Frequently Asked Questions

Identeco’s Leak Inspector is a free online tool that allows you to quickly and easily check whether your email address has appeared in a known data leak. Unlike many static leak checkers, Leak Inspector offers interactive features: Users can mark leaks as processed, view a criticality rating, and evaluate the accuracy of the leaked data. This allows you to keep track of your security situation, identify new threats more quickly, and take targeted protective measures. The tool clearly shows which personal data is affected and protects your privacy by partially masking sensitive information. Leak Inspector also offers companies functions for managing and securing employee accounts in order to strengthen IT security in the long term.

Why Have I Received an Email?

Have you received an email from Leak Inspector? We are happy to explain when we send you an email.

I received an email as a private individual.

You have received an email because your email address has been entered on the Leak Inspector website. You can use the link in the email to view your personal leak report and find out which data leaks your email address has appeared in. If you have not requested the email, you can simply ignore it or check your personal leak report to see if your email is included in a data leak.

I received an email at my company email address.

To ensure the security of your organization and infrastructure, a threat analysis has been performed on your organization’s email addresses. Your security officer has requested leak reports for your organization’s email addresses via the Leak Inspector. You can use the link in the email to view your personal leak report and find out if and in which data leaks your email address has appeared.

I Have General Questions about Leak Inspector

We explain what Leak Inspector is and what data it is based on.

What is the Leak Inspector?

The Leak Inspector is a tool that allows you to check if your email address has appeared in known data leaks. You simply enter your email address, receive an email and can use the link in the email to view an overview of the data leaks in which your email address appears.

The Leak Inspector is developed by Identeco and uses the Identeco Leak Database.

What is a data leak?

A data leak is the inadvertent or unauthorized access to confidential information. This can happen for a variety of reasons, including software vulnerabilities, human error or deliberate attacks by hackers. In the event of a data leak, sensitive data such as personal information, financial data or trade secrets may be exposed and viewed or stolen by unauthorized parties. This can have serious consequences for individuals and organizations, including identity theft, financial loss and reputational damage. Therefore, it is important to detect and fix data leaks to ensure security and privacy.

What data can be included in a data leak?

Several types of data can be included in a data leak, including Email addresses, usernames, passwords, phone numbers, addresses, credit card information (IBAN, CC, sort code), hashes and IP addresses.

How does it work?

Identeco collects and analyzes millions of public and freely available identity data leaks and stores them in the Identeco Leak Database. The Leak Inspector checks if your email address is included in these leaks and displays it in a readable form. Enter your email address on the Leak Inspector website and you will receive an email with a link to your personal leak report.

Is this safe?

Yes, your data is safe. Identeco stores data anonymously and cannot decrypt it without your email address. The email address you enter will be used for verification in the Identeco leak database and stored in a masked form for one week after entry. After one week, it will be deleted and cannot be assigned to your leak report.

Only you have access to your personal leak report. In addition, your leak report will only be provided in a censored form to protect your privacy. This means that only a small part of sensitive data will be displayed.

What happens to my data?

The e-mail address you enter will be used for verification in the Identeco Leak database.

Your email address and IP address are hashed and thus stored unreadable for one week. This is to prevent abuse and attacks on our service. The data will be deleted after one week.

Identeco does not share your information with third parties and uses it only for the Leak Inspector.

Why am I not allowed to make more requests?

To prevent abuse and attacks on our service, we have introduced a limit on the number of daily requests. You can only make a certain number of requests per day.

If your email address is used too often, you will receive an email with more information and the next possible time you can make a new request.

If too many requests are made for your domain, you will receive an error message. In this case, we will ask you to try again later.

If there are too many requests from your IP address, you will receive an error message. We will also ask you to try again later.

If the maximum number of requests has been reached, please try again the following day. These measures help us to ensure the integrity and security of our service and to protect your privacy.

I Have Questions about My Personal Leak Report

A leak report contains various information and functions.

What is the Leak Report?

The leak report is an overview of all data leaks in which your email address has appeared. The leaks are categorized as “Critical”, “Medium”, and “Low”, depending on how potentially dangerous they are. The overview tile shows you the name of the leak and all the data types it contains. You can also mark a leak as done and rate the accuracy of the data. Use the arrow to the right of the tile to open the detail view. There you can see the components of the leak and determine if you are actually affected.

