Early access: New content posts daily — updates are frequent and you may notice work in progress.
OSINTBench
Dehashed logo

Dehashed Review

A breach credential database with 14+ billion records, searchable by email, username, phone, IP, domain, and hash.

3.8/5
paid $0.02/query / 100 API credits for $3 / Tiered plans available Professional Standard review Reviewed 2026-04-02
Affiliate disclosure: OSINTBench may earn a commission if you purchase through links on this page, at no extra cost to you. Affiliate relationships do not influence our ratings or recommendations. Full policy →

Quick Verdict

Corporate security teams and OSINT investigators who need to enumerate all exposed credentials across an entire employee domain.

Pros

  • + 14+ billion indexed records across thousands of breach datasets
  • + Search by email, username, name, phone, IP, address, VIN, or password hash in a single query
  • + Wildcard search (e.g., *@targetdomain.com) returns all exposed accounts at a domain without knowing individual addresses
  • + De-hashing service recovers plaintext from MD5 and SHA1 hashes when a match exists in the database
  • + Bulk domain download on Plus and above lets you export all compromised records for a target domain
  • + API access on Professional tier enables automated lookups at scale

Cons

  • No free tier — the $6.49 View plan masks results, making it useless for real investigation
  • Basic plan caps at 20 searches/day and 1 domain/day, which runs out fast during active investigations
  • API is locked behind the $179.99/mo Professional tier — inaccessible for most individual practitioners
  • Database lags on newly published breaches; freshly leaked datasets often appear in IntelX or Snusbase first
  • UI hasn't been updated in years — no saved searches, no workspace, no export templates
  • No affiliate program exists

What Dehashed Is

Dehashed aggregates breach data from thousands of public sources, collecting email addresses, usernames, passwords, phone numbers, IP addresses, and physical addresses. They have over 14 billion records, dating back to the mid-2000s.

The database is a searchable archive of leaked data, with historical breach records available on demand. Users can check if their credentials have been exposed without having to dig through the data themselves.

What It's Good For

Dehashed excels at enumerating exposed accounts at a target domain. Wildcard search retrieves all email addresses and credentials from a specific domain across indexed breaches. This beats HaveIBeenPwned, which only confirms if an email was breached. Dehashed provides the full list: exposed employees, passwords or hashes, source breach. That's invaluable for corporate security or pre-engagement recon.

Dehashed lets you pivot from email to identity artifacts. Correlating data across breaches builds a comprehensive identity profile with old addresses, phone numbers, usernames from defunct forums. One query surfaces this info, eliminating manual comparisons across leak sites, which saves time.

Dehashed recovers plaintext from password hashes. If a breach only exposes hashed credentials, Dehashed checks for a match in its database, helping with credential validation during a pentest or confirming password reuse.

Dehashed helps validate if credentials from a breach affected a target. Security teams responding to a breach can query their domain to confirm employee records and retrieve exposed fields. No need to wait for vendor notifications.

Dehashed builds a username corpus for cross-platform pivoting. Collecting username variants across breaches creates a list of handles to search on social platforms, forums, gaming networks. The list is a useful asset. The approach works.

Getting Started

DeHashed Plans and Usage

The $6.49/mo View plan confirms record presence. No details are provided.

For actual investigations, you need at least the $14.99/mo Basic plan. This plan provides full record access, but with a 20 searches a day limit. Most investigators quickly hit this limit.

The $29.99/mo Plus plan offers 100 searches/day and 5 domain searches/day. This plan is the practical starting point.

To get started, subscribe and test your own domain using a wildcard search: email:*@yourdomain.com. This reveals what information is available and helps identify internal blind spots.

API Access

The $179.99/mo Professional plan includes API access. The API uses standard REST. To use the API, pass your API key in the header.

An example API query is:

curl -H "DeHashed-Email: your@email.com" \
     -H "DeHashed-Key: YOUR_API_KEY" \
     "https://api.dehashed.com/search?query=email%3A%22target%40example.com%22&size=100"

A wildcard domain search can be performed with:

email:*@targetdomain.com

Search by username:

username:jsmith84

Search by password hash:

hashed_password:5f4dcc3b5aa765d61d8327deb882cf99

Search by IP address:

ip_address:192.168.1.100

Dehashed Search Operators

Dehashed allows you to query by specific fields. You can search one field at a time or combine multiple fields. That's it.

