Breach Intelligence

2,850

Total breached databases

Victory Phones 2017

In January 2017, the automated telephony services company Victory Phones left a Mongo DB database publicly facing without a password. Subsequently, 213GB of data was downloaded by an unauthorised party including names, addresses, phone numbers and over 166k unique email addresses.
  • Data: Birthdates Email Addresses IP Addresses Names Phone Numbers Physical Locations
  • Imported:
  • Passwords: Unknown

SuxxTO 2020

On the 15th of May 2020 the online webforum site Suxx.TO was breached by "RaidForums". Their Database Leaks section was deleted and 288 users' information was breached.
  • Date: May 15, 2020
  • Domain: suxx.to
  • Threat Actor: RaidForums
  • Category: Forums & Communities
  • Records Announced: 288
  • Data: Birthdates Email Addresses IP Addresses Passwords Site Activity Usernames
  • Imported:
  • Passwords: Unknown

Idhws.com 2023

In June 2023, the website idhws.com allegedly suffered a data breach, resulting in the exposure of 5 million rows of data in SQL file format, with a total size of 200MB. The leaked data is reported to include administrator details such as full names, usernames, email addresses, phone numbers, hashed passwords, account statuses, profile pictures, roles, super admin flags, and account creation timestamps. However, the method of the breach and the identity of the perpetrator remain unclear.
  • Data: The specific records exposed in the Idhws.com 2023 breach have not yet been identified. We will update this section with details when they are confirmed.
  • Imported:
  • Number of lines: 5,157,840
  • Size: 200.39 MB
  • Passwords: ?

AndroidTapp (BlueStacks) 2016

In 2016, the website AndroidTapp.com, known for its consumer reviews of mobile application software for the Android operating system, experienced a data breach. The breach reportedly exposed around 65,000 emails, approximately 65,000 IP addresses associated with these emails, and around 200 plaintext passwords. Some of the data included personal information related to app developers, such as their personal emails.
  • Data: Email Addresses Passwords IP Addresses
  • Imported:
  • Passwords: Plaintext

devkitPro 2019

In February 2019, the devkitPro forum reportedly suffered a data breach. The phpBB-based forum exposed 1,508 unique email addresses, along with forum posts, private messages, and passwords stored as weak salted hashes.
  • Data: Email Addresses Messages Passwords
  • Imported:
  • Number of lines: 2,625
  • Size: 219.93 KB
  • Passwords: Hashed Salted
  • Cracked: 0%
ViewFines 2018

ViewFines 2018

In May 2018, the South African website for viewing traffic fines online known as ViewFines suffered a data breach. Over 934k records containing 778k unique email addresses were exposed and included names, phone numbers, government issued IDs and passwords stored in plain text.
  • Data: Email Addresses Government IDs Names Passwords Phone Numbers
  • Imported:
  • Passwords: Plaintext
MakeStation 2020

MakeStation 2020

On the 15th of May 2020 the online webforum site MakeStation.NET was breached by "RaidForums" [1]. 455 user's information was breached.
  • Date: May 15, 2020
  • Domain: makestation.net
  • Threat Actor: RaidForums
  • Category: Forums & Communities
  • Records Announced: 455
  • Data: Birthdates Email Addresses IP Addresses Passwords Site Activity Usernames
  • Imported:
  • Passwords: Unknown

Frequently Asked Questions

A data breach is unauthorized access to data (often involving account takeover, malware, or misconfigured infrastructure). A data leak is exposure of data due to mistakes like public cloud storage, open databases, or accidental publishing. A database dump is a packaged dataset that may come from a breach, leak, scraping, or aggregation.

Change passwords for any affected accounts immediately, prioritizing email, banking, and any account that shares the same password. Enable multi-factor authentication wherever possible. Monitor your accounts for suspicious activity and consider placing a fraud alert or credit freeze if financial data was exposed.

Start with containment and verification: confirm what data was exposed, identify the entry point, rotate credentials (especially SSO, VPN, email), and enforce MFA. Then investigate affected systems, notify stakeholders as required, and harden controls to prevent recurrence. A structured incident response plan helps keep the work measurable and compliant.

Dark web monitoring helps you spot exposure signals early — before stolen data is widely reused for account takeover or targeted attacks. Monitoring complements vulnerability management by revealing when attackers already have leverage. Pair it with continuous attack surface monitoring and strong Asset Discovery to reduce blind spots.

Not always. Some datasets are old, incomplete, or derived from third parties. However, any exposure increases risk because credentials and personal data can be reused indefinitely. Treat it as a priority signal: rotate credentials, enforce MFA, review suspicious logins, and audit the systems that could have produced the data.

SynScan helps you connect the dots between attack surface exposure, vulnerabilities, and breach signals so you can prioritize remediation and reduce the chance of repeat incidents.