About Breachpool

The Breach Risk Perception Index - crowdsourced security sentiment

What is Breachpool?

Breachpool is the Breach Risk Perception Index — a crowdsourced gauge of how the public perceives corporate security posture. Users vote on which companies they believe are more likely to experience a data breach, and over time, these votes create a real-time sentiment ranking.

Important distinction: This measures perceived breach risk based on crowd sentiment, not actual security posture. Think of it as a “vibes check” on corporate security culture — what the security-conscious public thinks based on news, reputation, and gut feelings.

How Does It Work?

  1. Head-to-Head Voting: You’re presented with two companies. Click on the one you perceive as having higher breach risk.

  2. Elo Rating System: Each vote updates the companies’ Elo ratings (the same system used in chess). “Winners” gain points, “losers” lose points.

  3. Crowd Sentiment: Over thousands of votes, patterns emerge. The ranking reflects collective perception of security risk — not security reality.

What This Is (And Isn’t)

This IS:

  • A fun, gamified way to engage with corporate security discussions
  • A crowd sentiment tracker showing what people think about company security
  • Entertainment for security nerds and curious observers
  • A conversation starter about corporate security culture

This is NOT:

  • A security assessment or audit
  • A prediction of future breaches
  • Investment or business advice
  • An indication of actual security posture
  • Based on insider knowledge or expert analysis

Why Elo?

The Elo rating system works well for relative rankings:

  • It handles uncertainty gracefully
  • It adapts quickly to new information
  • It provides relative rankings, not absolute scores
  • It’s battle-tested across decades of competitive ranking

However, Elo was designed for skill-based competitions with repeated matchups. Security breaches are singular, asymmetric events. We use Elo for its ranking mechanics, not because it “predicts” breaches.

Privacy & Data

  • We don’t track individual users
  • Votes are anonymous
  • We store aggregate statistics only
  • No accounts required

Breachpool is for entertainment and discussion purposes only.

  • Rankings reflect crowd perception, not security reality
  • High rankings do NOT indicate a company will be breached
  • Low rankings do NOT indicate a company is secure
  • Nothing on this site constitutes security advice, investment advice, or professional assessment
  • We have no inside information about any company’s security practices
  • Votes reflect the subjective opinions of anonymous internet users, nothing more

Any resemblance to actual future security incidents is coincidental. Companies are included based on public market data, not security assessments.

Built by security nerds who spend too much time reading breach notifications.