Everyone Can See Your Leaked Data
Data breach services are great tools for open-source investigators to find data in investigations with limited information
Almost every person who uses the internet lost some data in security breaches. Phone numbers, emails, passwords, usernames, locations, and bios from social media, business, shopping, and entertainment websites are sold or leaked online. Stolen personal data allows criminals to use it in social engineering, doxxing, fraud, and identity theft.
Some of the biggest data breaches happened at Yahoo in 2013-2016 with 3 billion users exposed, at Facebook in 2021 with 530 million users affected, and at LinkedIn in the same year with 700 million users breached.
Many online tools allow people to check if a phone number or an email was in a data breach. The services usually show several breaches, specific websites, and what kind of information was leaked. These tools are a great way to gather open-source intelligence for an investigation with limited data on a target. It can show what other websites a person in question was using in the past and provide additional leads for new searches.
None of the available tools show all breaches in one place, so it’s worth checking them all. I used my email which I had since 2013, to test the data breach services.
Have I Been Pwned?: the most popular service that allows to search for an email or a phone number, and it shows every website with specific data leaked. The service found my email in seven breaches.
Intelligence X: the website allows users to review the leaked files and find data in them. The documents are blacked out and, to see them, a user needs to pay. They allow for searches of domains, IPs, bitcoin addresses, and other data. My email brought 35 files.
Dehashed: the tool searches for names, emails, usernames, phone numbers, addresses, VINs, domains, and IPs. My email was found in nine breaches.
Avast Hack Check: the service allows to check emails, and it found my email in six breaches
TrendMicro: emails only check, and almost no information without installing their app, except for the number of leaked databases, which was 10 in my case
Norton LifeLock: emails-only service that doesn’t show which websites were breached, but explains which data leaked. It found my email in eight breaches.
Threatcop Email Checker and NameScan: emails only, but shows the same results as Have I Been Pwned?
Cybernews Check: the service checks both emails and phones, and it found my email in 12 leaked databases
F-Secure: email-only service, which showed 15 breaches with my data
Inoitsu: the service shows which data was leaked without mentioning specific websites. It found my email in seven breaches
Facebook Phone Number Leak: the tools check a US phone number against the Facebook data breach in 2021
Facebook Data Breach Checker: the similar tool as above, but it checks phones globally
Google Password Checkup: allows any user to check their passwords for a compromise in Password Manager
The breach services are a great source of OSINT if only an email or a phone is known – it can bring the name of the target, their social media, and local websites to find locations, habits, and hobbies, and a timeline of them using a service based on a breach date. Some breached databases can be accessed directly for a deep dive on Intelligence X or Dehashed or similar services.
