-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathfaq.html
executable file
·807 lines (802 loc) · 59.6 KB
/
faq.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description"
content="Frequently asked questions about XposedOrNot's data breach monitoring service. Learn how we protect your data, verify breaches, calculate risk scores, and help secure your online presence.">
<meta name="author" content="Devanand Premkumar">
<meta name="keywords"
content="data breach monitoring, password security, breach alerts, cybersecurity, privacy protection, email security">
<meta property="og:title" content="XposedOrNot FAQ - Complete Guide to Data Breach Monitoring" />
<meta property="og:description"
content="Get answers about XposedOrNot's data breach monitoring service. Learn about breach verification, risk scoring, alerts, and how we help protect your online security." />
<meta property="og:image" content="https://xposedornot.com/static/images/xon.png" />
<meta property="og:url" content="https://xposedornot.com/faq" />
<meta property="og:type" content="website" />
<meta name="twitter:card" content="summary_large_image">
<meta name="twitter:site" content="@XposedOrNot">
<meta name="twitter:title" content="XposedOrNot FAQ - Complete Guide to Data Breach Monitoring">
<meta name="twitter:description"
content="Get answers about XposedOrNot's data breach monitoring service. Learn about breach verification, risk scoring, alerts, and how we help protect your online security.">
<meta name="twitter:image" content="https://xposedornot.com/static/images/faq_preview.png">
<link rel="icon" href="favicon.ico" type="image/x-icon" />
<title>XposedOrNot FAQ | Data Breach Monitoring & Security Guide</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css"
integrity="sha384-JcKb8q3iqJ61gNV9KGb8thSsNjpSL0n8PARn9HuZOnIxN0hoP+VmmDGMN5t9UJ0Z" crossorigin="anonymous">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.8.2/css/all.min.css"
integrity="sha256-BtbhCIbtfeVWGsqxk1vOHEYXS6qcvQvLMZqjtpWUEx8=" crossorigin="anonymous" />
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.1/jquery.min.js"
integrity="sha512-aVKKRRi/Q/YV+4mjoKBsE4x3H+BkegoM/em46NNlCqNTmUYADjBbeNefNxYV7giUp0VxICtqdrbqU7iVaeZNXA=="
crossorigin="anonymous" referrerpolicy="no-referrer"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js"
integrity="sha384-B4gt1jrGC7Jh4AgTPSdUtOBvfO8shuf57BaghqFfPlYxofvL8/KUEfYiJOMMV+rV"
crossorigin="anonymous"></script>
<link rel=stylesheet
href='https://fonts.googleapis.com/css?family=Poppins%3A300%2C400%2C500%2C600%2C700%2C900&subset'
type=text/css media=all defer async>
<link rel="stylesheet"
href="https://cdnjs.cloudflare.com/ajax/libs/bootstrap-validator/0.5.3/css/bootstrapValidator.css"
integrity="sha512-asx/ybAODdXFwxJdEHxddlVX1jXadezKmKu89YvodVg3VQWEKAi30yd4f3r8V3pljdyACyE7IJCy6mrKuDOXjQ=="
crossorigin="anonymous" />
<script src="https://cdnjs.cloudflare.com/ajax/libs/bootstrap-validator/0.5.3/js/bootstrapValidator.js"
integrity="sha512-mRgivjjOpF/Ist1xO+QU11jjbBqp0VPxQQKQgKU0kaNX4Nwa+Zooyyw39TBJWwEbF0uDaZSs3DukSErXMuRboQ=="
crossorigin="anonymous"></script>
<link href="/static/css/style.css" type="text/css" rel="stylesheet" defer>
<script src="/static/scripts/other-libraries.js" defer></script>
</head>
<body>
<div class="kbanner">
<nav class="navbar navbar-expand-lg navbar-dark bg-primary kbanner">
<a class="navbar-brand" href="https://xposedornot.com"><span
style="font-size: 1.5em; font-weight: bold; display: block; color: white;">XposedOrNot</span>
<span style="font-size: 0.8em; display: block; color: white; opacity: 0.85; margin-top: -1px;">Community
Edition</span></a>
<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarNavDropdown"
aria-controls="navbarNavDropdown" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>
<div class="collapse navbar-collapse" id="navbarNavDropdown">
<ul class="navbar-nav navbar-right">
<li class="nav-item active">
<a class="nav-link" href="password.html">Password <span class="sr-only">(current)</span>
</a>
</li>
<li class="nav-item active">
<a class="nav-link" href="api_doc.html">API </a>
</li>
<li class="nav-item active">
<a class="nav-link" href="https://blog.xposedornot.com/">Blog </a>
</li>
<li class="nav-item dropdown active">
<a class="nav-link dropdown-toggle" href="#" id="navbarDropdownMenuLink" data-toggle="dropdown"
aria-haspopup="true" aria-expanded="false"> More Tools </a>
<div class="dropdown-menu" aria-labelledby="navbarDropdownMenuLink">
<a class="dropdown-item" href="xposed.html">Xposed Breaches</a>
<a class="dropdown-item" href="shield.html">Privacy Shield</a>
<a class="dropdown-item" href="domain.html">Domain Verification</a>
<a class="dropdown-item" href="domains.html">Domain-level Search</a>
<a class="dropdown-item" href="timeline.html">Breaches Timeline</a>
</div>
</li>
</ul>
</div>
</nav>
</div>
<main class="container">
<h1>Frequently Asked Questions (FAQ)</h1>
<nav aria-label="breadcrumb">
<ol class="breadcrumb">
<li class="breadcrumb-item"><a href="/">Home</a></li>
<li class="breadcrumb-item active" aria-current="page">FAQ</li>
</ol>
</nav>
<div class="row">
<div>
<section class="accordion-section clearfix mt-3" aria-label="Question Accordions">
<div class="container">
<div class="panel-group" id="accordion" role="tablist" aria-multiselectable="true">
<div class="panel panel-default">
<div class="panel-heading p-3 mb-3" role="tab" id="heading0">
<h3 class="panel-title">
