Breach Intelligence

2,850

Total breached databases

InstaFit 2017

InstaFit 2017

In 2017, InstaFit, a platform associated with fitness and community engagement, experienced a data breach exposing over 700,000 user records. The leaked data primarily involved personal information of forum or community members, including names, email addresses, genders, and countries.
  • Date: 2017
  • Domain: instafit.com
  • Category: Healthcare
  • Records Announced: 785,138
  • Data: Email Addresses Names Geographic Locations Genders
  • Imported:
  • Passwords: No
?

Fx112.com 2019

The Fx112.com 2019 breach has been recorded in our database, but additional details are not yet confirmed. When more data becomes available, you will be able to verify your exposure. In the meantime, you can check our list of other breaches.

  • Data: The data categories affected by the Fx112.com 2019 breach have not been disclosed yet. We will expand this section when details are released.
  • Imported:
  • Number of lines: 89,521
  • Size: 11.01 MB
  • Passwords: ?
?

Nullednetwork.com 2015

Details about the Nullednetwork.com 2015 breach remain unavailable. Once it is imported, you will be able to check if your data was affected. Until then, you may search through other breaches to stay informed.

  • Data: At this stage, the exact nature of the compromised information in the Nullednetwork.com 2015 breach is unknown. Updates will be provided as they are verified.
  • Imported:
  • Number of lines: 51,622
  • Size: 3.98 MB
  • Passwords: ?
Netway.co.th 2016

Netway.co.th 2016

Details about the Netway.co.th 2016 breach remain unavailable. Once it is imported, you will be able to check if your data was affected. Until then, you may search through other breaches to stay informed.

  • Data: At this stage, the exact nature of the compromised information in the Netway.co.th 2016 breach is unknown. Updates will be provided as they are verified.
  • Imported:
  • Number of lines: 3,539,867
  • Size: 1.98 GB
  • Passwords: ?
Upstox 2021

Upstox 2021

In April 2021, Indian brokerage firm Upstox suffered a data breach. The incident exposed extensive personal information on over 100k customers including names, genders, dates of birth, physical addresses, banking information and passwords stored as bcrypt hashes. Extensive "know your customer" information was also exposed including scans of bank statements, cheques and identity documents complete with Aadhaar numbers.
  • Date: Apr 8, 2021
  • Domain: upstox.com
  • Threat Actor: ShinyHunters
  • Country: India
  • Category: Finance & Payments
  • Records Announced: 111,002
  • Source: haveibeenpwned.com
  • Data: Bank Account Information Birthdates Email Addresses Family Members Financial Information Genders Government IDs Job Information Marital Statuses Nationalities Passwords Phone Numbers Physical Locations
  • Imported:
  • Number of lines: 100,007
  • Size: 543.82 MB
  • Passwords: BCrypt
  • Cracked: 0%
Iranian Telegram+Instagram Scraped Data 2020

Iranian Telegram+Instagram Scraped Data 2020

Sensitive
In 2020 Iranian users of services like Telegram and Instagram were had their data scrapped, some have commented that this data contains duplicates and I could not verify anything as the data structure is too annoying to deal with. This was apparently due to a fork of the original Telegram app which secretely collected this data.
  • Date: 2020
  • Domain: tci.ir
  • Country: Iran
  • Category: Social Media & Communication
  • Records Announced: 42,000,000
  • Source: comparitech.com
  • Data: Names Phone Numbers Security Credentials Usernames
  • Imported:
  • Passwords: No
Setades.ead.es.gov.br

Setades.ead.es.gov.br

There is no official description for the Setades.ead.es.gov.br data breach at this time. However, this record will allow future verification once the breach is processed. For now, you can use our search tool to see if your personal information appears in other breaches.

  • Data: The specific records exposed in the Setades.ead.es.gov.br breach have not yet been identified. We will update this section with details when they are confirmed.
  • Imported:
  • Number of lines: 3,541,423
  • Size: 768.1 MB
  • Passwords: ?

Frequently Asked Questions

A data breach is unauthorized access to data (often involving account takeover, malware, or misconfigured infrastructure). A data leak is exposure of data due to mistakes like public cloud storage, open databases, or accidental publishing. A database dump is a packaged dataset that may come from a breach, leak, scraping, or aggregation.

Change passwords for any affected accounts immediately, prioritizing email, banking, and any account that shares the same password. Enable multi-factor authentication wherever possible. Monitor your accounts for suspicious activity and consider placing a fraud alert or credit freeze if financial data was exposed.

Start with containment and verification: confirm what data was exposed, identify the entry point, rotate credentials (especially SSO, VPN, email), and enforce MFA. Then investigate affected systems, notify stakeholders as required, and harden controls to prevent recurrence. A structured incident response plan helps keep the work measurable and compliant.

Dark web monitoring helps you spot exposure signals early — before stolen data is widely reused for account takeover or targeted attacks. Monitoring complements vulnerability management by revealing when attackers already have leverage. Pair it with continuous attack surface monitoring and strong Asset Discovery to reduce blind spots.

Not always. Some datasets are old, incomplete, or derived from third parties. However, any exposure increases risk because credentials and personal data can be reused indefinitely. Treat it as a priority signal: rotate credentials, enforce MFA, review suspicious logins, and audit the systems that could have produced the data.

SynScan helps you connect the dots between attack surface exposure, vulnerabilities, and breach signals so you can prioritize remediation and reduce the chance of repeat incidents.