Frequently Asked Questions (FAQ)

Devanand Premkumar has 17+ years of experience in IT/ITES environment by identifying, planning and executing information security operations, increasing security & compliance and implementing global information security programs. Has been instrumental in designing, developing, maintaining security frameworks and technical controls in various geographies across the globe. Has played various roles in technical as well as non-technical aspects of Information Security. My last corporate engagement was handling an intelligent SOC serving global customers for their security requirements in the role of Delivery Director.

Since forensics and investigations interests me a lot, started off a small exercise to check the level of data available in public domains related to data breaches. Considering the large volume of data aggregated and in the best interest of people and me wanted to keep it open for all to make use.

Currently providing consultancy for startups and organisations to check and support in their effective and efficient compliance for implemented information security controls.
XoN was started as a simple exercise to work with cloud and related technologies. However, looking at the huge size of private data exposed, particularly on exposed data on breached data,I am planning to keep this site open to the public as a free service.

Thereby this also helps all of us to get more information about the scope of data exposure and get alerted in case of new breaches which are getting more frequent in the past few months/years.

Folks can use this site as a simple reference to know about their data exposure from breaches. Email address can be used to verify if that particular email was part of the breached data. Knowing the breach status, users can take appropriate action to safeguard their accounts.

Next steps include changing password, monitoring accounts and making use of individual passwords on websites can help a lot.

You can also read the "Guide on Password Security" to know more about account security requirements.
Most of the exposed data are sourced from breaches available in the Internet.These data breaches are available on websites and pretty easy for a person who is searching properly. Few of them are sourced through Peer-to-Peer (P2P) technologies like torrents as well.
XoN stores only the email and the name of the website it got breached. In other words, plain text passwords and other sensitive data are not stored for obvious reasons as the storage of that would bring in more issues than benefit to the public.

XoN also has the feature of checking breached passwords collection. This service makes use of SHA3-keccack 512 hashing algorithm for converting the collected passwords into one way hashes in storage. With the current technologies available, it is highly unlikely someone can re-verse this SHA-3 Keccak hashes easily. This ensures the highest level of safety for stored hashes.

Please check the sample login page, making use of this XoN Passwords. This can help a lot of users, preventing them from reusing old and exposed passwords.
Generally it is not recommended sharing the sources of breaches, considering the sensitivity and the amount of data being exposed. All the available data are loaded into XoN and is available to be queried through the website and API for each email.
Yes, please feel free to make use of the AlertMe Service, which can let know of xposed data. Alert me as a service can be invoked while searching in email or password verification pages.
No, I do not intend to make this service a chargeable one. Feel free to make use of this service and if you feel this is useful, please share it and spread the usage of XposedOrNot (XoN). Every word of sharing and recommendation is always welcome for each researcher like us as it will benefit the general population more and more. All are welcome to check their emails/passwords irrespective of the number they might use or want to check including their family, friends or immediate circle.
All the breaches exposed here are acknowledged by the website owners and available as references. In rare cases of exposed breaches not acknowledged by the website, it will be clearly marked as such. We would also be taking extreme care in notifying the website owners through defined processes, and all such communication will be posted in XoN Twitter for more visibility
AlertMe is a simple notification service through email to inform subscribers of any new breaches. This will help them to understand and take remediation to contain the impact of exposure. This can be easily activated by email and confirming the same. Going forward, for all new breaches in which this subscribed email is found, an email alert will be sent across immediately. AlertMe can be activated either through the home page by starting a simple search for exposed data breaches. Guidance on subscription will be shared with each and every search. The same can also be activated through the password search feature as well.
Please refer XoN Acceptable Use Policy & Privacy Policy. Feel free to reach out to me if you have any questions related to privacy and related subjects.
Email : devaOnbreaches @
Twitter : DevaOnBreaches

Feel free to drop me an email or ping me in Twitter for any support/assistance/clarification needed.

If you have any inputs or pointers to publicly exposed breaches which needs to be loaded in XoN, please notify me.