<a class="collapsed" role="button" title="" data-toggle="collapse"
data-parent="#accordion" href="#collapse0" aria-expanded="true"
aria-controls="collapse0"> Q: who am I ? </a>
</h3>
</div>
<div id="collapse0" class="collapsed collapse show" role="tabpanel" aria-labelledby="heading0">
<div class="panel-body px-3 mb-4">
Hello, I'm, Devanand Premkumar, and I bring over two
decades of experience in IT and information security. My career has been dedicated to
helping organizations fortify their online defenses and ensure they comply with industry
standards. I'm skilled at crafting and implementing security strategies that work across
the globe, whether it's technical or not.
<br><br>
Outside of work, I have a strong interest in forensic investigations and enjoy tackling
challenges in Capture The Flag (CTF) competitions. In 2017, I started a side project
called XposedOrNot. It began as a way to collect and share exposed passwords for free.
Over time, I've been gathering data from public breaches, and now, with a wealth of
information at hand, I want to offer this resource to those who can benefit from it the
most.<br><br>
My journey in IT and information security has been immensely fulfilling, and I'm committed
to sharing my knowledge and expertise to create a safer digital world for all.
</div>
</div>
</div>
<div class="panel panel-default">
<div class="panel-heading p-3 mb-3" role="tab" id="heading1">
<h3 class="panel-title">
<a class="collapsed" role="button" title="" data-toggle="collapse"
data-parent="#accordion" href="#collapse1" aria-expanded="true"
aria-controls="collapse1"> Q: What is XposedOrNot (XON) ? </a>
</h3>
</div>
<div id="collapse1" class="collapsed collapse show" role="tabpanel" aria-labelledby="heading1">
<div class="panel-body px-3 mb-4">
<strong>XposedOrNot (XON)</strong> is a practical and resourceful tool designed to enable
you to verify 🔍 if your personal data has been implicated in a data breach. Originally,
this initiative was born out of my deep interest in forensics and the analysis of data
breaches. The realization of the sheer volume of sensitive information exposed and the
potential harm it could cause quickly led me to transform this interest into a public
service. I was motivated to offer this service to everyone for free, making it accessible
to all who want to protect their personal data and privacy.<br><br>
The <strong>XposedOrNot</strong> platform aids people in discovering whether their email
or personal details have been compromised in a data breach. This knowledge can propel
users to safeguard their accounts with measures such as password changes and vigilant
account monitoring.<br><br>
Aside from just checking emails and passwords, the website also facilitates users in
scrutinizing data breach information at a <a href="domain.html" target="_blank"
rel="noopener noreferrer"><strong>domain or sub-domain level</strong></a>. For those
who can confirm their domain ownership, they gain access to a detailed analysis of the
data breaches that have affected their users.<br><br>
An exciting addition to our suite of tools is the <a href="dashboard.html" target="_blank"
rel="noopener noreferrer"><strong>CXO Dashboard</strong></a>. This feature is
particularly helpful for companies and corporations managing multiple domains. The CXO
Dashboard offers a unified view of data breaches and all associated analytics. This
consolidated perspective can significantly simplify the complex task of breach monitoring
across various domains, empowering organizations to understand and respond to security
incidents more efficiently and effectively.<br><br>
<a href="xposed.html" target="_blank" rel="noopener noreferrer"><strong>Xposed (single
page repository)</strong></a> comprises of details about all the data breaches
loaded onto XposedOrNot. This repository is designed to be visually engaging, simplifying
the understanding of each breach's unique aspects.For folks who prefer a simple list of
rows in a table, you may refer to <a href="breaches.html" target="_blank"
rel="noopener noreferrer"><strong>breaches page</strong></a>.<br><br>
We have also created a useful utility, a <a href="shield.html" target="_blank"
rel="noopener noreferrer"><strong>Privacy Shield feature</strong></a> for individuals
who do not wish to have their emails publicly searched on our platform. This is
particularly useful for those who value their privacy and want to protect their
data.<br><br>
You may wonder why you should choose <strong>XposedOrNot</strong> over other breach
monitoring services. The answer lies in our goal to raise awareness about data breaches
and provide support to reduce the effects of such breaches. Every bit of help is a light
in the darkness, and we aim to add to that illumination.<br><br>
Unlike traditional monitoring services that merely inform you of your exposure and the
volume of leaked records, XposedOrNot takes an extra step. We give each email a risk
score, notify if the password was exposed in plaintext, and provide information on the top
breaches where the email was compromised, among other details.<br><Br>
Data breaches are classified by industry on our platform, offering an insightful
perspective into the most affected sectors. Our aim is to foster transparency and enable
individuals to guard against data breaches effectively. <br><br>
I've also incorporated an alerting feature that can be activated for individual websites
