Frequently Asked Questions

I've already changed my passwords. Why does a warning about leaked passwords still appear when I try again?
The Identity Leak Checker only tells you whether your password was found in a data breach. It does not indicate whether that password still works for the affected user account. Since your password is still listed in the relevant data breach, the website will continue to display a warning.
My password has appeared in a leaked database. Do I need to change my email address?
Generally, it is not necessary to change your email address because of a data breach. However, you should choose unique new passwords for all user accounts that use that email address.
The password for my email address was stolen. Does this only affect the password for my email account?
If a combination of an email address and password is stolen, it could be the password for any user account where you have provided your email address for identification purposes. You should therefore change the passwords for all accounts where you have used a leaked password.
Why doesn't the overview provide any details about the affected data?
To prevent the Identity Leak Checker from becoming an attractive target for attackers, the publicly searchable database contains only information about the type of data involved. Specific content (such as plaintext passwords) cannot therefore be made available. In the database, the affected email addresses are also not stored in plain text but are obfuscated using a hash function to provide the best possible protection for this data as well.