I am José M. Chia, someone very active with free software and who luckily works on what originally began as a hobby. I love all things relating to the automating of information... understanding it, sorting it and making it quickly accessible : )
The main reason for which I decided to create this site was to contribute my part towards raising awareness about the growing amount of leaks and breaches in information that are taking place on the Internet. The purpose of the project is for people to be able to anonymously and free of charge look up as well as provide others with information, through a simple tool that quickly records any data breach they may have been affected by.
In so doing, it also forces me a little to keep up-to-date with IT security, a hobby I am passionate about since the first virus I caught cleaned out my computer : ) It has made me discover software that I would not have used otherwise and that I have ended up adapting for this project, so it also serves to help with my retraining.
Thanks to open source software! The services are set up on Debian Linux and I use MySQL and MongoDB for the database management. The rest of utilities are all licensed with GNU/GPL :)
For the detection and acquisition of email addresses I use two information input sources. There is an engine that takes care of almost instant collection of any leak that is published on Pastebin, Slexy, Pastie and other sites on the Deep Web. There is also another engine that takes care of reading documents with formats such as .pdf, .doc, .xls, .sqlite, .pst. .mbox, .etc from the large leaks that include all sorts of files as well as credentials, such as for example the recent leaks by Hacking Team and Ashley Madison that affect mail inboxes and administrative documents.
A data leak is when an attacker obtains information from a system through its vulnerabilities, normally by exploiting weaknesses in its software. All of the emails from this site come from data leaks that have been publicly published on the Internet.
No. We only store email addresses and the link to the source where it was originally published. The role of this site is to help the individual to identify where their information was breached in order to take steps and restore security of their accounts.
Again, no. The search engine only allows for the checking of emails one at a time.
Scout's Honor! As I mentioned before, the purpose of this site is to provide a tool for checking email addresses, with all queries remaining anonymous and no entry being registered of the site access. Just as with any other site, if your security or privacy are of concern, don't use it :)
Sometimes only the email addresses are leaked without mention of passwords or the access hash. We treat and include these equally since we understand that they also directly affect people's privacy.
A paste is a piece of text that is "copied and pasted" in a website that allows one to store text documents in a usually anonymous manner. Attackers use these services to disseminate information and make it accessible to the general public. Review the information that was leaked and change your passwords if necessary!
From time to time there are data leaks that are found to be hoaxes after they are published. When we list a leak as verified it means that the validity of the leaked data has been confirmed and/or the affected site has acknowledged its authenticity.
These texts usually have a very short lifespan due to the services storing them diligently removing the data when they establish the sensitive nature of the information. If you click on the link but the page comes up as not found, this means that the website has deleted the information.
Although we constantly update our database with new leaks and their relevant emails, many of these do not become available to the general public. As Carl Sagan used to say "absence of evidence is not evidence of absence” ;)