Breach Intelligence

2,855

Total breached databases

Socket.io

Socket.io

Socket.io is an open-source JavaScript library for real-time web communication. The dataset associated with this entry is a synthetic demo JSON file bundled with socket.io tutorial examples, containing entirely fictitious user records. It allegedly exposes approximately 3,956 fabricated records, including fictional email addresses, phone numbers, usernames, genders, company names, geographic locations, and account creation dates. No real user data is believed to be involved.
  • Data: Email Addresses Phone Numbers Geographic Locations Usernames Genders Site Activity Company Information
  • Imported:
  • Records Imported: 2,500
  • Number of lines: 174,066
  • Size: 5.88 MB
  • Passwords: No
Dearmentor.com 2020

Dearmentor.com 2020

In 2020, the study-abroad mentorship platform DearMentor (dearmentor.com) allegedly suffered a data breach. DearMentor is a service that connects students with mentors at overseas universities to assist with applications. Reports suggest approximately 9,000 individuals were affected. The exposed data allegedly included email addresses, MD5-hashed passwords, names, phone numbers, usernames, geographic locations, social profiles, and site activity details.
  • Data: Email Addresses Passwords Names Phone Numbers Geographic Locations Usernames Site Activity Social Profiles
  • Imported:
  • Records Imported: 11,749
  • Number of lines: 484,972
  • Size: 14.5 MB
  • Passwords: MD5
  • Cracked: 0%
Venezuela Army 2024

Venezuela Army 2024

In July 2024, the website of the Venezuelan Army (ejercito.mil.ve), the land warfare branch of Venezuela's national armed forces, allegedly suffered a data breach. Reports suggest the internal database of the server was accessed and extracted, exposing approximately 180,000 individuals across military and government personnel records. It has been reported that the compromised data included full names, email addresses, usernames, plaintext passwords, dates of birth, genders, government-issued identification numbers, physical and geographic locations, and job information.
  • Date: Jul 30, 2024
  • Domain: ejercito.mil.ve
  • Threat Actor: @ctf & @Valerie
  • Country: Venezuela
  • Category: Government
  • Records Announced: 1,000,000
  • Source: breached.hn
  • Data: Email Addresses Passwords Names Physical Locations Geographic Locations Usernames Government IDs Genders Site Activity Job Information Birthdates
  • Imported:
  • Records Imported: 784,795
  • Number of lines: 785,042
  • Size: 258.75 MB
  • Passwords: MD5
  • Cracked: 437%
Rajabets.com 2021

Rajabets.com 2021

In 2021, Rajabets allegedly suffered a data breach affecting its online casino and sports betting platform targeting users in India. Reports suggest approximately 38,000 records were exposed, including email addresses, names, usernames, phone numbers, and geographic locations.
  • Data: Email Addresses Names Phone Numbers Geographic Locations Usernames
  • Imported:
  • Records Imported: 36,500
  • Number of lines: 38,676
  • Size: 8.36 MB
  • Passwords: No

Pally.live 2020

In April 2020, the live video streaming and strangers-chat social app Pally Live (pally.live) allegedly suffered a data breach. It has been reported that an exposed database compromised the records of approximately 950,000 users. The leaked data reportedly included email addresses, usernames, names, phone numbers, genders, birthdates, geographic locations, profile photos and websites. No passwords were exposed.
  • Date: Apr 2020
  • Domain: pally.live
  • Category: Social Media & Communication
  • Data: Email Addresses Names Phone Numbers Geographic Locations Usernames Genders Profile Photos Websites Birthdates
  • Imported:
  • Records Imported: 1,104,947
  • Number of lines: 1,212,541
  • Size: 436.93 MB
  • Passwords: No
United Nations Delegates 2024

United Nations Delegates 2024

Sometime before 2024, data associated with United Nations delegates was allegedly leaked by a threat actor known as natohub. The United Nations is an intergovernmental organization headquartered in New York, serving as a global platform for international cooperation and diplomacy among 193 member states. Reports suggest the breach exposed data from three internal UN databases, corresponding to approximately 24,500 individuals including UN staff, accredited delegates, and conference participants. Among the compromised data were names, email addresses, usernames, phone numbers, physical locations, organizational affiliations, and gender information.
  • Date: 2024
  • Domain: un.org
  • Threat Actor: natohub
  • Category: Government
  • Records Announced: 24,529
  • Source: breached.hn
  • Data: Email Addresses Names Phone Numbers Physical Locations Usernames Genders Site Activity Company Information
  • Imported:
  • Records Imported: 23,000
  • Number of lines: 24,529
  • Size: 2.99 MB
  • Passwords: No
Instituto Nacional de Prevención, salud y seguridad laborales 2024

Instituto Nacional de Prevención, salud y seguridad laborales 2024

In July 2024, the Venezuelan "Instituto Nacional de Prevención, Salud y Seguridad Laborales" (INPSASEL), accessible at inpsasel.gob.ve, experienced a data breach. The breach, reportedly carried out by a user identified as "ctf," exposed the personal data of approximately 1,356 individuals. Among the compromised information were names, genders, birthdates, government IDs, phone numbers, email addresses, physical locations, marital statuses, job information, and education details.
  • Date: Jul 2024
  • Domain: inpsasel.gob.ve
  • Threat Actor: ctf
  • Country: Venezuela
  • Category: Government
  • Records Announced: 1,356
  • Source: breached.hn
  • Data: Email Addresses Names Phone Numbers Physical Locations Geographic Locations Usernames Government IDs Marital Statuses Relationship Statuses Genders Site Activity Job Information Company Information Birthdates Education
  • Imported:
  • Number of lines: 954
  • Size: 248.65 KB
  • Passwords: No

Frequently Asked Questions

A data breach is unauthorized access to data (often involving account takeover, malware, or misconfigured infrastructure). A data leak is exposure of data due to mistakes like public cloud storage, open databases, or accidental publishing. A database dump is a packaged dataset that may come from a breach, leak, scraping, or aggregation.

Change passwords for any affected accounts immediately, prioritizing email, banking, and any account that shares the same password. Enable multi-factor authentication wherever possible. Monitor your accounts for suspicious activity and consider placing a fraud alert or credit freeze if financial data was exposed.

Start with containment and verification: confirm what data was exposed, identify the entry point, rotate credentials (especially SSO, VPN, email), and enforce MFA. Then investigate affected systems, notify stakeholders as required, and harden controls to prevent recurrence. A structured incident response plan helps keep the work measurable and compliant.

Dark web monitoring helps you spot exposure signals early — before stolen data is widely reused for account takeover or targeted attacks. Monitoring complements vulnerability management by revealing when attackers already have leverage. Pair it with continuous attack surface monitoring and strong Asset Discovery to reduce blind spots.

Not always. Some datasets are old, incomplete, or derived from third parties. However, any exposure increases risk because credentials and personal data can be reused indefinitely. Treat it as a priority signal: rotate credentials, enforce MFA, review suspicious logins, and audit the systems that could have produced the data.

SynScan helps you connect the dots between attack surface exposure, vulnerabilities, and breach signals so you can prioritize remediation and reduce the chance of repeat incidents.