Email Breach Checker
Find out if your email address appeared in a known data breach — and exactly what was exposed.
Sent securely via HTTPS · Never stored or logged by CyDuck
How does this work?
CyDuck uses the HaveIBeenPwned API — the world's most trusted data breach database, built by security researcher Troy Hunt. Your email is sent via our secure Cloudflare Worker to the HIBP API over HTTPS. CyDuck never stores, logs or shares your email address.
What does "breach" mean?
A data breach is an incident where personal data is stolen from a company's systems — often without the company knowing for months. The stolen data is then sold or published on criminal forums. HIBP collects these datasets and indexes them so individuals can check their own exposure.
Frequently Asked Questions
Is my email address sent securely?
Yes. Your email is sent over HTTPS to our Cloudflare Worker, which forwards it to the HaveIBeenPwned API. Your email is never logged or stored by CyDuck.
What should I do if my email was found in a breach?
Change your password on the breached site immediately. If you reused that password anywhere else, change it there too. Enable two-factor authentication wherever possible.
What is HaveIBeenPwned?
HaveIBeenPwned (HIBP) is a free service created by security researcher Troy Hunt. It aggregates data from publicly known breaches and allows users to check if their personal data was exposed.
Why does CyDuck use a backend for email checks but not password checks?
Password checks use the k-Anonymity model which works safely from the browser. Email checks require a paid API key which must be kept secret on a server to prevent abuse and unauthorized billing.