Get leak information by ID

curl --request POST \
  --url https://api.projectdiscovery.io/v1/leaks/info \
  --header 'Content-Type: application/json' \
  --header 'X-API-Key: <api-key>' \
  --data '
{
  "leakid": "b3652f2555841f7652badd9804859f4e"
}
'

{
  "success": true,
  "data": {
    "id": "<string>",
    "url": "<string>",
    "username": "<string>",
    "password": "<string>",
    "device_ip": "<string>",
    "hostname": "<string>",
    "os": "<string>",
    "malware_path": "<string>",
    "country": "<string>",
    "log_date": "<string>",
    "hardware_id": "<string>",
    "domain": "<string>",
    "email_domain": "<string>",
    "fetched_at": "<string>",
    "status": "<string>"
  }
}

POST

leaks

info

Get leak information by ID

curl --request POST \
  --url https://api.projectdiscovery.io/v1/leaks/info \
  --header 'Content-Type: application/json' \
  --header 'X-API-Key: <api-key>' \
  --data '
{
  "leakid": "b3652f2555841f7652badd9804859f4e"
}
'

{
  "success": true,
  "data": {
    "id": "<string>",
    "url": "<string>",
    "username": "<string>",
    "password": "<string>",
    "device_ip": "<string>",
    "hostname": "<string>",
    "os": "<string>",
    "malware_path": "<string>",
    "country": "<string>",
    "log_date": "<string>",
    "hardware_id": "<string>",
    "domain": "<string>",
    "email_domain": "<string>",
    "fetched_at": "<string>",
    "status": "<string>"
  }
}

Overview

Retrieve detailed information for a specific leak by its ID. This endpoint provides access to complete leak details with optional password and email unmasking based on your permissions and domain verification.

Authentication & Authorization

Access Control

Personal leaks: Always accessible if the leak belongs to your email
Employee/Customer leaks: Requires domain verification for the associated domain
Password unmasking: Requires domain verification
Customer leak privacy: Passwords are never unmasked for customer leaks (privacy protection)

Leak ID Format

The leak ID must be a 32-character MD5 hash (e.g., b3652f2555841f7652badd9804859f4e).

Request Body

{
  "leakid": "b3652f2555841f7652badd9804859f4e"
}

Response Examples

Successful Response

{
  "success": true,
  "data": {
    "id": "b3652f2555841f7652badd9804859f4e",
    "url": "https://facebook.com/login",
    "username": "john.doe@example.com",
    "password": "mypassword123",
    "device_ip": "192.168.1.100",
    "hostname": "JOHN-LAPTOP",
    "os": "Windows 10 Pro",
    "malware_path": "C:\\Users\\John\\AppData\\Roaming\\malware.exe",
    "country": "United States",
    "log_date": "2023-03-15T10:30:00Z",
    "hardware_id": "HW-ABC123DEF456",
    "domain": "example.com",
    "email_domain": "example.com",
    "fetched_at": "2023-03-16T08:00:00Z",
    "status": "open"
  }
}

Error Responses

Invalid Leak ID Format

{
  "success": false,
  "message": "Invalid leak ID format"
}

Leak Not Found

{
  "success": false,
  "message": "Leak not found"
}

Access Denied

{
  "message": "Access denied: you don't have access to this leak"
}

Data Fields Explained

Field	Description
`id`	Unique 32-character MD5 hash identifier
`url`	The website/service where credentials were compromised
`username`	Username or email address (always unmasked if authorized)
`password`	Password (masked/unmasked based on permissions)
`device_ip`	IP address of the compromised device
`hostname`	Computer/device hostname
`os`	Operating system information
`malware_path`	File path of the malware that captured the credentials
`country`	Geographic location of the compromise
`log_date`	When the credentials were captured
`hardware_id`	Unique hardware identifier
`domain`	Domain associated with this leak (for filtering)
`email_domain`	Domain extracted from the email address
`fetched_at`	When this leak was discovered/indexed
`status`	Current status (`open` or `fixed`)

Password Unmasking Rules

When Passwords Are Unmasked

Personal leaks: Always unmasked for the account owner
Employee leaks: Unmasked with domain verification
Customer leaks: Never unmasked (privacy protection)

When Passwords Are Masked

Shows as ***MASKED*** when access is not authorized
Customer leak passwords are always masked for privacy protection

Usage Examples

Get leak information

curl -X POST "https://api.projectdiscovery.io/v1/leaks/info" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "leakid": "b3652f2555841f7652badd9804859f4e"
  }'

Security Considerations

Privacy Protection

Customer leak passwords are never exposed to maintain customer privacy
Access is strictly controlled based on domain verification
All access attempts are logged for security auditing

Data Sensitivity

Leak information contains sensitive credential data
Ensure secure handling and storage of retrieved information
Consider implementing additional encryption for stored leak details

Rate Limiting

This endpoint may have rate limits to prevent abuse
Implement proper error handling for rate limit responses

Authorizations

X-API-Key

string

header

required

Body

application/json

leakid

string

required

32-character MD5 hash identifying the leak

Pattern: ^[a-fA-F0-9]{32}$

Example:

"b3652f2555841f7652badd9804859f4e"

Response

Leak information retrieved successfully

success

boolean

Example:

true

data

object

Show child attributes

Export leaked credentials Your POST endpoint

⌘I

Documentation Index

​Overview

​Authentication & Authorization

​Access Control

​Leak ID Format

​Request Body

​Response Examples

​Successful Response

​Error Responses

​Invalid Leak ID Format

​Leak Not Found

​Access Denied

​Data Fields Explained

​Password Unmasking Rules

​When Passwords Are Unmasked

​When Passwords Are Masked

​Usage Examples

​Get leak information

​Security Considerations

​Privacy Protection

​Data Sensitivity

​Rate Limiting