TIT Systems PWNED API

You can use this service to check if a password has been compromised.
To do this, hash the password using the SHA-1 hashing algorithm and send the first 6 characters of the hexadecimal representation to this service like in this example:

Your password: "test"
SHA-1 Hex: "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3"
URL: https://pwned.tit-cdn.de/a94a8f

The answer will contain the prefix you sent in the first line, followed by all the hashes stored in this database sharing this prefix, each in its own line. Iterate through them to check if the hash of your password matches one of them.

Download an example PHP (>= 5.6) script for your client: pwned_titcdn.php
Or try out the JS version right here: JS version

Please note: If a password you tested was not found in this database, it does not mean, that the password is secure or not compromised! Also the operator of this API does not guarantee the completeness, actuality or availibility of this service. Currently the backend performs a search in a database of about 550 million password hashes.

Datenschutz / Impressum