Skip to content

Have I been pwned? Check if your data has been breached

It’s one of the big problems of the modern age: how to keep your data secure.

With so much of our lives out there on the web, we all have to contend with the risk of having our personal information shared with malignant third parties. All it takes is for a popular service to be hacked, and suddenly our email addresses, phone numbers, and potentially more can be exposed.

It can be difficult to keep track of such data breaches, but there is a way to check from the comfort of your iPhone.

Have I been pwned?

One handy tool for finding out whether your email or phone number has been involved in a data breach is a website called have I been pwned? It’s the work of Australian web security consultant Troy Hunt.

If you’re unfamiliar with the online jargon, ‘pwned’ is basically geek speak for being bested or dominated. On this occasion, such pwnage is of the data stealing variety.

Your first step should be to open up Safari (or your web browser of choice) on your iPhone, and visit

Search for breaches and pastes

Enter your email address or phone number (or ideally both, one after the other) in the field provided, then hit the pwned? button to the right. If checking a phone number, be sure to use the international format.

You’ll quickly be told if your details have been involved in any data breaches, and if so how many. The tool will also tell you if your details have been included in any pastes, which basically means they have been copied and pasted onto a public sharing website for hackers to potentially exploit.

Tap on the data breaches link to learn more about all of these terms, and what they mean for you.

Follow the steps to seal those breaches

Now that you know your data has been involved in a breach (don’t worry, it happens to everyone), continue reading for advice on what to do next.

This advice includes using secure password app 1Password (though Safari has a similar iCloud Keychain facility built in), enabling 2-factor authentication wherever available, and subscribing for notifications of future breaches.

Naturally, the bare minimum you should do at this point is to immediately change your email account password – not just for the service in question but any other services where you use the same password.