Breach Intelligence

2,469

Total breached databases

Paxel.co 2020

Paxel.co 2020

In March 2020, Paxel, an e-commerce platform, suffered a data breach exposing approximately 852,306 rows of user data. The leaked information included names, usernames, phone numbers, emails (only about 18,000), passwords hashed with Bcrypt, genders, birth dates, and addresses. The breach also involved a full MongoDB dump, indicating a potentially severe compromise of sensitive customer data.
  • Data: Email Addresses Passwords Names Phone Numbers Physical Locations Usernames Genders Birthdates
  • Records: 109,536
  • Lines: 109,536
  • Size: 117.52 MB
  • Passwords: BCrypt
  • Cracked: 14%
Interbank 2024

Interbank 2024

Sensitive
On October 30, 2024, Interbank, a Peruvian financial services provider, experienced a data breach that exposed the sensitive information of over 3 million customers. Among the compromised data were names, DNI (National Identification Document) numbers, account IDs, birthdates, addresses, phone numbers, email addresses, passwords, IP addresses, genders, account balances, credit card numbers with CVV and expiry dates, and details of bank transactions.
  • Data: Balances Bank Account Information Birthdates Credit Card Information Email Addresses Genders Government IDs IP Addresses Names Nationalities Passwords Phone Numbers Physical Locations
  • Records: 49,768,237
  • Size: 32.4 GB
  • Passwords: Unknown

BlueSoleil 2024

In 2024, BlueSoleil.com, a Bluetooth software provider, experienced a data breach carried out by an attacker known as "alkoholic." The breach exposed approximately 463,786 records, including IDs, usernames, email addresses, hashed passwords, and other user-related data. The leaked information spans from 2009 to 2024, reflecting user data collected over the years.
  • Date: Aug 9, 2024
  • Domain: bluesoleil.com
  • Threat Actor: alkoholic
  • Category: Technology
  • Data: Email Addresses Passwords Usernames
  • Records: 467,299
  • Lines: 469,382
  • Size: 82.54 MB
  • Passwords: Unknown
International Institute of Financial Markets (IIFM Ltd) 2023

International Institute of Financial Markets (IIFM Ltd) 2023

In 2023, Pratham Institute, a non-profit organization in India focused on education and skills development for underserved communities, allegedly experienced a data breach. Reports suggest the breach exposed information on approximately 300,000 users. Among the compromised data were names, mobile numbers, email addresses, educational details, and school names. Passwords were stored as MD5 and bcrypt hashes.
  • Date: 2023
  • Domain: iifm.co.in
  • Country: India
  • Category: Education
  • Data: Email Addresses Passwords Names Phone Numbers IP Addresses Profile Photos Education Personal Information
  • Records: 928,717
  • Lines: 13,723,030
  • Size: 3.76 GB
  • Passwords: BCrypt, MD5
  • Cracked: 0%

ItsMyUrls 2016

Sometime before 2016, the social media aggregation service ItsMyUrls (itsmyurls.com) allegedly suffered a data breach. ItsMyUrls allowed users to collect their various social network and web profile links onto a single page. Reports suggest that approximately 156 thousand records were exposed, including email addresses, usernames, names, IP addresses, genders, geographic locations, bios and SHA-1 and SHA-512 password hashes.
  • Data: Email Addresses Names Geographic Locations Usernames Genders IP Addresses Websites Bios
  • Records: 168,741
  • Lines: 168,741
  • Size: 132.33 MB
  • Passwords: SHA-1, SHA-512
  • Cracked: 0%
Kitchen Arena 2024

Kitchen Arena 2024

In January 2016, Kitchen Arena, a platform specializing in kitchen equipment and supplies, allegedly suffered a data breach. Reports suggest that the breach exposed approximately 61,806 lines of data. Some of the leaked data includes email addresses, phone numbers, physical locations, names, birthdates, genders, tax IDs, company information, site activity, and order information.
  • Data: Email Addresses Names Phone Numbers Physical Locations Order Information Genders Site Activity Tax IDs Company Information Birthdates
  • Records: 61,804
  • Lines: 72,460
  • Size: 11.83 MB
  • Passwords: No
Sharan-India 2024

Sharan-India 2024

In November 2024, Sharan-India, a prominent Indian health company, experienced a data breach affecting 240,000 users. The breach was carried out by users IntelBroker and EnergyWeaponUser. Compromised data includes a variety of personal and contact information such as names, addresses, phone numbers, company affiliations, email addresses, and usernames. Sharan-India is a known entity providing health-related services in India.
  • Date: Nov 2024
  • Domain: sharan-india.org
  • Threat Actor: IntelBroker, EnergyWeaponUser
  • Country: India
  • Category: Healthcare
  • Data: Email Addresses Names Phone Numbers Physical Locations Geographic Locations Usernames Job Information Personal Information
  • Records: 117,667
  • Lines: 290,950
  • Size: 26.73 MB
  • Passwords: No

Frequently Asked Questions

A data breach is unauthorized access to data (often involving account takeover, malware, or misconfigured infrastructure). A data leak is exposure of data due to mistakes like public cloud storage, open databases, or accidental publishing. A database dump is a packaged dataset that may come from a breach, leak, scraping, or aggregation.

Change passwords for any affected accounts immediately, prioritizing email, banking, and any account that shares the same password. Enable multi-factor authentication wherever possible. Monitor your accounts for suspicious activity and consider placing a fraud alert or credit freeze if financial data was exposed.

Start with containment and verification: confirm what data was exposed, identify the entry point, rotate credentials (especially SSO, VPN, email), and enforce MFA. Then investigate affected systems, notify stakeholders as required, and harden controls to prevent recurrence. A structured incident response plan helps keep the work measurable and compliant.

Dark web monitoring helps you spot exposure signals early — before stolen data is widely reused for account takeover or targeted attacks. Monitoring complements vulnerability management by revealing when attackers already have leverage. Pair it with continuous attack surface monitoring and strong Asset Discovery to reduce blind spots.

Not always. Some datasets are old, incomplete, or derived from third parties. However, any exposure increases risk because credentials and personal data can be reused indefinitely. Treat it as a priority signal: rotate credentials, enforce MFA, review suspicious logins, and audit the systems that could have produced the data.

SynScan helps you connect the dots between attack surface exposure, vulnerabilities, and breach signals so you can prioritize remediation and reduce the chance of repeat incidents.