So many accounts, so many services, so many places…
The very short answer is no, there is no place to find out where your email address has been used or what sites are using your e-mail address.
However, there is at least one thing you can do to keep partial track.
Become a Patron of Ask Leo! and go ad-free!
Where your email address has been used
There’s no comprehensive way to find all the places your email address has been used. Some methods to try include:
- Use a password manager
- Search online for your email address
- Check haveibeenpwned.com for breaches
- Search your email records
- Attempt password resets on various sites
Ultimately, sharing your email cautiously is best.
Keep track beforehand
If you use a password manager, then by definition you have a list of services where your email address is being used to sign in.
It may not be complete (some services use passwordless sign-in), and it doesn’t cover non-account-related uses (like signing up for an email newsletter), but it’s one heck of a good start.
The good news is this is entirely under your control. In fact, it should be a side-effect of something you’re already doing: using a password manager to keep track of all your passwords.
The bad news, of course, is that it’s not everything. Unfortunately, that means we need to grasp at straws.
Search for it
Try searching for your email address in quotes — for example, “leo@askleo.com”. If it works, it’ll return a list of all the places where your email address has been posted publicly. Based on what you find, this may help you reverse-engineer how it got there.
I said “if it works” because this technique appears to be disappearing. In many cases, using quotes, which means “search for this exact string”, uses symbols to break apart words. Thus searching for “leo@askleo.com” could be treated as searching for “leo”, “askleo”, and “com”. While exact matches to “leo@askleo.com” might be highlighted, there may be many results that have nothing to do with the email address you’re looking for.
Related
What Should I Do About the Latest Breach?
Another week, another breach. What steps should you take in the wake of the latest large-scale data breach?Look at breaches
A different kind of search is to head over to haveibeenpwned.com and enter your email address. There will be two classes of results.
- One sort of result explicitly tells you where the breach happened. This shows where your email address was used: it was used at that breached service.
- The other type of result tells you that your email address was found, but there’s no information indicating where. This is usually the result of large data dumps from hackers that don’t include the source of the information. These don’t help us trace where your email address was used.
Unfortunately, it seems that the latter case is more common.
Search your own records
If you keep an archive of your received or sent email, you can scour that data to find out where your email address had been used.
Unfortunately, not everyone keeps or archives their email, and even if you do, this can be a time-consuming process.
Try signing in to, well, everything
The only way I know of to find out if your email address is used on any given site is to attempt to use it. You may need to perform a password reset (aka “I forgot my password”), but if successful, this confirms that your email is associated with an account at that site.
If you’re looking for an exhaustive list, this implies trying your email address at a lot of sites. Once again, this is cumbersome and time-consuming.
There’s little hope for other uses
If none of the above work, or your email address wasn’t used as part of an online account setup, I’m not aware of anything more you can do.
- There’s no way to locate where your email address was used as a recovery email address (unless you make a note of this in your password manager).
- There’s no way to know which email newsletters and/or mailing lists the email address might be used for other than paying attention to your incoming email.
- There’s no way to know whose address book/contact list your email address might appear in.
Do this
The only thing you can do is address the issue before it happens. That boils down to two things:
- Be careful who you give your email address to.
- Use a password manager so tracking those email address usages becomes a side-effect.
After the fact, however, the chances are slim to none that you can track back all the places your email address has ever been used.
How ’bout you use it in one more place? Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
Podcast audio
Related Video
I use a password manager to know what online accounts I currently have!
There is no other way sadly to find lost accounts!
Now Dashlane (Which I never used) used to have this thing on their website
where you would put in your email address and they would send you an email
where it showed what online accounts you had! It was done for security at first
I heard, But then they removed it because the company said that it didn’t work
very well I guess! So now it’s gone! They even removed their automatic password
changer option! It only worked for a number of sites anyway.
These could have been awesome features if they had worked correctly!
What a shame!
If I ever need to know where my email address is used, after looking in my password vault, I can take a look at the list of folders where I move messages in Thunderbird. I always name these folders for the website they come from. For example, my Ask Leo newsletter goes into a folder named AskLeo after I’m finished reading it, in case I want to go back later for some reason. I suppose this is harder if you don’t use folders in an email client, or on the provider’s website, but I think that between my password manager’s vault, and my email client, I have a record of nearly all the websites that use my email address, although, it probably doesn’t include sites where it was used for some other purpose.
Ernie
Question: Is there a way to find out if someone else is using my email address?
There have been 2 instances in the past where I tried to sign into a site, I received a message that I had the wrong password, so I tried the Forgot Your Password link.
But I never received any email to update my password.
I’ve used haveibeenpwned.com, but my email address comes up clean.
There’s no way to find out.
However, IF the email address has been used at a site, and you use the “forgot password” link, then you should get the password reset link.
I think he tried that but apparently a hacker changed the recovery email address.
There are Identity companies that will contact all of the (known) data brokers to notify then to delete your information. This is a federal law and informs them to not sell your data. Incogni is one such company, I believe Malwarebytes has started offering such a service. They do cost money, but may be worth it if you’ve been exposed to one or several data breaches.