You've disabled JavaScript! If you submit a password in the form below, it will not be anonymised first.

Pwned Passwords are 572,611,621 real world passwords previously exposed in data breaches. This exposure makes them unsuitable for ongoing use as they're at much greater risk of being used to take over other accounts. They're searchable online below as well as being downloadable for use in other online systems. Read more about how HIBP protects the privacy of searched passwords .

This password wasn't found in any of the Pwned Passwords loaded into Have I Been Pwned. That doesn't necessarily mean it's a good password, merely that it's not indexed on this site. If you're not already using a password manager, go and download 1Password and change all your passwords to be strong and unique.

This password has previously appeared in a data breach and should never be used. If you've ever used it anywhere before, change it!

Password reuse and credential stuffing

Password reuse is normal. It's extremely risky, but it's so common because it's easy and people aren't aware of the potential impact. Attacks such as credential stuffing take advantage of reused credentials by automating login attempts against systems using known emails and password pairs.

NIST's guidance: check passwords against those obtained from previous data breaches

The Pwned Passwords service was created in August 2017 after NIST released guidance specifically recommending that user-provided passwords be checked against existing data breaches. The rationale for this advice and suggestions for how applications may leverage this data is described in detail in the blog post titled Introducing 306 Million Freely Downloadable Pwned Passwords. In February 2018, version 2 of the service was released with more than half a billion passwords, each now also with a count of how many times they'd been seen exposed. A version 3 release in July 2018 contributed a further 16M passwords, version 4 came in January 2019 along with the "Collection #1" data breach to bring the total to over 551M. Version 5 landed in July 2019 with a total count of 555M records and finally, version 6 arrived June 2020 bringing the total passwords to almost 573M.

Downloading the Pwned Passwords list

The entire set of passwords is downloadable for free below with each password being represented as either a SHA-1 or an NTLM hash to protect the original value (some passwords contain personally identifiable information) followed by a count of how many times that password had been seen in the source data breaches. The list may be integrated into other systems and used to verify whether a password has previously appeared in a data breach after which a system may warn the user or even block the password outright. For suggestions on integration practices, read the Pwned Passwords launch blog post for more information.

Please download the data via the torrent link if possible! If you can't access torrents (for example, they're blocked by a corporate firewall), use the "Cloudflare" link and they'll kindly cover the bandwidth cost.

Format File Date Size SHA-1 hash of 7-Zip file torrent

cloudflare SHA-1 Version 6

(ordered by prevalence) 13 June 2020 11.4GB 5c496cf2b75e6084e993605eaeedcf660e4f50d9 torrent

cloudflare SHA-1 Version 6

(ordered by hash) 13 June 2020 10.1GB f0447a064aee7e3b658959fab54dba79b926f429 torrent

cloudflare NTLM Version 6

(ordered by prevalence) 13 June 2020 9.19GB 0a7ae9d67718d81ebca661342febf49bfac409ed torrent

cloudflare NTLM Version 6

(ordered by hash) 13 June 2020 7.86GB 00bbc01153ff35b600b4e938d31c91ddd02affd4

Help support HIBP by donating Thank you for downloading the Pwned Passwords! While the file is downloading, if you'd like to help support the project there's a donate page that explains more about what goes into making all this possible. Your support in helping this initiative continue is most appreciated! go to the donate page

The bandwidth costs of distributing this content from a hosted service is significant when downloaded extensively. Cloudflare kindly offered to support this initiative by aggressively caching the file at their edge nodes over and beyond what would normally be available. Their support in making this data available to help organisations protect their customers is most appreciated.