You can find links to data acquisition websites, all on the clear-web. Some sites will charge you for their service, however some will also offer a small amount of data for free. From a CTI perspective it is important for organisations, whether in the public or private sector to understand what risks exist that might make them vulnerable. These resources are not just for OSINT investigations, they are also for individuals to be able to check for your own data. You may have to check more tham one resource to truely understand the risk and exposure, as they tend to hold different data.
Public data and publically available data are two different concepts. Within the UK and the US individual local authority areas / states have there own local public data searches available, to many for rme to list here. The same is true of many other counteries.
It is always important to understand and acknowledge that for certain types of data, you have to consider the following, Legislation, Lawfulness, Regulations, Ethics, Morals and Polices. Be under no illusion, in some countries and jurisdictions certain types of data maybe out of bounds for some OSINT practitioners and I recommend you understand those limitations placed upon you before embarking on acquiring data for OSINT, especially when it comes to the lawfulness of your activity.
It is important to remember Data Acquisition OSINT is not just about one stream of Data. It includes both Public Data and Publicly Available Data. You must ensure that if you acquire data for OSINT that you use it responsibly and lawfully regardless of its origins. This is the same of any OSINT material you acquire.
Another stream of data worth considering is Data Broker data. Data collected when you sign up for an online service or when you download an app, and is then subsequently sold to Data Brokers. This is then aggregated with other Public Data and Publicly Available Data and combined to provide a product to sell, You can find some of these sites on the People Search repo.
When researching data sites always be careful what you click or download as malware maybe present. Telegram is included however you will have to find groups and bots on the platfrom and these change frequently. You can check my Telegram repository for more resources.
If you find your data on a site, and it is a reputable site, it may offer you a means to remove it. You could also consider other ways to remove it, such as rights under GDPR or CCPA as examples. You will find some resources in my Privacy Opt-Out repository that may help too.
Publicly Available Data Acquisition Sites |
Public Data Acquisition Sites |
Ransomware / Cyber Threat Intelligence |
- SANS
Breach Data Infrastructure. (2024)