# XposedOrNot

| **XposedOrNot**  | **Quick Overview**                                                                                                                   |
| ---------------- | ------------------------------------------------------------------------------------------------------------------------------------ |
| URL              | <https://xposedornot.com/>                                                                                                           |
| What it does     | A breach-checking tool that tells you if an email address has been exposed in known data leaks, along with details about the breach. |
| How to use it    | Enter an email address to instantly check if it appears in public data breaches and review what data may have been exposed.          |
| Cost             | Free (with paid option for alerts/monitoring).                                                                                       |
| Account required | No.                                                                                                                                  |
| Cookies          | Mostly analytics and tracking tools (Google Analytics and Hotjar).                                                                   |
| Ownership        | Developed and maintained by Devanand Premkumar.                                                                                      |
| Use in Reporting | Useful for verifying data exposure, assessing risk, and supporting stories around breaches, cyber incidents, or personal data leaks. |

### What does XposedOrNot do?

XposedOrNot is a data breach intelligence tool. It aggregates information from publicly known breaches and lets you check whether a specific email address has been compromised.

It shows which breaches, what type of data was exposed (passwords, phone numbers, etc.), and sometimes the timeline of exposure.

**The lowdown:** It’s a quick way to understand someone’s digital exposure footprint, which can inform further investigation or risk assessment.

### How to Use:

**1. Enter the target email into the search bar then review breach results.**

<img src="/files/b1MZmLJZIA2oqPmKibHD" alt="" height="391" width="602">

**2. You can look at which breaches the email appears in, what data types were exposed, and the dates and frequency of exposure by viewing a detailed data breach report.**

<img src="/files/FA3fUthByzYTj7PSUMgX" alt="" height="293" width="602">

<img src="/files/0ldL2Sod7MM3e2bMdLIZ" alt="" height="259" width="602">

### Cost

* [ ] Free
* [x] Partially Free
* [ ] Paid

Free to use with a paid option for alerts and monitoring (with account/API).

## Data Processing

### Account Required:

* [ ] Yes
* [x] No

### Cookies:&#x20;

The cookies used are mainly analytics and tracking tools (Google Analytics and Hotjar)

### Use in Reporting

XposedOrNot is useful to:

* Confirm whether an individual or organisation has been affected by known breaches.
* Add evidence to cybersecurity or data privacy stories.
* Support risk assessments e.g. account compromise likelihood.
* Provide context around credential leaks or cyber incidents.

| **Capabilities**                                                 | **Limitations**                                |
| ---------------------------------------------------------------- | ---------------------------------------------- |
| Checks email addresses against breach databases.                 | Only includes known and indexed breaches.      |
| Identifies types of exposed data (passwords, phone numbers etc.) | Email-based (limited without a valid address). |
| Shows breach sources and timelines.                              | Data may be incomplete or outdated.            |
| Offers alerts and monitoring.                                    | Doesn’t prove current account compromise.      |
| Quick and easy to use for quick checks.                          | <p><br></p>                                    |

### Summary

XposedOrNot is a quick, accessible tool, useful as a first step in digital footprint analysis. It fits into the collection and enrichment stage of the OSINT workflow but should always be paired with context and additional verification.

### Ownership

Created and maintained by [Devanand Premkumar](https://www.linkedin.com/in/devasecurity/), a breach intelligence specialist based in Chennai, India.

### Ethical Considerations

* Only search emails you have a legitimate reason to investigate.
* Don’t use breach data for harassment, targeting, or unauthorised access.
* Be cautious about storing or sharing sensitive findings.
* Respect privacy and legal boundaries (e.g. GDPR).
* Avoid overstating risk.

### Related Tools:

* [OSINT Industries](/osint-tools/osint-industries.md)
* [Have I Been Pwned](/osint-tools/have-i-been-pwned.md)
* DeHashed
* [IntelligenceX](/osint-tools/intelligencex.md)
* BreachDirectory

#### Sources

<https://xposedornot.com/>&#x20;

<https://xposedornot.com/faq>&#x20;

<https://www.g2.com/products/xposedornot/reviews>&#x20;

<https://www.crunchbase.com/organization/xposedornot>&#x20;

<https://www.linkedin.com/in/devasecurity/>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://tools.osintnewsletter.com/osint-tools/xposedornot.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.