and domains whenever they appear in data breaches. This service is totally free and is
beneficial for everyone – from individual email users to corporations seeking to
comprehend their users' vulnerability to data breaches better.<br><br>
Furthermore, our <a href="xposed.html" target="_blank"
rel="noopener noreferrer"><strong>entire data set </strong></a> can be queried and
integrated into your custom applications via our <a href="api_doc.html" target="_blank"
rel="noopener noreferrer"><strong>XposedOrNot API</strong></a>. Detailed instructions
on using the XposedOrNot API in your projects can be found on our API playground. Keeping
with our ethos of free and open access to data, our API will continue to remain
<strong>completely free of charge</strong>. <br><br>
Lastly, I'd like to highlight that our application, API, and related files are all <a
href="https://github.com/XposedOrNot" target="_blank"
rel="noopener noreferrer"><strong>open source and hosted in GitHub</strong></a>. This
open-source approach helps improve the security posture of the platform and invites
contributions from the public. I believe in the power of collective wisdom and encourage
security enthusiasts, web developers, designers, and data-breach researchers to share
their ideas and collaborate to make <strong>XposedOrNot</strong> even more robust,secure
and effective. Your <a href="hof.html" target="_blank"
rel="noopener noreferrer"><strong>contributions</strong></a> can help further
strengthen this free public utility. Let's work together to make XposedOrNot even better!
</div>
</div>
</div>
<div class="panel panel-default">
<div class="panel-heading p-3 mb-3" role="tab" id="heading2">
<h3 class="panel-title">
<a class="collapsed" role="button" title="" data-toggle="collapse"
data-parent="#accordion" href="#collapse2" aria-expanded="true"
aria-controls="collapse2"> Q. How do I source these breach data ? </a>
</h3>
</div>
<div id="collapse2" class="collapsed collapse show" role="tabpanel" aria-labelledby="heading2">
<div class="panel-body px-3 mb-4">
At XposedOrNot, I source most of our exposed data from breaches that are available on the
internet. These breaches are typically found on various websites, and with proper
searching techniques, can be relatively easy for someone to access. Additionally, I also
source some data breaches through technologies such as torrents.<br><br>
XON only uses data breaches that have been made publicly available. Our goal is to make it
easy for individuals and organizations to check whether their personal information has
been exposed in any known data breaches, and to take steps to protect themselves against
potential harm.
<br>
<br> The entire list of data breaches loaded in XposedOrNot is documented in detail for
easy reference on <a href="xposed.html">
<strong>Xposed Page</strong>
</a>.
</div>
</div>
</div>
<div class="panel panel-default">
<div class="panel-heading p-3 mb-3" role="tab" id="heading3">
<h3 class="panel-title">
<a class="collapsed" role="button" title="" data-toggle="collapse"
data-parent="#accordion" href="#collapse3" aria-expanded="true"
aria-controls="collapse3"> Q. What is stored and what is not stored in XON ? </a>
</h3>
</div>
<div id="collapse3" class="collapsed collapse show" role="tabpanel" aria-labelledby="heading3">
<div class="panel-body px-3 mb-4">
XposedOrNot is a data breach monitoring service that allows users to check whether
personal information has been exposed in any known data breaches. I want to be transparent
with our users about what is and what is not stored in our service.<br><br>
To answer that question, we do not store any user passwords or personal identifiable
information (PII) in XON. When a user enters their email address or domain name into our
search engine, we check our database of known data breaches to see if that email or domain
has been involved in any past breaches. If there is a match, we provide the user with
information on the specific breach(es) that their email or domain was involved in, along
with any additional details we have on the incident.<br><br>
We do not store information about user searches, such as the email or domain name searched
and the date of the search, and we take measures to ensure the privacy and security of our
users' data.<br><br>
In summary, XON does not store any user passwords or PII, but we do store some basic
information about user searches for the purpose of improving our service. <br><br>XON also
has the ability to check <a href="https://xposedornot.com/password"><strong>exposed
passwords</strong>
</a> . This service makes use of the <a target="_blank" rel="noopener noreferrer"
href="https://en.wikipedia.org/wiki/SHA-3">
<strong>SHA3-keccack 512 hashing algorithm</strong>
</a> for converting the collected passwords into one-way hashes in storage. With the
current technologies available, it is highly unlikely someone can reverse these SHA-3
Keccak hashes easily. This ensures the highest level of safety for stored hashes. <br>
<br> Please check the <a href="samples/index.html" target="_blank"
rel="noopener noreferrer">
<strong>sample login page, </strong>
</a>making use of XON Passwords API. This can help a lot of users, preventing them from
reusing old and exposed passwords inline with <a
href="https://pages.nist.gov/800-63-3/sp800-63b.html" target="_blank"
rel="noopener noreferrer"><strong>NIST guidelines</strong></a>.