I don't have any results. How does a Leak Report look like?

If your email address was not included in any leaks we collected, you will not see a Leak Report with data. If you still want to see how a full Leak Report would look like, you can visit our Demo Leak Report. The Demo Leak Report features demonstrational, fictional and made-up leak data. You can still use all the features we offer as if this was a real Leak Report.

When can I mark a leak as done?

If a leak is no longer a threat to you, e.g. because you have changed all affected passwords or the data was incorrect, you can mark a leak as done by clicking the “Account secured” button. The leak will then be archived at the bottom and displayed as done. Of course, you can also mark it as not done by clicking the button again.

Why should I rate the accuracy of the leak?

Evaluating the accuracy of a leak helps us to assess the actual danger of published leak data. With your help, we can recognize data sets with many false-positive leaks as such and better warn you and others about leaks with real and dangerous data.

What do the different levels of criticality mean?

Critical

The leak contains passwords or credit card numbers. This information should be changed as soon as possible. Criminals can use this information to access your accounts or withdraw money.

Medium

The leak contains hashes, phone numbers, IBANs or sort codes. Criminals can use this information to access your bank accounts or impersonate you.

Low

The leak contains user names or IP addresses. This data is less critical, but can be used by criminals to impersonate you.

What do the field names mean? What are the dangers associated with them?

Password

A password is a secret that only you should know. If a password is included in a leak, you should change it immediately. Criminals can use this password to access your accounts.

Credit card number

The credit card number is your credit card number. If it is included in a leak, criminals can use your card to make purchases or other financial transactions in your name. Contact your bank immediately and cancel the card.

Hash

A hash is an encrypted representation of a password. If a hash is included in a leak, there is a risk that criminals can decrypt the hash to obtain the original password. For this reason, use strong, unique passwords for each of your accounts.

Phone number

A phone number can be used by criminals to conduct phishing attacks or to impersonate you. Be cautious if you receive unexpected calls or messages and do not give out sensitive information.

IBAN

IBAN is your international bank account number. If it is leaked, criminals can attempt to make unauthorized transactions or impersonate you to gain access to your bank accounts.

BANK CODE

The Bank Identifier Code (BIC) identifies your bank. The bank code is not normally a major threat on its own, but it can be misused in combination with other information for unauthorized transactions.

Name

These are real names (such as “John Doe”) that have been associated with your email address. This is generally not critical, but could be used by criminals to carry out credible phishing attacks against you. You can find more about phishing in our blog.

Username

A username alone is usually not critical, but can be used in combination with other information ( such as a password) by criminals to gain access to your accounts. It is recommended that you use unique usernames and passwords.

IP Address

An IP address can be used to determine your location or to target attacks on your network. In combination with other information, it can also be used to track your online activities.

What should I do if my information appears in a data leak?

Stay calm. Use the information provided to try to identify the leak and the accounts affected.

Change your passwords on all affected accounts
Use a strong, unique password for each account
Contact your bank if your credit card number or IBAN has been compromised, and have your cards canceled if necessary
Be aware of suspicious activity on your accounts and your bank account
Be wary of unexpected phone calls, messages or emails and do not give out sensitive information.

How can I protect myself in the future?

Use strong, unique passwords for all of your accounts

Enable two-factor authentication (2FA) wherever possible

Be careful when giving out personal information and watch out for phishing attempts
Keep your software and devices up to date to close security gaps
Use a password manager to generate, store, and manage your passwords.

Why are some values marked with dots and others with asterisks?

Three dots mean that the number of characters is not specified, while asterisks indicate the actual number of characters. For some fields, the actual number of characters is sensitive information that we censor for privacy reasons.

The length of the credit card number, IBAN, sort code is always the same, the censoring is done with asterisks.
The length of passwords, hashes and phone numbers can vary and are censored with periods.
IP addresses are censored with xxx per octet.

What is a good password?

Have a look at our blog post on choosing a secure password.

A “good” password should meet two criteria: It should be long and hard to guess. It is best to have a password generated by a password manager. It is often said that a password should always contain special characters and numbers. It is true that special characters and numbers increase the number of possible passwords, but additional characters in the password increase the number of possibilities many times over. It is also important not to use dictionary words, as dictionary words are often used in attacks.

