Credential Breach Checker

Check emails, phone numbers, passwords, names, and social IDs against breach and leak intelligence sources.

Designed for security reviews, fraud prevention, KYC support, account-risk analysis, and investigative workflows.

---

What it does

This Actor submits identifiers to a breach and leak intelligence backend, waits for results asynchronously, and returns structured findings — including matched sources and exposed records when available.

The Actor processes one lookup type per run and supports up to 25 values per run.

---

Supported lookup types

lookupType value	What to submit
email	Email address
phone	Phone number (E.164)
password	Password string
fullname	Full name
facebookid	Facebook user ID
telegramid	Telegram user ID
linkedinid	LinkedIn user ID
vkid	VK user ID
twitterid	Twitter/X user ID
instagramid	Instagram user ID

---

Input

The Actor accepts two required fields.

lookupType (required)

Type of identifier to scan. Select one from the dropdown.

Default: email

values (required)

List of one or more identifiers to scan. All values in a single run must be of the same lookup type.

Maximum: 25 values per run.

Example input (JSON)

{
  "lookupType": "email",
  "values": [
    "user@example.com",
    "another@example.com"
  ]
}

{
  "lookupType": "phone",
  "values": [
    "+14155552671"
  ]
}

{
  "lookupType": "fullname",
  "values": [
    "John Smith"
  ]
}

---

Output

Each submitted value produces one output record in the dataset.

Successful result

{
  "input": "user@example.com",
  "lookupType": "email",
  "status": "success",
  "irbisResponseId": "1492",
  "pollAttempts": 3,
  "result": {
    "criteria": "user@example.com",
    "type": "deepweb",
    "status": "finished",
    "sources": [
      { "name": "source_name" }
    ],
    "data": [
      {
        "source_name": [
          {
            "emailAddress": "user@example.com",
            "firstName": "...",
            "lastName": "...",
            "phoneNumber": "..."
          }
        ]
      }
    ]
  }
}

No data found

The result field will contain status: "finished" (or equivalent) with an empty data array or no data field. A status: "success" at the outer level means the lookup completed — not that matches were found.

Timeout

If the backend does not return a final result within the configured polling window (default: ~3 minutes), the record is returned with status: "timeout" and the last intermediate response.

{
  "input": "user@example.com",
  "lookupType": "email",
  "status": "timeout",
  "irbisResponseId": "1492",
  "pollAttempts": 18,
  "message": "IRBIS result was not ready before timeout.",
  "lastResult": { ... }
}

Error

{
  "input": "user@example.com",
  "lookupType": "email",
  "status": "error",
  "error": "description of error"
}

Output field reference

Field	Description
input	The value that was submitted
lookupType	Lookup type used
status	success, timeout, error, or http_error
irbisResponseId	Internal response ID returned by the backend
pollAttempts	Number of polling attempts before a final result was received
result	Final result object from the backend (present on success)
result.criteria	The submitted search value as echoed by the backend
result.type	Lookup type as confirmed by the backend
result.status	Backend-level status (e.g., finished)
result.sources	List of sources that were searched
result.data	Array of matched records per source

Result fields may vary by lookup type and available intelligence. Not all records will contain all fields.

---

How the Actor works (technical flow)

1. Validates input (lookupType and values).
2. For each value, submits a POST request to the breach intelligence endpoint.
3. The backend returns an initial response with a status: "progress" and a response ID.
4. The Actor polls the result endpoint every 10 seconds (by default) until the result is final or the timeout is reached.
5. Final results are pushed to the Apify dataset.
6. A paid event (breach_scan) is charged per successfully completed result.

---

Pricing

This Actor uses pay-per-event pricing.

$0.40 per successful BreachScan result.

You are charged only when a lookup completes successfully. Timeouts and errors are not charged. If your configured maximum cost per run is reached mid-run, the Actor stops before charging the next result.

To control costs, set a Maximum cost per run limit in Run options before starting.

---

Rate limiting and run size

• Maximum 25 values per run (configurable by the Actor operator).
• The backend enforces a ~30-second processing window per lookup. The Actor polls for results and waits accordingly.
• If results are not returned within the polling window (~3 minutes by default), the Actor records a timeout for that value.

For large batches, split values across multiple runs.

---

Usage note

Results are decision-support signals only. This Actor is designed for responsible business use in security, fraud prevention, KYC support, and investigative workflows.

Users are responsible for ensuring they have a lawful basis to process and analyze the submitted data in their jurisdiction. Results should not be used as the sole basis for adverse action against any individual.

This Actor does not produce FCRA-compliant consumer reports and is not suitable for employment screening, tenant screening, or credit decisions.

---

Publisher

Clearcheck Labs — digital intelligence tools for breach intelligence, identity enrichment, fraud prevention, and investigative workflows.

https://apify.com/clearcheck.io