</div>
</div>
</div>
<div class="panel panel-default">
<div class="panel-heading p-3 mb-3" role="tab" id="heading44">
<h3 class="panel-title">
<a class="collapsed" role="button" title="" data-toggle="collapse"
data-parent="#accordion" href="#collapse44" aria-expanded="true"
aria-controls="collapse4"> Q. What kind of exposed data is presented as part of the
breach information? </a>
</h3>
</div>
<div id="collapse44" class="collapsed collapse show" role="tabpanel"
aria-labelledby="heading44">
<div class="panel-body px-3 mb-4">
<p>When we report on data breaches, we aim to provide a comprehensive overview of the
types of data that have been <a href="xposed.html"><strong>exposed</strong></a>. This
helps users understand the potential impact and risks associated with a particular
breach. <br><Br>To make it easier for our readers, I've logically grouped the exposed
data into categories. Below is a breakdown of these categories and the types of data
they encompass:</p>
<br>
<table border="1" cellpadding="5" cellspacing="0" style="padding: 10px;">
<thead>
<tr>
<th style="padding: 10px;">Category</th>
<th style="padding: 10px;">Types of Exposed Data</th>
</tr>
</thead>
<tbody>
<tr>
<td style="padding: 10px;">👤 <strong>Personal Identification</strong></td>
<td style="padding: 10px;">Names, Dates of birth, Genders, Nationalities, Photos,
Profile photos, Salutations, Nicknames, Licence plates, Social media profiles,
Private messages, Avatars</td>
</tr>
<tr>
<td style="padding: 10px;">💳 <strong>Financial Information</strong></td>
<td style="padding: 10px;">Account balance, Bank account numbers, Credit cards
</td>
</tr>
<tr>
<td style="padding: 10px;">🍔 <strong>Personal Habits and Lifestyle</strong></td>
<td style="padding: 10px;"> Drug habits, Spoken languages, Vehicle details,
Vehicle identification numbers</td>
</tr>
<tr>
<td style="padding: 10px;">🔒 <strong>Security Practices</strong></td>
<td style="padding: 10px;">Passwords, Historical passwords, Security questions
and answers</td>
</tr>
<tr>
<td style="padding: 10px;">🎓 <strong>Employment and Education</strong></td>
<td style="padding: 10px;">Job applications, Employers, Occupations, Education
levels</td>
</tr>
<tr>
<td style="padding: 10px;">📞 <strong>Communication and Social
Interactions</strong></td>
<td style="padding: 10px;">Email addresses, Instant messenger identities, Phone
numbers, Private messages, Social connections, Social media profiles</td>
</tr>
<tr>
<td style="padding: 10px;">🖥️ <strong>Device and Network Information</strong>
</td>
<td style="padding: 10px;">IP addresses, Device information, Browser user agent
details, Website activity</td>
</tr>
<tr>
<td style="padding: 10px;">🩺 <strong>Health Information</strong></td>
<td style="padding: 10px;">Personal health data, Health insurance information,
Fitness levels, Smoking habits</td>
</tr>
<tr>
<td style="padding: 10px;">👥 <strong>Demographics</strong></td>
<td style="padding: 10px;">Age group, Age, Ethnicities, Marital statuses, Spoken
languages, Sexual preferences</td>
</tr>
<tr>
<td style="padding: 10px;">🗳️ <strong>Political and Social Views</strong></td>
<td style="padding: 10px;">Social connections, Private messages</td>
</tr>
</tbody>
</table>
<br>
<p>Note: The data presented reflects significant exposed details only; not all data types
from breaches are included. Due to manual compilation, errors may occur. For
corrections, please contact me.</p>
</div>
</div>
</div>
<div class="panel panel-default">
<div class="panel-heading p-3 mb-3" role="tab" id="heading4">
<h3 class="panel-title">
<a class="collapsed" role="button" title="" data-toggle="collapse"
data-parent="#accordion" href="#collapse4" aria-expanded="true"
aria-controls="collapse4"> Q. Can you share the sources with me to verify ? </a>
</h3>
</div>
<div id="collapse4" class="collapsed collapse show" role="tabpanel" aria-labelledby="heading4">
<div class="panel-body px-3 mb-4">
Usually, it's not a good idea to reveal where data breaches come from because of how much
sensitive information is at stake. However, in XON, all the data that's been collected is
uploaded and can be easily searched through the website or API for any email you input.
