Breach Intelligence

2,852

Total breached databases

Daily Quiz 2021

In January 2021, the quiz website Daily Quiz suffered a data breach that exposed over 8 million unique email addresses. The data also included usernames, IP addresses and passwords stored in plain text.
  • Data: Email Addresses IP Addresses Passwords Usernames
  • Records: 12,728,899
  • Lines: 12,866,799
  • Size: 1.06 GB
  • Passwords: Plaintext

GameSprite Forums 2019

In December 2019 the popular gaming platform "GameSprite" was breached. The website was breached through the "discuz! forum" admin panel along with several other gaming websites during a string of pivots from the animegame.me server. The breach of the website impacted over 7 million users and exposed email addresses, usernames and salted MD5 passwords.
  • Data: Email Addresses Passwords Usernames
  • Records: 7,096,252
  • Lines: 7,097,177
  • Size: 1.21 GB
  • Passwords: vBulletin
  • Cracked: 66%
Peruvian Taxpayers 2024

Peruvian Taxpayers 2024

In early 2024, a database containing information on Peruvian taxpayers was allegedly leaked online. The breach reportedly exposed over 13 million company records. Among the compromised data were company names, physical locations, and tax identification numbers.
  • Date: 2024
  • Country: Peru
  • Category: Government
  • Data: Company Information Physical Locations Tax IDs
  • Records: 13,063,781
  • Lines: 13,063,782
  • Size: 1.32 GB
  • Passwords: No
piZap 2017

piZap 2017

In approximately December 2017, the online photo editing site piZap suffered a data breach. The data was later placed up for sale on a dark web marketplace along with a collection of other data breaches in February 2019. A total of 42 million unique email addresses were included in the breach alongside names, genders and links to Facebook profiles when the social media platform was used to authenticate to piZap. When accounts were created directly on piZap without using Facebook for authentication, passwords stored as SHA-1 hashes were also exposed.
  • Data: Email Addresses Genders Geographic Locations Names Passwords Site Activity Social Profiles Usernames
  • Records: 3,094,068
  • Lines: 3,094,068
  • Size: 981.11 MB
  • Passwords: SHA-1
  • Cracked: 0%
Ecuador citizens 2010

Ecuador citizens 2010

In 2010, a data leak in Ecuador exposed government-related information, reportedly affecting individuals across the country. The dataset contained over 12 million records, including personal information such as names, government identification numbers, and birthdates.
  • Date: 2010
  • Country: Ecuador
  • Category: Government
  • Data: Names Government IDs Birthdates
  • Records: 12,756,812
  • Lines: 12,756,813
  • Size: 1.29 GB
  • Passwords: No

Manga Traders 2014

In June 2014, the Manga trading website Mangatraders.com had the usernames and passwords of over 900k users leaked on the internet (approximately 855k of the emails were unique). The passwords were weakly hashed with a single iteration of MD5 leaving them vulnerable to being easily cracked.
  • Data: Email Addresses Passwords
  • Records: 409,273
  • Lines: 409,274
  • Size: 21.96 MB
  • Passwords: MD5
  • Cracked: 100%
500px 2018

500px 2018

In mid-2018, the online photography community 500px suffered a data breach. The incident exposed almost 15 million unique email addresses alongside names, usernames, genders, dates of birth and either an MD5 or bcrypt password hash. In 2019, the data appeared listed for sale on a dark web marketplace (along with several other large breaches) and subsequently began circulating more broadly.
  • Data: Birthdates Email Addresses Genders Geographic Locations Names Passwords Usernames
  • Records: 14,870,273
  • Lines: 14,870,311
  • Size: 4.8 GB
  • Passwords: BCrypt, MD5
  • Cracked: 0%

Frequently Asked Questions

A data breach is unauthorized access to data (often involving account takeover, malware, or misconfigured infrastructure). A data leak is exposure of data due to mistakes like public cloud storage, open databases, or accidental publishing. A database dump is a packaged dataset that may come from a breach, leak, scraping, or aggregation.

Change passwords for any affected accounts immediately, prioritizing email, banking, and any account that shares the same password. Enable multi-factor authentication wherever possible. Monitor your accounts for suspicious activity and consider placing a fraud alert or credit freeze if financial data was exposed.

Start with containment and verification: confirm what data was exposed, identify the entry point, rotate credentials (especially SSO, VPN, email), and enforce MFA. Then investigate affected systems, notify stakeholders as required, and harden controls to prevent recurrence. A structured incident response plan helps keep the work measurable and compliant.

Dark web monitoring helps you spot exposure signals early — before stolen data is widely reused for account takeover or targeted attacks. Monitoring complements vulnerability management by revealing when attackers already have leverage. Pair it with continuous attack surface monitoring and strong Asset Discovery to reduce blind spots.

Not always. Some datasets are old, incomplete, or derived from third parties. However, any exposure increases risk because credentials and personal data can be reused indefinitely. Treat it as a priority signal: rotate credentials, enforce MFA, review suspicious logins, and audit the systems that could have produced the data.

SynScan helps you connect the dots between attack surface exposure, vulnerabilities, and breach signals so you can prioritize remediation and reduce the chance of repeat incidents.