Here you can find answers to the most faq

A data breach is the event of a web source security breached and stolen data.
It depends on a web source. Usually, attackers steal sensitive personal information like emails, passwords, phone numbers, and addresses. One of “popular” trends is to steal personal records from medical institutions.
When data is stolen, the administration of the source is not always aware that they’ve been breached. In some cases, information is revealed when attackers start to share personal data on the web.
We only send emails to our users from the address. We will never ask you for personal information like login or payment details. If you have a suspicion that you've been contacted by fraudsters, you are highly advised to contact us at as soon as possible.

At present we collect data from the following sources:

  • Data donation.
  • Research through publicly available sources.
You can configure your notifications in Profile Settings. If you want to receive in-browser notifications, you can install our Chrome extension.
We store hashed passwords only on a protected server with high access control. Our employees do not have direct access to plaintext passwords. Password view available only to users, who have validated their accounts.
Breach Report does not participate in malicious activities nor interact with hackers. We access only breaches that can be found in public or through data breach donation.
If your email wasn't found in our database, your account has not been spotted yet. We constantly update our database, and constant monitoring can ensure timely alerting.
Please refer to the Data Donation policy page to find more info on how to provide data.
Some sections are available for paid subscriptions' holders. You can check our subscription packages here.
If you have data that you would like to share, you can check the Data Donation Policy. Also, if you have ideas or suggestions, you can contact us at
We do not sell or trade personal information. Our employees do not have access to personal information, and users can access personal information only after email/domain ownership validation.

We gather information in several ways:

  • We search for publicly available breaches at thousands of forums.
  • Data donation (link to a data donation policy).
To prevent yourself from a data breach, you need to use different passwords on different sources, avoid visiting untrusted web sources, and limit the amount of personal information you mention when register.

To create a strong password, you need to use 8+ characters, which include:

  • Special symbols.
  • Uppercase letters.
  • Lowercase letters.
  • Numbers.
Also, you need to try to avoid using common passwords like "qwerty" or "1234567890". You can check at our dashboard how many times your password is met in the common passwords list. At last, remember the Golden Rule: One password per source! We do not advise to use one password at different sources.
Data can be compromised when a malicious attacker acquires a database from a source, which contains personal records from the users of this source. For hashed passwords, the stronger it is, the harder it will be for attackers to crack them.
Breach Report uses advanced encryption and security algorithms to store information. Our employees and users do not have access to the information. We constantly update our servers' protection and perform security testing.
An antivirus can protect from the common virus application, which is stored in the antivirus database. However, it will not protect a user from the risk of being hacked.
The best thing for a user is to change logging credentials like email, username, and password. This will ensure, that fraudsters will not use old logging information.
We assist users to get the awareness of the exposed data and advice on security. Users can get insights on leaked information flow and predict tendencies, detect weakly protected websites, get a strong password, and check on sources, which mention personal information.
The breach, as well as data, will stay since it has already been shared publicly. However, you can minimize risks by changing logging credentials.
  • Set a strong password for your account: uppercase and lowercase letters, symbols, and numbers.
  • Have a unique password for each account you have.
  • Do not use common passwords like "qwerty" or "1234567890". The vocabulary with common passwords is usually the first that an attacker might try to crack stolen acc.
  • Do not register at sources that you do not trust.
  • Do not leave your credentials at websites that do not have a certificate (like "http"). Those with certificates usually have "https" in the address.
  • Do not store your passwords in a TXT file like passwords.txt on desktop or some other easily accessible space. The best solution will be to remember your passwords or to use side applications that specify passwords storage.

You can sign up by following this link. Then you need to do the following:

  • Enter your email address.
  • Enter your password.
  • Confirm the new password.
  • Wait for the confirmation email at the address that you entered.
  • Click on the confirmation link in the email that we've sent you from the address.
You can log in here. At the page, you need to type in your email and password that you've set when registered.
You need to visit the login page and find a Forgot password button at the bottom right of the window. Once you click, you need to enter an email you registered with, and an email with a password reset link will be sent to you.
You can delete your account by accessing the Account settings section and clicking on the Delete account button. In a popup window you need to confirm your intention, and then confirm the deletion by clicking on the link we send you to your email.

