We allow anonymous submissions to be made to Breaches.uk by security researchers.
Use this page as a guide, whether you intend to remain anonymous or would like full public disclosure of your work.
We do not accept data that meets the following description:
Our role is to work towards building a more secure society, supporting the individuals who have had their rights breached and the security researchers who bring this to light.
You need to do the following in order for us to process your submission.
Files and folders you should include in your submission are as follows:
A single ZIP or 7Z file containing the following:
The README.txt should contain as much information about the data as possible, you can see a suggested format below.
Additional optional files include screenshots to help articulate what the data is // what it corresponds to. If you can do this it really helps us out.
Upload the file to one of our accepted cloud providers:
If these are not an option for whatever reason, feel free to reach out to us at the address below explaining why, we can discuss alternatives.
In order for your submission to be processed as quickly as possible, ensure that your README.txt resembles the following format (replacing the example information):
# Data type
Usernames and passwords.
# Data format
# Company Impacted
# Date of discovery
# People Impacted
Overall a README should contain the following:
Send your submission to: firstname.lastname@example.org
If you wish to encrypt the content, we’ve included our public key below.
-----BEGIN PGP PUBLIC KEY BLOCK-----
-----END PGP PUBLIC KEY BLOCK-----
You keep 100% of any credit given without becoming involved in risky, frustrating and time consuming communications with the organization in question. You may remain fully anonymous for as long as you like (days, years or forever).
Our default position is not to publish any information about the researcher making the submission, unless it is explicitly asked for and confirmed. Researchers may disclose through an alias and later decide they want to edit this credit to include their real name - or visa versa. No pressure or onerous on pushing any particular form of disclosure is placed.
If you do not wish to make further communications with us, providing you have followed the “Bare Essentials” steps above - you can forget about this and return to your life. We’ll send you updates on how your disclosure is getting along, which you may unsubscribe from.