When researching an email account, you can use Data Breach Websites to find a variety of information such as, but not limited to, websites where the email registered an account, alternate emails / phone numbers, coworkers, and social media accounts.
This post explains what Data Breach Websites are and discusses several sites that are available as of May 2021 (these sites regularly disappear and then are replaced by new ones).
What is a data breach website?
Data breaches occur in almost any website and the leaked information is often posted on dark web forums or discovered elsewhere before ultimately being taken down.
Before that information is taken down, breach data websites will obtain the information, verify it, and identify which breach it came from. Data breach websites will let you search for your own email address and find out which breaches had your email address in them, as well as other information listed along with it. You can then request that the breach data website remove your data from their holdings.
If you are researching an email address that is not your own, it can be helpful to research it in one of these websites so find out more information about it. For example, if the email was listed in a data breach of account information for LinkedIn accounts, you will know that the email address is registered to a LinkedIn account.
It is important to note that data breach websites maintain deep web databases so you can only obtain their information by going to the site itself.
List of Websites
The following is a list of Data Breach Websites and the information you can search as an input:
Data Breach Websites
leak-lookup.com – email
intelx.io – email
haveibeenpwned.com – email, phone
dehashed.com – email, username, phone, password, domain, IP
Phonebook.cz – email domain
leakpeek.com – email, username, password, keyword, email domain
The following are okay, but not great:
breachchecker.com – email
leakcheck.net – email, username
Email Reputation / Survey of Breach Websites
EmailRep.io – email
publicemailrecords.com – email
haveibeenzucked.com – email
checkashleymadison.com/ – email
open a browser tab and copy and paste:
…followed by the email you are searching (for example, to search for the email “email@example.com”, you would type the following – https://firstname.lastname@example.org
you can follow up on any unique id / username discovered in your results by copy and pasting:
…followed by the username. So for example when search a username (such as “myusername”) you would use the url – https://pastebin.com/myusername
And here are some other US-focused email search websites (not data breach sites) while you are at it:
Back to data breach info…
Explanation for Standard Data Breach Websites
Standard breach databases (haveibeenpwned.com, and breachchecker.com) will let you search for an email address and the website will tell you which data breaches had the email in them. The screenshot below is a classic example of search results. The email that was searched was found in two different breaches and the breach website gives an explanation of each breach.
EmailRep.io gives an overview of data on an email address that includes, whether it has been seen in breaches and the timeframe. This is a great place to start so you have an idea of what sort of information is out there.
See a standard set of results below
reputation – means likelihood that it is a legit, not spam email address
references – refers to the number of places the website has spotted the email, see below for more info on where the website gets its data.
blacklisted – self explanatory
credentials_leaked – presumably referring to a breach data leak
data_breach – gets right to the point and tells you if the email is in any breaches and the dates below are the earliest and latest dates of the breaches
valid_mx – refers to an mx lookup, which is basically a test to see if the domain of the email ( or website associated with the domain) is currently capable of hosting email addresses.
profiles – this is where it will list if the email is registered to a Linkedin or Twitter account.
EmailRep claims that it does not rely soley on databreaches but also uses “hundreds of data points from social media profiles, professional networking sites, dark web credential leaks, data breaches, phishing kits, phishing emails, spam lists…” etc.
The website also has a free api available.
Search More Than Emails
Some Breach Websites will let you search for other things in breach data. For example, leak-lookup.com will give you a limited number of lookups for free when you register and it lets you also search for phone numbers, IP addresses, Passwords, and Usernames. But in this case the results will only identify the data breaches. So if you search for an email domain, it will not show you the email addresses with the domain.
Intelx.io and Leakpeek.com will often give you limited access to the raw data from a breach. This is a great way to find new email accounts owned by the same user. This is especially helpful for finding the true identity of internet trolls who will often set up a “burner” email account for troll-like activities but there is often a link to their true email which could link to their true identity.
Companies will often store users’ data internally “hashed” or encrypted in case it is breached. When you see a random string of about 25 characters in a data breach, that usually means that it is hashed data. Depending on the kind of hash, it might be possible to decrypt it with Hashes.com. Just paste the string and hit the “Submit & Search” button.
Searching for email domains (at sites like phonebook.cz)will let you search a website domain for email addresses with the same domain. So in the example below, I wanted to research the website Snov.io so I searched for email addresses with the same name. This listed several work email addresses. If you click on one, it automatically opens a search for the email in intelc.io
Another site that can be used for this purpose is leakpeek.com. This website is notable because it will also let you search for email addresses by domain (though it will not identify the full email addresses) and because it will often give partial information from the breach itself.
Several websites provide information for only one data breach. They are usually only worth checking if you have other reason to believe that the email is located in that database.
publicemailrecords.com – River City Media Breach
haveibeenzucked.com – Facebook breach
checkashleymadison.com/ – Ashley Madison breach
Note that the breach for publicmailrecords.com, River City Media Breach, is unlike the other two breach-specific sites because this breach may appear in the results of a standard data breach website’s search. See the example search results above for a regular breach site, which indicates that you should look for the same email at publicmailrecords.com.