You can find this option in Account Settings. Just fill in the Two-factor authentication (2FA) button. You will be prompted by confirming your password. If you did not activate a 2FA before, you may need to do the following:

  • Download Google or Microsoft Authenticator application.
  • Add Breach Report through QR code or enter a secret key manually.
  • Type in a secret 6-digit code that appears in your Authenticator app to the popup window at the Breach Report website.
We do not advise you to share any of the data with anyone as it contains personal data like emails, passwords, and breaches that you've been spotted at.
Once, you've paid for a subscription, your features will get activated automatically, so you can enjoy paid options.
As we don't provide any recurring charges at the moment, you can just stop paying for your subscription renewal. If you want to discuss other options, you can contact
You can change your subscription by choosing and paying for another package.
If you didn't receive your verification link, you need to contact our support to activate your account at
We accept PayPal and Stripe and credit/debit card payments.
We do not store your credit card details. Breach Report uses trusted payment channels like Paypal and Stripe.
You need to contact our support by creating a ticket or emailing directly at
Only account owners have access to their reports. We limit the access to this type of information for security purposes.
For security reasons, we cannot store sensitive data like passwords in our report. Breach Report stores password hashed and strongly limits access to it.
Monitoring is statistics and notifications systems at our Portal section. At Monitoring, you will be able to check your latest breaches and dynamics.

You can add a new email to the Watchdog by clicking on the Email accounts link in the left menu. When you access the section, you need to find the "Add email" form on the right and then click on the "+" button. Congrats, you've added a new email to your Watchlist!

Note, that, after you've added your email or emails to the Watchlist, you will need to confirm your ownership by clicking on the confirmation link sent to your email.

You can add a domain by following these steps:

  • Visit Domains sections from the Portal.
  • Find the "Add domain" form on the right, fill in your domain address, and then click on the "+" button next to it. congrats, you've added a new email to your Watchlist!
  • You will be sent to a new success window. If you get a mistake message or want to get more detailed instructions, please contact our support by creating a ticket or writing directly at

Verify domain:

After you've added your domain, you need to prove the ownership:

  • Either from a successful verification window or your Domains section, you can click the Verify domain button.
  • If you didn't add the TXT record before, you will get a failed verification message. You can find instructions on how to verify your domain here.
  • Reach your domain hosting service.
  • Create a DNS TXT record with the token we've provided you with. The token can be found in Domains section or Success page after you've added your domain.
  • Save your TXT record.
  • Wait until your hosting provider updates the record. Usually, it takes from 10 minutes up to 48 hours. Contact your hosting provider for more details.
  • Check on a side service your TTL record. It should return the record that you've just entered. If you see some other record, check on other conflicting records you might have added.
  • Reach the Email accounts section at the Portal.
  • Find an email you want to remove.
  • Click on the "X" button on the right from the email record.
  • Confirm an email deletion by typing in the "DELETE" word manually.

There are several ways to check compromised data:

  • Watchdog: you can access information about the leaked data from the breach description, where your account has been found. Also, you can check leaked passwords for verified emails and domains at corresponding sections in the left-side menu.
  • report: you can purchase and access a report, which contains a comprehensive aggregated information on the leaked data associated with your account.
After you've added your email or emails to the Watchlist, you will need to confirm your ownership by clicking on the confirmation link sent to your email.
  • Reach the Domains section at the Portal.
  • Find a domain you want to remove.
  • Click on the "X" button on the right from the domain record.
  • Confirm an email deletion by typing in the "DELETE" word manually.
An API token is a code that identifies the requesting account. For example, if you use our API to add/check an email, you need to provide an API token in your request, so we can check whether you have the necessary permissions and subscriptions to get the data.
You can get an API token in the API section at Portal. You will be redirected to the API section with the list of available API calls and tokens. If you did not create a token before, you can simply click on the Create token button at the bottom of the list.

You can use your token to make API calls. Breach Report allows to perform following actions through API:

  • Add an email (or multiple emails).
  • Check an email (or multiple emails).
  • Add a domain (or multiple domains).
  • Check a domain (or multiple domains).
  • You can find more information on our API Docs page (you have to be logged in to access this page).
You can purchase an additional subscription on our subscription page.
You can customize and get the code for your iframe here.
You can add a Breach Report Discord Bot by clicking this link and adding the bot to your chat room.
please wait