The primary purpose of Vigilante.pw is to raise awareness about database breaches. Unfortunately, the media do not report on the majority of data breaches as they are primarily concerned with content that will generate the greatest amount of traffic for their websites. Thus, we consider what we do to be important as it enables people to find out about which websites have been breached, giving affected website owners the chance to improve the security of their websites and notifying users that they should be wary of what details they give out when signing up for websites.
At the moment, we have no infrastructure in place for this to be possible. However, it is possible that we will introduce such a feature at some point in the future which, if introduced, will be designed in such a way to prevent abuse. Thus, malicious users will not be able to abuse the potential data lookup engine of Vigilante.pw in order to cause harm to affected users, unlike the massive damage caused by commercial data lookup sites.
Vigilante.pw is not a commercial website. It is a non-profit website which acts as an informational directory on websites which have been hacked. All of the money gathered via donations and advertisements goes to renting hardware to process data and website costs. We do not sell databases to people because we feel that it is too much of a risk because the majority of people buying databases are doing so for what we consider to be unfavourable and non-beneficial causes, such as cracking accounts and advertising on a mass scale (spamming). Furthermore, we do not wish to aid people who trade, resell or leak databases as we believe that they are causing more harm than good.
Unfortunately, a lot of these breached databases are found on the internet which means that not only is data routinely landing in the hands of hackers, but also in the hands of malicious internet users who use public download links of databases to cause harm in one way or another. Additionally, a large number of databases are donated to us by people who want us to verify the source of the data in question, as well as people who want to support our mission of reporting on as many data breaches as possible in order to spread awareness about the current state of cybersecurity. We do not buy data under any circumstances as we believe that this only incentivizes breaches and does not help the situation which we are trying to improve.
The privacy status indicator was removed for many reasons. Firstly, there was and still is a great amount of disagreement surrounding the categorizing of databases based on privacy. People routinely disagree on what constitutes a “private” and a “public” database. Secondly, we felt that this indicator was only aiding people who trade data. Moreover, deciding whether thousands of databases are “public” or “private” is a very hectic task, as the privacy statuses of databases can change over time. Finally, if a database breach has occurred, it is likely that multiple people already have the database in their possession, meaning that from a security standpoint, the privacy status indicator is mostly irrelevant.
There are many preventative measures that you can take to lessen the damage caused by database breaches. It is helpful to be paranoid in this case by assuming that every website you ever sign up for will be hacked, meaning that you should take steps to secure yourself before anything potentially harmful actually occurs. This means that you should sign up to websites with random aliases, randomly generated unique passwords, masked email addresses and anonymized IP addresses through the use of a VPN or the Tor browser. You should enable two-factor authentication where possible in order to significantly lower the chances of your account being hacked. Lastly, you should be mindful of what data you share and be aware that hundreds of sites are hacked in any given hour, so at least if a website that you signed up for is hacked and you have followed the above steps, you will be in a much safer position than the majority of people affected by the same database breach.
Email: Vigilante.pw [ AT ] protonmail.com
XMPP: keen [ AT ] xmpp.is