Why is my breach data masked?
Why LeakedSource masks passwords and sensitive fields, and how Pro users can reveal their own data.
When you view breach records on LeakedSource, sensitive values are partially hidden. This is deliberate.
How masking works
- Passwords show only the last 2 characters (e.g.
••••••rd) - Social Security numbers show only the last 2 digits
- Credit card numbers show the first 6 and last 4 digits, which identify the card type without exposing the usable number
This is usually enough for you to recognize which of your passwords leaked ("ends in 'rd' — that's my old Netflix password") without the full value being displayed.
Why we mask at all
Masking exists to prevent abuse. Displaying full plaintext passwords to anonymous visitors would turn a defensive tool into an attack tool. By masking values and restricting full detail to verified, authenticated users, we keep the service useful for victims while making it useless for credential stuffing.
Who can see full values?
Pro and Business subscribers can reveal the full data found in breaches — complete passwords, password hashes, phone numbers, IP addresses, physical addresses, dates of birth, and other fields. This visibility is limited to identities you have verified as your own, and access to detailed records requires an authenticated account. See Plans and pricing.
The takeaway
Even a masked result is actionable: if a breach shows any password for your account, treat that password as burned and change it everywhere you used it.
Last updated July 10, 2026
Still need help?
Reach out and a real person will get back to you.