Operator Example Purpose
email: email:john@example.com Match a specific email address
email:*@domain email:*@company.com All exposed accounts at a domain (wildcard)
username: username:jsmith84 Match a username across all breaches
name: name:"John Smith" Match by full or partial name
phone: phone:5551234567 Match a phone number
ip_address: ip_address:45.33.32.156 Match an IP address
address: address:"123 Main St" Match a physical address
vin: vin:1HGBH41JXMN109186 Match a vehicle identification number
hashed_password: hashed_password:5f4dcc3b... Reverse-lookup a password hash
password: password:hunter2 Find all accounts using a specific password

Queries without a field operator search all fields.

Pricing

Plan Price Searches/Day Domains/Day Key Features
View $6.49/mo Limited Masked results (values hidden)
Basic $14.99/mo 20 1 Full results, no bulk download
Plus $29.99/mo 100 5 Bulk domain download, export
Professional $179.99/mo 1,000 30 API access, bulk download
Investigator $289.99/mo 5,000 100 Highest volume, API access

Individual practitioners often begin with the Plus plan, priced at $29.99/mo. The Professional plan, which costs $179.99/mo, is necessary only if automated workflows rely on the API, offering that as its main value.

Limitations

We don't have an affiliate program with Dehashed, and our recommendation is based on merit.

The Basic plan from Dehashed is a letdown. With only twenty searches per day, it may seem reasonable at first, but when working a case with multiple subjects, each with several email variants and usernames, Basic just won't cut it. It's clearly designed to upsell, so it's best to pay for the Plus plan from the start.

Dehashed's database takes time to update. New breach data typically circulates publicly before it appears on Dehashed. IntelX and Snusbase often get it days or weeks before Dehashed. For urgent work after a major breach, Dehashed might not have the data you need yet.

The price jump for API access is too steep. The Plus plan costs $29.99/mo, while the Professional plan costs $179.99/mo. That's a sixfold increase just for API access. If you're working solo, LeakCheck or Snusbase might be more suitable, as they offer API access at lower tiers.

Dehashed excels with historical data. Credentials from older breaches are likely expired. The real value lies in identity pieces: usernames, email variants, phone numbers, addresses. These help build a picture. Passwords are just a small part; they're usually rotated out quickly.

Alternatives

  • HaveIBeenPwned — Free, searches by email only, returns breach names but no plaintext credentials or usernames. Use it for quick confirmation that a specific address was exposed; use Dehashed when you need the actual credential data or need to search by non-email identifiers.
  • IntelX (Intelligence X) — Broader data types including documents, pastes, and dark web content alongside breach records; higher price starting at ~$9/mo for basic access with Phonebook.cz included. Choose IntelX when you need breach data plus document/paste search in one platform, or when Dehashed hasn't yet indexed a recent breach.
  • Snusbase — Similar breach database, smaller overall record count but often indexes new breaches faster than Dehashed; API available at lower price points. Use Snusbase when budget is a constraint and API access matters more than raw database size.
  • LeakCheck — API-first breach lookup with a lower entry price for automation use cases. Use it when you're building an automated credential-check workflow and Professional at $179.99/mo isn't justifiable.
  • Spycloud — Enterprise-grade credential monitoring with active alerting and remediation workflows; priced for security teams, not individual analysts. Use Spycloud when you need continuous monitoring with SLA-backed response, not one-off lookups.

Verdict

Dehashed is worth $29.99/mo (Plus) for those who regularly deal with credential exposure in investigations or security. The wildcard domain search feature provides a full list of accounts with credentials across a domain — a capability that no free tool matches. The Basic tier ($14.99/mo) is too limited, with a daily search cap that gets frustrating quickly. Casual users can try HaveIBeenPwned for free, with email confirmation, or Snusbase for cheaper full data.


See Also

Further Reading

Community Rating

Ratings from security researchers. No third-party tracking.

☆☆☆☆☆
No ratings yet

Rate this tool:

This review reflects testing as of 2026-04-02. OSINT tools change frequently — check the vendor's current documentation for pricing and feature updates. Report an error →

View Dehashed on Wayback Machine →