Frequently Asked Questions
What is Scattered Secrets?
All kinds of online services get hacked. This includes services that you might be using. Scattered Secrets is a password breach notification and prevention service. We continuously collect publicly available hacked databases and crack the corresponding passwords. Verified account owners can access their own information and take appropriate action to keep their accounts safe.

What makes the service unique?
We crack new passwords 24/7 using high-end dedicated hardware and advanced algorithms, continuously improving the quality of our services. Related services like 'Have I Been Pwned?' do not provide password details of your breached accounts: in many cases a hit just means that your email address is in a SPAM list and no passwords were stolen or passwords are not crackable. Without passwords it is difficult or impossible to assess the real-life risk. Other search engines we are aware of that do provide you with passwords, are typically based on one large collection of already cracked passwords of unknown origin. As a result, you do not know where your account was stolen and thus what services are affected. Furthermore, using one static list - without updates - is not future-proof.

Our actionable data is based on many hundreds of sources of known origin and we add new data on a regular basis. This keeps you safe, today and in the future.

Why the passwords?
For you and your family: you might have forgotten an old account but still use the same password elsewhere to access other services. Without knowing the actual password, it remains unclear which services are affected and where you need to change your password to avoid abuse.

For your business: people often use similar passwords for different accounts: 'Password1', 'Password2’ etc. For hackers it is far easier to crack a password that is similar to a password that has already been cracked. Especially if it is used for the same account or in the same domain. Without knowing the breached passwords, you are unable to prevent the use of similar passwords. Furthermore, if a default or commonly used password was breached via a single company account, you can protect the entire organization by taking appropriate action for other accounts that use the same password. This includes adding the breached password to a password blacklist and investigate if misuse has occurred.

How to limit the risk of hackers taking over accounts?
Never ever reuse a password. Use a secure and unique password for every single one of your accounts. If you are using the same password on multiple sites, you are a much easier target.

What about data protection (GDPR)?
The main purpose of our data processing is to give individuals and organizations a tool to detect password breaches. By providing our services, users can prevent possible future data leaks and hacks.

All breach data we collect is already available in the public domain, the bad guys already have it. We process only the personal data that is necessary to fulfill the purpose of providing a tool for password breach detection: email addresses and corresponding logon details. We do not use or share your data with third parties for marketing purposes and do not send you unsolicited communications for marketing purposes.

We do not make personal data public. Cracked passwords can only be accessed after approval of the verified account owner. No approval, no access. Previously authorized access can always be revoked. You have got the right to be forgotten. For more details, please refer to our Privacy Notice.

Who are we?
We are a team of Dutch IT security professionals. We have got a 'Big Four' background and many years of valuable experience in IT forensics, incident response and penetrations testing, working for many Fortune 500 companies around the globe. Scattered Secrets ('Scattered Secrets BV', chamber of commerce ID 68867530) is located in Amsterdam, The Netherlands. All our servers are located in the European Union (EU).

Other questions?
Please do not be shy and contact us!