Breach Intelligence

2,852

Total breached databases

500apps.com 2022

500apps.com 2022

In 2022, 500apps.com allegedly suffered a data exposure. Reports suggest the incident involved a global company intelligence database containing records for approximately 426,000 companies worldwide. The exposed data included company names, website domains, industry classifications, geographic locations, technology spend estimates, and associated social media profiles (Twitter, Facebook, LinkedIn).
  • Data: Geographic Locations Social Profiles Company Information
  • Records: 425,911
  • Lines: 425,921
  • Size: 115.2 MB
  • Passwords: No

Poa.st 2023

In 2023, Poa.st, a far-right Fediverse social network built on the Pleroma platform, allegedly suffered a data breach. Reports suggest approximately 34,000 user accounts were exposed, including usernames and email addresses.
  • Date: 2023
  • Domain: poa.st
  • Category: Social Media & Communication
  • Data: Email Addresses Usernames
  • Records: 34,595
  • Lines: 34,595
  • Size: 1.13 MB
  • Passwords: No
2dub.me 2022

2dub.me 2022

In 2022, 2dub.me (투덥), a South Korean voice-dubbing social platform where users recorded audio over video clips, allegedly suffered a data breach. Reports suggest that approximately 143,000 user accounts were exposed, including email addresses, usernames, geographic locations, and site activity data.
  • Date: 2022
  • Domain: 2dub.me
  • Country: South Korea
  • Category: Social Media & Communication
  • Data: Email Addresses Geographic Locations Usernames Site Activity
  • Records: 152,669
  • Lines: 152,670
  • Size: 25.77 MB
  • Passwords: No

Vincefiles 2022

In approximately July 2022, the file hosting service Vincefiles (vincefiles.cc) allegedly suffered a data breach. Vincefiles was a personal file hosting instance running lolisafe. Reports suggest the breach impacted approximately 28 users, with the threat actor known as "Muffin" reportedly gaining access through social engineering. The compromised data included usernames and passwords stored as bcrypt hashes.
  • Data: Passwords Usernames Site Activity
  • Records: 28
  • Lines: 29
  • Size: 4.79 KB
  • Passwords: BCrypt
  • Cracked: 0%
Deshhosting.com 2019

Deshhosting.com 2019

Sometime before late 2019, Deshhosting.com allegedly suffered a data breach. Deshhosting.com is a Bangladeshi web hosting and domain registration provider. It has been reported that a dump of its WHMCS billing system was exposed, affecting approximately 150 individuals. The leaked data reportedly included email addresses, BCrypt-hashed passwords, full names, phone numbers, geographic locations, usernames, IP addresses, and company information.
  • Data: Email Addresses Passwords Names Phone Numbers Geographic Locations Usernames IP Addresses Site Activity Company Information Languages
  • Records: 62,610
  • Lines: 401,992
  • Size: 441.81 MB
  • Passwords: BCrypt
  • Cracked: 3%
Iklad.biz 2019

Iklad.biz 2019

Sometime before 2019, Iklad.biz allegedly suffered a data breach. Iklad.biz operated a Russian-language network of darknet marketplace storefronts and the operator support-chat platform behind them. It has been reported that the leak comprised roughly 445,000 records, the bulk being customer support-chat session logs, alongside approximately 1,900 marketplace operator accounts. The exposed data allegedly included email and messaging (JID) addresses, usernames, plaintext passwords, IP addresses, site activity and associated company information.
  • Date: 2019
  • Domain: iklad.biz
  • Country: Russia
  • Category: Illicit Products
  • Data: Email Addresses Passwords Usernames IP Addresses Site Activity Company Information
  • Records: 444,689
  • Lines: 444,691
  • Size: 336.52 MB
  • Passwords: Plaintext
Zacks 2024

Zacks 2024

In June 2024, Zacks, an investment research company, was allegedly breached, with the data later published on a popular hacking forum. The incident reportedly exposed 12 million unique email addresses. Among the compromised data were names, usernames, phone numbers, IP addresses, physical addresses, and unsalted SHA-256 password hashes.
  • Data: Email Addresses IP Addresses Names Phone Numbers Physical Locations Usernames
  • Records: 34,155,819
  • Lines: 34,155,859
  • Size: 5.27 GB
  • Passwords: MD5, SHA-256
  • Cracked: 0%

Frequently Asked Questions

A data breach is unauthorized access to data (often involving account takeover, malware, or misconfigured infrastructure). A data leak is exposure of data due to mistakes like public cloud storage, open databases, or accidental publishing. A database dump is a packaged dataset that may come from a breach, leak, scraping, or aggregation.

Change passwords for any affected accounts immediately, prioritizing email, banking, and any account that shares the same password. Enable multi-factor authentication wherever possible. Monitor your accounts for suspicious activity and consider placing a fraud alert or credit freeze if financial data was exposed.

Start with containment and verification: confirm what data was exposed, identify the entry point, rotate credentials (especially SSO, VPN, email), and enforce MFA. Then investigate affected systems, notify stakeholders as required, and harden controls to prevent recurrence. A structured incident response plan helps keep the work measurable and compliant.

Dark web monitoring helps you spot exposure signals early — before stolen data is widely reused for account takeover or targeted attacks. Monitoring complements vulnerability management by revealing when attackers already have leverage. Pair it with continuous attack surface monitoring and strong Asset Discovery to reduce blind spots.

Not always. Some datasets are old, incomplete, or derived from third parties. However, any exposure increases risk because credentials and personal data can be reused indefinitely. Treat it as a priority signal: rotate credentials, enforce MFA, review suspicious logins, and audit the systems that could have produced the data.

SynScan helps you connect the dots between attack surface exposure, vulnerabilities, and breach signals so you can prioritize remediation and reduce the chance of repeat incidents.