BLACKEYES vs HaveIBeenPwned
Different tools, different purposes. HaveIBeenPwned answers "has this email been in a breach?". BLACKEYES answers "who is this person behind the email?". Here's the honest breakdown.
HaveIBeenPwned is a free breach-only lookup. Enter an email, get back a list of which known breaches it has appeared in. Narrow scope, easy to use, no cost. BLACKEYES is a paid OSINT investigation platform answering a much broader question — who is this person, what does their digital footprint look like, and does it match what they are claiming. The two operate at different depths. For a one-off self-check on breach exposure, a free lookup is enough. For professional verification — recruitment, tenancy, PI, insurance fraud, legal due diligence — BLACKEYES produces a source-cited investigation report that a free breach-list never will.
Side by side
The clearest way to see how the two tools differ — because they really are built for different things.
Which should you use?
The decision is nearly always clear once you know what question you're answering.
Use HaveIBeenPwned when
- You’re an individual wanting to check if your own email has been exposed in a breach
- You’re building a product and want to check user passwords against known-leaked ones at sign-up
- You’re running a security awareness programme and want to demonstrate breach exposure in real time
- You need a free, instant yes/no answer to one narrow question: is this email in a known breach?
Use BLACKEYES when
- You’re running pre-employment screening and need identity verification alongside breach history
- You’re a letting agent vetting a tenancy application and need to confirm the person matches their paperwork
- You’re a private investigator opening a case and need a structured dossier to build from
- You’re an insurance fraud team triaging a suspicious claim and need a report that plugs into SIU review
- You need more than a breach list — you need social, corporate, geographic, and identity signals in one output
Frequently asked questions
Should I use HaveIBeenPwned instead of BLACKEYES?
If your question is whether a specific email has been in a breach, a free breach-lookup tool is enough. BLACKEYES is overkill for that narrow question. If your question is broader — who is this person, what is their digital footprint, and does it match what they are claiming — that is what BLACKEYES answers, and a breach-only lookup never will.
Does BLACKEYES include HaveIBeenPwned data?
BLACKEYES uses its own breach-data sources that cover the same types of breach records Troy Hunt’s HaveIBeenPwned aggregates, through licensed investigator-grade breach databases. The breach-intelligence section of a BLACKEYES report covers similar exposure ground, then extends into the broader identity investigation that HaveIBeenPwned doesn’t do.
Is HaveIBeenPwned a BLACKEYES competitor?
Not really — they’re different categories. HaveIBeenPwned is a free breach-lookup service. BLACKEYES is a paid investigation platform. A recruitment or letting agency might use HaveIBeenPwned for personal security awareness internally, and BLACKEYES for candidate or tenant verification. Most professional users run both.
Can I get the HaveIBeenPwned result without paying for BLACKEYES?
Yes. HaveIBeenPwned remains free at haveibeenpwned.com. We are not gating or proxying access to it — anyone can visit the site directly. BLACKEYES is useful where the breach result is one signal among many you want to assemble into a single report.
Does BLACKEYES replace HaveIBeenPwned for security awareness programmes?
No. For security awareness — teaching employees their passwords leak in breaches — HaveIBeenPwned is the right tool. BLACKEYES is oriented around investigation of a third party (candidate, tenant, claimant, subject of investigation), not self-audit.
When a breach list isn't enough
One email. Fifteen minutes. The full identity investigation, not just a breach list.
Reports are tools, not conclusive judgements — verify material findings before reliance. See the FAQ