Sites like HaveIBeenPwned have been highlighting just how sloppy modern day companies are with security, your data is out there for the world to see. I decided i’d spend the day seeing what I could find.
I’m not a lawyer and therefore i’m just going to recommend you don’t download any of the data listed.
Whilst this is for educational purposes, i’m not going to bore you with a disclaimer, I don’t host / own / mirror / seed any of the content linked. It can all be found via a couple of google searches and scrolling.
Please email me if you need something removed for legal reasons: firstname.lastname@example.org
They claim to be:
“The biggest free-to-download collection of publicly available website databases for security researchers and journalists.”
There’s a wide array of database sharing Forums, most of which are open to the Public, the largest seemingly being RaidForums. The jist seems to be there’s two sub-sections from the Database section one with official presumably verified ones and the other for anyone to post in, a user posts in there and other users buy them with an on-forum currency named credits, they can then use these credits to buy other peoples databases and visaversa. It also seems that alot of these sites offer a pay to win strategy to where you can buy credits directly from the Forum owner.
There’s a fair few Forums out there which are incorrectly setup and despite normally needing credits to see their hidden links you can just goto /misc.php?action=syndication on them then generate a link for the specific sub-section and view everything for free.
One of the most prominent Database sites used to be Cthulhu’s, whilst it’s now down, the magnet links for it are still going strong.
Both of these are courtesy of a user on Twitter
You can find CthulhuSec on twitter here
If the links provided ever go down I have archives which I can link to.
Another place for alot of Low Level leaks that I came across was Siph0n.net.
A Magnet link to a 41GB file appeared on reddit a few months back consisting of almost all Public Databases including Antipublic and Exploit.in.
When looking around Forums I stumbled across a Russian one named antichat where a user by the name of Guron18 was linking to a cloud.mail.ru storage link full of Databases which didn’t seem to be circulated on other websites.
It has a main folder with about 150 Databases in, and then another folder named ‘HACK’ with another 44 or so in.
You can find the post here.
Database search engines are popping up all over the place lately, they’re also getting taken down as quickly as they go up, here’s links to some I can find.
(V) - This means verification that you own the email address you’re searching is needed to use their search engine.
(N) - This means it’ll display what databases you’re in, but won’t display anything such as your passwords.
(Y) - This means that you can see information associated with the email, such as passwords, addresses, usernames etc.
Free - Means the search engine is free.
Paid - Means the search engine is paid.
|HaveIBeenPwned - Perhaps one of the most well known sites for checking your email or username, it doesn’t usually require verification (it does for sensitive breaches such as the ‘Ashley Madison’ one), however does only show what databases you’re in. (N & V)||Free|
|WeLeakInfo - This is a paid database search engine, it’s the largest / most well known on the market at the moment, you can view all information associated with an email, username, phone or IP. (Y)||Paid|
|GhostProject - Previously they used the TLD .me, but now use .fr, GhostProject is a free Database searching engine with over 1.4 Billion records, no verification is required and all associated information is shown. (Y)||Free|
|Ashley Cynical - This search engine is for one Database only, the ‘Ashley Madison’ database, this site is unique as it allows you to search the Database without verification, most sites such as HaveIBeenPwned ask for verification as the implications of being in this database can be damaging. (N)||Free|
|Hacked Emails - This site has changed drastically since its beginnings, it used to not need verification however now pushes for it, it’ll show you what Databases and Pastebin dumps you’re in and has a pretty large collection. (VN)||Free|
Some other sites which I don’t feel like giving a description are as they’re similar to the ones above are: