Beginners Guide To Cracking Accounts With Only An Email

This is a super simple guide on how to crack any account with only an email!

While there are better methods out there. This is one of the easiest IMO

Disclaimer: Only use this on your own accounts for security and/or research purposes

Step one:

Get something, anything, related to the account you’d like to crack. This could be an email address, a phone number, or even a password (if you have the password you can probably stop reading here)

Step two:

Go to any database leak checker. Personally i prefer ‘Have I Been Pwned’ but there are plenty of other options available.



Step three:

Enter the email address or phone number, This will search all (known) leaked databases. If that email or password appeared in a leak, chances are it’ll show up.

Step four:

Assuming the email or password was involved in a leak - check the name/s of the sites in which the data was leaked from. For example, if an accounts email was leaked in a Canva and Snapchat database leak. Take note.

Step five:

Now here are where things get a little more… spicy

You’re going to need to find that database leaked somewhere online. Ideally, without the emails or passwords hashed (Nulled is a great resource for this) although plenty of other sites such as pastebin which will often host these dumps as well.

Once you find the one - have a look for the email or phone number that was leaked. Generally people are too lazy to use different passwords across multiple sites so chances are… if you’re lucky… this password may just match the account you’re trying to crack.

Step six:


Some things to remember:

  • This tutorial is by far not the best means to go about cracking an account and should only be used to gain a better understanding of one of the many methods used to crack accounts as well as to show how easily it can been done. Therefore, change your passwords regularly and avoid reusing passwords across sites.
  • This tutorial only covers public database leaks. More often than not, sites such as google, have features built in to notify users if one of their passwords are leaked in a public database. Therefore, this method really only works if you can get your hands on a private database leak (which is significantly harder than googling it)

I hope this mini tutorial helped you gain a better understanding of how database leaks can be used with malicious intent :slight_smile:

Happy learning!