</div>
</div>
</div>
<div class="panel panel-default">
<div class="panel-heading p-3 mb-3" role="tab" id="heading5">
<h3 class="panel-title">
<a class="collapsed" role="button" title="" data-toggle="collapse"
data-parent="#accordion" href="#collapse5" aria-expanded="true"
aria-controls="collapse5"> Q. Can I get notified if my data is exposed in a data breach
? </a>
</h3>
</div>
<div id="collapse5" class="collapsed collapse show" role="tabpanel" aria-labelledby="heading5">
<div class="panel-body px-3 mb-4">
Absolutely! We offer an <strong>AlertMe Service</strong> that you can use to stay informed
about any exposed data. You can use the AlertMe service while searching for emails or
verifying passwords on our website. Simply activate the service, and we'll send you alerts
if we detect any breaches involving your email address. This is a great way to stay on top
of potential security threats and protect your sensitive information. <br><br>
</div>
</div>
</div>
</div>
<div class="panel panel-default">
<div class="panel-heading p-3 mb-3" role="tab" id="heading6">
<h3 class="panel-title">
<a class="collapsed" role="button" title="" data-toggle="collapse" data-parent="#accordion"
href="#collapse6" aria-expanded="true" aria-controls="collapse6"> Q. Is there any fee for
searching more than one of my emails/passwords ? </a>
</h3>
</div>
<div id="collapse6" class="collapsed collapse show" role="tabpanel" aria-labelledby="heading6">
<div class="panel-body px-3 mb-4">
I don't intend to make this community edition a chargeable one. You're free to make use of
this service and if you find it useful, please share it and spread the usage of XposedOrNot
(XON). Every word of sharing and recommendation is always welcome for me as a researcher, as
it will benefit the general population more and more. <br><br>You're welcome to check your
emails/passwords, as well as those of your family, friends, or immediate circle, without any
limit on the number of checks.
</div>
</div>
</div>
<div class="panel panel-default">
<div class="panel-heading p-3 mb-3" role="tab" id="heading7">
<h3 class="panel-title">
<a class="collapsed" role="button" title="" data-toggle="collapse" data-parent="#accordion"
href="#collapse7" aria-expanded="true" aria-controls="collapse7"> Q. How are breaches
verified in XON ? </a>
</h3>
</div>
<div id="collapse7" class="collapsed collapse show" role="tabpanel" aria-labelledby="heading7">
<div class="panel-body px-3 mb-4"> All the breaches exposed here are acknowledged by the website
owners or online media and available as <a href="xposed.html" target="_blank"
rel="noopener noreferrer">
<strong>references</strong>
</a>.
At XposedOrNot, we make sure that all the exposed <a href="xposed.html" target="_blank"
rel="noopener noreferrer">
<strong>exposed</strong></a> breaches uploaded on our website are acknowledged by the
respective website owners or online media, and we provide references for each one. In rare
cases where a breach is not acknowledged by the website owner, we mark it as such and take
steps to notify them through defined processes. We believe in transparency and post all such
communication on our XposedOrNot Twitter account as well as in the references. <br><Br>
Please note that verification of individual data breaches impacting a website and its users
is currently a manual process, and we take utmost care to ensure accuracy.
</div>
</div>
</div>
<div class="panel panel-default">
<div class="panel-heading p-3 mb-3" role="tab" id="heading71">
<h3 class="panel-title">
<a class="collapsed" role="button" title="" data-toggle="collapse" data-parent="#accordion"
href="#collapse71" aria-expanded="true" aria-controls="collapse71"> Q. How do I classify
data breaches? </a>
</h3>
</div>
<div id="collapse71" class="collapsed collapse show" role="tabpanel" aria-labelledby="heading71">
<div class="panel-body px-3 mb-4"> Data breaches are currently classified as follows: <br>
<br>
<strong>Data Breach</strong>: A <a href="https://en.wikipedia.org/wiki/Data_breach">
<strong>data breach</strong>
</a> is the intentional or unintentional release of secure or private/confidential
information to an untrusted environment. Websites or online applications which have their
data breached by external or internal resources and exposed/breached on the web for
unauthorized access. <br>
<br>
<strong>ComboList</strong>: A <a href="https://combolist.org/">
<strong>combo list</strong>
</a> is a text file containing a list of usernames and passwords in a consistent format.
