Investigator Use
DeHashed is a breach intelligence platform providing searchable access to leaked database contents, exposed credentials, and breach datasets. Unlike Have I Been Pwned which focuses on breach notification, DeHashed exposes the underlying data — usernames, passwords, IP addresses, names, phone numbers, and addresses — from breach datasets submitted to and indexed by the platform.
What investigators use DeHashed for: searching for leaked credentials associated with a target email or username, correlating breach exposure across multiple datasets to identify credential reuse patterns, pivoting from leaked passwords to other accounts using the same password, and investigating credential-stuffing attacks by identifying which breaches supplied the credentials.
What data DeHashed exposes: email addresses paired with plaintext or hashed passwords, usernames and associated identifiers, IP addresses from which accounts were registered or accessed, names and phone numbers linked to compromised accounts, physical addresses from data aggregator breaches, and the source breach dataset for each record.
DeHashed differentiates itself from other breach tools by providing operator search across multiple fields simultaneously. You can search by email, username, password, IP address, name, or phone number, and filter results by breach source. This makes it possible to pivot from a single email address to other accounts using the same password hash, or from a password to all accounts that shared it.
For credential investigation: if a target email appears in DeHashed with a known password, that password may have been reused on other services. Investigators can check whether the same password hash appears across multiple accounts — a technique used in fraud investigation and account takeover analysis.
Access requirements: DeHashed requires a paid subscription for most queries. A limited number of free searches are available daily. Given the sensitivity of breach data, DeHashed has terms of service restricting use to legitimate security and investigative purposes.
In a workflow: use DeHashed after establishing target email addresses or usernames from OSINT collection. Cross-reference results with Have I Been Pwned to validate breach membership and with Emailrep for additional reputation data. Always document your search rationale, as breach data is sensitive and its use is legally constrained in many jurisdictions.
Before You Pivot
Record Context
Capture the target, search terms, and why this source is relevant before you leave the page.
Preserve Evidence
Archive volatile pages, save screenshots, and keep timestamps for anything that may change.
Corroborate
Treat one tool as a lead source. Confirm important findings with independent sources.
Related Tools
Digital Traces
Breach & Leak OSINT
Digital Traces provides breach intelligence and data leak monitoring for tracking credential exposure and personal data compromises.
Git Leaks
Breach & Leak OSINT
Gitleaks scans Git repositories for hardcoded secrets, API keys, and credentials to detect accidental sensitive data exposure.
Haveibeenpwned
Breach & Leak OSINT
Have I Been Pwned allows you to check whether your email address has been exposed in a data breach.
Netdata Directory
Breach & Leak OSINT
Netdata Directory is a curated index of monitoring, network intelligence, and real-time data tools for infrastructure and OSINT research.