Breach Intelligence

2,855

Total breached databases

Ongab 2019

Ongab 2019

In 2019 the Russian gaming website Ongab.ru suffered a data breach exposing aproximately 250,000 users data. Please note these are approximations from what I could find in the files provided by @ROLLEX313.
  • Data: Bios Email Addresses Passwords Site Activity Social Profiles Usernames
  • Imported:
  • Records Imported: 101,191
  • Number of lines: 285,394
  • Size: 61.47 MB
  • Passwords: MD5
  • Cracked: 92%

iMesh 2013

In September 2013, the media and file sharing client known as iMesh was hacked and approximately 50M accounts were exposed. The data was later put up for sale on a dark market website in mid-2016 and included email and IP addresses, usernames and salted MD5 hashes.
  • Data: Email Addresses IP Addresses Passwords Usernames
  • Imported:
  • Records Imported: 9,804,480
  • Number of lines: 9,804,510
  • Size: 823.95 MB
  • Passwords: vBulletin
  • Cracked: 100%
Minecraft Resolver 2015

Minecraft Resolver 2015

In December 2015, Minecraft Resolver, a platform used to look up Minecraft usernames and their associated IP addresses, experienced a major data breach. The incident exposed over 13 million records. While the breach did not include passwords or email addresses, the leaked data included Minecraft usernames and IP addresses, making player identities and geographic information vulnerable to misuse such as privacy violations, targeted attacks, or doxxing.
  • Data: IP Addresses Usernames
  • Imported:
  • Records Imported: 13,028,000
  • Number of lines: 13,080,236
  • Size: 451.49 MB
  • Passwords: No
Acuity 2019

Acuity 2019

In 2019, the insurance company acuity suffered a data breach that exposed 241.8M. The data was published in raidforums by "Crazyoldfart" in 2021. The data contains US household and personal information, including Full names, Addresses, Phone numbers, Occupations, Ethnicities and more. The "data dictionary" is also included in the archive and it details what each field of the data stands for. Some samples are provided in the Spoiler below, so you can see what you are getting.
  • Data: Ethnicities Job Information Names Phone Numbers Physical Locations
  • Imported:
  • Records Imported: 241,767,915
  • Number of lines: 241,767,916
  • Size: 63.68 GB
  • Passwords: No
SevenRooms 2022

SevenRooms 2022

In December 2022, over 400GB of data belonging to restaurant customer management platform SevenRooms was posted for sale to a popular hacking forum. The data included 1.2M unique email addresses alongside names and purchases. SevenRooms advised that the breach was due to unauthorised access of "a file transfer interface of a third-party vendor".
  • Data: Email Addresses Names Order Information
  • Imported:
  • Records Imported: 1,201,992
  • Number of lines: 1,205,433
  • Size: 744.21 MB
  • Passwords: No

PSX-Scene 2015

In approximately February 2015, PSX-Scene, a Sony PlayStation forum, allegedly suffered a data breach that exposed more than 340,000 accounts. The vBulletin-based platform reportedly leaked IP addresses and passwords stored as salted hashes, though the weak implementation allowed many of them to be quickly cracked.
  • Data: Email Addresses IP Addresses Passwords Usernames
  • Imported:
  • Records Imported: 364,934
  • Number of lines: 365,064
  • Size: 740.27 MB
  • Passwords: vBulletin
  • Cracked: 33%
Houzz 2018

Houzz 2018

In mid-2018, the housing design website Houzz suffered a data breach. The company learned of the incident later that year then disclosed it to impacted members in February 2019. Almost 49 million unique email addresses were in the breach alongside names, IP addresses, geographic locations and either salted hashes of passwords or links to social media profiles used to authenticate to the service.
  • Data: Email Addresses Geographic Locations IP Addresses Names Passwords Social Profiles Usernames
  • Imported:
  • Records Imported: 51,733,978
  • Number of lines: 55,296,108
  • Size: 23.08 GB
  • Passwords: SHA-512 Salted
  • Cracked: 28%

Frequently Asked Questions

A data breach is unauthorized access to data (often involving account takeover, malware, or misconfigured infrastructure). A data leak is exposure of data due to mistakes like public cloud storage, open databases, or accidental publishing. A database dump is a packaged dataset that may come from a breach, leak, scraping, or aggregation.

Change passwords for any affected accounts immediately, prioritizing email, banking, and any account that shares the same password. Enable multi-factor authentication wherever possible. Monitor your accounts for suspicious activity and consider placing a fraud alert or credit freeze if financial data was exposed.

Start with containment and verification: confirm what data was exposed, identify the entry point, rotate credentials (especially SSO, VPN, email), and enforce MFA. Then investigate affected systems, notify stakeholders as required, and harden controls to prevent recurrence. A structured incident response plan helps keep the work measurable and compliant.

Dark web monitoring helps you spot exposure signals early — before stolen data is widely reused for account takeover or targeted attacks. Monitoring complements vulnerability management by revealing when attackers already have leverage. Pair it with continuous attack surface monitoring and strong Asset Discovery to reduce blind spots.

Not always. Some datasets are old, incomplete, or derived from third parties. However, any exposure increases risk because credentials and personal data can be reused indefinitely. Treat it as a priority signal: rotate credentials, enforce MFA, review suspicious logins, and audit the systems that could have produced the data.

SynScan helps you connect the dots between attack surface exposure, vulnerabilities, and breach signals so you can prioritize remediation and reduce the chance of repeat incidents.