Breach Intelligence

2,850

Total breached databases

Shaker & Spoon 2022

Shaker & Spoon 2022

In approximately March 2022, the Online Drinks store Shaker & Spoon suffered a data breach that impacted 169k users. The attack led to the exposure of data including Email addresses, Full names, Physical addresses, Phone numbers, Payment Methods and Partial Card information (Last 4 Digits and Exp. Year).
  • Data: Credit Card Information Email Addresses Names Payment Information Phone Numbers Physical Locations
  • Imported:
  • Records Imported: 169,835
  • Number of lines: 169,873
  • Size: 35.85 MB
  • Passwords: No

unix.com Forums 2021

In May 2021, the forum for unix.com suffered a data breach. The breach included Usernames, Email addresses, IP Addresses, Dates of Birth and Passwords stored as vBulletin hashes. In total, 169k users were affected. The website was hacked by @donjuji.
  • Date: May 2021
  • Domain: unix.com
  • Threat Actor: donjuji
  • Category: Technology
  • Records Announced: 169,328
  • Source: hashmob.net
  • Data: Birthdates Email Addresses Geographic Locations IP Addresses Passwords Social Profiles Usernames Websites
  • Imported:
  • Records Imported: 169,083
  • Number of lines: 171,053
  • Size: 85.55 MB
  • Passwords: vBulletin
  • Cracked: 0%
Peru Vehicles 2019

Peru Vehicles 2019

In 2019, a database containing all vehicles registered in Peru was reportedly breached. The data, originating from the National Superintendency of Public Registers, included approximately 3.9 million records. Among the compromised data were vehicle owners' names, technical details about the vehicles, and their locations.
  • Date: 2019
  • Domain: sunarp.gob.pe
  • Country: Peru
  • Category: Government
  • Records Announced: 3,895,042
  • Data: Company Information Names Physical Locations Vehicle Information
  • Imported:
  • Records Imported: 4,717,031
  • Number of lines: 4,717,032
  • Size: 412.49 MB
  • Passwords: No

Adapt 2018

In November 2018, security researcher Bob Diachenko reportedly discovered an unprotected database hosted by Adapt, a data aggregation service marketing itself as a provider of “Fresh Quality Contacts.” The exposed dataset contained more than 9.3 million unique records of individuals and their employers. Among the compromised information were names, job titles, contact details, and employer-related data, including organisation descriptions, sizes, and revenue figures.
  • Data: Company Information Email Addresses Job Information Names Phone Numbers Physical Locations Social Profiles
  • Imported:
  • Records Imported: 9,269,888
  • Number of lines: 11,402,643
  • Size: 1.71 GB
  • Passwords: No
IIMJobs 2018

IIMJobs 2018

In December 2018, the Indian job portal IIMJobs suffered a data breach that exposed 4.1 million unique email addresses. The data also included names, phone numbers, geographic locations, dates of birth, job titles, job applications and cover letters plus passwords stored as unsalted MD5 hashes.
  • Data: Birthdates Email Addresses Geographic Locations IP Addresses Job Information Names Passwords Phone Numbers
  • Imported:
  • Records Imported: 15,694,367
  • Number of lines: 413,748,446
  • Size: 43.18 GB
  • Passwords: MD5
  • Cracked: 0%

Poshmark 2018

In mid-2018, social commerce marketplace Poshmark suffered a data breach that exposed 36M user accounts. The compromised data included email addresses, names, usernames, genders, locations and passwords stored as bcrypt hashes.
  • Data: Email Addresses Genders Geographic Locations Names Passwords Usernames
  • Imported:
  • Records Imported: 50,045,864
  • Number of lines: 50,045,882
  • Size: 24.52 GB
  • Passwords: BCrypt
  • Cracked: 50%

Torrent Invites 2013

In December 2013, the torrent site Torrent Invites was hacked and over 352k accounts were exposed. The vBulletin forum contained usernames, email and IP addresses, birth dates and salted MD5 hashes of passwords.
  • Data: Birthdates Email Addresses IP Addresses Passwords Site Activity Usernames
  • Imported:
  • Records Imported: 355,049
  • Number of lines: 27,905,822
  • Size: 6.21 GB
  • Passwords: vBulletin
  • Cracked: 30%

Frequently Asked Questions

A data breach is unauthorized access to data (often involving account takeover, malware, or misconfigured infrastructure). A data leak is exposure of data due to mistakes like public cloud storage, open databases, or accidental publishing. A database dump is a packaged dataset that may come from a breach, leak, scraping, or aggregation.

Change passwords for any affected accounts immediately, prioritizing email, banking, and any account that shares the same password. Enable multi-factor authentication wherever possible. Monitor your accounts for suspicious activity and consider placing a fraud alert or credit freeze if financial data was exposed.

Start with containment and verification: confirm what data was exposed, identify the entry point, rotate credentials (especially SSO, VPN, email), and enforce MFA. Then investigate affected systems, notify stakeholders as required, and harden controls to prevent recurrence. A structured incident response plan helps keep the work measurable and compliant.

Dark web monitoring helps you spot exposure signals early — before stolen data is widely reused for account takeover or targeted attacks. Monitoring complements vulnerability management by revealing when attackers already have leverage. Pair it with continuous attack surface monitoring and strong Asset Discovery to reduce blind spots.

Not always. Some datasets are old, incomplete, or derived from third parties. However, any exposure increases risk because credentials and personal data can be reused indefinitely. Treat it as a priority signal: rotate credentials, enforce MFA, review suspicious logins, and audit the systems that could have produced the data.

SynScan helps you connect the dots between attack surface exposure, vulnerabilities, and breach signals so you can prioritize remediation and reduce the chance of repeat incidents.