Policy center · Public docs
BreachedPolicies
Policy center
Misuse controls

Acceptable Use Policy

Rules that keep a breach-information service from being used for harassment, identity theft, scraping abuse, security probing, or victim targeting.

Updated
May 7, 2026
Footer
Optional
Intake
Optional

Do not target victims

  • Do not use Breached to identify, harass, threaten, shame, or contact individual breach victims.
  • Do not submit another person's personal data without authorization.
  • Do not combine Breached content with other data to build victim lists or identity-theft tooling.

Do not attack systems

  • Do not probe, scan, overload, exploit, reverse engineer, or bypass rate limits on Breached systems.
  • Do not upload malware, credential dumps, stolen secrets, or instructions for abusing exposed data.
  • Do not interfere with security, logging, abuse prevention, or access controls.

Do not mislead

  • Do not impersonate Breached, a law firm, a company, a regulator, or another person.
  • Do not submit false intake information or manufactured claims.
  • Do not remove source attribution when republishing short excerpts.

Enforcement

Breached may block requests, remove submissions, preserve evidence, suspend access, or report misuse when needed to protect users, victims, partners, or the service.