Qintel actively monitors underground spaces where compromised credentials are collected, distributed, sold, and traded. These spaces include online credential dump sites, hacker collaboratives, and command and control infrastructures of eCrime- and APT- related malware.

Watching all the right spots

For over a decade Qintel has been collecting the exact type of breached data that eventually began to be weaponized by cyber criminal actors for credential checking & stuffing.

Unlike other companies or services that suddenly appeared in the wake of media attention surrounding database leaks and credential stuffing, Qintel had already begun building its QWatch business on top of its underground collection capabilities. This access routinely allows Qintel to obtain breached data before it becomes public, as opposed to scraping open forums and harvesting dated credentials.

QWatch was launched in early 2016 in response to client demand for exposed credentials with standardized, machine-consumable formatting. Qintel invested in the development of proprietary password cracking technology and techniques to dehash passwords as effectively as attackers.

The service includes data harvested from malware in addition to breached databases and “combination lists” of emails and passwords.

Customers can leverage the QWatch data either through an alerting interface for specific email domain and address monitoring or by downloading the entire credential file to check against user credentials.

QWatchTM Delivers

We believe the numbers speak for themselves. Customers praise not only the number of credentials QWatch has helped surface, but also their uniqueness and timeliness compared to other services.

12.4B +


1.8 +

Sources distributed per month


Average daily credential count

Types of
Credential Data

30B +

Every year, QWatch has more than doubled the number of credentials sent to clients to protect their customers and assets.



Clients can set up alerts on specific email domains and email addresses and use a GUI or API for management and access.



Qintel makes full credential lists available to users in JSON format via an API.

InfoSec departments can utilize this data to

Mitigate abuse and fraud

by identifying exposed client and employee credentials.

Proactively identify accounts

that could be in jeopardy of future compromise.

Active Feed

New datasets are constantly added to the feed as they are discovered in the underground. Users can simply poll the API to pick up new data as it comes into the system.

Real-Time Alerts

QWatch also supports monitoring specific email addresses or domain names to keep track of whether these accounts have been exposed anywhere. Set up using the SDK or API directly.

Restful API & SDK

Users who would like more fine-grained control or easy access to the raw data can interact directly with the API or use our Python SDK. This allows users to customize their QWatch use and fit the tool into any environment.