How long should a password be?

The longer a password is, the better it protects the account from specific attacks. Although some services still allow 4- to 8-character passwords, these are far too short from a security standpoint. A password should be at least 12 characters long. However, 16 or more characters is ideal.

Where does the data come from?

We obtain identity information by searching various parts of the internet using various methods. Some data is automatically collected by our systems, and some is manually downloaded. Important We do not buy data! We only use publicly and freely available data However, most identity data leaks are also freely available and therefore do not need to be purchased.

The result shows a password I have never used. How can this be?

In our results, we display the first and last characters of the password contained in the leak data. If you cannot match these characters to any of the passwords you have used, it could be for several reasons:

You used the password a long time ago and forgot you ever used it.
Our database contains an incorrect password.

Of course, we cannot verify the authenticity of the data in our databases, but criminals sometimes fill gaps in their records with fictitious data, so our results emails may contain this data. Only you can decide if the data is correct and still valid today. However, if you find that the data does not belong to an account you are using, you can mark the report as false.

The notification shows accounts that I have never used. How can that be?

In the results, we display details that we have extracted from the collected leak data. Individual entries, such as the name of the leak, refer to specific services (e.g. Facebook, LinkedIn, etc.). However, it is never possible to assign leaked data to an affected service with absolute certainty, but it does provide an initial starting point for identifying affected and therefore compromised accounts.

A clear assignment of leaks to affected services is not possible for various reasons:

Indicators for attribution are not available. Leaks are often shared in individual files. Such files can have names such as “twitter.txt” or just “1000_newest_logins.csv”. In the first case, the file name can give an indication of a specific service, in the second case not.
Hackers share data across different platforms. In example 1 above, it is also conceivable that a hacker has exchanged or traded leak data on the Twitter platform and named the file “twitter.txt” for this purpose. However, this does not mean that this file contains account data for Twitter accounts.
It often happens that attackers merge account data from many different leaks. This login data then comes from different sources and it is generally no longer possible to assign it to a single service. Such collections are often referred to as “collections”.

Regardless of these details from the darknet, further explanations are possible:

The service was used a long time ago and this has been forgotten.
A service has changed its name.
In rare cases, hackers use stolen identity data such as account names, email addresses and the like to prepare or carry out fraudulent actions. Artifacts of such actions can be accounts with services that are not used by the real person.

It is not possible to verify the authenticity of the data in our databases. Only the person concerned can decide whether the data is correct and still valid today.

Why was my information stolen, what did I do wrong?

It is possible that an attacker tricked you with a phishing attack and you gave out your credentials on a compromised website. However, it is more likely that you did nothing wrong.

So how did this happen? Attacks or vulnerabilities in web stores or services are often the cause of leaked data. The starting point is a previous login to a service or web store. When you logged in, your information was stored in the service’s user database. Due to a security incident, such as a hacker attack or insecure database configuration, parts of the user database have been stolen or at least made publicly available. Even if you had chosen a different password, such an attack would not have been prevented.

Can I use the same password more than once?

There is no general answer to this question. In general, it is of course much more secure to use a different password everywhere - and we encourage everyone to do so.

However, it is understandable if someone thinks they cannot remember the large number of passwords and therefore uses passwords multiple times. If you memorize all your passwords or write them down on a piece of paper, we recommend that you use a password manager.

What are the security implications of using the same password for multiple services? Each of these services can potentially use that password to log in to the other services. If the password for one service is stolen, all services that use that password are immediately vulnerable. Think carefully about which accounts you want to use the same password for. The password for your email account should never be reused for other services because most services allow you to reset your password through your email account.

What data is in the Identeco database?

The database only contains encrypted data that cannot be decrypted by Identeco. The identification of compromised accounts is only possible for Identeco customers within their own infrastructure. This serves to protect the company’s own infrastructure and the accounts of its own employees and customers.

A research project (EIDI) carried out at the University of Bonn looked not only at digital identities, but also at other identity data.

Data that can be assigned to the so-called “special categories” according to Art. 9 GDPR are explicitly not processed. Although the data covered by Art. 9 GDPR is highly relevant for the data subjects and they are likely to have a particularly high interest in protecting this data too, this is not compatible with data protection due to the nature of our implementation.

What happens to my leak report?