๐ŸŸข Beginner Summary

There are two separate questions here: (1) Was your email address exposed in a data breach somewhere? (2) Is someone actively inside your email account right now? Both are worth checking, and this guide shows you how to do both in under 10 minutes.

Table of Contents

  1. Warning signs your email has been compromised
  2. Check if your email was in a data breach
  3. Check for active intrusion right now
  4. Gmail-specific checks
  5. What to do if you find a problem
  6. How to prevent it happening again
  7. FAQ

Warning Signs Your Email Has Been Compromised

Sometimes a hack is obvious. More often, it's subtle. Watch for these signs:

  • Contacts say they received strange emails from you that you didn't send
  • You can't log in even though you're sure the password is correct (it was changed)
  • Password reset emails arrive for accounts you didn't request to reset
  • Unknown sent emails appear in your Sent folder
  • Account recovery details were changed โ€” different phone number or recovery email
  • Unexpected notifications about sign-ins from unfamiliar locations or devices
  • Missing emails โ€” attackers sometimes delete threads to cover their tracks
  • Unexpected subscriptions or purchases on accounts tied to that email

Check if Your Email Was in a Data Breach

Even if your email account itself hasn't been broken into, your email address + password may have been stolen from another site (a forum, a shopping site, a game โ€” any service that got breached). Attackers then use those credentials to try logging into your email.

HaveIBeenPwned (HIBP)

The most trusted free tool for checking breach exposure. Created by security researcher Troy Hunt, it contains billions of stolen credentials from thousands of breaches.

  1. Go to haveibeenpwned.com
  2. Enter your email address and click "pwned?"
  3. If your email appears in breaches, you'll see a list of exactly which services were compromised and what data was exposed

๐Ÿ”ต What the Results Mean

  • No pwnage found: Your email wasn't in any known public breaches. (But new breaches happen constantly โ€” check every few months, or sign up for free alerts.)
  • Pwned on X sites: Your email + possibly your password was exposed in those breaches. Change your password everywhere you used the same one.

Google Password Checkup

If you save passwords in Chrome, Google will automatically check them against known breaches.

  1. Go to passwords.google.com
  2. Click Check passwords
  3. Google will flag any compromised, reused, or weak passwords

Check for Active Intrusion Right Now

Beyond breach databases, you need to check if someone is actively inside your account at this moment โ€” or has been recently.

General Check: Login History

Most email providers let you see recent login history. Look for:

  • Logins from cities or countries you haven't been to
  • Logins at times when you were asleep
  • Unfamiliar device types (e.g., Windows logins when you only use Mac)
  • Unusual IP addresses

Gmail-Specific Checks

Recent Activity

  1. Open Gmail on desktop
  2. Scroll to the very bottom of your inbox
  3. Look for "Last account activity: X minutes/hours ago"
  4. Click Details to open a popup showing every active session โ€” device type, location, and time
  5. If anything looks unfamiliar, click Sign out all other web sessions

Google Account Security Events

  1. Go to myaccount.google.com/notifications
  2. Review recent security events: new sign-ins, password changes, 2FA changes
  3. Any event you don't recognize is a red flag

Check Your Gmail Settings for Tampering

Attackers who get into your email often set up forwarding rules to silently copy all your emails to their address โ€” even after you change your password. Check this even if you think everything is fine.

  1. In Gmail, click the gear icon โ†’ See all settings
  2. Click the Forwarding and POP/IMAP tab
  3. Make sure no forwarding addresses are set up that you didn't add
  4. Also check the Filters and Blocked Addresses tab โ€” attackers often create filters to delete security alert emails so you won't notice

What to Do If You Find a Problem

๐Ÿ”ด Act Immediately โ€” In This Order

  1. Sign out all other sessions (see above)
  2. Change your password immediately to something new, strong, and unique. Read: How to Create Strong Passwords
  3. Enable or update 2FA using an authenticator app, not SMS. Read: How to Secure Your Gmail
  4. Remove any forwarding rules or suspicious filters you find
  5. Check which accounts use this email for login โ€” change those passwords too
  6. Check your bank and payment accounts for unauthorized transactions
  7. Tell your contacts to ignore any suspicious emails that came from your address
  8. Check for new accounts created with your email during the breach period

How to Prevent It Happening Again

  • Use a unique, strong password for your email that you use nowhere else
  • Enable 2FA with an authenticator app
  • Check HIBP regularly (or sign up for breach alerts โ€” it's free)
  • Be cautious about which services you register your email with โ€” every site that has your email is a potential future breach
  • Use email aliases for less important signups (SimpleLogin or Apple's Hide My Email let you create throwaway addresses that forward to your real inbox)

FAQ

Is it safe to enter my email on HaveIBeenPwned?

Yes. HIBP is run by Troy Hunt, one of the most respected security researchers in the world. It only checks email addresses against its breach database โ€” it never stores what you search. Microsoft has partnered with HIBP. It is widely trusted by security professionals globally.

My password was in a breach but I haven't had any problems โ€” am I safe?

Not necessarily safe โ€” just not yet attacked. Breached credentials are often sold multiple times and used months or years later. Change the affected password immediately.

Can I be breached even if I've done everything right?

Yes โ€” you can't control whether a company you use gets breached. What you can control is the damage: using unique passwords means a breach at one site can't cascade to others.

References

  • HaveIBeenPwned โ€” haveibeenpwned.com
  • Google Security Blog
  • FTC: What to Do if Your Email Account is Hacked