Alternate-Style Exposures API
An Exposure refers to any unintended release of user credentials on the Internet. This could be due to a data breach at a site, malware that has captured user credentials, a phishing site which has been capturing user credentials, etc. An Exposure occurs when this stolen credential data is then posted or shared in some public or private venue. Enzoic routinely scours the web looking for this data and catalogues it into its database. Every time a new list of credentials is found, this is added as a new Exposure in our database.
The Alternate-Style Exposures API allows you to lookup information on credentials Exposures (which were known in Pwnedlist as Leaks) and obtain the detailed information about each Exposure, using an API format similar to that of the original Pwnedlist API.
Available Calls
- Exposures by Date Range
Returns all of the credentials Exposures (AKA Leaks) that have been found since a specified number of days in the past. - Exposure Details
Returns the detailed information for a Exposure (AKA Leak).
POST – Exposures by Date Range
https://api.passwordping.com/exposures
Returns all of the credentials Exposures (aka Leaks) that have been found back to a specified number of days in the past, up to a maximum of 200 entries.
See Using Enzoic for general instructions on using the API.
Request
| Parameter | Type | Description |
|---|---|---|
| daysAgo | integer | Specifies a number of days in the past. All Exposures catalogued since that date will be returned, up to a max of 200 entries. |
Response
| Response | Description |
|---|---|
| 200 | The associated Exposures are in the response body |
Response Body
The response body contains an array of the Exposure IDs this user has associated with it. These IDs can be used with the Exposure Details API to get additional information about each Exposure.
| Member | Type | Description |
|---|---|---|
| count | integer | The number of items in the leaks array |
| leaks | LeakDetails[] | An array of LeakDetails[] |
LeakDetails:
| Member | Type | Description |
|---|---|---|
| leak_id | string | The ID of the Exposure |
| title | string | Title of the exposure – for breaches, the domain of the origin site |
| num_entries | integer | The number of credentials found in the exposure |
| leak_date | date | The date the exposure occurred, as much as is known. The value is as follows:
|
| passwordType | string | The format of the passwords in the Exposure, e.g. “Cleartext”, “MD5”, “BCrypt”, etc. |
| compromisedData | string[] | An array of the types of user data which were present in the Exposure, e.g. “Emails”, “Passwords”, “Physical Addresses”, “Phone Numbers”, etc. |
| import_date | date | The date the Exposure was found and added to the Enzoic database. |
| attackers | string[] | Array containing information about the attackers |
| media_refs | string[] | Links to any relevant media articles on the exposure |
| source_refs | string[] | An array of URLs the data was found at. Only present for some types of Exposures. |
| target_industries | string[] | An array of industries which were affected. |
| num_domains_affected | integer | The number of unique email address domains in this Exposure. So, for instance, if the Exposure only contained “gmail.com” and “yahoo.com” email addresses, this number would be 2. |
Example
Request
curl --header "authorization: basic {your auth string}" --data "daysAgo=1" "https://api.passwordping.com/exposures"
Response
{
"count": 1,
"leaks": [
{
"leak_id": "58b4618a4eb6d812f04faef4",
"title": "Unknown dark web leak 2017-02-28T00:27:37.000Z",
"num_entries": 20,
"leak_date": "2017-02-28T00:27:37.000Z",
"passwordType": "Cleartext",
"compromisedData": [
"Emails",
"Passwords"
],
"import_date": "2017-02-27T17:27:38.000Z",
"attackers": [],
"media_refs": [],
"source_refs": [],
"target_industries": [
"Dark Web Leak"
],
"num_domains_affected": 8
}
]
}
POST – Exposure Details
https://api.passwordping.com/exposures
Returns the detailed information for a credentials Exposure.
See Using Enzoic for general instructions on using the API.
Request
| Parameter | Type | Description |
|---|---|---|
| leak_id | string | The ID of the Exposure |
Response
| Response | Description |
|---|---|
| 200 | The response body contains the details of the Exposure |
| 404 | The requested Exposure was not found |
Response Body
| Member | Type | Description |
|---|---|---|
| leak_id | string | The ID of the Exposure |
| title | string | Title of the exposure – for breaches, the domain of the origin site |
| num_entries | integer | The number of credentials found in the exposure |
| leak_date | date | The date the exposure occurred, as much as is known. The value is as follows:
|
| passwordType | string | The format of the passwords in the Exposure, e.g. “Cleartext”, “MD5”, “BCrypt”, etc. |
| compromisedData | string[] | An array of the types of user data which were present in the Exposure, e.g. “Emails”, “Passwords”, “Physical Addresses”, “Phone Numbers”, etc. |
| import_date | date | The date the Exposure was found and added to the Enzoic database. |
| attackers | string[] | Array containing information about the attackers |
| media_refs | string[] | Links to any relevant media articles on the exposure |
| source_refs | string[] | An array of URLs the data was found at. Only present for some types of Exposures. |
| target_industries | string[] | An array of industries which were affected. |
| num_domains_affected | integer | The number of unique email address domains in this Exposure. So, for instance, if the Exposure only contained “gmail.com” and “yahoo.com” email addresses, this number would be 2. |
Example
Request
curl --header "authorization: basic {your auth string}" --data "leak_id=57dc11964d6db21300991b78" "https://api.passwordping.com/exposures"
Response
{
"count": 1,
"leaks": [
{
"leak_id": "57dc11964d6db21300991b78",
"title": "funsurveys.net",
"num_entries": 5123,
"leak_date": "2015-05-01T00:00:00.000Z",
"passwordType": "Cleartext",
"compromisedData": [
"Emails",
"Passwords"
],
"import_date": "2016-09-16T15:36:54.000Z",
"attackers": [],
"media_refs": [],
"source_refs": [],
"target_industries": [
"Surveys"
],
"num_domains_affected": 683
}
],
}