Breach Intelligence

2,841

Total breached databases

Redem 2022

Redem 2022

In approximately April 2022, the Nigerian gift card trading platform Redem (getredem.io) allegedly suffered a data breach. Reports suggest the incident exposed data belonging to approximately 26,000 members, including email addresses, full names, usernames, phone numbers, bank account information, geographic locations, and passwords stored as bcrypt hashes.
  • Date: Apr 2022
  • Domain: getredem.io
  • Threat Actor: LeakBase
  • Country: Nigeria
  • Category: E-commerce & Retail
  • Records Announced: 23,615
  • Source: getredem.io
  • Data: Email Addresses Passwords Names Phone Numbers Geographic Locations Usernames Bank Account Information IP Addresses Site Activity
  • Imported:
  • Records Imported: 232,692
  • Number of lines: 236,360
  • Size: 58.96 MB
  • Passwords: BCrypt
  • Cracked: 0%
Cryptomerchant.eu 2023

Cryptomerchant.eu 2023

Sometime before mid-2023, Cryptomerchant.eu allegedly suffered a data breach. Cryptomerchant.eu operated as a cryptocurrency payment processor and merchant gateway in Italy, allowing businesses to accept Bitcoin, Ethereum, and other cryptocurrencies. Reports suggest the breach exposed approximately 1,500 distinct individuals' records, including email addresses, bcrypt password hashes, names, phone numbers, geographic locations, usernames, IP addresses, birthdates, and company information.
  • Data: Email Addresses Passwords Names Phone Numbers Geographic Locations Usernames IP Addresses Site Activity Company Information Birthdates
  • Imported:
  • Records Imported: 8,706
  • Number of lines: 40,699
  • Size: 10.03 MB
  • Passwords: BCrypt
  • Cracked: 0%
K24tv.co.ke 2019

K24tv.co.ke 2019

In 2019, K24 TV (k24tv.co.ke) allegedly suffered a data breach. K24 TV is a Kenyan free-to-air television channel and news website operated by MediaMax Network Limited. Reports suggest approximately 125 records were exposed, including email addresses, usernames, names, geographic locations, websites, site activity, and PHPass-hashed passwords.
  • Date: 2019
  • Domain: k24tv.co.ke
  • Country: Kenya
  • Category: News & Media
  • Data: Email Addresses Passwords Names Geographic Locations Usernames Site Activity Websites
  • Imported:
  • Records Imported: 104
  • Number of lines: 76,010
  • Size: 28.74 MB
  • Passwords: PHPass
  • Cracked: 0%
Galactic Games 2021

Galactic Games 2021

In approximately March 2021, the UK-based e-commerce website Galactic Games (galacticgames.co.uk), a now-defunct retailer of new and pre-owned video games, allegedly suffered a data breach. Reports suggest the incident exposed approximately 50,000 user records, including full names, email addresses, phone numbers, IP addresses, and passwords stored as OpenCart hashes (SHA-1 salted and MD5).
  • Date: Mar 2021
  • Domain: galacticgames.co.uk
  • Country: United Kingdom
  • Category: Gaming
  • Records Announced: 50,120
  • Data: Email Addresses Passwords Names Phone Numbers Geographic Locations IP Addresses Site Activity
  • Imported:
  • Records Imported: 50,110
  • Number of lines: 50,170
  • Size: 9.05 MB
  • Passwords: MD5, SHA-1 Salted
  • Cracked: 0%
COWON America Forums (JetAudio) 2008

COWON America Forums (JetAudio) 2008

In November 2008, the COWON America (JetAudio) forum allegedly suffered a data breach exposing approximately 17,500 members. Reports suggest the compromised data included usernames, email addresses, dates of birth, IP addresses, and passwords stored as vBulletin hashes.
  • Data: Email Addresses Passwords Usernames IP Addresses Site Activity Social Profiles Websites Birthdates
  • Imported:
  • Records Imported: 17,546
  • Number of lines: 17,683
  • Size: 40.2 MB
  • Passwords: Hashed, vBulletin
  • Cracked: 0%
Redawning.com 2022

Redawning.com 2022

Sometime around September 2018, the U.S. vacation-rental platform RedAwning (redawning.com) allegedly suffered a data breach that was publicly disclosed on an underground forum in November 2022. The exposed Drupal database contained approximately 100,000 records covering registered users, newsletter subscribers, property inquiries and channel bookings. Reports suggest the compromised data included email addresses, hashed passwords (Drupal), full names, phone numbers, physical addresses, geographic locations, usernames, genders, account activity timestamps and language preferences.
  • Date: Sep 6, 2018
  • Domain: redawning.com
  • Country: United States
  • Category: Travel
  • Records Announced: 170,000
  • Data: Email Addresses Passwords Names Phone Numbers Geographic Locations Usernames Genders Site Activity Languages
  • Imported:
  • Records Imported: 155,899
  • Number of lines: 29,398,046
  • Size: 3.34 GB
  • Passwords: Drupal
  • Cracked: 0%
Hitaccount.net 2013

Hitaccount.net 2013

In 2013, the Turkish-language vBulletin community Hitaccount.net allegedly suffered a data breach. Reports suggest the site operated as a forum focused on online account exchange. It has been reported that approximately 7,200 users were exposed, including email addresses, usernames, MD5 salted passwords, IP addresses, birthdates, geographic locations, site activity, social profiles, and websites.
  • Data: Email Addresses Passwords Geographic Locations Usernames IP Addresses Site Activity Social Profiles Websites Birthdates
  • Imported:
  • Records Imported: 8,992
  • Number of lines: 1,288,167
  • Size: 170.43 MB
  • Passwords: MD5 Salted
  • Cracked: 19%

Frequently Asked Questions

A data breach is unauthorized access to data (often involving account takeover, malware, or misconfigured infrastructure). A data leak is exposure of data due to mistakes like public cloud storage, open databases, or accidental publishing. A database dump is a packaged dataset that may come from a breach, leak, scraping, or aggregation.

Change passwords for any affected accounts immediately, prioritizing email, banking, and any account that shares the same password. Enable multi-factor authentication wherever possible. Monitor your accounts for suspicious activity and consider placing a fraud alert or credit freeze if financial data was exposed.

Start with containment and verification: confirm what data was exposed, identify the entry point, rotate credentials (especially SSO, VPN, email), and enforce MFA. Then investigate affected systems, notify stakeholders as required, and harden controls to prevent recurrence. A structured incident response plan helps keep the work measurable and compliant.

Dark web monitoring helps you spot exposure signals early — before stolen data is widely reused for account takeover or targeted attacks. Monitoring complements vulnerability management by revealing when attackers already have leverage. Pair it with continuous attack surface monitoring and strong Asset Discovery to reduce blind spots.

Not always. Some datasets are old, incomplete, or derived from third parties. However, any exposure increases risk because credentials and personal data can be reused indefinitely. Treat it as a priority signal: rotate credentials, enforce MFA, review suspicious logins, and audit the systems that could have produced the data.

SynScan helps you connect the dots between attack surface exposure, vulnerabilities, and breach signals so you can prioritize remediation and reduce the chance of repeat incidents.