Breaches

breaches are service specific data leaks linked to a particular company or website each represents a distinct cyber incident where user credentials or personal data were exposed the breaches directory enables you to view and search across all the breaches that flare covers this directory includes two types of breaches breaches with credentials these are breaches where flare has ingested credential data (emails, usernames, and passwords) they also appear in the credentials browser and as leaked credentials events breaches without credentials (new) these are breaches where the exposed data does not include credentials however, they may still contain other personal information such as physical addresses, phone numbers, or other personally identifiable information (pii) starting june 2026, newly identified breaches without credentials will appear in the breaches directory historical data will be added in a future update the breaches directory the breaches directory can be sorted by name, breached at and leaked at dates, and tenant credentials count to narrow down results, and displays the following information name the name of the breached service or platform description a brief summary of the breach breached at the date the breach is believed to have originally occurred (i e , when the data was stolen) leaked at the date the stolen data was publicly leaked or made available to find out more about the difference between the breached at and leaked at dates, refer to event date fields docid\ ic8s2aua6wys2zo7ndqnh verified indicates whether the breach has been confirmed as legitimate by trusted sources such as haveibeenpwned (hibp) or included in official lists on dark web forums the data is believed to be real and poses a more likely risk to your organization unverified breaches have not been confirmed and may contain inaccurate data, though they could still be legitimate credentials indicates whether the breach contains credential data such as usernames, passwords, or emails pii the pii column indicates whether the breach contains personally identifiable information other than credentials this might include physical addresses, phone numbers, medical data, or other personal details tenant credentials the number of credentials within that breach that match identifiers within your tenant a value of 0 means no matches were found for your tenant click on the credentials count to view them in the credentials browser search for unparsed breaches for breaches without credentials ( unparsed leaks docid\ oc9qrltimxbohtzxbvskj ), you can navigate directly to the related event in the global event feed hover over a row to view the search option which takes you directly to the corresponding unparsed leak note that this option is only available for breaches without credentials since breaches with credentials appear in the credentials browser and as leaked credentials events instead viewing breach details clicking on any row in the breaches directory opens a leak details panel, which provides additional information about the selected breach the panel displays the following additional metadata description a full description of the breach, including how it occurred, what data was exposed, and any relevant context around how the leak became public pii tags a list of the types of pii exposed in the breach this includes any information other than passwords, usernames or email addresses, such as phone numbers, medical data, or other personal details view events similar to the tenant credentials column, the view events link also opens any matching events in the credentials browser searching and filtering the breaches directory includes a search bar that allows you to quickly find a specific breach by name the directory can be also filtered by the following fields verified filter breaches by their verification status setting this to true shows only breaches that have been confirmed as legitimate by trusted sources setting this to false shows only unverified breaches whose legitimacy has not been confirmed \<font color="#4338ca">note \</font> a breach is considered verified when it has been confirmed as legitimate by trusted sources such as haveibeenpwned (hibp) or included in official lists on dark web forums credentials filter breaches by whether they contain credential data setting this to true shows only breaches where flare has ingested credential data (emails, usernames, and passwords) setting this to false shows only breaches where no credential data was exposed, though these may still contain other personal information such as physical addresses or phone numbers pii filter breaches by whether they contain personally identifiable information setting this to true shows only breaches that contain pii beyond credentials, such as physical addresses, phone numbers, or other personal details setting this to false shows only breaches with no pii sharing your filtered view once you have applied your desired search terms or filters, the url in your browser automatically updates to reflect your current view you can copy and share this url to give others a direct link to the same results without them needing to manually recreate the same view how does filtering work? the verified, credentials, and pii filters can be combined to narrow down results in the breaches directory the table below shows some common filter combinations and the results they return verified credentials pii results shown all all all all breaches true all all all verified breaches false all all all unverified breaches all true all breaches with credentials true true all verified breaches with credentials true false true verified breaches without credentials but with pii false true all unverified breaches with credentials click clear to remove any applied filters and return to the full list of breaches this will reset all active filters and restore the default view of the breaches directory