Enterprise APIs
Dark Web API
Data Categories
Breached Databases

Breached Databases

Overview

Breached databases represent collections of user information exposed through security incidents at various websites, services, and organizations. These breaches may affect millions of users and can contain highly sensitive personal and account information.

Characteristics

  • Origin: Data obtained from publicly disclosed breaches of websites, applications, and services
  • Scale: Can range from small incidents affecting thousands of users to massive breaches impacting hundreds of millions
  • Age: Historical breaches dating back several years to recently disclosed incidents
  • Validation: Each breach is verified and normalized before being added to our system

Breach Data Structure

Breached database records typically include:

  • Breach Metadata: Information about the breach itself, including the affected organization, breach date, and publication date
  • User Identifiers: Primary identifiers such as email addresses, usernames, or phone numbers
  • Personal Information: Various personal details depending on what the breached service collected
  • Authentication Data: Password hashes or, in some cases, plaintext passwords if they were stored insecurely

Data Points

Breached databases can contain numerous data points, including email addresses, passwords, names, addresses, phone numbers, and more. The specific data points available depend on the nature of the breached service and what information it collected from users.

Personal Information

KeyDescriptionTypeRulesExample
emailEmail addressStringMinimum Length: 5, Regex: email_re[email protected]
nameFull nameStringMinimum Length: 2John Louis Smith
firstnameFirst nameStringMinimum Length: 2Tarik
middlenameMiddle nameStringMinimum Length: 2Maria
lastnameLast nameStringMinimum Length: 2Johnson
ssnSocial Security numberNumberMinimum Length: 519254587
genderGenderStringEither Male or FemaleMale
phonePhone numberStringMinimum Length: 512163547758
phone_partialPartial phone numberStringMinimum Length: 3324-XXX-4798
date_of_birthDate of birthStringMinimum Length: 32000/06/30
date_of_birth_dayDay of birth. Concatenated to date_of_birth and removed from data rowStringMinimum Length: 130
date_of_birth_monthMonth of birth. Concatenated to date_of_birth and removed from data rowStringMinimum Length: 16
date_of_birth_yearYear of birth. Concatenated to date_of_birth and removed from data rowStringMinimum Length: 42000
nationalityNationalityStringMinimum Length: 2Welsh
ageAgeNumberMinimum Length: 123
identification_document_noIdentification document’s numberStringMinimum Length: 5925668006

Password

KeyDescriptionTypeRulesExample
passwordPlain passwordStringMinimum Length: 3xF$42uwDBPaT
password_hashHashed passwordStringMinimum Length: 158743b52063cd84097a65d1633f5c74f5
saltSaltStringMinimum Length: 1M5aq
encrypted_passwordEncrypted passwordStringMinimum Length: 5COQLCE6DU6GtcS5P=
password_hexPassword in hex formatStringMinimum Length: 7HEX[“6c616261733434”]
password_b64Password in base64StringMinimum Length: 7bGFiYWRpZW5hMQ==
b64_runsNumber of runs needed to decode base64 valueNumberMinimum Length: 12
security_questionQuestion for users authenticationStringMinimum Length: 3In what city were you born?
security_answerAnswer to a security questionStringMinimum Length: 3New York City
password_hintHint for passwords recallingStringMinimum Length: 2Ignorance

Education

KeyDescriptionTypeRulesExample
educationEducation levelStringMinimum Length: 5Master’s Diploma
universityUniversities nameStringMinimum Length: 2UCLA
facultyFaculties nameStringMinimum Length: 2Faculty of Law
schoolSchool’s nameStringMinimum Length: 2Pine Street School

Location

KeyDescriptionTypeRulesExample
localeArea or place, especially one where something special happensStringMinimum Length: 2Prospect Park
locationLocationStringMinimum Length: 3Amsterdam Ave
countryCountryStringMinimum Length: 1Belgium
stateStateStringMinimum Length: 2WI
cityCityStringMinimum Length: 2Naples
addressAddressStringMinimum Length: 3139 Smith St
zipPostal codeNumberLength between 3 and 1545784
longitudeLongitudeStringMinimum Length: 12.349014
latitudeLatitudeStringMinimum Length: 148.864716
timezoneTime zoneStringMinimum Length: 3EST

