Breach Intelligence

2,693

Total breached databases

Search breaches

In early 2022, a collective known as IT Army whose stated goal is to "completely de-anonymise most Russian users by leaking hundreds of gigabytes of databases" published over 30GB of data allegedly sourced from Russian courier service CDEK. The data contained over 19M unique email addresses along with names and phone numbers. The authenticity of the breach could not be independently established and has been flagged as "unverfieid".
  • Date: Mar 9, 2022
  • Domain: cdek.ru
  • Country: Russia
  • Category: Logistics & Transportation
  • Records Announced: 19,218,203
  • Numer of lines: 822,952,128
  • Size: 84.83 GB
  • Data: Email Addresses, Names, Phone Numbers
  • Passwords: No
  • Imported:
  • Source: haveibeenpwned.com
In February 2019, the email address validation service verifications.io suffered a data breach. Discovered by Bob Diachenko and Vinny Troia, the breach was due to the data being stored in a MongoDB instance left publicly facing without a password and resulted in 763 million unique email addresses being exposed. Many records within the data also included additional personal attributes such as names, phone numbers, IP addresses, dates of birth and genders. No passwords were included in the data. The Verifications.io website went offline during the disclosure process, although an archived copy remains viewable.
  • Date: Feb 25, 2019
  • Domain: verifications.io
  • Country: United States
  • Category: Data Brokers
  • Records Announced: 763,117,241
  • Numer of lines: 808,539,849
  • Records Imported: 808,536,946
  • Size: 159.51 GB
  • Data: Birthdates, Company Information, Email Addresses, Genders, Geographic Locations, IP Addresses, Job Information, Names, Phone Numbers, Physical Locations
  • Passwords: No
  • Imported:
  • Sources:
In late 2016, a huge list of email address and password pairs appeared in a "combo list" referred to as "Exploit.In". The list contained 593 million unique email addresses, many with multiple different passwords hacked from various online systems. The list was broadly circulated and used for "credential stuffing", that is attackers employ it in an attempt to identify other online systems where the account owner had reused their password.
  • Date: 2016
  • Domain: exploit.in
  • Country: India
  • Category: Compilations & Combo lists
  • Records Announced: 805,499,579
  • Numer of lines: 805,499,579
  • Records Imported: 804,330,534
  • Size: 24.28 GB
  • Data: Email Addresses, Passwords
  • Passwords: Plaintext
  • Imported:
  • Sources:
In August 2016, the technology recruitment site GeekedIn left a MongoDB database exposed and over 8M records were extracted by an unknown third party. The breached data was originally scraped from GitHub in violation of their terms of use and contained information exposed in public profiles, including over 1 million members' email addresses. Full details on the incident (including how impacted members can see their leaked data) are covered in the blog post on 8 million GitHub profiles were leaked from GeekedIn's MongoDB - here's how to see yours.
  • Date: Aug 15, 2016
  • Domain: geekedin.net
  • Category: Professional & Corporate
  • Records Announced: 1,073,164
  • Numer of lines: 790,404,129
  • Size: 30.06 GB
  • Data: Email Addresses, Geographic Locations, Job Information, Names, Usernames
  • Passwords: No
  • Imported:
  • Sources:
Sometime in 2020, the Chinese website QQ suffered a data breach (Or was scraped). The attack led to the exposure of data including QQ Identifiers (User IDs) and Phone Numbers. In total, 719 million users were affected.
  • Date: 2020
  • Domain: qq.com
  • Country: China
  • Category: Social Media & Communication
  • Records Announced: 719,806,832
  • Numer of lines: 719,806,832
  • Records Imported: 719,806,830
  • Size: 17.91 GB
  • Data: Phone Numbers, Social Profiles
  • Passwords: No
  • Imported: