Jonathan R. Reed
BY

JONATHAN R. REED

jonathanrreed.com ↗

Traced is a weekend project. I wanted a better way to browse the Have I Been Pwned dataset and the case-file format felt like a good fit. It also includes a password checker so you can see whether yours has appeared in known breach data.

WHAT IS THIS

It's a browser for the Have I Been Pwned breach database, framed like a noir case-file archive. Each breach gets its own page with dates, affected account counts, exposed data, and how long it took for the breach to become public.

It's not meant to replace HIBP. It's just a different way to browse public breach history — and a reminder that old accounts tend to stick around longer than you think.

HOW IT WORKS

01
Pre-built pages — All breach pages are generated at build time from HIBP's public breach feed. There's no app server or database behind it.
02
No tracking — No analytics, no cookies, no behavioral tracking. Nothing you do here is logged by the site.
03
Password check — Your password is hashed in your browser and only the first 5 characters of the hash are ever sent. Your actual password never leaves your device.

THE STATUS LABELS

CRITICAL Passwords, financial data, or government IDs were exposed. Start here if you're checking your own risk.
UNSOLVED Happened in the last 5 years. Recent enough to treat the affected account as compromised.
COLD CASE Older breach, usually lower-risk data. Still useful context, just less urgent.
PRIVACY FIRST
  • No tracking · No analytics
  • No cookies · No logs
  • Open data only
  • Passwords never transmitted
  • Client-side hashing only
This is a static site. No backend, no database, and nothing you do here is stored.
BUILT WITH
Astro 5 Static-first framework
React 19 Interactive islands only
Tailwind CSS v4 CSS-first design system
Framer Motion Animations & reveals
Cloudflare Pages Global static hosting

DATA SOURCES

Everything here comes from Troy Hunt's Have I Been Pwned — a public breach database he's been running since 2013. This site uses that public data directly.

HAVE I BEEN PWNED FREE · NO KEY

The main breach database. Every publicly known breach with dates, how many accounts were affected, what data was taken, and whether it's been verified. Troy Hunt has been maintaining this since 2013.

GET haveibeenpwned.com/api/v3/breaches
GET haveibeenpwned.com/api/v3/breach/{name}
haveibeenpwned.com ↗
PWNED PASSWORDS FREE · K-ANONYMITY

Over 900 million real passwords from past breaches. The password checker on this site uses this API — your password is hashed locally and only 5 characters are sent, so it never actually knows what you typed.

GET api.pwnedpasswords.com/range/{prefix}
haveibeenpwned.com/Passwords ↗

All the data here belongs to Troy Hunt and Have I Been Pwned. Traced is just a fan-made frontend — not affiliated with or endorsed by HIBP. If you find this useful, the real credit goes to Troy. Check out his work at haveibeenpwned.com.