Social Media

KeyDescriptionTypeRulesExample
aimAIMStringMinimum Length: 3kirtlee
msnMSNStringMinimum Length: 3[email protected]
facebookFacebookStringMinimum Length: 5lance.makrity
facebook_pageFacebook profile’s URLStringMinimum Length: 5, Regex: url_refacebook.com/NewCarsSL
twitterTwitterStringMinimum Length: 2JamesLinch
linkedinLinkedInStringMinimum Length: 5, Regex: url_relinkedin.com/in/malcolmdevine
imIMStringMinimum Length: 2demonnex
icqICQNumberMinimum Length: 3615782486
yahooYahooStringMinimum Length: 3hyliandee
skypeSkypeStringMinimum Length: 3monsskert
stackoverflowStack OverflowStringMinimum Length: 3ultimwaa
githubGitHubStringMinimum Length: 3jawwop
youtubeYouTubeStringMinimum Length: 5, Regex: url_reyoutube.com/cvuliana
vkontakteVKStringMinimum Length: 5, Regex: url_revk.com/donremenov
homepageHomepage’s URLStringMinimum Length: 5, Regex: url_retomcars.com/contacts
discordDiscord user nameStringMinimum Length: 5RainbowFist#8136
instagramInstagram user name or URLStringMinimum Length: 3mthy.cecilia
telegramTelegram user name or URLStringMinimum Length: 3Thanghm12
social_mediaOther Social Media profile’s URLStringMinimum Length: 5, Regex: url_reinstagram.com/kerryxaq
follower_countAmount of followers a user hasNumberMinimum Length: 1654

Physical Features

KeyDescriptionTypeRulesExample
heightHeightNumberMinimum Length: 1187
weightWeightNumberMinimum Length: 275
raceRaceStringMinimum Length: 3Black
ethnicityEthnicityStringMinimum Length: 1Irish
shoe_sizeShoe sizeNumberMinimum Length: 19
eye_colorEye colorStringMinimum Length: 1Hazel
hair_colorHair colorStringMinimum Length: 1Blonde
blood_typeBlood typeStringMinimum Length: 1AB

Finance

KeyDescriptionTypeRulesExample
ccCredit Card numberNumberLength between 15 and 174321587844443698
cc_expirationCredit Card expiration dateStringLength between 4 and 1211/24
cc_expiration_monthCredit Card expiration monthStringLength between 2 and 8Nov
cc_expiration_yearCredit Card expiration yearStringLength between 2 and 42024
cvvCredit Card security codeNumberLength between 3 and 5943
vat_numberValue Added Tax numberStringMinimum Length: 8IT14144778996
bank_account_numberBank account’s numberStringMinimum Length: 355743513
bank_nameBanks nameStringMinimum Length: 3Quontic Bank
paypalPaypal account’s emailStringMinimum Length: 5[email protected]
currencyCurrencyStringMinimum Length: 2EUR
affiliate_codeCode for conversion tracking and affiliate marketing clicksStringMinimum Length: 33kaQ5rg
credit_ratingEstimate of the ability of a person to fulfil their financial commitmentsStringMinimum Length: 1AA
incomeSum that includes any wage, salary, profit, interest payment, rent, or other form of earningsNumberMinimum Length: 32500
salaryFixed regular paymentStringMinimum Length: 31750
bitcoin_addressUnique identifier, serves as a virtual location for cryptocurrencyStringLength between 24 and 363FZbgi29cpjq2GjdwV8eyHuJJnkLtktZc5
ethereum_addressUnique identifier, serves as a virtual location for cryptocurrencyStringLength between 40 and 420x1289dD9831a96e49b2C73c3C8431FF349AbCd123

