The unique ID of the Exposure.

Title of the exposure – for breaches, the domain of the origin site. For exposures where it’s not possible to determine the origin site, we provide the title as Unknown source and include the date it was found and added to our database in parentheses.

The number of credentials found in the exposure (may be 0 for non-credentials exposures)

The date the exposure occurred, as much as is known. The value is as follows:

• null if the date is not known
• Month and day set to December 31st, if only the year is known (e.g. “2015-12-31” if Exposure date was sometime in 2015)
• Day set to the first of the month if only the month is known (e.g. “2015-06-01” if Exposure date was sometime in June 2015)
• Otherwise, exact date if exact date is known, including time

A category for the breached organization, if the exposure was a data breach. These categories correspond to the top level of the North American Industry Classification System (NAICS). Some types of data-harvesting malware (i.e. stealers, phishing, etc.) will show up under the Malware category. Large aggregated dumps of user credentials from various sources (called Combo Lists) will show up under the category Combolists.

Possible values (NAICS value):

• Unspecified
• Agriculture, Forestry, Fishing and Hunting (11)
• Mining, Quarrying, and Oil and Gas Extraction (21)
• Utilities (22)
• Construction (23)
• Manufacturing (31-33)
• Wholesale Trade (42)
• Retail Trade (44-45)
• Transportation and Warehousing (48-49)
• Information (51)
• Finance and Insurance (52)
• Real Estate and Rental and Leasing (53)
• Professional, Scientific, and Technical Services (54)
• Management of Companies and Enterprises (55)
• Administrative and Support and Waste Management and Remediation Services (56)
• Educational Services (61)
• Health Care and Social Assistance (62)
• Arts, Entertainment, and Recreation (71)
• Accommodation and Food Services (72)
• Other Services (81)
• Public Administration (92)
• Malware (N/A)
• Combolist (N/A)

Where the data was collected at. Possible values are:

• Unspecified
• Cybercrime Forums
• File Sharing Sites
• Pastes
• Messaging Services
• Private Sources
• Honeypots
• Dark Web Markets

The format of the passwords in the Exposure, e.g. “Cleartext”, “MD5”, “BCrypt”, etc.

The date the Exposure was found and added to the Enzoic database.

The number of unique email address domains in this Exposure. So, for instance, if the Exposure only contained “gmail.com” and “yahoo.com” email addresses, this number would be 2.

The number of different files there were found in this Exposure.