Dehashed Review
A breach credential database with 14+ billion records, searchable by email, username, phone, IP, domain, and hash.
Quick Verdict
Corporate security teams and OSINT investigators who need to enumerate all exposed credentials across an entire employee domain.
Pros
- + 14+ billion indexed records across thousands of breach datasets
- + Search by email, username, name, phone, IP, address, VIN, or password hash in a single query
- + Wildcard search (e.g., *@targetdomain.com) returns all exposed accounts at a domain without knowing individual addresses
- + De-hashing service recovers plaintext from MD5 and SHA1 hashes when a match exists in the database
- + Bulk domain download on Plus and above lets you export all compromised records for a target domain
- + API access on Professional tier enables automated lookups at scale
Cons
- − No free tier — the $6.49 View plan masks results, making it useless for real investigation
- − Basic plan caps at 20 searches/day and 1 domain/day, which runs out fast during active investigations
- − API is locked behind the $179.99/mo Professional tier — inaccessible for most individual practitioners
- − Database lags on newly published breaches; freshly leaked datasets often appear in IntelX or Snusbase first
- − UI hasn't been updated in years — no saved searches, no workspace, no export templates
- − No affiliate program exists
What Dehashed Is
Dehashed aggregates breach data from thousands of public sources, collecting email addresses, usernames, passwords, phone numbers, IP addresses, and physical addresses. They have over 14 billion records, dating back to the mid-2000s.
The database is a searchable archive of leaked data, with historical breach records available on demand. Users can check if their credentials have been exposed without having to dig through the data themselves.
What It's Good For
Dehashed excels at enumerating exposed accounts at a target domain. Wildcard search retrieves all email addresses and credentials from a specific domain across indexed breaches. This beats HaveIBeenPwned, which only confirms if an email was breached. Dehashed provides the full list: exposed employees, passwords or hashes, source breach. That's invaluable for corporate security or pre-engagement recon.
Dehashed lets you pivot from email to identity artifacts. Correlating data across breaches builds a comprehensive identity profile with old addresses, phone numbers, usernames from defunct forums. One query surfaces this info, eliminating manual comparisons across leak sites, which saves time.
Dehashed recovers plaintext from password hashes. If a breach only exposes hashed credentials, Dehashed checks for a match in its database, helping with credential validation during a pentest or confirming password reuse.
Dehashed helps validate if credentials from a breach affected a target. Security teams responding to a breach can query their domain to confirm employee records and retrieve exposed fields. No need to wait for vendor notifications.
Dehashed builds a username corpus for cross-platform pivoting. Collecting username variants across breaches creates a list of handles to search on social platforms, forums, gaming networks. The list is a useful asset. The approach works.
Getting Started
DeHashed Plans and Usage
The $6.49/mo View plan confirms record presence. No details are provided.
For actual investigations, you need at least the $14.99/mo Basic plan. This plan provides full record access, but with a 20 searches a day limit. Most investigators quickly hit this limit.
The $29.99/mo Plus plan offers 100 searches/day and 5 domain searches/day. This plan is the practical starting point.
To get started, subscribe and test your own domain using a wildcard search: email:*@yourdomain.com. This reveals what information is available and helps identify internal blind spots.
API Access
The $179.99/mo Professional plan includes API access. The API uses standard REST. To use the API, pass your API key in the header.
An example API query is:
curl -H "DeHashed-Email: your@email.com" \
-H "DeHashed-Key: YOUR_API_KEY" \
"https://api.dehashed.com/search?query=email%3A%22target%40example.com%22&size=100"
A wildcard domain search can be performed with:
email:*@targetdomain.com
Search by username:
username:jsmith84
Search by password hash:
hashed_password:5f4dcc3b5aa765d61d8327deb882cf99
Search by IP address:
ip_address:192.168.1.100
Dehashed Search Operators
Dehashed allows you to query by specific fields. You can search one field at a time or combine multiple fields. That's it.
| Operator | Example | Purpose |
|---|---|---|
email: |
email:john@example.com |
Match a specific email address |
email:*@domain |
email:*@company.com |
All exposed accounts at a domain (wildcard) |
username: |
username:jsmith84 |
Match a username across all breaches |
name: |
name:"John Smith" |
Match by full or partial name |
phone: |
phone:5551234567 |
Match a phone number |
ip_address: |
ip_address:45.33.32.156 |
Match an IP address |
address: |
address:"123 Main St" |
Match a physical address |
vin: |
vin:1HGBH41JXMN109186 |
Match a vehicle identification number |
hashed_password: |
hashed_password:5f4dcc3b... |
Reverse-lookup a password hash |
password: |
password:hunter2 |
Find all accounts using a specific password |
Queries without a field operator search all fields.