Vehicle

KeyDescriptionTypeRulesExample
driver_license_idDriver’s license IDIntMinimum Length: 518745899
vehicle_license_plateVehicle’s license PlateStringMinimum Length: 2ACC8789
vehicle_vinVehicle’s VIN (Vehicle Identification Number)StringLength: 171HGBH41JXMN109186
vehicle_makeVehicle’s ManufacturerStringMinimum Length: 2Hyundai
vehicle_modelVehicle’s ModelStringMinimum Length: 1Carrera
vehicle_colorVehicle’s ColorStringMinimum Length: 1Navy Blue
vehicle_dateVehicle’s manufacture dateStringMinimum Length: 32016/11/11

Other

KeyDescriptionTypeRulesExample
usernameUsernameStringMinimum Length: 2treyzLawl
ipInternet Protocol addressStringMinimum Length: 5, Regex: ipv4_re, ipv6_re146.204.189.1
cf_emailEmail address in CloudFlare’s formatStringMinimum Length: 10[email protected]
alternate_emailParent email addressStringMinimum Length: 5, Regex: email_re[email protected]
company_nameCompanies nameStringMinimum Length: 3Blue Planet
employerEmployer’s full nameStringMinimum Length: 3Dylan King
languageLanguageStringMinimum Length: 3English
professionProfessionStringMinimum Length: 5Baker
bioBiographyStringMinimum Length: 15Rapid and sustainable user growth is my true passion
profile_pictureProfile picture’s URLStringMinimum Length: 5, Regex: url_reimages.fineartamerica.com/picture.png
imeiIMEI (International Mobile Equipment Identity)IntLength between 14 and 16356938035643809
imsiInternational Mobile Subscriber Identity (IMSI)IntLength between 14 and 15310170845466094
api_keyAPI (Application Programming Interface) keyStringMinimum Length: 3zaCELgL.0imfnc8mVLWwsAawjYr4Rx-Af50DDqtlx
device_typeDevice’s typeStringMinimum Length: 2Personal Computer
device_hardware_idSet of numbers and letters that uniquely identifies the device (HWID)StringMinimum Length: 603000102030405060708090a0b0c0d0e0f
maritalstatusMarital statusBooleanMinimum Length: 10
relationship_statusRelationship statusStringMinimum Length: 3Married
mother_maiden_nameMother’s maiden nameStringMinimum Length: 2Jouland
family_member_nameFamily member’s full nameStringMinimum Length: 2Cousin

Data Example

Below is an example of what leaked database data might look like:

Leaked database example

Security Implications

Database breaches pose significant risks including:

  • Account Takeover: Exposed credentials can lead to unauthorized access across multiple services due to password reuse
  • Identity Theft: Personal information can be used to impersonate individuals for fraud
  • Targeted Phishing: Detailed personal information enables highly convincing targeted attacks
  • Reputation Damage: Organizations associated with breaches often suffer significant reputational harm

API Access Methods

The NordStellar Dark Web API provides multiple ways to access breached database information:

Direct Lookups

  • Query for specific identifiers using the /email/{email-sha256} or /phone/{phone-sha256} endpoints
  • Get detailed database information using the /data-source/database/{id} endpoint
  • Lookup breached databases by domain using the /data-source/database/domain/{domain} endpoint

Bulk Operations

  • Check multiple email addresses in a single request using the /email (POST) endpoint
  • Retrieve information about multiple databases using the /data-source/database (POST) endpoint

Domain-Wide Assessment

  • Use the /email/domain/{domain} endpoint to identify all email addresses affected in a specific domain
  • Get domain-wide statistics using the /email/domain/statistics/{domain} endpoint

Use Cases

Security Monitoring

  • Monitor for new breaches affecting your organization's domain
  • Identify which types of data were exposed in breaches
  • Assess the severity of breaches based on exposed data points

User Protection

  • Alert users when their credentials appear in breaches
  • Force password resets for accounts with compromised credentials
  • Provide guidance based on the specific data types exposed

Compliance and Reporting

  • Generate comprehensive breach reports for regulatory compliance
  • Document the specific data types exposed in breaches
  • Track breach timeline and affected user statistics

By leveraging the breached databases information through the NordStellar Dark Web API, organizations can gain valuable insights into their security posture, protect their users from the consequences of data breaches, and respond effectively when incidents occur.

Malware InfectionsCredential Lists
NordStellar © 2026Privacy Policy