A "breach" is an incident where data is inadvertently exposed in a vulnerable system, usually due to insufficient access controls or security weaknesses in the software. BreachDirectory aggregates breaches and enables people to assess where their personal data has been exposed.
When you search for a username that is not an email address, you may see that name appear against breaches of sites you never signed up to. Usually this is simply due to someone else electing to use the same username as you usually do. Even when your username appears very unique, the simple fact that there are several billion internet users worldwide means there's a strong probability that most usernames have been used by other individuals at one time or another.
When you search for an email address, you may see that address appear against breaches of sites you don't recall ever signing up to. There are many possible reasons for this including your data having been acquired by another service, the service rebranding itself as something else or someone else signing you up.
BreachDirectory provides a record of which breaches an email address has appeared in regardless of whether the password has consequently been changed or not. The fact the email address was in the breach is an immutable historic fact; it cannot later be changed. If you don't want any breach to publicly appear against the address, contact me.
If you've come across a data breach which you'd like to submit, get in touch with me. Check out what's currently loaded into BreachDirectory on the breached data wells first if you're not sure whether the breach is already in the system.