Logo StartupKit
EN
English Deutsch Français Español Polski

Breach Monitoring

Kit checks your team's login emails against the Have I Been Pwned breach database every day and alerts you when one turns up in a recent leak.

Why It Matters

Reused and leaked passwords are the most common way accounts get taken over. If a team member’s email and password were exposed in a breach somewhere else, an attacker can try the same credentials on your Kit account. Breach monitoring gives you an early warning so you can rotate the password before that happens.

Note

Breach monitoring is included on paid plans. It runs automatically — there’s nothing to set up.

How It Works

Once a day, Kit checks every team member’s login email against Have I Been Pwned, the industry-standard database of known credential breaches.

  • The check covers the login emails of people on your account — not candidates, prospects, or other contacts.
  • The first time an email is checked, Kit records its existing breaches quietly as a baseline. You are not alerted about old, historical leaks.
  • After that, you’re alerted only when an email turns up in a breach that was newly added to Have I Been Pwned recently — a genuinely new exposure.

What Triggers an Alert

A new, recent breach for a team member’s email. When that happens:

Who is notified How
The affected team member In-app notification + email
Account admins In-app notification + email

This lets the person act on their own account and lets admins enforce a reset across the team.

What to Do When You’re Alerted

Warning

Treat a breach alert as a prompt to act today, not later.

  • Change the password on the affected Kit account immediately.
  • Turn on two-factor authentication if it isn’t already.
  • Stop reusing that password anywhere else — use a unique password per site.

Your Privacy

Have I Been Pwned only reveals which sites were breached — never your actual password. Kit never sees or stores your credentials, and stores only the names of the breaches an email appeared in. No passwords, ever.

Controlling Notifications

Breach alerts are part of the Security alerts category in your notification settings. You can adjust email delivery from Email & Notification Preferences — though we strongly recommend leaving security alerts on.

Quick Checklist

  • Confirm your account is on a paid plan (monitoring is automatic).
  • Make sure your team’s login emails are current.
  • Keep Security alerts enabled in your preferences.
  • Have a password-reset plan ready for when an alert arrives.

See Also

Type to search...