Frequently Asked Questions

A data breach occurs when personal information, such as emails, passwords, names, and even documents, is exposed without authorization. This can happen when hackers break into company systems, when employees mishandle sensitive data, or when databases are left unprotected on the internet. Thousands of breaches have been documented, affecting billions of people worldwide.

We use automated robots and artificial intelligence specialized in continuously monitoring known breach databases and areas of the internet where exposed information tends to circulate. Our technology cross-references this information with the email you provide and identifies whether your data has appeared in any known breach.

Yes, personal checks are 100% free, with no limits and no account required. You can check as many emails as you want, whenever you want. For businesses that need continuous monitoring at scale, we offer corporate plans upon request.

No. PassMonitor works without registration. Just enter your email, confirm the verification code we send, and within seconds you'll see your results.

To protect your privacy. We only allow the actual owner of the email to see the breach results. The code we send is temporary, expires in 5 minutes, and serves as proof that you truly have access to that inbox.

We do not store your email after the check, and we never ask for or store passwords. The entire process uses end-to-end encryption, and data is processed in real time without any permanent retention.

It means that at some point, a service or website where you registered was hacked and user data, including yours, was exposed. Depending on the breach, your email, password, full name, address, phone number, or even financial data may have been exposed. This doesn't mean someone has already used your data, but it means it's available for potential misuse.

First, immediately change the password using strong, unique passwords. Enable two-factor authentication (2FA) on all important accounts. Watch for suspicious messages, as scammers may try phishing. Read our full guide on what to do when your data leaks.

Not necessarily. An "all clear" result means your email was not found in the breaches our systems monitor so far. However, there may be breaches that haven't been discovered or made public yet. That's why we always recommend maintaining good security practices: unique passwords, two-factor authentication, and periodic checks.

The Deep Web is a layer of the internet that doesn't appear in search engines like Google. It's where most leaked data ends up circulating, often without the victims' knowledge. Our automated robots continuously monitor these areas to identify new breaches and alert you as quickly as possible.

The Deep Web is everything not indexed by search engines, including corporate intranets, academic databases, and login-protected areas. The Dark Web is a specific part of the Deep Web accessible only through special browsers (like Tor), where leaked personal data often ends up being shared or exposed.

Use a different password for each site. Enable two-factor authentication (2FA) whenever possible. Use a password manager like Bitwarden or 1Password. Avoid clicking suspicious links and check your data in new breaches periodically. Read our digital security guide for a complete roadmap.

Two-factor authentication adds an extra layer of security: beyond your password, you need to confirm access with a second factor, usually a temporary code on your phone. Even if someone discovers your password, they can't access your account without this second code. It's one of the most effective ways to protect yourself against unauthorized access.

Yes. PassMonitor is fully responsive and works on any device: smartphone, tablet, or computer. No app installation is needed.

We recommend checking at least once a month, or whenever you hear news about major data breaches. Since new breaches are discovered constantly, periodic checks help keep you informed and ready to act quickly.

The check is done by email, but the results show what types of data were exposed in each breach, including whether passwords, names, addresses, phone numbers, or financial data were among the compromised information.

This can happen for several reasons: the site may have changed its name since you registered, your data may have been sold or shared between services without your knowledge, or someone may have used your email to create an account without your permission.

Unfortunately, no. Once data is leaked and spreads across the internet, it's virtually impossible to completely remove it. What PassMonitor does is inform you about which data was exposed so you can take protective measures, like changing passwords and enabling two-factor authentication.

Yes! We offer corporate solutions including continuous domain monitoring, real-time alerts, API integration, and AI-generated automated reports. Companies can check whether employee credentials have been exposed and act before an attack happens. Learn more on our For Business page.

Yes. PassMonitor only analyzes information that is already publicly known, data that has already been exposed and circulates in known databases. Our goal is exclusively to inform and protect users, never to facilitate the misuse of personal data.

Credential stuffing is an automated attack where criminals take lists of leaked emails and passwords and test those combinations across hundreds of other websites. Since many people reuse the same password, a single breach can compromise multiple accounts at once. The best defense is to use unique passwords for each service and enable two-factor authentication.

Scammers send fake emails mimicking breach alerts to scare you into handing over data. Learn to identify fake emails and phishing scams. To verify suspicious links and messages in real time, use Vigarista.com, our free AI-powered scam detection tool.

A data breach is the exposure of personal information such as email, name, social security number, or password. Identity theft happens when someone uses that information to impersonate you, open bank accounts, make purchases, or commit fraud. A breach can facilitate identity theft, which is why acting quickly after discovering your data was exposed is essential.

It depends on the type of hash. Weak algorithms like MD5 or SHA-1 can be cracked in minutes with modern tools. Even stronger hashes like bcrypt can be vulnerable if your original password was short or common. The safest move is to change your password immediately, regardless of the encryption type mentioned in the breach.

After discovering your SSN was exposed, regularly check your credit reports through the three major bureaus (Equifax, Experian, TransUnion). You're entitled to one free report per year from each. Consider placing a fraud alert or credit freeze to prevent new accounts from being opened in your name. Monitor your bank statements weekly in the months following the breach.

There are several explanations: third parties may have shared your data with the company without your knowledge (data brokers), the company may have purchased lead lists that included your email, or another company in the same corporate group may have transferred records internally. In some breaches, data from business partners also gets exposed alongside the main database.

Phishing involves fraudulent messages that impersonate legitimate companies to steal your data. After a breach, attackers use the exposed information to craft more personalized and convincing messages. Watch for: artificial urgency ('your account will be locked'), shortened or odd-domain links, requests for sensitive data via email or SMS, and senders that don't match the company's official domain.

Yes. The General Data Protection Regulation (GDPR) requires companies to notify the supervisory authority within 72 hours and, in high-risk cases, the affected individuals. You can file a complaint with your local data protection authority, request from the company which data was compromised, and demand mitigation measures. If you suffer proven damages, you may seek compensation through legal channels.

Yes. Minors' data can be exposed through breaches at schools, online games, social media, and educational platforms. The risk is particularly serious because children's information can be used for fraud that may only be discovered years later. To protect them, avoid registering real data on unnecessary services, use secondary emails for games and apps, and periodically check whether their data has appeared in breaches.

For most people, free periodic checks on PassMonitor, combined with good security practices, already provide very solid protection. Also use Vigarista.com to verify suspicious links and messages. Both tools are projects by Bruno Borba and Codecortex Tecnologia, focused on making digital security accessible to everyone.