Watch

Breach database quality is improving this year

A note on the state of the underlying data we read.

2026-01-02 , by Wei Chen , 2 min read

More dumps, better-categorised.

Breach databases, the legitimate, security-research-aligned ones, have got better at categorising and timestamping in the past year. We rely on three of them and cross-reference. Better categorisation means we miss less and false-positive less.

A side effect: more notes.

Clients are seeing slightly more notes from us this year because we are catching breach exposure that would have been missed twelve months ago. None of this is new exposure. It's old exposure better surfaced. The remediation is the same. Rotate where it matters, leave where it doesn't.

Continuing investment.

We add a new breach feed roughly every quarter. The job is never done.

← All field notes Speak with us →