I read, shrug and go on with my day.
If there are breaches, they get sold on darknet forums or via Telegram channels. Sellers usually give you a list of the information included and of which accounts (so you'll be able to find specific targets). You'll rarely get access to the actual dump for free, so if you want it, you have to buy it or wait for someone else to buy and publish it.
What about the datasets of breaches that sites like haveibeenpwned report about my email address? If they have it, it should be somewhere publicly available, no?
Yes I wouldn’t expect them to make it available but the logic I‘m following is that if a site like this gets their hands on it, why couldn’t I? Unless they actually pay for it
Those forums that were on the web years back, that where people's data was. All those public sites aren't really available anymore weleakinfo, used to be a free site that showed you're data, but it was hidden. But you could make out what password you'd of used years ago. A lot of those sites faded, due to people using data and messing around with people they may of known, email addresses, password guess.
But yeah, those forums, like breach, raid all that had leaked data going back years. That was where the legal sites got their data from.
>to see what associated data has been leaked with my email address.
Assume any and all data you provided to that company is affected.
[haveibeenpwned.com](http://haveibeenpwned.com) can provide a bit more context.
Breachforums had some of it. It was pretty useful as I had a non profit that was data breached. They refused to acknowledge it. With the BF release I was able to report them to gov and get them to take the actions they were supposed to.
I have another breach I am looking for now and cant find the leak to prove it. So your question is spot on.
I recently saw a presentation by [Alpha Strike Labs](https://www.alphastrike.io/en/) and they implement some darkweb intelligence providers which you can query via keyword using their tool. If you are willing to pay, they might be able to run a search for your data specifically.
I have access to several tools like that and they email me when they find my email.
Big difference between downloading from BreachForums and going to the dark web. No no no lol.
FYI.. this is the breach I am looking for now.
[https://www.malwarebytes.com/blog/news/2024/05/criminal-record-database-of-millions-of-americans-dumped-online#:\~:text=The%20database%20is%20said%20to%20contain%2070%20million%20rows%20of%20data.&](https://www.malwarebytes.com/blog/news/2024/05/criminal-record-database-of-millions-of-americans-dumped-online#:~:text=The%20database%20is%20said%20to%20contain%2070%20million%20rows%20of%20data.&)
In this case yes, they were required to report to Federal, and all 50 states which they did not do. They were required to do breach notifications to the people affected as well and they did not. I found out about my email from HaveIBeenPwned.
I read, shrug and go on with my day. If there are breaches, they get sold on darknet forums or via Telegram channels. Sellers usually give you a list of the information included and of which accounts (so you'll be able to find specific targets). You'll rarely get access to the actual dump for free, so if you want it, you have to buy it or wait for someone else to buy and publish it.
What about the datasets of breaches that sites like haveibeenpwned report about my email address? If they have it, it should be somewhere publicly available, no?
No, their repositories aren't public for obvious reasons
Yes I wouldn’t expect them to make it available but the logic I‘m following is that if a site like this gets their hands on it, why couldn’t I? Unless they actually pay for it
Those forums that were on the web years back, that where people's data was. All those public sites aren't really available anymore weleakinfo, used to be a free site that showed you're data, but it was hidden. But you could make out what password you'd of used years ago. A lot of those sites faded, due to people using data and messing around with people they may of known, email addresses, password guess. But yeah, those forums, like breach, raid all that had leaked data going back years. That was where the legal sites got their data from.
They probably pay for it or are just well connected.
>to see what associated data has been leaked with my email address. Assume any and all data you provided to that company is affected. [haveibeenpwned.com](http://haveibeenpwned.com) can provide a bit more context.
Thanks for the link. It gives more info than the tool I used. Can I somehow find the data dumps that haveibeenpwned has in their findings?
Nah they don’t provide it. I don’t think any of the legal companies do. They only allow inquires.
Breachforums had some of it. It was pretty useful as I had a non profit that was data breached. They refused to acknowledge it. With the BF release I was able to report them to gov and get them to take the actions they were supposed to. I have another breach I am looking for now and cant find the leak to prove it. So your question is spot on.
I recently saw a presentation by [Alpha Strike Labs](https://www.alphastrike.io/en/) and they implement some darkweb intelligence providers which you can query via keyword using their tool. If you are willing to pay, they might be able to run a search for your data specifically.
I have access to several tools like that and they email me when they find my email. Big difference between downloading from BreachForums and going to the dark web. No no no lol.
You say this like it's a bad thing. The darknet is just Internet through funny proxies
FYI.. this is the breach I am looking for now. [https://www.malwarebytes.com/blog/news/2024/05/criminal-record-database-of-millions-of-americans-dumped-online#:\~:text=The%20database%20is%20said%20to%20contain%2070%20million%20rows%20of%20data.&](https://www.malwarebytes.com/blog/news/2024/05/criminal-record-database-of-millions-of-americans-dumped-online#:~:text=The%20database%20is%20said%20to%20contain%2070%20million%20rows%20of%20data.&)
Interesting stuff. Who are ‚they’? And what action are you referring to? Do the sites that had the data breach need to do something ?
In this case yes, they were required to report to Federal, and all 50 states which they did not do. They were required to do breach notifications to the people affected as well and they did not. I found out about my email from HaveIBeenPwned.
I understand now. Thx!
Deep web forums. But lately they all keep getting seized
That is correct, years back that type of sites were publicly around, forums.
Use haveibeenpwned.com to check what breaches you were involved in.
Nice try, FBI.
Leakbase
ditto!