[Deprecated] Retrieve leaks for the current user/organization for a given query
Deprecated: For leak details, use GET /leaks/details which provides pagination, deduplication,
search, and sorting. For keyword search, use GET /leaks/keyword/search.
Retrieve leak statistics for the current organization.
Each call returns a single statistic based on the query parameter. Both query and identifier_column are required.
If start_date and end_date are not provided, defaults to the last 14 days.
Required Parameters:
query: The statistic to retrieve (see query types below)identifier_column:root_domain,email_domain, orusername
Available Query Types:
Generic Queries (counts and aggregates):
generic_total_leaks_count: Total leaks countgeneric_uniq_username_count: Unique usernames detectedgeneric_uniq_source_count: Unique sources with at least one detectiongeneric_uniq_password_count: Unique passwords detectedgeneric_uniq_domain_count: Unique domains detectedgeneric_uniq_leaks_count: Unique leaks (by hash)generic_latest_leak_date: Date of the latest leakgeneric_reused_password_count: Passwords reused across multiple domainsgeneric_password_strength: Average password length
Generic Queries (detailed data):
generic_leaks_type_by_identifier: Leaks grouped by type (combo/stealer)generic_leaks_by_day: Leaks per daygeneric_password_per_length_per_identifier: Password distribution by lengthgeneric_most_recent_leaks_by_identifier: Most recent leaks
Organization Queries:
org_uniq_priv_account_count: Privileged accounts leaked (admin, root, etc.)org_detailed_uniq_admin_account_count: Detailed list of admin accountsorg_uniq_ext_account_count: External accounts countorg_detailed_uniq_ext_account_count: Detailed list of external accountsorg_detailed_uniq_username_count: Detailed list of all usernamesorg_total_leaks_count_group_by_identifier: Leaks grouped by identifierorg_total_leaks_count_group_by_domain: Leaks grouped by domainorg_total_leaks_count_group_by_email_domain: Leaks grouped by email domainorg_total_leaks_count_group_by_root_domain: Leaks grouped by root domainorg_top_domain_leaks_by_identifier: Top domains by leak countorg_top_user_leaks_by_identifier: Top users by leak countorg_leaks_detail_per_identifier: Full leak details per identifier
Examples:
# Total leaks count
GET /leaks/me?query=generic_total_leaks_count&identifier_column=root_domain
# Unique usernames
GET /leaks/me?query=generic_uniq_username_count&identifier_column=root_domain
# Stealer leaks only
GET /leaks/me?query=generic_total_leaks_count&identifier_column=root_domain&type=Stealer
# Leaks per day with date range
GET /leaks/me?query=generic_leaks_by_day&identifier_column=root_domain&start_date=2025-01-01&end_date=2025-01-31
# Leaks grouped by domain, limited to 100
GET /leaks/me?query=org_total_leaks_count_group_by_domain&identifier_column=root_domain&limit=100
# Multiple domain filter
GET /leaks/me?query=org_total_leaks_count_group_by_domain&identifier_column=root_domain&domain=test.example.com&domain=monitoring.example.comAuthorization
ApiKeyAuth API key for authentication
In: header
Query Parameters
Type of leak information query to execute
"generic_total_leaks_count" | "generic_uniq_username_count" | "generic_uniq_source_count" | "generic_leaks_type_by_identifier" | "generic_leaks_by_day" | "generic_uniq_password_count" | "generic_uniq_domain_count" | "generic_uniq_leaks_count" | "generic_latest_leak_date" | "generic_reused_password_count" | "generic_password_strength" | "generic_password_per_length_per_identifier" | "generic_most_recent_leaks_by_identifier" | "org_uniq_priv_account_count" | "org_detailed_uniq_admin_account_count" | "org_uniq_ext_account_count" | "org_detailed_uniq_ext_account_count" | "org_detailed_uniq_username_count" | "org_total_leaks_count_group_by_identifier" | "org_total_leaks_count_group_by_domain" | "org_top_domain_leaks_by_identifier" | "org_top_user_leaks_by_identifier" | "org_total_leaks_count_group_by_email_domain" | "org_total_leaks_count_group_by_root_domain" | "org_leaks_detail_per_identifier"Column to use for identifying the domain
"root_domain" | "email_domain" | "username"Username of the leaked user (can be phone, email, ID, ...)
