A free, open-source data breach notification service, run in the open since 2017
XposedOrNot answers one simple question: has your email address or password shown up in a known data breach? You can search for free, no signup needed, and get an alert when a new breach includes you. The entire codebase is public, and the Transparency Report spells out what we store and what we never touch.
You should know when your data leaks, and knowing should not cost you anything. That is the whole mission. We gather data from public breaches and turn it into free alerts and answers for the people it affects, without ever republishing the stolen data itself. Breach awareness should be free, and it should not cost you your privacy either.
Hi, I'm Devanand Premkumar. I've spent over 20 years in security, building security operations centers from scratch, responding to incidents, and helping organizations across Europe and APAC stop account takeovers. I'm CISA and CISSP certified, and when I'm not working you'll probably find me at a CTF, somewhere near the forensics challenges.
I started XposedOrNot in 2017 as a small side project to share exposed passwords for free. It slowly grew into the full breach notification service you see today, and building it in the open has been the best part.
Every part of the public service is open source: this website, the API behind it, and the SDKs around it. You don't have to take my word for any of this. Read the code on the XposedOrNot GitHub organization or start with the repository overview. Checking for yourself beats trusting blindly, and that's the point.
Questions, ideas, or feedback? Follow project updates on X (Twitter) or Mastodon, or reach me directly at @DevaOnBreaches on X or GitHub. There's also the blog for longer reads, responsible disclosure for security issues, and an independent status page if you want to check service health.