Protect Your Data|

Data breaches are on the rise, and cybercriminals are becoming more inventive with their ways of infiltrating companies to extract sensitive information. With over 80% of data breaches being associated with weak, shared and reused passwords, it highlights the importance of improving password security to protect organisations.

The Authlogics Password Breach Database receives over one million updates daily. It is the largest enterprise compilation with over 4.8 billion compromised clear text credentials, making it 50% larger than any other database.

Understand your threat profile on the dark web.

Password - powerful or problematic?

Enter your email into our DarkWeb Exposure Checker to understand its vulnerability and identify how many times your password has been exposed on the dark web

Protect Your
Business Reputation

Prevent Poor
Password Practice

Avoid Excessive
Data Fines

Password Security Management

Password Management and Real-Time Reporting

Domain-based analysis of user breaches

Directory auditing and reporting for breached passwords

Compliant with NIST SP 800-63B

Powers Authlogics Password Security Management

Interacts with Password Breach Database

New Breach Notifications

Account matching for shared passwords

Password privacy via K-anonymity technology

Full REST-based API

Recent Data Breaches discovered in the Password Security Portal

Doomworld

12/10/22
34,478 accounts breached

APK.TW

15/09/22
3.7 million users breached

Brand New Tube​

14/08/22
350,000 subscribers breached

DiskUnion

16/06/22
700,000 users breached

Prevent a Password Breach - Get your FREE report

  • Discover the number of associated password breaches.
  • Identify the compromised email addresses and the number of related breaches.
  • Receive advice on how to protect yourself against a password breach.

Avoid becoming the next victim

Ransomware

Phishing Attacks

Credential Stuffing

Business Email Compromise (BEC)

Account Takeover (ATO) / Keylogging

Threat Actor

Live Reporting Dashboard

Check the status of passwords, whether they have been shared or breached, and the risks they pose to accounts. Receive advice on password reset failures and login analysis by technology and devices.

  • Real-time reviewing
  • Monitor and manage users
  • Identify and eliminate bad passwords

How does the database work?

The data we collect in the Authlogics Password Breach Database is sourced from the Public Domain and should be assumed to be already in the hands of bad actors; our retention of the data does not change this risk. The data we collect is not provided under ‘consent’ per GDPR. However, we are able to retain the data on a “legitimate interest” basis, which does not require explicit consent. At no point do we collect passwords directly from people, with or without their knowledge.

We only store username and password information. The username is typically an email address, and the password is in cleartext. In addition to the clear text, we also store the password in multiple hash formats for quick analysis purposes. We do not attempt to directly “validate” or “test” the data we gather, as this could easily be considered hacking.

We use various data sources, including mainstream news, online forums, torrents, paste bins and other locations on the dark web. Our corporate policy is that we never pay for data. The data is obtained in a variety of formats which often includes a lot of other data which we simply discard, e.g. phone numbers, credit card information, addresses etc. The retained data is then sanitised and analysed for credibility before being added to the database. Where possible, we also record the source of the data for reference.

In the event of a security breach, it is usually up to the company to prove that modern and reasonable best practice has been followed. Poor password management makes it easier for attackers. Multi-Factor Authentication further reduces the risks associated with a password-only approach to authentication. Download our “Dealing with a Data Breach” guide for your next steps.

If a person or organisation would like to be excluded from results provided by our database, we are able to accommodate this. We will still retain the data for overall analysis purposes, however, the existence of the data will no longer be visible. This, of course, does not change the fact that the information may well still exist in other sources online, which is beyond our control. To request exclusion, please email our support team.