Pricing
| Plan | Price | Searches/Day | Domains/Day | Key Features |
|---|---|---|---|---|
| View | $6.49/mo | Limited | — | Masked results (values hidden) |
| Basic | $14.99/mo | 20 | 1 | Full results, no bulk download |
| Plus | $29.99/mo | 100 | 5 | Bulk domain download, export |
| Professional | $179.99/mo | 1,000 | 30 | API access, bulk download |
| Investigator | $289.99/mo | 5,000 | 100 | Highest volume, API access |
Individual practitioners often begin with the Plus plan, priced at $29.99/mo. The Professional plan, which costs $179.99/mo, is necessary only if automated workflows rely on the API, offering that as its main value.
Limitations
We don't have an affiliate program with Dehashed, and our recommendation is based on merit.
The Basic plan from Dehashed is a letdown. With only twenty searches per day, it may seem reasonable at first, but when working a case with multiple subjects, each with several email variants and usernames, Basic just won't cut it. It's clearly designed to upsell, so it's best to pay for the Plus plan from the start.
Dehashed's database takes time to update. New breach data typically circulates publicly before it appears on Dehashed. IntelX and Snusbase often get it days or weeks before Dehashed. For urgent work after a major breach, Dehashed might not have the data you need yet.
The price jump for API access is too steep. The Plus plan costs $29.99/mo, while the Professional plan costs $179.99/mo. That's a sixfold increase just for API access. If you're working solo, LeakCheck or Snusbase might be more suitable, as they offer API access at lower tiers.
Dehashed excels with historical data. Credentials from older breaches are likely expired. The real value lies in identity pieces: usernames, email variants, phone numbers, addresses. These help build a picture. Passwords are just a small part; they're usually rotated out quickly.
Alternatives
- HaveIBeenPwned — Free, searches by email only, returns breach names but no plaintext credentials or usernames. Use it for quick confirmation that a specific address was exposed; use Dehashed when you need the actual credential data or need to search by non-email identifiers.
- IntelX (Intelligence X) — Broader data types including documents, pastes, and dark web content alongside breach records; higher price starting at ~$9/mo for basic access with Phonebook.cz included. Choose IntelX when you need breach data plus document/paste search in one platform, or when Dehashed hasn't yet indexed a recent breach.
- Snusbase — Similar breach database, smaller overall record count but often indexes new breaches faster than Dehashed; API available at lower price points. Use Snusbase when budget is a constraint and API access matters more than raw database size.
- LeakCheck — API-first breach lookup with a lower entry price for automation use cases. Use it when you're building an automated credential-check workflow and Professional at $179.99/mo isn't justifiable.
- Spycloud — Enterprise-grade credential monitoring with active alerting and remediation workflows; priced for security teams, not individual analysts. Use Spycloud when you need continuous monitoring with SLA-backed response, not one-off lookups.
Verdict
Dehashed is worth $29.99/mo (Plus) for those who regularly deal with credential exposure in investigations or security. The wildcard domain search feature provides a full list of accounts with credentials across a domain — a capability that no free tool matches. The Basic tier ($14.99/mo) is too limited, with a daily search cap that gets frustrating quickly. Casual users can try HaveIBeenPwned for free, with email confirmation, or Snusbase for cheaper full data.
See Also
Further Reading
Tool Relationships
Similar Tools
Have I Been Pwned
The fastest way to confirm whether an email address appears in known data breaches — free, accurate, and maintained by a single researcher who vets every dataset.
Arkham Intel
On-chain intelligence platform that deanonymizes blockchain addresses and maps crypto fund flows
ShadowDragon
Social media intelligence and OSINT automation for law enforcement and enterprise
Social Links
Enterprise OSINT platform with 500+ data sources and 1,700+ investigative methods for social media, dark web, and blockchain investigation
Community Rating
Ratings from security researchers. No third-party tracking.
Rate this tool:
This review reflects testing as of 2026-04-02. OSINT tools change frequently — check the vendor's current documentation for pricing and feature updates. Report an error →