How To: Find Hacked Accounts Online ~ PART 1 - haveibeenpwned

Find Hacked Accounts Online ~ PART 1  - haveibeenpwned

You must have read news about hackers dumping the data online, recent one was Ashely Madison. It's only the big companies' data, which gets noticed once it is out. There are many other small leaks which don't even get a mention. So this article is the first one of my series which will help you to find hacked accounts. Some of you must already know about this, but this post is intended for the new learners. This also serves as an example of my learning how a good service can be used in other ways it is not intended to.

NOTE: Please note that this article is for information purposes only and please do not put it to illegal use whatsoever. You can get tracked if you do not know what you are doing.

Step 1: The Service HAVEIBEENPWNED is a great service which allows users to check if they have an account that has been compromised in a data breach. The concept is just enter an email, hit search and it will tell if the account details were leaked online.

Step 2: Difference Between Breaches and Pastes

Breaches are the information form breached websites, which will mostly have full credentials available online, that is username and password.

Pastes are the information someone have pasted online on sites like Pastebin. Read more about it on

Step 3: My Precious – Finding ?@©?Kd Accounts

Now there are two ways, if you are searching for a specific email address try the regular search on haveibeenpwned otherwise if you just want get your hands on any hacked accounts just open Latest Pastes page on haveibeenpwned.

This page lists various pastes online which contain email addresses and passwords. Just click on the paste and voila you'll get loads of information.

Step 4: Trial and Error

Please note that not every paste will have username password combinations. And not all pastes that do have will work. Its a time consuming method of trial and error. But once you start doing it over and over you'll learn how to differentiate between legitimate hacked accounts and other accounts which do not work.

Part 2 of this post will be focused more on exploring pastes, what to look for while reading information, what accounts to check for in a paste, reading pastes which were removed from sites and more. That will only happen if I get a good response for this article. So do not forget to give Kudos for this one if you find it helpful. Thank You!

EDIT: Part 2 of this series is live at

Just updated your iPhone? You'll find new features for Podcasts, News, Books, and TV, as well as important security improvements and fresh wallpapers. Find out what's new and changed on your iPhone with the iOS 17.5 update.


This is a fantastic tutorial. You analyze the risk and give links for other users to check and make themselves safer. I would also recommend other users to see what information about them is online.

An easy way to see if something like your address is online is to type your name, and your zip code in quotes into google and see what comes up. Example:

"Cameron Glass" "1234567"

You could even mix things up with your phone number or other things that you wouldn't want to be on the public web to make sure that you are not being stalked.

  • Happy searching!


I found an email account pwned? This account sent phishing attempts for a couple of friends of mine. Unfortunately this account don't have pastes. But if I use bruteforce to log in in this account with a proxy, the "new owner" can try track me just with the proxy ip?

Nice tutorial Cameron. Thanks for share :)

New things to learn. Thank you!

Share Your Thoughts

  • Hot
  • Latest