Find Information About Email Addresses in Data Breach Websites

When researching an email account, you can use Data Breach Websites to find a variety of information such as, but not limited to, websites where the email registered an account, alternate emails / phone numbers, coworkers, and social media accounts.

This post explains what Data Breach Websites are and discusses several sites that are available as of May 2021 (these sites regularly disappear and then are replaced by new ones).

What is a data breach website?

Data breaches occur in almost any website and the leaked information is often posted on dark web forums or discovered elsewhere before ultimately being taken down.

Before that information is taken down, breach data websites will obtain the information, verify it, and identify which breach it came from. Data breach websites will let you search for your own email address and find out which breaches had your email address in them, as well as other information listed along with it. You can then request that the breach data website remove your data from their holdings.

If you are researching an email address that is not your own, it can be helpful to research it in one of these websites so find out more information about it. For example, if the email was listed in a data breach of account information for LinkedIn accounts, you will know that the email address is registered to a LinkedIn account.

It is important to note that data breach websites maintain deep web databases so you can only obtain their information by going to the site itself.

List of Websites

The following is a list of Data Breach Websites and the information you can search as an input:

Data Breach Websites

breachchecker.com – email

leak-lookup.com – email

intelx.io – email

haveibeenpwned.com – email, phone

leakcheck.net – email, username

breachdirectory.tk/ – username, email, phone

dehashed.com – email, username, phone, password, domain, IP

Phonebook.cz – email domain

leakpeek.com – email, username, password, keyword, email domain

Email Reputation / Survey of Breach Websites

EmailRep.io – email

Breach-Specific Websites

publicemailrecords.com – email

haveibeenzucked.com – email

checkashleymadison.com/ – email

Hash Decryption

hashes.com

dehash.me

github.com/HashPals/Search-That-Hash

Standard Data Breach Websites

Standard breach databases (haveibeenpwned.com, and breachchecker.com) will let you search for an email address and the website will tell you which data breaches had the email in them. The screenshot below is a classic example of search results. The email that was searched was found in two different breaches and the breach website gives an explanation of each breach.

Email Reputation

EmailRep.io gives an overview of data on an email address that includes, whether it has been seen in breaches and the timeframe. This is a great place to start so you have an idea of what sort of information is out there.

See a standard set of results below

reputation – means likelihood that it is a legit, not spam email address

references – refers to the number of places the website has spotted the email, see below for more info on where the website gets its data.

blacklisted – self explanatory

credentials_leaked – presumably referring to a breach data leak

data_breach – gets right to the point and tells you if the email is in any breaches and the dates below are the earliest and latest dates of the breaches

valid_mx – refers to an mx lookup, which is basically a test to see if the domain of the email ( or website associated with the domain) is currently capable of hosting email addresses.

profiles – this is where it will list if the email is registered to a Linkedin or Twitter account.

EmailRep claims that it does not rely soley on databreaches but also uses “hundreds of data points from social media profiles, professional networking sites, dark web credential leaks, data breaches, phishing kits, phishing emails, spam lists…” etc.

The website also has a free api available.

Search More Than Emails

Some Breach Websites will let you search for other things in breach data. For example, leak-lookup.com will give you a limited number of lookups for free when you register and it lets you also search for phone numbers, IP addresses, Passwords, and Usernames. But in this case the results will only identify the data breaches. So if you search for an email domain, it will not show you the email addresses with the domain.

Raw Data

Intelx.io and Leakpeek.com will often give you limited access to the raw data from a breach. This is a great way to find new email accounts owned by the same user. This is especially helpful for finding the true identity of internet trolls who will often set up a “burner” email account for troll-like activities but there is often a link to their true email which could link to their true identity.

Decryption

Companies will often store users’ data internally “hashed” or encrypted in case it is breached. When you see a random string of about 25 characters in a data breach, that usually means that it is hashed data. Depending on the kind of hash, it might be possible to decrypt it with Hashes.com. Just paste the string and hit the “Submit & Search” button.

Email Domains

Searching for email domains (at sites like phonebook.cz)will let you search a website domain for email addresses with the same domain. So in the example below, I wanted to research the website Snov.io so I searched for email addresses with the same name. This listed several work email addresses. If you click on one, it automatically opens a search for the email in intelc.io

Another site that can be used for this purpose is leakpeek.com. This website is notable because it will also let you search for email addresses by domain (though it will not identify the full email addresses) and because it will often give partial information from the breach itself.

Breach-Specific

Several websites provide information for only one data breach. They are usually only worth checking if you have other reason to believe that the email is located in that database.

publicemailrecords.com – River City Media Breach

haveibeenzucked.com – Facebook breach

checkashleymadison.com/ – Ashley Madison breach

Note that the breach for publicmailrecords.com, River City Media Breach, is unlike the other two breach-specific sites because this breach may appear in the results of a standard data breach website’s search. See the example search results above for a regular breach site, which indicates that you should look for the same email at publicmailrecords.com.

That’s it!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s