Breach Intelligence

2,843

Total breached databases

URentBike 2021

URentBike 2021

In approximately November 2021, the Russian electric scooter rental website Urent (Aka URentBike) suffered a data breach that impacted 379k users. The leak led to the exposure of data including Email addresses, Phone numbers, Phone Models, Full names and Passwords stored in an encrypted format. This website was breached by @datahub.
  • Date: Nov 2021
  • Domain: urent.ru
  • Threat Actor: datahub
  • Country: Russia
  • Category: Automotive
  • Records Announced: 379,289
  • Source: urent.ru
  • Data: Device Information Email Addresses Names Passwords Phone Numbers
  • Imported:
  • Passwords: Unknown
Guy4Game.com 2020

Guy4Game.com 2020

In December 2020, Guy4Game, a virtual goods trading service, suffered a data breach exposing over 228,163 records. The compromised data included over 227,000 unique email addresses, names, usernames, and hashed passwords of an unknown hashtype. This breach was made available on a popular hacking forum in 2024.
  • Data: Email Addresses Passwords Names Usernames
  • Imported:
  • Passwords: Unknown
Adult-FanFiction.Org 2018

Adult-FanFiction.Org 2018

Sensitive
In May 2018, the website for sharing adult-orientated works of fiction known as Adult-FanFiction.Org had 186k records exposed in a data breach. The data contained names, email addresses, dates of birth and passwords stored as both MD5 hashes and plain text. AFF did not respond when contacted about the breach and the site was previously reported as compromised on the Vigilante.pw breached database directory.
  • Data: Birthdates Email Addresses Names Passwords
  • Imported:
  • Passwords: MD5, Plaintext

AerServ 2018

In April 2018, AerServ, an ad management platform acquired by InMobi earlier that year, allegedly suffered a data breach. The incident reportedly exposed more than 66,000 unique email addresses. Among the compromised data were contact details and passwords stored as salted SHA-512 hashes.
  • Data: Company Information Email Addresses Job Information Names Passwords Phone Numbers Physical Locations
  • Imported:
  • Passwords: SHA-512 Salted
  • Cracked: 0%
AKP Emails 2016

AKP Emails 2016

In July 2016, a hacker known as Phineas Fisher reportedly breached Turkey's ruling party, the Justice and Development Party (AKP), gaining access to 300,000 emails. The full contents of the emails were later published by WikiLeaks and made searchable. The data breach exposed 917,000 unique email addresses and included the content of messages.
  • Data: Email Addresses Messages
  • Imported:
  • Passwords: No
Republican Party of Texas 2021

Republican Party of Texas 2021

In September 2021, the Republican Party of Texas was reportedly hacked by a group identifying as "Anonymous" in retaliation for the state’s abortion ban. The attack included a website defacement followed by the leak of data and documents, some of which originated from hosting provider Epik. The incident reportedly exposed more than 72,000 unique email addresses across various tables. In some cases, the data also included names, geographic location details, IP addresses, and browser user agents.
  • Date: Sep 11, 2021
  • Domain: texasgop.org
  • Threat Actor: Anonymous
  • Country: United States
  • Category: Government
  • Records Announced: 72,596
  • Source: haveibeenpwned.com
  • Data: Email Addresses Geographic Locations IP Addresses Names Site Activity
  • Imported:
  • Passwords: No
CounterStrike.cn 2015

CounterStrike.cn 2015

Dump date for this database is unknown but the data breach of counterstrike.cn is of 253k thousand users containing hashed MD5 passwords without salts, usernames and email addresses.
  • Data: Birthdates Email Addresses Passwords Usernames
  • Imported:
  • Passwords: MD5
  • Cracked: 0%

Frequently Asked Questions

A data breach is unauthorized access to data (often involving account takeover, malware, or misconfigured infrastructure). A data leak is exposure of data due to mistakes like public cloud storage, open databases, or accidental publishing. A database dump is a packaged dataset that may come from a breach, leak, scraping, or aggregation.

Change passwords for any affected accounts immediately, prioritizing email, banking, and any account that shares the same password. Enable multi-factor authentication wherever possible. Monitor your accounts for suspicious activity and consider placing a fraud alert or credit freeze if financial data was exposed.

Start with containment and verification: confirm what data was exposed, identify the entry point, rotate credentials (especially SSO, VPN, email), and enforce MFA. Then investigate affected systems, notify stakeholders as required, and harden controls to prevent recurrence. A structured incident response plan helps keep the work measurable and compliant.

Dark web monitoring helps you spot exposure signals early — before stolen data is widely reused for account takeover or targeted attacks. Monitoring complements vulnerability management by revealing when attackers already have leverage. Pair it with continuous attack surface monitoring and strong Asset Discovery to reduce blind spots.

Not always. Some datasets are old, incomplete, or derived from third parties. However, any exposure increases risk because credentials and personal data can be reused indefinitely. Treat it as a priority signal: rotate credentials, enforce MFA, review suspicious logins, and audit the systems that could have produced the data.

SynScan helps you connect the dots between attack surface exposure, vulnerabilities, and breach signals so you can prioritize remediation and reduce the chance of repeat incidents.