Frequently asked questions

What is a "breach" and where has the data come from?

A "breach" is an incident where data is inadvertently exposed in a vulnerable system, usually due to insufficient access controls or security weaknesses in the software. breaches.net aggregates known breaches and enables people to see information about them.

Can you send me your databases? Can I buy the databases? Can you tell me if my email is in a breach?

No. I will not provide you with any data I have listed on this website.

What is the purpose of this site?

The purpose of Breaches.net is to offer a reliable source for information about breaches. Unfortunately, many smaller database breaches go unreported by major sources. Thus, we consider what we do to be important as it enables people to find out about which websites have been breached, giving affected website owners the chance to improve the security of their websites and notifying users that they should be wary of what details they give out when signing up for websites.

Why did you create breaches.net?

  • To replace the now defunct vigilante.pw project.
  • To benefit the community with a reliable source on information about breaches.
  • I have nothing better to be doing.

How can I submit a data breach?

You can contact me via one of the methods listed on the contact page. You can also submit a PR or create an issue on our Github Repo to get one added.

How do you classify if a breach is public/private?

It's a very hard thing to answer, as everyone has different opinions on the matter. I have described below my beliefs on if a databreach is either public, private, semi-public or semi-private.

  • Public: Available to be downloaded on various forums (XSS.is, BreachForums, Exploit.in); Shared extensively.
  • Semi-Public: At one point in time (Minimum 2 years ago) it was shared for free, but it can no longer be found anywhere publicly.
  • Semi-Private: Breach that has never been shared publicly online, but has been sold/shared many times in closed circles. An example could be the "Exactis" breach, sold/shared by Vinny Troia many times.
  • Private: A breach that less than 10 people currently have in their possession.
  • Not Rated: A breach whose status is not 100% known yet.

Why is my website listed on here?

If your website is listed on here there is a very high chance that your website has been hacked in the past. Please reach out to me and I can try to provide more details for you, and possibly the data so you can alert your users (If I have the data, that is).