In the recent weeks data breaches and leaks have been a hot topic.
My previous post on the Facebook data dump gained unexpected traction and was quoted by several media outlets, including The Irish Times.
Several readers contacted me with questions about good sources of information for researching the breach data topic.
While I am reluctant to post any direct links to breaches and leaks, I decided to create a list of resources which should allow you a decent level of insight into breach data OSINT.
These are the ones I have used in the past and verified them to be working, at least at the time of writing this post. As always, if you know of any additional resources, add them in the comments.
So here we go:
- https://breachalarm.com/ – free searching. Allows to verify emails and search them against breach data records. Paid plans enable alerts and notifications of newly surfaced leaks featuring a given email.
- https://breachchecker.com/ – free tool with a decent level of breach data details.
- https://cybernews.com/personal-data-leak-check/ – allows for checking hashed emails that have been leaked.
- https://ddosecrets.com/wiki/Special:Categories – free data maintained by a collective of volunteers. Leaks are searchable by categories and their geographical location.
- https://dehashed.com/ – free basic search. Detailed info requires payment.
- https://ghostproject.fr/ – paid resource. Impossible to use any features for free.
- https://www.globaleaks.org/ – free and open source software advertised as “a secure whistleblowing platform”. Requires local installation.
- https://haveibeenpwned.com/ – free. one of the most recognized and oldest breach data repositories. Contains datasets from a wide variety of sources.
- https://haveibeenzucked.com/ – free. Specifically for checking if details are present in the 2019 Facebook data leak. Not usable for anything else.
- https://intelx.io/ – a combined search engine and a data archive. Free access with a paid plan option.
- https://leakcheck.net/ – allows for limited free searches. Payment required for detailed info.
- https://leakedsource.ru/ – paid resource. Russian top level domain. Claims to re-index some older and lost breach data sources. Payments through cryptocurrencies.
- https://leak-lookup.com/ – offers free searches, detailed results require the use of credits that can be purchased with Bitcoin or Monero.
- https://leakpeek.com/ – free searches but paid membership is required to obtain detailed info.
- https://nuclearleaks.com/ – free, but slow, old and not regularly updated. Hard to navigate and get good results from.
- https://psbdmp.cc/ – data dumps site searchable with the use of an API key.
- https://psbdmp.ws/ – as above.
- https://scatteredsecrets.com/ – password breach notification and prevention service. Free for 1 email. Monitoring multiple email addresses requires a paid plan.
- https://services.blackkitetech.com/data-breach – a subdomain of a premium service allowing free email search and validation. Detailed results are behind a paywall.
- https://snusbase.com/ – paid resource. Allows searching on various data points like email, IP address, username or hash. More features are in development. Payments through cryptocurrencies.
- https://wikileaks.org/-Leaks-.html – one of the most renowned and recognised leaks sites. No longer actively maintained, only good for older leaked data.