Frequently Asked Questions

Background

  1. What is the purpose of this site?

    The purpose of Vigilante.pw is to raise awareness about database breaches. Unfortunately, many smaller database breaches go unreported by major sources. Thus, we consider what we do to be important as it enables people to find out about which websites have been breached, giving affected website owners the chance to improve the security of their websites and notifying users that they should be wary of what details they give out when signing up for websites.

  2.  

  1. How can I check if I am in a specific database breach listed on your site?
  2. We do not link to the files containing the database breaches that that we report about, nor do we have any database breach search engine implemented. Thus, it is not possible to check if you are in the database breaches listed on our site through our site.

     

  1. Is the data on Vigilante.pw for sale?
  2. Vigilante.pw is not a commercial website. It is a non-profit website which acts as an informational directory on websites which have been hacked. All of the money gathered via donations and advertisements goes to renting hardware to process data and website costs. The data listed on Vigilante.pw is not for sale.

     

  1. Where do you find these databases?
  2. The majority of the databases we find are collected from different sources on the internet. Additionally, databases are donated to us by people who want us to verify the source of the data in question, as well as people who want to support our mission of reporting on as many data breaches as possible in order to spread awareness about the current state of cybersecurity. We do not buy data under any circumstances as we believe that this only incentivizes breaches and does not help the situation which we are trying to improve.

     

  1. What happened to the “privacy status” indicator that used to be on Vigilante.pw?
  2. The privacy status indicator was removed for many reasons. Firstly, there was and still is a great amount of disagreement surrounding the categorizing of databases based on privacy. People routinely disagree on what constitutes a “private” and a “public” database. Secondly, we felt that this indicator was only aiding people who trade data. Moreover, deciding whether thousands of databases are “public” or “private” is a very hectic task, as the privacy statuses of databases can change over time. Finally, if a database breach has occurred, it is likely that multiple people already have the database in their possession, meaning that from a security standpoint, the privacy status indicator is mostly irrelevant.

     

  1. As an internet user, how can I protect myself from database breaches?
  2. There are many preventative measures that you can take to lessen the damage caused by database breaches. It is helpful to be paranoid in this case by assuming that every website you ever sign up for will be hacked, meaning that you should take steps to secure yourself before anything potentially harmful actually occurs. This means that you should sign up to websites with random aliases, randomly generated unique passwords, masked email addresses and anonymized IP addresses through the use of a VPN or the Tor browser. You should enable two-factor authentication where possible in order to significantly lower the chances of your account being hacked. Lastly, you should be mindful of what data you share and be aware that hundreds of sites are hacked in any given hour, so at least if a website that you signed up for is hacked and you have followed the above steps, you will be in a much safer position than the majority of people affected by the same database breach.

     

  1. What is the point of the "Acknowledged?" column?
  2. The point of the "Acknowledged?" column is to provide more information about the nature of the breaches where applicable through the breached website's official announcement, and to credit the website owners who admit that their websites were breached.

     

  1. What happened to your Twitter account?
  2. Our Twitter account @Vigilante_PW was suspended in January 2020 and we received no email from Twitter regarding why we were suspended. Twitter also ignored the emails that we sent to them inquiring about why our account was suspended. We do not plan to create another Twitter account, and any Twitter accounts claiming to represent our website are not legitimate.