Frequently Asked Questions
What is BreachDB ?
BreachDB is a module of CTM360 that identifies the need to alert organizations about compromised accounts matching their domains within latest public data breaches. If we detect an email address matching your organization's domain in a publically leaked database, we will notify you immediately so that you can reset the password for that email address and inform the user. You will also gain access to historic data for compromised accounts matching your organization's domains.
Why do organizations need BreachDB?
Many organizations remain unaware about online data breaches and the risks involved. If an employee created an account on an online service (such as social media) with their business email, following which that online service got breached and the data was leaked, that employee's password or password hash may be available to attackers. In case the employee used the same password on that online service as they do for their business email/VPN, this can result compromise of business credentials and unauthorized access.
What kind of information is being stored on BreachDB?
The following information is being stored on BreachDB:
- Email addresses
- Breach date
How does BreachDB acquire data breaches?
Most of these breaches are publically announced, and are available for anyone to download.
What is difference between the three BreachDB categories (Website breach, Combination breach, and Paste Accounts)?
Website Breaches - Online service sites having massive user base compromised by cybercriminals to steal user credentials. There have been a great many social media, gaming, dating, and e-commerce websites to name a few categories.
Combination Breaches - Miscellaneous collection of website breaches into a single large file. In some cases, a cybercriminal entity may combine several website breaches into a single file, and publish that file.
Paste Accounts - Exposed password/email combinations that are pasted on various paste sites like Pastebin or Ghostbin.
What is the size of the database?
As of now, BreachDB has around 5.1 billion records indexed and searchable. We are detecting and adding more breaches on an ongoing basis.
Is email addresses on BreachDB being sold or shared with anyone?
We do not sell or share any information with anyone except for the authorized and verified user who registers for access to their organization's domain compromised accounts.
Apart from compromised email accounts, can we also acquire password(s)?
We do not store passwords in any form (hashed, encrypted, cleartext) as this information is not pertinent to the informative nature of BreachDB.
What should organizations do with this information? How can these risks be mitigated?
Our recommendation in cases where an email address has appeared in a publicly leaked breach is to ensure that the password has been changed since the breach. If the password has not been changed, we recommend resetting the password immediately and informing the user so that the same (compromised) password is not used on other accounts.