About the project

Who is behind the project?

We are a group of security-minded practitioners at 4iQ, passionate about discovering breached or leaked information, understanding and validating the data, and making the results publicly known in order to better protect the community.

What is the purpose of this site?

We want to help you protect yourself from the risks associated with data breaches and cyberattacks. Our primary goal is to empower individuals by providing a simple, free tool that can tell you whether your email is compromised so that you can take action to secure your accounts and protect your identity. We also strive to raise awareness on the growing number of leaks and breaches that are taking place every day.

What do I do if my email is compromised?

We recommend you change your password to exposed emails to secure any account as soon as possible. Once your credentials are stolen, cyber criminals sell and trade them over the dark web. Typical consumers use only 3 or 4 username/password combinations to access more than 30 online accounts. This means that if a hacker is able to obtain one set of credentials, he or she can use easy-to-access software to find the other accounts it unlocks. Once the account is taken over, the criminal can steal money, disclose sensitive details or engage in social engineering to commit fraud or launch more dangerous attacks.

If you want to receive real-time alerts about potential risks to your accounts or other personal information, we recommend you contact identity theft protection companies. Contact us if you’d like more information.

What is the source of your information?

We constantly monitor bad actor sites for potential exposures and compile exposed emails in a searchable database. We manage to stay on top of email leaks as they take place, which is helpful in mitigating the potential damage to your privacy.

How does all of this work?

It’s all because of open source software! The services are set up on Amazon and we use MongoDB for the database management. The rest of utilities are all licensed with GNU/GPL

For the detection and acquisition of email addresses, two information input sources are used. There is an engine that takes care of the almost instant collection of any leak that is published on Pastebin, Slexy, Pastie, and other sites on the Deep Web. There is also a separate engine that takes care of reading documents with formats such as .pdf, .doc, .xls, .sqlite, .pst. .mbox, .etc from the large leaks that include various kinds of files as well as credentials.

Is it really anonymous?

We take your privacy seriously. Once you submit your email to check, we will send a verification link back to the email you provided. We will only store your email during the verification process. Once you click on the link to verify your request, we will show you any matching exposures to that email. Please note, your email and request will automatically expire within 24 hours.

We only use cookies from Google Analytics in order to collect basic statistics regarding general information on the audience visiting the site (such as country, city, time on site, referral sites, etc.)--but nothing on individuals. The entire website works with SSL (https) which ensures that communication with the server and any other content you visit will take place in an encrypted manner, rendering it impossible for for a third party to know what is being consulted. If you wish to have greater security, you can use services, such as Tor or another type of proxy, to access the website anonymously.