Combolists are meant to be machine-readable so they can be used as input to tools that will
automate authentication requests to a website or API. <br>
<br> Tags used in <a href="xposed.html">
<strong>exposed breaches</strong>
</a>: <br>
<strong>Verified</strong>: Breaches that are verified individually and confirmed as authentic
data breaches. <br>
<strong>Untrustworthy</strong>: Breaches that are not verified and not confirmed. <br>
<strong>Searchable</strong>: Breaches or ComboLists that can be publicly searched with an
email address. <br>
<strong>Sensitive-Site</strong>: Breaches that cannot be publicly searched considering the
sensitivity of the data exposed. <br>
</div>
</div>
</div>
<div class="panel panel-default">
<div class="panel-heading p-3 mb-3" role="tab" id="heading301">
<h3 class="panel-title">
<a class="collapsed" role="button" title="" data-toggle="collapse" data-parent="#accordion"
href="#collapse301" aria-expanded="true" aria-controls="collapse71"> Q. How do I calculate
the data breach risk score of an email? </a>
</h3>
</div>
<div id="collapse301" class="collapsed collapse show" role="tabpanel" aria-labelledby="heading301">
<div class="panel-body px-3 mb-4"> <strong>What is the risk score formula? </strong><br> <br>
The <strong>risk score formula</strong> calculates a user's account risk based on the number
and severity of data breaches associated with the user's email, the time since the last
breach, and the strength of the user's password. <br><br>
The formula is:<br>
<strong> Risk Score = (A x W1) + (B x W2) + (C x W3) + (D x W4)</strong> <br><br>
where: <br>
A = number of data breaches associated with the user's email address<br>
B = severity of data breaches associated with the user's email address<br>
C = time since last breach associated with the user's email address<br>
D = password strength based on a password strength algorithm<br><br>
and:<br><br>
W1 = weight for factor A<br>
W2 = weight for factor B<br>
W3 = weight for factor C<br>
W4 = weight for factor D<br><br>
For example, let's say we assign the following weights to each factor:<br><br>
W1 = 4 (number of data breaches is considered the most important factor)<br>
W2 = 2 (severity of data breaches is also important, but not as much as the number of
breaches)<br>
W3 = 1 (time since last breach is still important, but less so than the other factors)<br>
W4 = 3 (password strength is also important, but not as much as the number of
breaches)<br><br>
We could then use the following formula to calculate a user's risk score:<br><br>
Risk Score = (A x 4) + (B x 2) + (C x 1) + (D x 3)<br><br>
For example, if a user has been involved in 5 data breaches, with 2 of them being
high-severity breaches, and the last breach occurring 6 months ago, and has a strong
password, their risk score would be:<br><br>
Risk Score = (5 x 4) + (2 x 2) + (6/12 x 1) + (1 x 3) = 31
<br>
<br>
<strong>How is the risk score calculated?</strong><br><br>
Each factor is multiplied by its weight, and the results are added together to calculate the
risk score. The risk score will be displayed visually as a traffic light system, with green
indicating low risk, yellow indicating moderate risk, and red indicating high risk.
<br>
<br>
<strong>What factors are considered in the risk score formula?</strong>
<br><br>
The factors considered in the risk score formula are the number and severity of data breaches
associated with the user's email, the time since the last breach, and the strength of the
user's password.
</div>
</div>
</div>
<div class="panel panel-default">
<div class="panel-heading p-3 mb-3" role="tab" id="heading81">
<h3 class="panel-title">
<a class="collapsed" role="button" title="" data-toggle="collapse" data-parent="#accordion"
href="#collapse81" aria-expanded="true" aria-controls="collapse8"> Q. How safe and secure
is XposedOrNot? </a>
</h3>
</div>
<div id="collapse81" class="collapsed collapse show" role="tabpanel" aria-labelledby="heading81">
<div class="panel-body px-3 mb-4">
In creating this application and website, I have taken into consideration the impact of
unsecured and unsafe environments on data breaches and related exposure. That's why I have
made the decision to <strong>open source the API and all related files</strong> on <a
href="https://github.com/XposedOrNot" target="_blank"
rel="noopener noreferrer"><strong>Github</strong></a>. As a long-time user, I firmly
believe that open-source tools have had a significant impact on our environment, more than we
may ever realize.<br><Br>
The entire application and website are built on open source technology, including the
operating system (Linux), API script (Python), and web files (HTML/CSS/JavaScript). By
collaborating and working together, we can improve and enhance any service, and open source
is the way forward.<br><br>
I welcome any pull requests and contributions to modify, enhance, or fix any bugs. Let's work
together to create a better and more secure online environment for everyone ❤️ .<br>
</div>
</div>
</div>
<div class="panel panel-default">
<div class="panel-heading p-3 mb-3" role="tab" id="heading89">
<h3 class="panel-title">
<a class="collapsed" role="button" title="" data-toggle="collapse" data-parent="#accordion"
href="#collapse89" aria-expanded="true" aria-controls="collapse8"> Q. Do you have a
bug-bounty program? </a>
</h3>
</div>
<div id="collapse89" class="collapsed collapse show" role="tabpanel" aria-labelledby="heading89">
<div class="panel-body px-3 mb-4">
If you happen to discover 🔍 a bug or security vulnerability, I would love 😍 to hear from
you! I encourage you to disclose it using the <a href="responsible-disclosure.html"
target="_blank" rel="noopener noreferrer"><strong>responsible disclosure</strong></a>
guidelines to support XposedOrNot.<br><br>
I want to make it clear that this is not a bug bounty program and we do not offer a monetary
reward for submissions. However, I would be happy to feature your <a
href="responsible-disclosure.html" target="_blank" rel="noopener noreferrer"><strong>valid
submissions</strong></a> on our <a href="hof" target="_blank"
rel="noopener noreferrer"><strong>Hall of Fame</strong></a> page, based on your
preference. I believe in recognizing the positive contributions of reporters who have
demonstrated a high level of dedication to our program.<br>
</div>
</div>
</div>
<div class="panel panel-default">
<div class="panel-heading p-3 mb-3" role="tab" id="heading8">
<h3 class="panel-title">
<a class="collapsed" role="button" title="" data-toggle="collapse" data-parent="#accordion"
href="#collapse8" aria-expanded="true" aria-controls="collapse8"> Q. What is Alert Me
service ? </a>
</h3>
</div>
<div id="collapse8" class="collapsed collapse show" role="tabpanel" aria-labelledby="heading8">
<div class="panel-body px-3 mb-4">
AlertMe is a 💡 handy notification service that sends you an email whenever a new breach is
added to XposedOrNot. It's a great way to stay on top of any potential exposure and take the
necessary steps to protect yourself. Setting up AlertMe is easy, all you have to do is enter
your email and confirm it. From then on, you'll receive an email alert for any new breaches
that affect the email address you subscribed with. You can activate AlertMe from the home
page or by running a search for exposed data breaches. We'll provide guidance on
subscriptions with every search, and you can even activate it through the password search
feature.
