Breach Intelligence

2,850

Total breached databases

Avast 2014

Avast 2014

In May 2014, the Avast anti-virus forum was hacked and 423k member records were exposed. The Simple Machines Based forum included usernames, emails and password hashes.
  • Data: Email Addresses Passwords Usernames
  • Imported:
  • Records Imported: 422,985
  • Number of lines: 422,986
  • Size: 56.88 MB
  • Passwords: SMF
  • Cracked: 75%
ProctorU 2020

ProctorU 2020

In June 2020, the online exam service ProctorU suffered a data breach which was subsequently shared extensively across online hacking communities. The breach contained 444k user records including names, email and physical addresses, phones numbers and passwords stored as bcrypt hashes.
  • Data: Email Addresses Names Passwords Phone Numbers Physical Locations Usernames
  • Imported:
  • Records Imported: 444,275
  • Number of lines: 444,630
  • Size: 260.65 MB
  • Passwords: BCrypt
  • Cracked: 32%

Unigame 2019

In approximately December 2019, the Gaming website Unigame (Now defunct) suffered a data breach that impacted 851k users. The leak led to the exposure of data including Email addresses and Passwords stored as Salted MD5 hashes. The website was breached by @donjuji.
  • Data: Email Addresses Passwords Site Activity
  • Imported:
  • Records Imported: 851,334
  • Number of lines: 851,496
  • Size: 97.73 MB
  • Passwords: vBulletin
  • Cracked: 85%

Onliner Spambot 2017

In August 2017, a spambot by the name of Onliner Spambot was identified by security researcher Benkow moʞuƎq. The malicious software contained a server-based component located on an IP address in the Netherlands which exposed a large number of files containing personal information. In total, there were 711 million unique email addresses, many of which were also accompanied by corresponding passwords. A full write-up on what data was found is in the blog post titled Inside the Massive 711 Million Record Onliner Spambot Dump.
  • Data: Email Addresses Passwords
  • Imported:
  • Records Imported: 368,620,540
  • Number of lines: 370,441,528
  • Size: 8.68 GB
  • Passwords: Unknown
Serasa Experian 2020

Serasa Experian 2020

At the end of 2020, the credit analysis company known as Serasa Experian had its data leaked online. The breach included CPF Numbers, Full names, Genders and Dates of birth. In total, 223 million users were affected. A hacker known as JBR was the one who initially posted the file.
  • Data: Birthdates Genders Names Tax IDs
  • Imported:
  • Records Imported: 223,739,215
  • Number of lines: 223,739,216
  • Size: 13.11 GB
  • Passwords: No
Blooms Today 2023

Blooms Today 2023

In April 2024, 15M records from the online florist Blooms Today were listed for sale on a popular hacking forum. The most recent data in the breach corpus was from November 2023 and appeared alongside 3.2M unique email addresses, names, phone numbers physical addresses and partial credit card data (card type, 4 digits of the number and expiry date). The breach did not expose sufficient card data to make purchases. Blooms Today did not respond when contacted about the incident.
  • Data: Credit Card Information Email Addresses Names Phone Numbers Physical Locations
  • Imported:
  • Records Imported: 15,386,910
  • Number of lines: 15,386,994
  • Size: 3.01 GB
  • Passwords: No

Trello Scraped Data 2024

In January 2024, data was scraped from Trello and posted for sale on a popular hacking forum. Containing over 15M email addresses, names and usernames, the data was obtained by enumerating a publicly accessible resource using email addresses from previous breach corpuses. Trello advised that no unauthorised access had occurred.
  • Data: Email Addresses Names Usernames
  • Imported:
  • Records Imported: 15,182,079
  • Number of lines: 15,182,079
  • Size: 21.2 GB
  • Passwords: No

Frequently Asked Questions

A data breach is unauthorized access to data (often involving account takeover, malware, or misconfigured infrastructure). A data leak is exposure of data due to mistakes like public cloud storage, open databases, or accidental publishing. A database dump is a packaged dataset that may come from a breach, leak, scraping, or aggregation.

Change passwords for any affected accounts immediately, prioritizing email, banking, and any account that shares the same password. Enable multi-factor authentication wherever possible. Monitor your accounts for suspicious activity and consider placing a fraud alert or credit freeze if financial data was exposed.

Start with containment and verification: confirm what data was exposed, identify the entry point, rotate credentials (especially SSO, VPN, email), and enforce MFA. Then investigate affected systems, notify stakeholders as required, and harden controls to prevent recurrence. A structured incident response plan helps keep the work measurable and compliant.

Dark web monitoring helps you spot exposure signals early — before stolen data is widely reused for account takeover or targeted attacks. Monitoring complements vulnerability management by revealing when attackers already have leverage. Pair it with continuous attack surface monitoring and strong Asset Discovery to reduce blind spots.

Not always. Some datasets are old, incomplete, or derived from third parties. However, any exposure increases risk because credentials and personal data can be reused indefinitely. Treat it as a priority signal: rotate credentials, enforce MFA, review suspicious logins, and audit the systems that could have produced the data.

SynScan helps you connect the dots between attack surface exposure, vulnerabilities, and breach signals so you can prioritize remediation and reduce the chance of repeat incidents.