Breach Intelligence

2,850

Total breached databases

Ikov 2015

Ikov 2015

In January 2015, the RuneScape Private Server Ikov suffered a data breach. The attack led to the exposure of data including Usernames, IP Addresses and Passwords stored as Salted MD5 hashes. In total, 316k users were affected.
  • Date: Jan 2015
  • Domain: ikov.org
  • Category: Gaming
  • Records Announced: 316,583
  • Source: ikov.org
  • Data: IP Addresses Passwords Usernames
  • Imported:
  • Records Imported: 316,559
  • Number of lines: 316,583
  • Size: 23.63 MB
  • Passwords: MD5 Salted
  • Cracked: 89%
sushi-master.ru 2022

sushi-master.ru 2022

In September 2022, the website sushi-master.ru, a chain of sushi, rolls, and other pan-Asian dishes, suffered a data breach. Reports suggest that the breach exposed approximately 852,000 users and 2.7 million orders. Among the compromised data were names, genders, phone numbers, email addresses, birthdays, and site activity.
  • Date: Sep 13, 2022
  • Domain: sushi-master.ru
  • Country: Russia
  • Category: Food
  • Records Announced: 852,066
  • Data: Email Addresses Names Phone Numbers Genders Site Activity Birthdates
  • Imported:
  • Records Imported: 852,062
  • Number of lines: 852,065
  • Size: 53.69 MB
  • Passwords: No
Life360 2024

Life360 2024

The user emo published the following in a hacking forum: When attempting to login to a life360 account on android the login endpoint would return the first name and phone number of the user, this existed only in the API response and was not visible to the user. If a user had verified their phone number it would instead be returned as a partial number like +1******4830. This endpoint no longer returns phone numbers and now a placeholder number is returned in the API response.
  • Data: Email Addresses Names Phone Numbers
  • Imported:
  • Records Imported: 443,222
  • Number of lines: 443,223
  • Size: 27.94 MB
  • Passwords: No
Bitly 2014

Bitly 2014

In May 2014, the link management company Bitly announced they'd suffered a data breach. The breach contained over 9.3 million unique email addresses, usernames and hashed passwords, most using SHA1 with a small number using bcrypt.
  • Data: Email Addresses Passwords Usernames
  • Imported:
  • Records Imported: 9,316,196
  • Number of lines: 9,316,196
  • Size: 592.44 MB
  • Passwords: BCrypt, SHA-1
  • Cracked: 0%
Gawker 2010

Gawker 2010

In December 2010, Gawker was reportedly attacked by the hacker collective "Gnosis," allegedly in retaliation for a feud with 4Chan. The breach exposed information on 1.3 million users of Gawker, along with data from its other platforms, including Gizmodo and Lifehacker. Due to widespread password reuse, many victims later had their Twitter accounts compromised and used to distribute Acai berry spam.
  • Data: Email Addresses Passwords Usernames
  • Imported:
  • Records Imported: 1,247,846
  • Number of lines: 1,247,893
  • Size: 71.75 MB
  • Passwords: DES
  • Cracked: 0%
Citibanamex Bank Mexico 2020

Citibanamex Bank Mexico 2020

In 2020, a database leak from Citibanamex, a major bank in Mexico, exposed 2,627,933 records. The compromised data is believed to be associated with Citibanamex bank accounts and reportedly includes information from various regions within Mexico. Among the leaked data were names, phone numbers, birthdates, physical locations, job information, and genders.
  • Date: 2020
  • Domain: citibanamex.com
  • Country: Mexico
  • Category: Finance & Payments
  • Records Announced: 2,627,933
  • Data: Names Phone Numbers Birthdates Physical Locations Job Information Genders
  • Imported:
  • Records Imported: 2,627,933
  • Number of lines: 2,627,933
  • Size: 721.69 MB
  • Passwords: No
Stickam.com 2012

Stickam.com 2012

Stickam was a live-streaming video website that launched in 2005. Stickam featured user-submitted pictures, audio, video, and most prominently, live streaming video chat. The site quickly expanded to include live shows and produced content from MTV, G4 TV, CBS Radio, NATPE, CES, and many others, as well as live performances and shows with numerous musicians and celebrities. On January 30, 2013, Stickam added a banner to the top of their homepage that linked to a blog post detailing the permanent shut down of their service. On February 1, 2013, Stickam prematurely terminated all live streams that were ongoing at that time, but kept the site open another month for people to access their data and recordings. The data is hashed using MD5 and there are around 531k entries on this database.
  • Date: 2012
  • Domain: stickam.com
  • Category: Streaming & Entertainment
  • Records Announced: 531,261
  • Data: Email Addresses Passwords Usernames
  • Imported:
  • Records Imported: 356,240
  • Number of lines: 356,254
  • Size: 35.8 MB
  • Passwords: Plaintext

Frequently Asked Questions

A data breach is unauthorized access to data (often involving account takeover, malware, or misconfigured infrastructure). A data leak is exposure of data due to mistakes like public cloud storage, open databases, or accidental publishing. A database dump is a packaged dataset that may come from a breach, leak, scraping, or aggregation.

Change passwords for any affected accounts immediately, prioritizing email, banking, and any account that shares the same password. Enable multi-factor authentication wherever possible. Monitor your accounts for suspicious activity and consider placing a fraud alert or credit freeze if financial data was exposed.

Start with containment and verification: confirm what data was exposed, identify the entry point, rotate credentials (especially SSO, VPN, email), and enforce MFA. Then investigate affected systems, notify stakeholders as required, and harden controls to prevent recurrence. A structured incident response plan helps keep the work measurable and compliant.

Dark web monitoring helps you spot exposure signals early — before stolen data is widely reused for account takeover or targeted attacks. Monitoring complements vulnerability management by revealing when attackers already have leverage. Pair it with continuous attack surface monitoring and strong Asset Discovery to reduce blind spots.

Not always. Some datasets are old, incomplete, or derived from third parties. However, any exposure increases risk because credentials and personal data can be reused indefinitely. Treat it as a priority signal: rotate credentials, enforce MFA, review suspicious logins, and audit the systems that could have produced the data.

SynScan helps you connect the dots between attack surface exposure, vulnerabilities, and breach signals so you can prioritize remediation and reduce the chance of repeat incidents.