Breach Intelligence

2,855

Total breached databases

Swingers99.com 2019

Sensitive
Sometime before 2019, the swingers and adult dating website Swingers99.com allegedly suffered a data breach. Swingers99.com was an online community where adults and couples created profiles to meet partners. Reports suggest that the personal records of approximately 227,000 individuals were exposed. The compromised data reportedly included email addresses, MD5-hashed passwords, usernames, geographic locations, birthdates, genders, relationship statuses, ethnicities, religions, and physical descriptions.
  • Data: Email Addresses Passwords Geographic Locations Usernames Relationship Statuses Genders Religions Birthdates Ethnicities Physical Descriptions
  • Imported:
  • Records Imported: 227,057
  • Number of lines: 226,733
  • Size: 155.97 MB
  • Passwords: MD5
  • Cracked: 0%
VictoryCraft.Ru 2022

VictoryCraft.Ru 2022

On March 22, 2022, the Russian Minecraft server VictoryCraft (victorycraft.ru) allegedly suffered a data breach. Reports suggest the exposed dataset, distributed as multiple SQL files, contained roughly 180,000 distinct player accounts. The compromised data included usernames, IP addresses, and in-game identifiers; no passwords were present in the database.
  • Date: Mar 22, 2022
  • Domain: victorycraft.ru
  • Country: Russia
  • Category: Gaming
  • Records Announced: 54,000
  • Data: Geographic Locations Usernames IP Addresses
  • Imported:
  • Records Imported: 1,302,784
  • Number of lines: 1,400,518
  • Size: 50.67 MB
  • Passwords: No
Lako do posla 2022

Lako do posla 2022

In approximately July 2022, the Serbian job-recruitment website Lako do posla allegedly suffered a data breach. Reports suggest the breach exposed approximately 552,000 user accounts and included email addresses, full names, phone numbers, physical addresses, dates of birth, genders, nationalities and languages. Passwords were stored as a mix of plaintext and Bcrypt hashes, with a small number of SHA-1 hashes also present. The breach was reportedly distributed by @LeakBase.
  • Data: Email Addresses Passwords Names Phone Numbers Physical Locations Geographic Locations Usernames Genders Site Activity Job Information Company Information Birthdates Nationalities Languages
  • Imported:
  • Records Imported: 943,528
  • Number of lines: 1,337,483
  • Size: 363.73 MB
  • Passwords: Plaintext, BCrypt, SHA-1
Bascoydesign.ru 2020

Bascoydesign.ru 2020

In 2020, bascoydesign.ru, a Russian interior design studio and furniture retailer, allegedly suffered a data breach. Reports suggest the incident exposed data belonging to approximately 600 individuals, including email addresses, usernames, phone numbers, passwords, geographic locations, and site activity records.
  • Data: Email Addresses Passwords Phone Numbers Geographic Locations Usernames Site Activity
  • Imported:
  • Records Imported: 604
  • Number of lines: 186,833
  • Size: 503.58 MB
  • Passwords: MD5, PHPass
  • Cracked: 103178%
Shadowcraft.ru 2016

Shadowcraft.ru 2016

In 2016, Shadowcraft.ru, a Russian Minecraft gaming community website, allegedly suffered a data breach. Reports suggest approximately 210,000 user accounts were exposed, including email addresses, usernames, IP addresses, passwords, and geographic data.
  • Data: Email Addresses Passwords Names Geographic Locations Usernames IP Addresses Site Activity
  • Imported:
  • Records Imported: 785,190
  • Number of lines: 789,092
  • Size: 401.88 MB
  • Passwords: MyBB, Unknown
vkusnyesushi.ru 2022

vkusnyesushi.ru 2022

Sometime before 2022, the Russian sushi and roll delivery service vkusnyesushi.ru, which served customers in St. Petersburg, allegedly suffered a data breach. Reports suggest the exposed data contained approximately 67,000 customer records. It has been reported that the compromised information included email addresses, salted SHA-1 password hashes, names, phone numbers, geographic locations, IP addresses, and site activity timestamps.
  • Date: 2022
  • Domain: vkusnyesushi.ru
  • Country: Russia
  • Category: Food
  • Records Announced: 100,000
  • Data: Email Addresses Passwords Names Phone Numbers Geographic Locations IP Addresses Site Activity
  • Imported:
  • Records Imported: 67,469
  • Number of lines: 96,380
  • Size: 18.33 MB
  • Passwords: SHA-1 Salted
  • Cracked: 1099%
Fitpal.co 2021

Fitpal.co 2021

In 2021, Fitpal.co allegedly suffered a data breach. Fitpal is a Colombian fitness platform offering multi-gym membership access via a single subscription. Reports suggest the breach exposed information belonging to approximately 174,000 individuals, including email addresses, full names, phone numbers, government IDs, geographic locations, genders, birthdates, and hashed passwords.
  • Date: 2021
  • Domain: fitpal.co
  • Country: Colombia
  • Category: Sports
  • Data: Email Addresses Passwords Names Phone Numbers Geographic Locations Government IDs Genders Site Activity Birthdates
  • Imported:
  • Records Imported: 396,862
  • Number of lines: 397,090
  • Size: 257.22 MB
  • Passwords: SHA-512 Salted
  • Cracked: 112%

Frequently Asked Questions

A data breach is unauthorized access to data (often involving account takeover, malware, or misconfigured infrastructure). A data leak is exposure of data due to mistakes like public cloud storage, open databases, or accidental publishing. A database dump is a packaged dataset that may come from a breach, leak, scraping, or aggregation.

Change passwords for any affected accounts immediately, prioritizing email, banking, and any account that shares the same password. Enable multi-factor authentication wherever possible. Monitor your accounts for suspicious activity and consider placing a fraud alert or credit freeze if financial data was exposed.

Start with containment and verification: confirm what data was exposed, identify the entry point, rotate credentials (especially SSO, VPN, email), and enforce MFA. Then investigate affected systems, notify stakeholders as required, and harden controls to prevent recurrence. A structured incident response plan helps keep the work measurable and compliant.

Dark web monitoring helps you spot exposure signals early — before stolen data is widely reused for account takeover or targeted attacks. Monitoring complements vulnerability management by revealing when attackers already have leverage. Pair it with continuous attack surface monitoring and strong Asset Discovery to reduce blind spots.

Not always. Some datasets are old, incomplete, or derived from third parties. However, any exposure increases risk because credentials and personal data can be reused indefinitely. Treat it as a priority signal: rotate credentials, enforce MFA, review suspicious logins, and audit the systems that could have produced the data.

SynScan helps you connect the dots between attack surface exposure, vulnerabilities, and breach signals so you can prioritize remediation and reduce the chance of repeat incidents.