Skip to main content


Read about the basics of User Intel

Quick View

What it doesChecks if any Personally Identifiable Information (PII) data and credentials specified have been exposed by a hack or attack.
Supported Languages
  • Check if a user's PII or credentials have been compromised
  • Retrieve a detailed intelligence report for a user’s PII or credentials
Supported Providers

About User Intel service

The User Intel service allows you to check a large repository of breach data to see if a user’s PII or credentials have been compromised. This data is indexed and can be looked up by:

  • Username
  • Phone
  • Email
  • Password

Purpose of User Intel service

Understanding whether a user’s credentials or personal information have appeared in a recent breach can be extremely valuable in protecting your application and users. By identifying compromised credentials during account creation, you can prevent bad actors from creating false accounts on your application. In addition, informing users of breached credentials will help build trust between you and your users. This means you’re helping them improve their security while also ensuring your application is used only by legitimate credential owners.

Here are some of the helpful fields returned by the User Intel service:


The objects nested under data will indicate if a user’s data has been involved in a breach and how many times the user’s data has been involved in said breaches.

  • found_in_breach - A flag indicating if there was any match to the hash prefix. A prefix only applies to passwords. This parameter can return whatever criteria you were looking up.

  • breach_count - Total number of instances of the prefix found in breach data. Prefix may be found multiple times in a single breach incident.

summaryA summary is a string indicating if a result was found or not.

Raw data returned by the provider you specified in the API request. You can investigate the raw data if it’s meaningful to your use case or if you want to supply it to your users. You must set the raw field to true to receive this data.

Use Cases

Understanding the breach status of a user account can be useful in various ways.

Common use cases include:

  • Blocking or requiring extra confirmation steps during the user signup flow. When a user is signing up for an account you can use the User Intel service to understand if the user account information has been involved in a recent breach. This information can indicate to your application if additional steps must be taken before you allow the account to be created. This helps prevent bad actors from creating accounts with compromised credentials.

  • Protecting user accounts from future compromise by informing them of breached passwords during account creation. You can incorporate User Intel while your user is creating a password-based account. When the user attempts to use a password, you can use the secure User Intel service to discern whether that password has been used in a recent breach.

Was this article helpful?

Contact us