</div>
</div>
</div>
<div class="panel panel-default">
<div class="panel-heading p-3 mb-3" role="tab" id="heading9">
<h3 class="panel-title">
<a class="collapsed" role="button" title="" data-toggle="collapse" data-parent="#accordion"
href="#collapse9" aria-expanded="true" aria-controls="collapse9"> Q. Is there an
acceptable use policy ? </a>
</h3>
</div>
<div id="collapse9" class="collapsed collapse show" role="tabpanel" aria-labelledby="heading9">
<div class="panel-body px-3 mb-4"> Please refer <a href="privacy.html">
<strong>XON Acceptable Use Policy & Privacy Policy</strong>
</a>. <br>
<br>Feel free to reach out to me if you have any questions related to privacy and related
subjects.
</div>
</div>
</div>
<div class="panel panel-default">
<div class="panel-heading p-3 mb-3" role="tab" id="heading91">
<h3 class="panel-title">
<a class="collapsed" role="button" title="" data-toggle="collapse" data-parent="#accordion"
href="#collapse91" aria-expanded="true" aria-controls="collapse91"> Q. Why am I getting
emails from [email protected]? </a>
</h3>
</div>
<div id="collapse91" class="collapsed collapse show" role="tabpanel" aria-labelledby="heading91">
<div class="panel-body px-3 mb-4">
The emails which can be received are as follows: <br>
<ol type="1">
<li>Alert me notification confirmation <br>
</li>
<li>Alert me notifications of breaches <br>
</li>
<li>Privacy shield notification and confirmations <br>
</li>
<li>Domain validation notifications and confirmations <br>
<br>
</li>
</ol>
Currently, all the emails from XON will be from [email protected] only and it is
completely automated. <br>
<br> As this email is used only for automated notifications as stated above, this email will
not be monitored for inbound emails. Please use the email address given in " <a
href="http://localhost/XON/web/faq#collapse10">
<strong>How can I be reached</strong>
</a>" for response and communication.
</div>
</div>
</div>
<div class="panel panel-default">
<div class="panel-heading p-3 mb-3" role="tab" id="heading92">
<h3 class="panel-title">
<a class="collapsed" role="button" title="" data-toggle="collapse" data-parent="#accordion"
href="#collapse92" aria-expanded="true" aria-controls="collapse92"> Q. How can I
contribute to XposedOrNot? How can I submit a data breach? </a>
</h3>
</div>
<div id="collapse92" class="collapsed collapse show" role="tabpanel" aria-labelledby="heading92">
<div class="panel-body px-3 mb-4">
I would love for everyone to contribute to making XON more useful for the general public.
Account takeovers and password attacks are a real problem, and any help we can get in that
direction is highly appreciated. I strongly believe that every little effort counts in the
fight against data breaches, and I welcome anyone who wants to lend a hand.<br><br>
If you come across a data breach that is not listed in XON and is publicly accessible without
any cost or expectation of remuneration, please do not hesitate to contact me and let me
know. I will verify the breach and add it to XON for everyone to benefit from. We even have a
special <strong>Hall of Fame</strong> page dedicated to recognizing and thanking individuals
who help us in this initiative.<br> <br>
Thank you in advance for your support and patronage. We really appreciate it! 🙏
</div>
</div>
</div>
<div class="panel panel-default">
<div class="panel-heading p-3 mb-3" role="tab" id="heading93">
<h3 class="panel-title">
<a class="collapsed" role="button" title="" data-toggle="collapse" data-parent="#accordion"
href="#collapse93" aria-expanded="true" aria-controls="collapse93"> Q. What kind of data
logging is enabled here for public searches? </a>
</h3>
</div>
<div id="collapse93" class="collapsed collapse show" role="tabpanel" aria-labelledby="heading93">
<div class="panel-body px-3 mb-4">
We don't store any of the data that's searched on our website or API. We only collect
demographic data through Google Analytics, which you can opt-out of at any time. You can find
more information about our privacy and acceptable use policy on our website.<br><br>
To improve our service, we do collect some data about our users, but we don't log any user
actions except for demographic data. This helps us better understand our users and provide a
better service in alignment with the <a href="privacy.html"> <strong>privacy policy
</strong></a><br><br>
The only exception to this is for users who sign up for our "Alert Me" service. We use this
service to notify the owners of email addresses and domains of any future breaches that are
loaded in XON. To ensure the accuracy of our notifications, we use a dual opt-in process
where users must confirm their email address before receiving alerts.<br><br>
</div>
</div>
</div>
<div class="panel panel-default">
<div class="panel-heading p-3 mb-3" role="tab" id="heading11">
<h3 class="panel-title">
<a class="collapsed" role="button" title="" data-toggle="collapse" data-parent="#accordion"
href="#collapse11" aria-expanded="true" aria-controls="collapse11"> Q. Do you support TOR?
