Breach Intelligence

2,843

Total breached databases

Soundwave 2015

Soundwave 2015

In mid-2015, Soundwave, a music tracking app, allegedly suffered a data breach after production data was used to populate a test database that was inadvertently exposed in a MongoDB instance. The incident reportedly affected 130,000 records. Among the compromised data were email addresses, dates of birth, genders, and passwords stored as unsalted MD5 hashes.
  • Data: Birthdates Email Addresses Genders Geographic Locations Names Passwords Site Activity
  • Imported:
  • Passwords: MD5
  • Cracked: 0%
Washington 2018 Voter 2018

Washington 2018 Voter 2018

In October 2018, a database containing voter information from Washington was compromised. The database, primarily intended as a voter registry, reportedly consists of approximately 4.7 million records. Among the compromised data were Voter IDs, full names, physical addresses, previous addresses, dates of birth, genders, and voter status.
  • Date: Oct 2018
  • Domain: wa.gov
  • Country: United States
  • Category: Government
  • Records Announced: 4,792,983
  • Data: Names Phone Numbers Physical Locations Government IDs Genders Birthdates Political Affiliation
  • Imported:
  • Passwords: No
Spirol 2014

Spirol 2014

In February 2014, Connecticut based Spirol Fastening Solutions suffered a data breach that exposed over 70,000 customer records. The attack was allegedly mounted by exploiting a SQL injection vulnerability which yielded data from Spirol’s CRM system ranging from customers’ names, companies, contact information and over 55,000 unique email addresses.
  • Data: Company Information Email Addresses Job Information Names Phone Numbers Physical Locations
  • Imported:
  • Passwords: No
Kansas 2018 Voter 2018

Kansas 2018 Voter 2018

In October 2018 I decided I would require every database I could with Voter's informations this was in part achieved by gaining access to the state's official SSH / SFTP servers and downloading the data. Some data was crowdfunded by users and some was obtained by me with the aforementioned methods.
  • Date: Oct 2018
  • Domain: kansas.gov
  • Country: United States
  • Category: Government
  • Records Announced: 1,822,597
  • Source: dehashed.com
  • Data: Birthdates Genders Government IDs Names Phone Numbers Physical Locations Political Affiliation
  • Imported:
  • Passwords: No
RPG.net 2015

RPG.net 2015

There is no official description for the RPG.net 2015 data breach at this time. However, this record will allow future verification once the breach is processed. For now, you can use our search tool to see if your personal information appears in other breaches.

  • Data: The specific records exposed in the RPG.net 2015 breach have not yet been identified. We will update this section with details when they are confirmed.
  • Imported:
  • Passwords: IPB
  • Cracked: 0%
Biohack.me 2016

Biohack.me 2016

In December 2016, the forum for the biohacking website Biohack.me reportedly suffered a data breach that exposed 3,400 accounts. The compromised data included usernames, email addresses, hashed passwords, and private messages of forum members.
  • Data: Email Addresses Messages Passwords Usernames
  • Imported:
  • Passwords: Hashed
  • Cracked: 0%
SpyFone 2018

SpyFone 2018

In August 2018, the spyware company SpyFone left terabytes of data publicly exposed. Collected surreptitiously whilst the targets were using their devices, the data included photos, audio recordings, text messages and browsing history which were then exposed via a number of misconfigurations within SpyFone's systems. The data belonged the thousands of SpyFone customers and included 44k unique email addresses, many likely belonging to people the targeted phones had contact with.
  • Data: Device Identifiers Device Information Email Addresses Geographic Locations IP Addresses Messages Names Passwords Personal Information Profile Photos Site Activity
  • Imported:
  • Passwords: Unknown

Frequently Asked Questions

A data breach is unauthorized access to data (often involving account takeover, malware, or misconfigured infrastructure). A data leak is exposure of data due to mistakes like public cloud storage, open databases, or accidental publishing. A database dump is a packaged dataset that may come from a breach, leak, scraping, or aggregation.

Change passwords for any affected accounts immediately, prioritizing email, banking, and any account that shares the same password. Enable multi-factor authentication wherever possible. Monitor your accounts for suspicious activity and consider placing a fraud alert or credit freeze if financial data was exposed.

Start with containment and verification: confirm what data was exposed, identify the entry point, rotate credentials (especially SSO, VPN, email), and enforce MFA. Then investigate affected systems, notify stakeholders as required, and harden controls to prevent recurrence. A structured incident response plan helps keep the work measurable and compliant.

Dark web monitoring helps you spot exposure signals early — before stolen data is widely reused for account takeover or targeted attacks. Monitoring complements vulnerability management by revealing when attackers already have leverage. Pair it with continuous attack surface monitoring and strong Asset Discovery to reduce blind spots.

Not always. Some datasets are old, incomplete, or derived from third parties. However, any exposure increases risk because credentials and personal data can be reused indefinitely. Treat it as a priority signal: rotate credentials, enforce MFA, review suspicious logins, and audit the systems that could have produced the data.

SynScan helps you connect the dots between attack surface exposure, vulnerabilities, and breach signals so you can prioritize remediation and reduce the chance of repeat incidents.