Know the moment your email address surfaces in a breach. Not weeks later.

Breachtide correlates four independent breach intelligence feeds for every email address you verify, hashes the result, and delivers a graded alert only when the picture genuinely changes. No noise. No duplicate notifications. No surveillance of addresses you do not own.

Start monitoringSee the coverage
Four-source correlation Hash-based change detection HMAC-signed webhooks Verification-gated scans Single-tenant data isolation Crypto payments, no KYC
24B+
Leaked records under correlation
3,500+
Breach sources tracked
4
Independent intelligence feeds
5min
Sweep to alert ceiling
Coverage

Four independent feeds. One coherent intelligence stream.

Most monitoring tools surface a single public index. Breachtide cross-references four independent feeds, deduplicates the overlap, and ranks the result by what actually matters to a defender: whether a usable credential is now in circulation.

01 / 04
Archive

Historical breach archives

Decades of compiled breach corpora indexed by exact email address. The first place to confirm whether a credential set has ever been exposed.

emailusernamehashsource_db
02 / 04
Combolists

Live credential combolists

Active stuffing combolists harvested from forums and chat dumps. The earliest reliable signal that a working password is in circulation.

emailplaintextfirst_seen
03 / 04
Public index

Public breach index

A continuously refreshed index of disclosed breaches. Names the source database and the earliest known appearance of the address.

breach_namedatefields
04 / 04
Enriched

Field-level breach detail

On a confirmed hit, the enriched lookup returns the exact values that leaked: passwords, hashes, government ID, address, phone. Encrypted at rest for 90 days, visible on every paid plan. The Free tier sees the field categories without the values themselves.

passworddobaddressipphone
Signal, not noise

The same breach across three feeds becomes one alert.

Each sweep produces a sorted, hashed result. If the hash matches the previous sweep, nothing happens. If it changes, the delta is classified by severity and sent once, with the exact fields that newly appeared and a dashboard link to inspect the rest.

< 5 min from sweep to alert 30-day alert history
  • Critical
    A working password is now in circulation. Rotate immediately. This is the alert that matters most.
  • Warning
    A new sensitive field appeared. Date of birth, physical address, phone, or government ID tied to the monitored address.
  • Info
    A new source database appeared, but no sensitive values were exposed. Useful context, no action required.
Intelligence pipeline

From sign-up to first alert in under five minutes.

Every step is recorded, signed, and replay-safe. The same sequence runs whether the cadence is weekly, daily, or twice-weekly priority.

01

Verify ownership

A one-time confirmation link goes to the inbox. Without that click, no sweep ever runs.

02

Sweep all sources

Each verified address is queried across four independent feeds on a per-plan cadence.

03

Hash and compare

The sorted result is hashed against the previous sweep. Identical hash, no alert.

04

Classify and deliver

A change is graded by severity and sent once, with the exact fields that newly appeared.

Alert payload

Structured, signed, and ready for downstream automation.

Webhook deliveries are signed with HMAC-SHA256 against a per-account secret you rotate at any time. Email deliveries land in plain prose with the same field-level detail. Either format names the source, the delta, and the fields that newly appeared.

  • JSON body with stable schema and versioned event names
  • X-Breachtide-Signature header for every webhook
  • Idempotent retry on receiver failure with exponential backoff
  • 30-day audit log of every delivery attempt
POST / webhook delivery severity = critical
// POST {your_webhook_url}
// header: X-Breachtide-Signature: sha256=<hmac>
{
  "event": "alert.created",
  "severity": "critical",
  "address": "[email protected]",
  "source": "combolist",
  "summary": "new plaintext password in circulation",
  "delta": {
    "previous_count": 3,
    "new_count": 4,
    "new_source_dbs": ["forum.dump.2026-04"],
    "newly_exposed_fields": ["password"],
    "has_new_plaintext": true,
    "is_first_scan": false
  },
  "observed_at": "2026-05-07T14:22:08Z",
  "dashboard_url": "https://breachtide.com/dashboard/emails/me_0193..."
}
Who uses Breachtide

Designed for the people who own the inbox.

Breachtide does not let you scan email addresses you cannot prove ownership of. Every monitored address starts with a one-time confirmation link delivered to that inbox.

Founders and executives

High-value targets for credential stuffing and account takeover. Continuous coverage across the email addresses tied to your name and your companies.

  • Personal, work, and alias addresses in one feed
  • Critical-severity alert the moment a working password leaks
  • Webhook delivery into existing on-call rotations

Journalists and researchers

Source-protection workflows depend on knowing immediately when a sensitive address surfaces in a leak. No bulk lookups, no scraping a target list.

  • Verification gating prevents misuse against third parties
  • Distinct dashboards per investigation
  • Audit-ready alert history retained for thirty days

Households and personal accounts

A single dashboard for every address you actively use. Family accounts, banking aliases, recovery inboxes, all monitored on one bill.

  • Up to thirty-five verified addresses per account
  • Plain-language alerts that name what changed
  • Cancel and export at any time
Delivery

Three integration paths. Pick what fits.

Email

All plans

Plain-language alerts to the notification address you set. Includes the field-level detail when your plan permits it, redacted otherwise.

Webhook

Pro & Business

Signed JSON delivery into your endpoint of choice. Per-account HMAC secret, rotate from settings, retried with backoff on 5xx.

API key

Pro & Business

Read-only API for pulling current scan state and alert history into a SIEM or in-house dashboard. Token-prefixed, scoped, revocable.

Payment

Crypto checkout. No card, no banking trail.

Pay in Bitcoin, Ethereum, USDT, and other chains through OxaPay. Works for every paid plan, on monthly or annual billing.

Crypto via OxaPay

All plans

Pay in BTC, ETH, USDT, TRX, and other supported chains. Each invoice settles a fixed billing period; renewal is a fresh invoice, never an automatic pull from a wallet. No card data, no banking trail.

Built for the privacy-conscious

By design

The only personal data Breachtide stores is the verified email address you ask it to monitor. Crypto checkout means even the billing identity stays off the books.

Start monitoring an email address tonight.

No credit card to sign up. The free tier covers one verified email address. Upgrade only when you need more capacity.

Create an accountCompare plans