Frequently Asked Questions

What will you do with my email address?
When you perform a check on our homepage, your email address is used in a single check against our database. It is not stored unless you create an Email Watchdog Account.
What is the Email Watchdog?
The Email Watchdog is our email tracking service. You are able to nominate all of your email addresses, which we will check against any future breaches we discover. This means that if we come across your email address and password, we'll notify you immediately so that you can change your passwords and prevent your accounts from being accessed.
Is this a phishing site and why should I trust it?
This website is part of the Avalanche Technology Group, with over a decade of experience making life easier, safer, and happier. This is not a phishing site and has been vetted by a number of trustworthy individuals and organisations (see media).
Do you sell or share my email addresses?
Absolutely not. Your email address is used in a single database query. We will only store your email address if you create an Email Watchdog account.
It says my password may have been compromised. How did this happen?
Hackers work hard to hack into websites and steal their data. They often post this information online for 'lulz' or notoriety. We collect the data hackers release to the public, which often contain email addresses and passwords. In this case, one of the websites that you've created an account with has probably been compromised, and your details published online.
If my email address is red-flagged, does it mean my email account has been compromised?
Not necessarily. This means that an account that you created online (using this email address) has been compromised. If you used a unique password for this account, then your other accounts should not be at risk. If you re-use the same password across all of your accounts, you need to change them all.
Which website was hacked?
We can't tell you which breach your email address was compromised in, however you can cross-reference the date against our Sources Page, which should give you a rough idea.
Can I get the compromised password(s)?
Not from this website. No passwords are stored in our database. The breaches however have all been published publicly, and may be able to be found elsewhere online.
What data is stored?
The following information is kept about any email address published by a hacker group:
  • SHA1 hash of email (not email itself)
  • Date of last compromise
  • Number of times compromised
It says my password was compromised a long time ago. Do I still need to change it?
If you know that you have changed your passwords since the date of the compromise, then there may not be any immediate need, however it's good practice to change your password every couple of months, so it's probably a good idea anyway.
Isn't the site a big target for hackers?
Maybe for the "lulz" or notoriety but not for the data. The complete datasets are available elsewhere and hopefully potential hackers will see the good in having a site like this available to the general public.
How often do you update the database?
Whenever a new password database is made public. If you know of a new database that has been published and isn't listed here, please let us know on Twitter or at secure@shouldichangemypassword.com.
How big is the database?
As of October 2012 there are over 47 million records in the database but the intention is to keep updating in perpetuity.