Breach Intelligence

2,850

Total breached databases

Youthmanual 2019

Youthmanual 2019

In January 2019, the Indonesian career website Youthmanual suffered a data breach. The attack led to the exposure of data including Full names, Email addresses, Dates of birth, Phone numbers and Passwords stored as SHA-1 hashes. In total, 1.1 million users were affected.
  • Data: Birthdates Email Addresses Names Passwords Phone Numbers
  • Imported:
  • Records Imported: 1,111,133
  • Number of lines: 1,126,829
  • Size: 740.42 MB
  • Passwords: SHA-1
  • Cracked: 97%

Naz.API 2023

In September 2023, over 100GB of stealer logs and credential stuffing lists titled "Naz.API" was posted to a popular hacking forum. The incident contained a combination of email address and plain text password pairs alongside the service they were entered into, and standalone credential pairs obtained from unnamed sources. In total, the corpus of data included 71M unique email addresses and 100M unique passwords.
  • Data: Email Addresses Passwords Usernames Websites
  • Imported:
  • Records Imported: 1,044,594,675
  • Number of lines: 1,213,250,346
  • Size: 83.13 GB
  • Passwords: Plaintext
Swvl 2020

Swvl 2020

In June 2020, the Egyptian bus operator Swvl suffered a data breach which impacted over 4 million members of the service. The exposed data included names, email addresses, phone numbers, profile photos, partial credit card data (type and last 4 digits) and passwords stored as bcrypt hashes, all of which was subsequently shared extensively throughout online hacking communities.
  • Data: Credit Card Information Email Addresses Names Passwords Phone Numbers Profile Photos
  • Imported:
  • Records Imported: 4,197,423
  • Number of lines: 4,197,423
  • Size: 4.91 GB
  • Passwords: BCrypt
  • Cracked: 15%
Livpure 2020

Livpure 2020

In August 2020, the Indian retailer Livpure suffered a data breach which exposed over 1 million customer purchases with 270 thousand unique email addresses. The data also included names, phone numbers, physical addresses and details of purchased items.
  • Data: Email Addresses Names Order Information Phone Numbers Physical Locations Salutations
  • Imported:
  • Records Imported: 1,004,936
  • Number of lines: 1,004,937
  • Size: 452.99 MB
  • Passwords: No
Jassume 2020

Jassume 2020

Sensitive
In approximately May 2020, the French dating site Jassume (jassume.com) suffered a data breach. The breach led to the exposure of data including Usernames, Email addresses, Dates of birth and Passwords stored in Plaintext. In total, 792k users were affected.
  • Date: May 2020
  • Domain: jassume.com
  • Country: France
  • Category: Dating
  • Records Announced: 792,208
  • Source: zataz.com
  • Data: Birthdates Email Addresses Passwords Usernames
  • Imported:
  • Records Imported: 689,824
  • Number of lines: 792,209
  • Size: 260.26 MB
  • Passwords: Plaintext
Santander.com.mx 2023

Santander.com.mx 2023

In early 2023, Banco Santander México, associated with the domain santander.com.mx, was reportedly affected by a data breach that surfaced in online forums. The incident involved approximately 6.9 million records. Among the compromised data were names, phone numbers, physical locations, and credit card information. The breach raised concerns about financial data security and the potential for fraud targeting affected individuals in Mexico.
  • Date: 2023
  • Domain: santander.com.mx
  • Country: Mexico
  • Category: Finance & Payments
  • Records Announced: 6,917,986
  • Data: Credit Card Information Names Phone Numbers Physical Locations
  • Imported:
  • Records Imported: 6,917,979
  • Number of lines: 6,917,986
  • Size: 1.22 GB
  • Passwords: No
Cutout.Pro 2024

Cutout.Pro 2024

In February 2024, the AI-powered visual design platform Cutout.Pro suffered a data breach that exposed 20M records. The data included email and IP addresses, names and salted MD5 password hashes which were subsequently broadly distributed on a popular hacking forum and Telegram channels.
  • Data: Email Addresses IP Addresses Names Passwords
  • Imported:
  • Records Imported: 41,403,988
  • Number of lines: 41,404,045
  • Size: 5.93 GB
  • Passwords: MD5 Salted
  • Cracked: 72%

Frequently Asked Questions

A data breach is unauthorized access to data (often involving account takeover, malware, or misconfigured infrastructure). A data leak is exposure of data due to mistakes like public cloud storage, open databases, or accidental publishing. A database dump is a packaged dataset that may come from a breach, leak, scraping, or aggregation.

Change passwords for any affected accounts immediately, prioritizing email, banking, and any account that shares the same password. Enable multi-factor authentication wherever possible. Monitor your accounts for suspicious activity and consider placing a fraud alert or credit freeze if financial data was exposed.

Start with containment and verification: confirm what data was exposed, identify the entry point, rotate credentials (especially SSO, VPN, email), and enforce MFA. Then investigate affected systems, notify stakeholders as required, and harden controls to prevent recurrence. A structured incident response plan helps keep the work measurable and compliant.

Dark web monitoring helps you spot exposure signals early — before stolen data is widely reused for account takeover or targeted attacks. Monitoring complements vulnerability management by revealing when attackers already have leverage. Pair it with continuous attack surface monitoring and strong Asset Discovery to reduce blind spots.

Not always. Some datasets are old, incomplete, or derived from third parties. However, any exposure increases risk because credentials and personal data can be reused indefinitely. Treat it as a priority signal: rotate credentials, enforce MFA, review suspicious logins, and audit the systems that could have produced the data.

SynScan helps you connect the dots between attack surface exposure, vulnerabilities, and breach signals so you can prioritize remediation and reduce the chance of repeat incidents.