The Dark Breach Data (DBD) API provides structured, real-time access to compromised data originating from info stealer malware logs, public and private data breaches, and other underground sources. The API delivers rich metadata for each record, enabling security teams to investigate and respond to incidents involving compromised assets.
The DBD covers a wide range of entity types, including:
- Credentials - Usernames, emails, and passwords exposed in breaches or malware logs.
- Financial Data - Credit card details (full PAN, BIN6, BIN8).
- Personal Identifiers - Social Security Numbers (SSN), passport numbers, phone numbers.
- Device-Related Entities - Credentials and information harvested from infected devices by infostealer malware.
To ensure compliance with privacy regulations and to protect sensitive data, access to certain records is restricted to authorized assets using the Authorized Domains API.
In the DBD, there are two result types:
- Single Entity Result - For a given parameter search value, the result represents one entity document.
- If the same entity has been leaked multiple times, it will still be counted as a single result, updated with details from all related leak records.
- Relevant parameters: Credit Card, Account Name, Phone, SSN, Passport.
- Multi Entity Result - For a given parameter search value, the result includes multiple distinct entity documents matching the query.
- This occurs when the search can match multiple entities within the same category.
- Relevant parameters: Email, Email Domain, Login Domain, BIN6, BIN8.
- For Email, Email Domain, and Login Domain queries, the same entity can appear as multiple separate results, for example if a new password is detected or if it appears in a new data breach, unlike other search parameters where such updates are merged into a single record.