Type of leak (combo, stealer)
Uniq identifier for the concatenation of : username, password and domain
Upload date on stealed, ISO 8601, pattern YYYY-MM-DD
Upload date on the plateform the credential was found, ISO 8601, pattern YYYY-mm-dd
Log date of the device at compromized moment (if applicable, stealer only)
Start date to search from leaks, format: YYYY-mm-dd (default: today - 14days at 0:00am)
End date to search leaks from, format YYYY-mm-dd (default: today)
URL of the leaked data
FQDN of the leaked data
Local part of the username section (if applicable, email only)
Protocol identified (if applicable)
Email domain to filter on (if multiple email domains declared)
Root domain to filter on (if multiple root domains declared)
Machine ID (if applicable, stealer only)
Computer name (if applicable, stealer only)
Hardware ID (if applicable, stealer only)
Machine user (if applicable, stealer only)
IP address (if applicable, stealer only)
Country (if applicable, stealer only)
Software (if applicable, stealer only)
Stealer name (if applicable)
Keyword to filter on (only active keywords for tenant)
Match type for leaks_matched table (root_domain or email_domain)
Root domains to exclude (NOT IN filter)
Email domains to exclude (NOT IN filter)
Domains to exclude (NOT IN filter)
Types to exclude
Software to exclude
Stealer names to exclude
Protocols to exclude
Countries to exclude
Show only hashes whose first appearance (min upload_stealed) falls on this exact date. Format: YYYY-MM-DD.
Show only hashes whose first appearance (min upload_stealed) is on or after this date. Format: YYYY-MM-DD.
Limit result length
Minimum number of sources (source_count >= N)
Response Body
application/json
application/json
curl -X GET "https://api.stealed.io/leaks/me?query=generic_total_leaks_count&identifier_column=root_domain"null{
"detail": [
{
"loc": [
"string"
],
"msg": "string",
"type": "string"
}
]
}API Reference
REST API authentication, base URL, pagination, and the full OpenAPI reference for the Stealed leak search and verification endpoints.
Retrieve all leak statistics in a single request GET
Retrieve all leak statistics for the current organization in a single request. This endpoint fetches all leak data once and calculates multiple statistics server-side, reducing the number of queries needed. If `start_date` and `end_date` are not provided, defaults to **the last 14 days**. Includes trend data comparing the current period to the previous period of the same length (e.g. if querying 30 days, trends compare to the 30 days before that). **Returns a dictionary with the following statistics:** - `total_leaks`: Total number of leaks - `unique_usernames`: Number of unique usernames - `unique_domains`: Number of unique domains - `unique_passwords`: Number of unique passwords - `unique_leaks`: Number of unique leak hashes - `leaks_by_type`: Number of leaks grouped by type (combo/stealer) - `leaks_by_day`: Number of leaks grouped by day and identifier (limited globally to 10 top identifiers + other) - `leaks_by_domain`: Number of leaks grouped by domain (limited globally to 10 top domains + other) - `leaks_by_domain_all`: Number of leaks grouped by domain (all domains, no limit) - `leaks_by_inverse_identifier`: Number of leaks grouped by the inverse identifier (email_domain if root_domain, or vice-versa) (limited globally to 10 top + other) - `top_domains`: Top domains with most leaks (limited globally to 10) - `top_users`: Top users with most leaks (all users, no limit) - `password_strength`: Average password length - `password_reuse`: Number of reused passwords - `password_length_distribution`: Distribution of passwords by length - `external_accounts`: Detailed list of external accounts (limited globally to 10 top + other) - `external_accounts_count`: Total count of external accounts - `admin_accounts`: Detailed list of admin accounts (limited globally to 10 top + other) - `admin_accounts_count`: Total count of admin accounts - `unique_sources`: Total number of unique sources (telegram_channel) - `sources`: List of sources with leak counts (all sources, no limit) - `latest_leak_date`: Date of the latest leak - `leak_details`: All leak details (same as org_leaks_detail_per_identifier, limited to 20000) - `leaks_by_country`: Top 50 countries by leak count (non-empty only) - `leaks_by_stealer_name`: Top 50 stealer families by leak count (non-empty only) - `leaks_by_software`: Top 50 software/browsers by leak count (non-empty only) - `leaks_by_computer_name`: Top 30 computer names by leak count (non-empty only) **Trend Fields** (percentage change vs previous period of same length): - `total_leaks_trend`, `unique_usernames_trend`, `unique_domains_trend` - `unique_sources_trend`, `admin_accounts_count_trend`, `external_accounts_count_trend` **Examples:** ```bash # All stats for the last 14 days (default) GET /leaks/stats?identifier_column=root_domain # With custom date range GET /leaks/stats?identifier_column=root_domain&start_date=2024-01-01&end_date=2024-12-31 # With filters GET /leaks/stats?identifier_column=root_domain&type=Stealer&country=FR ```