Weak, shared, and reused passwords account for over 80% of data breaches, underlining the necessity for ensuring passwords in use are not already known to be compromised.

When a data breach occurs, bad actors review the data for user names and passwords, once found these are placed on the dark web where they are readily available to access and attempt to break into systems with.

Password are typically stored ‘hashed’ to avoid the clear text password being stolen but hackers are adept at cracking these passwords so this offers little practical protection in the real world.

The key to keeping protected is knowing that you are ahead of the bad actors by comparing your passwords to those already known to be compromised.

Our Password Breach Database receives millions of updates each day form our team of ethical hackers. It is the largest actively managed collection of known breached passwords, consisting of over 8 billion compromised clear text credentials, making it 55% more substantial than widely shared free databases.

If you are verifying your passwords against a database of known compromised credentials, it makes sense to use the biggest and best data source available. 


Protect Your Business

Any data breach can have a negative effect on your organization's reputation. Not only can it make you look under prepared in regard to your security measures. Most importantly it can ruin the trust that you have had to build over time with your customers. Businesses that use and store personal data must ensure they take the proper measures to protect it in line with the Data Protection Act 2018; failure to do so could result in a fine of £17.5 million, or 4% of the business’s annual turnover in the preceding financial year, payable by the business and those directly responsible for the data breach.

Ensure Compliance and Best practice

NIST provide a comprehensive framework for managing digital identities, where passwords are used it states the importance of verifying these against a list of known compromised credentials, ensuring compliance and proof of best practice.

Read the Password Breach Database Blog

read now

Want to know more?

If you are ready to book a demo, simply click the button below and we will arrange a demo

demo request

Frequently Asked Questions

Is consent required to acquire this information about individuals?

The content gathered in our Password Breach Database is derived from the Public Domain, and it's safe to presume that it's already in the possession of potential threats; our data retention policy doesn't exacerbate this risk. The data procured isn't subject to 'consent' per GDPR guidelines. Still, we can maintain data on a "legitimate interest" premise, which does not demand explicit consent. We ensure never to collect passwords directly from individuals, whether they are aware or not.

Where is the data stored?

Our storage is limited to username and password details. The username is generally an email address, with the password stored in plaintext. Alongside this, we also preserve the password in various hash formats for rapid analysis. We refrain from directly "verifying" or "evaluating" the data we accumulate, as such actions could easily cross into the realm of hacking.

What information is extracted?

We utilize a range of data sources, encompassing mainstream media, online discussion boards, torrents, paste bins, and other dark web sites. Our business policy strictly prohibits paying for data. The acquired data comes in diverse formats, often accompanying other data, like phone numbers, credit card details, addresses, etc., which we promptly discard. The preserved data is subsequently cleansed and assessed for its credibility before integration into the database. Where feasible, we also document the data's origin for future reference.

We have been breached. What do we do now?

We gather data from an array of sources, such as mainstream news outlets, online forums, torrents, paste bins and other areas of the dark web. Our organizational policy is strictly against purchasing data. The obtained data often arrives in varied formats and typically includes additional information, like phone numbers, credit card details, addresses etc., which we purposely discard. The data kept is cleaned and scrutinized for authenticity before it's incorporated into the database. Additionally, we make a note of the data's source whenever it's feasible for reference purposes

Trusted by Governments and Enterprises Worldwide

Where protecting systems and information really matters, you will find Intercede.  Whether its citizen data, aerospace and defense systems, high-value financial transactions, intellectual property or air traffic control, we are proud that many leading organizations around the world choose Intercede solutions to protect themselves against data breach, comply with regulations and ensure business continuity.