// security research

Submit a data breach

Are you a security researcher who discovered a breach dataset? Help protect millions of people by submitting it to DataLeakz. We store only hashed data — raw credentials are never retained.

🔒 Emails & passwords hashed, never stored raw
🛡️ Submissions reviewed within 48h
✉️ Encrypted submission supported
👤 Anonymous submissions accepted
🔍

What we accept

Verified breach datasets containing email addresses, passwords, or phone numbers from real security incidents. We verify every submission before ingestion.

🚫

What we don't accept

Unverified or fabricated data, data from active attacks still in progress, or datasets you don't have legitimate access to as a security researcher.

Breach submission form

Fill in what you know. You don't need to have every field — partial information is fine. We'll follow up if we need anything else.

💡
How we handle your submission

When you upload a dataset, we parse it locally, hash every email and password with SHA1, store only the hashes, and permanently delete the raw file. We never expose raw credentials to anyone.

The organisation whose data was exposed.

When the breach occurred, not when discovered.

Where you found the data or any public reporting on this breach.

📧 Email addresses
🔑 Passwords (plain or hashed)
📱 Phone numbers
👤 Full names
🏠 Physical addresses
🪪 SSN / Gov IDs
💳 Payment data
📦 Other

Helps us parse the file correctly.

📁

Drop your file here or click to browse

TXT, CSV, JSON, SQL — max 500MB

If the file is too large, you can share a secure download link in the notes field below instead.

Use this if your file is too large to upload directly.

So we can credit you and follow up with questions. Leave blank for anonymous submission.

⚠️
Responsible disclosure reminder

By submitting, you confirm this data came from a legitimate security research activity, that you're not submitting data from an active ongoing attack, and that you understand DataLeakz will use it solely to notify affected users.

Submission received

Thank you for helping protect users. Our team will review your submission within 48 hours. If you provided a contact, we'll be in touch.

What happens after you submit

Your submission goes through a review and ingestion pipeline before any data is used.

1
Manual review (within 48h)

Our team verifies the dataset is real, checks it against known breaches, and confirms the data types present.

2
Hashing & ingestion

Every email is SHA1 hashed before storage. Passwords are hashed. Raw data is deleted immediately after processing.

3
Breach added to the database

The breach appears in search results. Affected users who search their email will see they were impacted.

4
Credit (optional)

If you provided contact details and want credit, we'll acknowledge your contribution in the breach entry.

Prefer to submit encrypted?

If you want end-to-end encryption, email the dataset encrypted with our PGP key to security@dataleakz.com

-----BEGIN PGP PUBLIC KEY BLOCK----- xjMEac2nGBYJKwYBBAHaRw8BAQdA1K872zjdwrAf7lKPOnvnZjQJKKWxY9lj L9ZxCtFLCkvNIkRhdGFMZWFreiA8c2VjdXJpdHlAZGF0YWxlYWt6LmNvbT7C wBkEExYKAIsFgmnNpxgFiQHhM4ADCwkHCRAnI6un1Rl+0EUUAAAAAAAcACBz YWx0QG5vdGF0aW9ucy5vcGVucGdwanMub3JnKvKuwOyP1zA7nNpxJTpW8D47 RFygM0Unl4STw4ue1sgFFQoIDgwEFgACAQIZAQKbAwIeARYhBCChGAPF17dG +qrxMycjq6fVGX7QAACK1AEAr6CK173CT5f6XPJAcqixjTaxZLR97KvWGhIq 5Qqakv0BANXUvKKdPtHvAKPXDU+hYR73XCOD48PPeYVe1AQpq8ABzjgEac2n GBIKKwYBBAGXVQEFAQEHQB30H1Y/xiP2SmOAe3ipfVPtePDS2aFxShblQokQ 9wlpAwEIB8LAAwQYFgoAdgWCac2nGAWJAeEzgAkQJyOrp9UZftBFFAAAAAAA HAAgc2FsdEBub3RhdGlvbnMub3BlbnBncGpzLm9yZwYN1eGN37uFTyCWEo07 DxyI4Xcz0ycoKyteu22ol+2MApsMFiEEIKEYA8XXt0b6qvEzJyOrp9UZftAA AGbXAQDgIn07i+8ajZY+CyMTPIH23sEn7MXcuvo1BVPihcjpsgD45w+sXJhf VDqBmsH51veDx9bRmBuXC9TaindgqPq0Bw== =stDu -----END PGP PUBLIC KEY BLOCK-----

Generate and upload your PGP key at keys.openpgp.org