About the project

Who is behind the project?

I am José M. Chia, someone very active with free software and who luckily works on what originally began as a hobby. I love all things relating to the automating of information... understanding it, sorting it and making it quickly accessible : )

What is the purpose of this site?

The main reason for which I decided to create this site was to contribute my part towards raising awareness about the growing amount of leaks and breaches in information that are taking place on the Internet. The purpose of the project is for people to be able to anonymously and free of charge look up as well as provide others with information, through a simple tool that quickly records any data breach they may have been affected by.

In so doing, it also forces me a little to keep up-to-date with IT security, a hobby I am passionate about since the first virus I caught cleaned out my computer : ) It has made me discover software that I would not have used otherwise and that I have ended up adapting for this project, so it also serves to help with my retraining.

How does all of this work?

Thanks to open source software! The services are set up on Debian Linux and I use MySQL and MongoDB for the database management. The rest of utilities are all licensed with GNU/GPL :)
For the detection and acquisition of email addresses I use two information input sources. There is an engine that takes care of almost instant collection of any leak that is published on Pastebin, Slexy, Pastie and other sites on the Deep Web. There is also another engine that takes care of reading documents with formats such as .pdf, .doc, .xls, .sqlite, .pst. .mbox, .etc from the large leaks that include all sorts of files as well as credentials, such as for example the recent leaks by Hacking Team and Ashley Madison that affect mail inboxes and administrative documents.

Is it really anonymous?

I keep no kind of registry about what emails are checked, I only use cookies from Google Analytics in order to have basic statistics regarding the audience visiting the site. The entire website works with SSL (https), which ensures that communication with the server and any other content you visit will take place in a encrypted manner and it will not be possible to a third party to know what is being consulted. If you wish to have greater security you may use a service such as Tor, I2p or another type of proxy for accessing the website anonymously.

Other FAQs you may have

What is a data leak and where do the emails come from?

A data leak is when an attacker obtains information from a system through its vulnerabilities, normally by exploiting weaknesses in its software. All of the emails from this site come from data leaks that have been publicly published on the Internet.

Are passwords stored on this site?

No. We only store email addresses and the link to the source where it was originally published. The role of this site is to help the individual to identify where their information was breached in order to take steps and restore security of their accounts.

Is there a list with all of the affected emails?

Again, no. The search engine only allows for the checking of emails one at a time.

Can you guarantee the purpose of this site is not the gathering of checked emails?

Scout's Honor! As I mentioned before, the purpose of this site is to provide a tool for checking email addresses, with all queries remaining anonymous and no entry being registered of the site access. Just as with any other site, if your security or privacy are of concern, don't use it :)

What happens with email breaches in which passwords are not leaked?

Sometimes only the email addresses are leaked without mention of passwords or the access hash. We treat and include these equally since we understand that they also directly affect people's privacy.

What are "pastes"? Why do you include them in the search?

A paste is a piece of text that is "copied and pasted" in a website that allows one to store text documents in a usually anonymous manner. Attackers use these services to disseminate information and make it accessible to the general public. Review the information that was leaked and change your passwords if necessary!

How are breaches verified?

From time to time there are data leaks that are found to be hoaxes after they are published. When we list a leak as verified it means that the validity of the leaked data has been confirmed and/or the affected site has acknowledged its authenticity.

Results are found for my email but the original paste is not available

These texts usually have a very short lifespan due to the services storing them diligently removing the data when they establish the sensitive nature of the information. If you click on the link but the page comes up as not found, this means that the website has deleted the information.

Results were not found for my email, does this mean it has not been compromised?

Although we constantly update our database with new leaks and their relevant emails, many of these do not become available to the general public. As Carl Sagan used to say "absence of evidence is not evidence of absence” ;)