</a>
</h3>
</div>
<div id="collapse11" class="collapsed collapse show" role="tabpanel" aria-labelledby="heading11">
<div class="panel-body px-3 mb-4">
If you're feeling extra cautious and want to keep your online presence under wraps 🕵️, we
understand. You can totally use the Tor Browser to check for any data breaches and exposed
data on XposedOrNot. We want to make sure everyone feels safe and secure, even if you're
browsing in the shadows like a stealthy ninja.
</div>
</div>
</div>
<div class="panel panel-default">
<div class="panel-heading p-3 mb-3" role="tab" id="heading10">
<h3 class="panel-title">
<a class="collapsed" role="button" title="" data-toggle="collapse" data-parent="#accordion"
href="#collapse10" aria-expanded="true" aria-controls="collapse10"> Q. How can I be
reached ? </a>
</h3>
</div>
<div id="collapse10" class="collapsed collapse show" role="tabpanel" aria-labelledby="heading10">
<div class="panel-body px-3 mb-4">
If you happen to stumble upon any publicly exposed data breaches out there that we haven't
caught yet, we'd love to hear about it! Just drop an email to
<strong>deva[@]xposedornot.com</strong>, or message me at the following channels:<br>
<a href="https://twitter.com/DevaOnBreaches" target="_blank"
style="margin-left: 10px;">Twitter - <i class="fab fa-twitter">
https://twitter.com/DevaOnBreaches </i></a><br>
<a href="https://www.linkedin.com/in/devasecurity/" target="_blank"
style="margin-left: 10px;">LinkedIn - <i class="fab fa-linkedin">
https://www.linkedin.com/in/devasecurity/ </i></a> <br>
<a href="https://infosec.exchange/@DevaOnBreaches" target="_blank"
style="margin-left: 10px;">Mastodon - <i class="fab fa-mastodon ">
https://infosec.exchange/@DevaOnBreaches </i></a><br>
I am always on the lookout 👀 for ways to make XON more useful and informative, and your
input could help us take our game to the next level. Plus, who knows - maybe you'll make it
onto our special <strong>"Breaches Super Sleuths 🦸 "</strong> list for your heroic efforts!
<br><br>
Let's make the internet a safer place for all.
</div>
</div>
</div>
</div>
</section>
</div>
</div>
<div class="container text-center">
<footer>
<aside>
<hr>
<a style="color:#3c5fec" href="https://twitter.com/xposedornot" target="_blank" rel="noopener"
name="twitter">  Check us out at <em class="fab fa-twitter fa-3x"></em>
</a>
<a style="color:#3c5fec" href="https://facebook.com/xposedornot" target="_blank" rel="noopener"
name="fb">  and <i class="fab fa-facebook fa-3x"></i>
</a> <br> <br>
<div xmlns:cc="https://creativecommons.org/ns#" about="https://creativecommons.org">
<p>
<p>Join us in shaping this fully open source site! Contributions welcome ❤️ —check out our <a
href="https://github.com/XposedOrNot" target="_blank" rel="noopener">GitHub </a>. </p>
</div>
<hr>
<div class="custom-control custom-switch" style="Text-align:right;Width:30%;float:right">
<input type="checkbox" class="custom-control-input" id="darkSwitch">
<label class="custom-control-label" for="darkSwitch">Dark Mode</label>
</div>
</aside>
</footer>
</div>
</main>
</body>
<script async defer src="https://www.googletagmanager.com/gtag/js?id=UA-108891851-1"></script>
<script src="/static/scripts/common.js"></script>
<script type="application/ld+json">
{
"@context": "https://schema.org",
"@type": "FAQPage",
"mainEntity": [{
"@type": "Question",
"name": "What is XposedOrNot (XON)?",
"acceptedAnswer": {
"@type": "Answer",
"text": "XposedOrNot (XON) is a practical and resourceful tool designed to enable you to verify if your personal data has been implicated in a data breach..."
}
},
{
"@type": "Question",
"name": "How safe and secure is XposedOrNot?",
"acceptedAnswer": {
"@type": "Answer",
"text": "The entire application and website are built on open source technology..."
}
}
]
}
</script>
</body>
</html>