Breach Intelligence

2,855

Total breached databases

Just Date 2016

Just Date 2016

Sensitive
In September 2016, reports of an alleged breach of the dating website Justdate.com began circulating. The breach reportedly affected over 24 million users, though some sources suggest the data may have been fabricated. Among the compromised information were email addresses, names, dates of birth, and physical locations.
  • Data: Birthdates Email Addresses Geographic Locations Names
  • Imported:
  • Records Imported: 24,584,765
  • Number of lines: 24,551,071
  • Size: 1.52 GB
  • Passwords: No
Big Basket 2020

Big Basket 2020

In October 2020, the Indian grocery platform bigbasket suffered a data breach that exposed over 20 million customer records. The data was originally sold before being leaked publicly in April the following year and included email, IP and physical addresses, names, phones numbers, dates of birth passwords stored as Django(SHA-1) hashes.
  • Data: Birthdates Email Addresses IP Addresses Names Passwords Phone Numbers Physical Locations
  • Imported:
  • Records Imported: 21,450,278
  • Number of lines: 21,450,447
  • Size: 14.33 GB
  • Passwords: SHA-1
  • Cracked: 61%
Dymocks 2023

Dymocks 2023

In September 2023, the Australian book retailer Dymocks announced a data breach. The data dated back to June 2023 and contained 1.2M records with 836k unique email addresses. The breach also exposed names, dates of birth, genders, phone numbers and physical addresses.
  • Data: Birthdates Email Addresses Genders Names Phone Numbers Physical Locations
  • Imported:
  • Records Imported: 1,243,745
  • Number of lines: 1,243,746
  • Size: 149.03 MB
  • Passwords: No
Famm 2020

Famm 2020

In late 2020, the Japanese family photos website Famm suffered a data breach that subsequently exposed 1.3M customer records, including 535k unique email addresses. Impacted data also included names, dates of birth, genders and passwords stored as SHA-256 hashes.
  • Data: Birthdates Email Addresses Genders Names Passwords
  • Imported:
  • Records Imported: 1,429,139
  • Number of lines: 1,429,212
  • Size: 303.47 MB
  • Passwords: SHA-256
  • Cracked: 94%

Learnable 2020

In June 2020, the Learning platform owned by SitePoint called Learnable suffered a data breach that impacted 1 Million Users. The breach included Email addresses, Usernames, Full names, IP addresses and Passwords stored as bcrypt hashes. The website was breached by @ShinyHunters.
  • Data: Email Addresses IP Addresses Names Passwords Usernames
  • Imported:
  • Records Imported: 1,020,939
  • Number of lines: 1,020,959
  • Size: 511.46 MB
  • Passwords: BCrypt
  • Cracked: 19%
nflrush.com 2014

nflrush.com 2014

In 2014, a data breach occurred on nflrush.com, a gaming platform operated by the National Football League (NFL), exposing approximately 652,650 user records. The compromised data included names, email addresses, usernames, genders, birthdates, and passwords hashed using the MD5 algorithm.
  • Data: Birthdates Email Addresses Genders Passwords Site Activity Usernames
  • Imported:
  • Records Imported: 652,651
  • Number of lines: 652,674
  • Size: 142.21 MB
  • Passwords: MD5
  • Cracked: 100%
Cracked.to 2019

Cracked.to 2019

In July 2019, Cracked.to, a hacking website, allegedly suffered a data breach affecting its MyBB-based forum. A rival hacking site claimed responsibility for the incident, which reportedly exposed 749,000 unique email addresses across 321,000 forum users and other database tables. Among the compromised data were usernames, email addresses, IP addresses, private messages, and passwords stored as bcrypt hashes.
  • Data: Email Addresses IP Addresses Messages Passwords Usernames
  • Imported:
  • Records Imported: 822,354
  • Number of lines: 6,140,886
  • Size: 1.97 GB
  • Passwords: MyBB
  • Cracked: 10%

Frequently Asked Questions

A data breach is unauthorized access to data (often involving account takeover, malware, or misconfigured infrastructure). A data leak is exposure of data due to mistakes like public cloud storage, open databases, or accidental publishing. A database dump is a packaged dataset that may come from a breach, leak, scraping, or aggregation.

Change passwords for any affected accounts immediately, prioritizing email, banking, and any account that shares the same password. Enable multi-factor authentication wherever possible. Monitor your accounts for suspicious activity and consider placing a fraud alert or credit freeze if financial data was exposed.

Start with containment and verification: confirm what data was exposed, identify the entry point, rotate credentials (especially SSO, VPN, email), and enforce MFA. Then investigate affected systems, notify stakeholders as required, and harden controls to prevent recurrence. A structured incident response plan helps keep the work measurable and compliant.

Dark web monitoring helps you spot exposure signals early — before stolen data is widely reused for account takeover or targeted attacks. Monitoring complements vulnerability management by revealing when attackers already have leverage. Pair it with continuous attack surface monitoring and strong Asset Discovery to reduce blind spots.

Not always. Some datasets are old, incomplete, or derived from third parties. However, any exposure increases risk because credentials and personal data can be reused indefinitely. Treat it as a priority signal: rotate credentials, enforce MFA, review suspicious logins, and audit the systems that could have produced the data.

SynScan helps you connect the dots between attack surface exposure, vulnerabilities, and breach signals so you can prioritize remediation and reduce the chance of repeat incidents.