security, contact IT Security at:
security@lists.chicagobooth.edu
Thank you for keeping Booth secure!