Breach Intelligence

2,852

Total breached databases

Lalafo Scrape 2023

Lalafo Scrape 2023

In June 2023, Lalafo.kg, an e-commerce platform providing online marketplace services in Kyrgyzstan, experienced a data breach. Reports indicate that the breach exposed approximately 9.5 million lines of data. Among the compromised information were usernames, email addresses, phone numbers, and social profile details.
  • Date: Jun 2023
  • Domain: lalafo.kg
  • Country: Kyrgyzstan
  • Category: E-commerce & Retail
  • Data: Email Addresses Phone Numbers Usernames Social Profiles
  • Records: 9,518,194
  • Lines: 9,518,194
  • Size: 4.03 GB
  • Passwords: No
Factual 2017

Factual 2017

In March 2017, Factual, a data aggregation company, allegedly suffered a data breach involving a file containing 8 million rows of data. The dataset reportedly included 2.5 million unique email addresses, along with business names, physical addresses, and phone numbers.
  • Data: Company Information Email Addresses Phone Numbers Physical Locations
  • Records: 7,975,106
  • Lines: 7,975,107
  • Size: 1.11 GB
  • Passwords: No
TSA NoFly List 2023

TSA NoFly List 2023

Sensitive
The No Fly List is a small subset of the U.S. government Terrorist Screening Database (also known as the terrorist watchlist) that contains the identity information of known or suspected terrorists. This database is maintained by the FBIs Terrorist Screening Center. On January 19, 2023, Swiss hacker "maia arson crimew" reported that she had gained access to 2019 versions of the No Fly List stored by CommuteAir on an unsecured cloud server. The leak led to the exposure of data including Full names and Dates of Birth. In total, 1.8 million people were affected. Full credit for this hack goes to "maia arson crimew".
  • Date: 2023
  • Domain: commuteair.com
  • Threat Actor: maia arson crimew
  • Country: United States
  • Category: Government
  • Source: crimew.gay
  • Data: Birthdates Names
  • Records: 1,817,231
  • Lines: 1,817,233
  • Size: 86.73 MB
  • Passwords: No

Spacetime Studios (STS) 2021

In April 2021, Spacetime Studios, a company renowned for developing popular online multiplayer games, experienced a data breach. Reports indicate that approximately 8 million records were compromised. Among the leaked information were email addresses, names, and bcrypt-hashed passwords.
  • Data: Email Addresses Passwords Names
  • Records: 7,796,334
  • Lines: 7,796,335
  • Size: 2.48 GB
  • Passwords: BCrypt
  • Cracked: 3%
Qzaem 2024

Qzaem 2024

In 2024, Qzaem, a Russian online service that helps users find suitable personal loans by acting as an intermediary between applicants and financial institutions, reportedly experienced a data leak. The breach exposed 7,615,140 records containing sensitive personal and financial information, primarily affecting Russian users. Among the compromised data were names, email addresses, passwords, birthdates, physical addresses, IP addresses, and payment details, including bank and credit card information.
  • Date: Oct 6, 2023
  • Domain: qzaem.ru
  • Country: Russia
  • Category: Finance & Payments
  • Data: Email Addresses Passwords Names Geographic Locations Genders Payment Information Credit Card Information Bank Account Information IP Addresses Birthdates
  • Records: 7,615,131
  • Lines: 7,615,138
  • Size: 12.91 GB
  • Passwords: MD5
  • Cracked: 0%
FashionFantasyGame 2016

FashionFantasyGame 2016

In late 2016, the fashion gaming website Fashion Fantasy Game suffered a data breach. The incident exposed 2.3 million unique user accounts and corresponding MD5 password hashes with no salt.
  • Data: Email Addresses Passwords
  • Records: 2,447,297
  • Lines: 2,447,297
  • Size: 132.67 MB
  • Passwords: MD5
  • Cracked: 0%
Robinhood 2021

Robinhood 2021

In November 2021, the online trading platform Robinhood suffered a data breach after a customer service representative was socially engineered. The incident exposed over 5M customer email addresses and 2M customer names.
  • Data: Email Addresses
  • Records: 7,732,242
  • Lines: 7,732,243
  • Size: 443.23 MB
  • Passwords: No

Frequently Asked Questions

A data breach is unauthorized access to data (often involving account takeover, malware, or misconfigured infrastructure). A data leak is exposure of data due to mistakes like public cloud storage, open databases, or accidental publishing. A database dump is a packaged dataset that may come from a breach, leak, scraping, or aggregation.

Change passwords for any affected accounts immediately, prioritizing email, banking, and any account that shares the same password. Enable multi-factor authentication wherever possible. Monitor your accounts for suspicious activity and consider placing a fraud alert or credit freeze if financial data was exposed.

Start with containment and verification: confirm what data was exposed, identify the entry point, rotate credentials (especially SSO, VPN, email), and enforce MFA. Then investigate affected systems, notify stakeholders as required, and harden controls to prevent recurrence. A structured incident response plan helps keep the work measurable and compliant.

Dark web monitoring helps you spot exposure signals early — before stolen data is widely reused for account takeover or targeted attacks. Monitoring complements vulnerability management by revealing when attackers already have leverage. Pair it with continuous attack surface monitoring and strong Asset Discovery to reduce blind spots.

Not always. Some datasets are old, incomplete, or derived from third parties. However, any exposure increases risk because credentials and personal data can be reused indefinitely. Treat it as a priority signal: rotate credentials, enforce MFA, review suspicious logins, and audit the systems that could have produced the data.

SynScan helps you connect the dots between attack surface exposure, vulnerabilities, and breach signals so you can prioritize remediation and reduce the chance of repeat incidents.