Online Dangers

How To Find Out if Your Email Account Has Been Hacked

Janis von Bleichert
Last update
8. Jan 2021

Nowadays, an email account serves as a kind of master key for your online identity. Just think: How often have you forgotten a password and requested that a new one be sent to your email account? Now, imagine that someone you don't know has access to that account. How many services and sites could they lock you out from? What information would they have access to? It's difficult to estimate how much damage could be done, and for precisely that reason, the danger of having your email account hacked is particularly high.

As a term, 'hacking' refers to a few different aspects, some of which can even be positive, such as 'life hacks' or 'growth hacking', however, in general, two different (negative) scenarios are meant.

  1. 1.
    Your login information was part of a data leak by a service provider.
    Chances are that you've heard of the hacking attacks launched against large companies and service providers over the past few decades. Through these, cybercriminals have gained access to reams of data, most likely including your email address, and, sometimes, even your password. Such lists typically find their way to hacker forums, where they are used to engage in identity theft, doxing, spam, or other illegal ends.
  2. 2.
    Hackers gain access to your personal email account.
    Hackers can also attack you directly, by attempting to gain access to your email account, using stolen login data from other services (known as 'credential stuffing'), or malware, such as spyware and keyloggers. As a result, your email account will likely be used for fraud, identity theft, and other criminal enterprises.

There's practically nothing that the average user can do against the first type of hacks, those involving data leaks from large companies or services, and unfortunately, these have become more and more common over the past few years. The good news is that for preventing the second type, you have a number of options at your fingertips, and in this article, we'll go into some detail discussing them.

Has My Email Account Been Hacked?

The first thing you'll probably want to know after reading the above is whether your email account has already been part of a data leak. A number of methods are available to help you find out:


Have I Been Pwned?

Have I Been Pwned  is a site that will answer your burning question in a matter of seconds, namely, whether your email account has been part of any leaks. This database collects leaked login data and allows users to search for their email address. In this way, you'll be able to quickly see if, and how often, your provider or service you've registered with has dropped the figurative ball. Have I Been Pwned even lists the individual services where your information was leaked from, helping you to contain leaks retroactively.


HPI Identity Leak Checker

Another way to assess how much exposure your email address has had as a result of data leaks is the Hasso-Plattner Institute's Identity Leak Checker . This service checks whether your email address has been publicized online, along with personal data like a telephone number, address, or birthday. Simply input your email address, and you'll receive an email with a table showing which information has been compromised in which leak(s).

How To Prevent Your Email Account From Being Hacked

As hinted at above, there's little you can do to prevent large service providers from leaking your information, except, to choose carefully when registering for them. Unfortunately, if your email address has been leaked, chances are high that you will have to contend with a fair amount of spam emails. But, the good news is that so long as only your email address is compromised (and not your password, or recovery phone number), it can be particularly difficult for cybercriminals to 'crack' your account and do real damage. Just imagine a thief knowing your address, or where you live, but not having the key to your front door. Below, we'll discuss three of the best ways to protect your accounts.

  • Complex, unique passwords
    Only the above protect against brute force attacks or credential stuffing, which criminals use to 'crack' email accounts. Here, it's important to remember that you shouldn't use the same password for multiple services. By doing so, even if hackers succeed in compromising one of your accounts, they won't be able to use that information to gain access to others.

    Thankfully, to save you the time and trouble of creating a unique and secure password for each service you use, there are password managers, which take care of this for you. These generate powerful passwords, manage your accounts, and automatically log you in to online services.

  • Two-factor authentication
    As its name suggests, two-factor authentication makes it necessary to use two (or more) separate means to access an account, such as an SMS code, or a token generated by an authenticator app. This helps to ensure that no one can misuse your data, and prevents even a cracked password from providing the 'master key' to an account.

  • Antivirus software
    If you're looking for a preventative measure to take against direct hacking attacks, antivirus software can function as your digital private security service, keeping out intruders, and warning you when someone so much as touches your digital door handle. Especially among the various premium versions on offer, these provide a range of special features that protect against keyloggers and other types of spyware.

The security of your email account is only partly in your control. If your data has been part of a leak in the past, the most you can do is damage limitation, however, if nothing has gone amiss to date, you're most likely ahead of the cybercriminals. To do this, a number of effective methods exist: As long as you have secure passwords (created easiest through the use of a good password manager) and integrate two-factor authentication, it will be very difficult for anyone to gain control over your online identity.

Janis von Bleichert studied business informatics at the TU Munich and computer science at the TU Berlin, Germany. He has been self-employed since 2006 and is the founder of He writes about hosting, software and IT security.
Continue Reading
Other languages