What Makes a Good Data Breach Checker?

Data breaches are a thing. They’re not news to anyone – every week or two we hear about a new data breach that has happened. For some people, data breaches are directly related to data breach checkers: a data breach checker essentially is a data breach search engine allowing people to see if they’re at risk of identity theft or a data breach archive simply archiving data breaches that have happened in the past and providing people a list of them to see, but not to search through.

What Is the Use of a Data Breach Checker?

A data breach checker, as already previously mentioned, is essentially a data breach search engine letting people search through data breaches. Once people make use of the search engine, they know whether they’re at risk of identity theft or not. With that being said, not all data breach checkers are made equal, and not all of them are made in a legal fashion as well. Here are some of the factors to consider when looking at a particular data breach search engine or a data breach checker:

• Most data breach search engines are web-based applications and once you search for data, they connect with a database, run a couple of queries on it (depending on how many data breaches are being archived), and return the results. Once the results are returned, it’s up to the application what to do next – BreachDirectory, for example, tells if users are exposed in a particular data breach by providing a message in a red background, or tells if users are safe from identity theft attacks by providing a message in a green background.
• Some data breach checkers operate on the ethical side, while others, unfortunately, do not. What we mean by this is that there are a couple of data breach search engines that once people search for data, return all of the results associated with a particular account (think username, email address, IP address, etc.) It all works in such a fashion that when a user searches for a particular account (let’s say, a username) on the data breach search engine, it returns an email address, a password, an IP address, and any other associated information (sometimes even geolocation data, etc.) – those search engines usually charge people for access to the data, but the obvious downside of such a “business model” is that they attract a lot of nefarious parties to use their tool. Some tools (we won’t mention names here) even got taken down by law enforcement, so it’s important to ensure that if you’re using one of them, it stays on the legal side. If the data breach checker you’re using purchases access to data breaches, is in touch with the hackers who’ve breached the systems, or, as previously mentioned, provides access to data for a fee, that’s a red flag.
• Most people that use data breach search engines use them because they either assist the company they’re working at during OSINT operations or they help them not to fall victim to hacker attacks (identity theft attacks.)
• Some people use the API capabilities derived from the data breach search engine in order to implement the search functionality into their own systems.

Data breach checkers can be made to cause harm (and allow people to earn money through nefarious ways..), but they can also be made to adhere to good causes – the main one being to protect people from identity theft attacks.

Data Breaches, Data Breach Checkers and the Future

In 2016, news hit the information security community that one of the most prominent data breach search engines (at the time) had been taken down by the police. The search engine was notorious for quickly gaining access to data breaches, and also providing anyone access to all of the data in data breaches for a small fee.

To security experts and search engines operating on the legal side, it wasn’t huge news – sure, some may have been devastated by the search engine’s demise, however, it’s easy to see why the police have decided to take decisive action:

• The data breach checker in question has advertised itself on hacking forums.
• The data breach checker has been rumored to be in touch with hackers (we can’t confirm whether this was true or not.)
• One of the biggest threats to the existence of the search engine was the fact that the data breach checker has displayed data derived from data breaches and made it available for everyone to see – while people could see how could this help security, to be fair, it probably helped attackers more than those securing the systems.

While we can’t say for certain that such data breach search engines won’t appear in the security space in the future, one thing is for sure – the operators of data breach search engines have to be extremely careful to not step into the wrong side and operate ethically.

The Situation with BreachDirectory

BreachDirectory, as you might already know, is both a data breach search engine and, as its name suggests, also a data breach directory (archive.) Our search engine doesn’t provide any information other than the fact that an account is at risk of identity theft or not, so BreachDirectory operates on the ethical side. The API offering of BreachDirectory is also built with immense care – it’s documented, and those people who are suspected of using the API for malicious tasks are banned from accessing it. The upside is that the API is hard to use maliciously even if someone deeply desires to do so – all good on that front!

Make sure to run a search through our data breach search engine, check the data breach listing to review the list of archived data breaches, and make use of the search engine’s API capabilities to boost the security stance of your company today, and until next time!