Frequently Asked Questions (FAQ)

Devanand Premkumar () has 15+ years of experience in IT/ITES environment on identifying, planning and executing information security operations, increasing security & compliance and implementing global information security programs. Has been instrumental in designing, developing, maintaining security frameworks and technical controls in various geographies across the globe. Has played various roles in technical as well as non-technical aspects of Information Security. My last corporate engagement was handling an intelligent SOC serving global customers for their security requirements in the role of Delivery Director.

Since forensics and investigations interests me a lot, started off a small exercise to check the level of data available in public domains related to data breaches. Considering the large volume of data aggregated and in the best interest of people and me wanted to keep it open for all to make use.

XoN was started as a simple exercise to work with cloud and related technologies. However looking at the huge size of private data exposed, particularly on privacy related,I am planning to keep this site open to the public as a free service. Thereby this also helps people to get more information about their scope of data exposure and let know in case of new breaches which are getting more frequent in the past few months.
Most of the exposed data are sourced from breaches available in Internet.These data breaches are available on websites and pretty easy for a person who is searching properly. Few of them are sourced through Peer-to-Peer (P2P) technologies like torrents as well.
XoN stores only the email and the name of the website it got breached. In other words, plain text passwords and other sensitive data are not stored for obvious reasons as the storage of that would bring in more issues than benefit to the public. XoN also has the feature of checking breached passwords collection. This service makes use of SHA3-keccack 512 hashing algorithm for converting the collected passwords into one way hashes in storage.

With the current technologies available, it is highly unlikely someone can re-verse this SHA-3 Keccak hashes easily. This ensures the highest level of safety for stored hashes.
Generally it is not recommended sharing the sources of breaches, considering the sensitivity and the amount of data being exposed. All the available data is loaded into XoN and is available to be queried through the website and API for each emails.
Yes, please feel free to make use of the AlertMe Service which can let know of xposed data.
No, I do not intend to make this service a chargeable one. Feel free to make use of this service and if you feel this is useful, please share it and spread the usage of XposedOrNot (XoN). Every word of sharing and recommendation is always welcome for each researchers like us as it will benefit the general population more and more. All are welcome to check their emails/passwords irrespective of the number they might use or want to check including their family, friends or immediate circle.
All the breaches exposed here are acknowledged by the website owners and available as references. In rare cases of exposed breaches not acknowledged by the website, it will be clearly marked as such. We would also be taking extreme care in notifying the website owners through defined processes, and all such communication will be posted in XoN Twitter for more visibility
AlertMe is a simple notification service through email to inform subscribers of any new breaches. This will help them to understand and take remediation to contain the impact of exposure. This can be easily activated by email and confirming the same. Going forward, for all new breaches in which this subscribed email is found, an email alert will be sent across immediately.

AlertMe can be activated either through the home page by starting a simple search for exposed data breaches. Guidance on subscription will be shared on each and every search. The same can also be activated through the password search feature as well.
Please refer XoN Acceptable Use Policy & Privacy Policy here
Twitter : DevaOnBreaches

Feel free to drop me an email or ping me in twitter for any support/assistance/clarification needed.

If you have any inputs or pointers to publicly exposed breaches which needs to be loaded in XoN, please notify me.