Breach Intelligence

3,151

Total breached databases

In August 2016, Leet, a service for creating and managing Pocket Minecraft Edition servers, reportedly suffered a data breach. The incident is said to have impacted over 5 million users. Among the compromised data were email addresses, IP addresses, passwords, site activity, and usernames.
  • Data: Email Addresses IP Addresses Passwords Site Activity Usernames
  • Records: 6,085,758
  • Lines: 6,085,759
  • Size: 1.45 GB
  • Passwords: SHA-512
  • Cracked: 46%
In 2015, the Russian Minecraft community website icrafts.su suffered a major data breach, compromising the personal information of about 292k users. Exposed data included usernames, email addresses, passwords, genders, and IP addresses.
  • Data: Email Addresses Genders IP Addresses Names Site Activity Usernames
  • Records: 292,253
  • Lines: 292,322
  • Size: 102.14 MB
  • Passwords: MD5
  • Cracked: 99%
In mid-2018, the fashion shopping site HauteLook was among a raft of sites that were breached and their data then sold in early-2019. The data included over 28 million unique email addresses alongside names, genders, dates of birth and passwords stored as bcrypt hashes.
  • Data: Birthdates Email Addresses Genders Geographic Locations Names Passwords
  • Records: 28,517,241
  • Lines: 28,517,253
  • Size: 2.54 GB
  • Passwords: BCrypt
  • Cracked: 62%
On January 17th of 2019, an user named Aldesa, posted a magnet link in the famous xss.is forum to a file called "12 billion special for xss.is", claiming there were no duplicates, and crediting another user named Xrenovi4 for helping process the files. The admin of xss.is also thanked for the contribution. The file, named "rez_out.txt", contains 3,039,418,396 lines.
  • Date: Jan 17, 2019
  • Domain: xss.is
  • Threat Actor: Aldesa
  • Category: Compilations & Combo lists
  • Data: Email Addresses Passwords
  • Records: 3,039,037,834
  • Lines: 3,039,418,396
  • Size: 88.43 GB
  • Passwords: Plaintext
In November 2021, the live sex cams and adult chat website Stripchat left several databases exposed and unsecured. In June the following year, over 10M Stripchat records appeared on a popular hacking forum. The exposed data included usernames, email addresses and IP addresses.
  • Data: Email Addresses IP Addresses Usernames
  • Records: 10,083,977
  • Lines: 10,083,977
  • Size: 5.17 GB
  • Passwords: No
In 2023, Paysign, a nationally recognized card payment solutions provider and integrated payment processor, suffered a data breach. Credit to user 'doubl' for acquiring the breached data. The breach compromised full names of customers, addresses, dates of birth, phone numbers, and account balances.
  • Date: 2024
  • Domain: paysign.com
  • Threat Actor: doubl
  • Country: United States
  • Category: Finance & Payments
  • Data: Email Addresses Names Phone Numbers Physical Locations Balances Birthdates
  • Records: 1,242,575
  • Lines: 1,242,575
  • Size: 983.81 MB
  • Passwords: No
In late 2016, a data dump of almost 100M accounts from Rambler, sometimes referred to as "The Russian Yahoo", was discovered being traded online.
  • Data: Email Addresses Passwords Usernames
  • Records: 91,313,610
  • Lines: 91,436,280
  • Size: 1.76 GB
  • Passwords: Plaintext

Frequently Asked Questions

A data breach is unauthorized access to data (often involving account takeover, malware, or misconfigured infrastructure). A data leak is exposure of data due to mistakes like public cloud storage, open databases, or accidental publishing. A database dump is a packaged dataset that may come from a breach, leak, scraping, or aggregation.

Change passwords for any affected accounts immediately, prioritizing email, banking, and any account that shares the same password. Enable multi-factor authentication wherever possible. Monitor your accounts for suspicious activity and consider placing a fraud alert or credit freeze if financial data was exposed.

Start with containment and verification: confirm what data was exposed, identify the entry point, rotate credentials (especially SSO, VPN, email), and enforce MFA. Then investigate affected systems, notify stakeholders as required, and harden controls to prevent recurrence. A structured incident response plan helps keep the work measurable and compliant.

Dark web monitoring helps you spot exposure signals early — before stolen data is widely reused for account takeover or targeted attacks. Monitoring complements vulnerability management by revealing when attackers already have leverage. Pair it with continuous attack surface monitoring and strong Asset Discovery to reduce blind spots.

Not always. Some datasets are old, incomplete, or derived from third parties. However, any exposure increases risk because credentials and personal data can be reused indefinitely. Treat it as a priority signal: rotate credentials, enforce MFA, review suspicious logins, and audit the systems that could have produced the data.

SynScan helps you connect the dots between attack surface exposure, vulnerabilities, and breach signals so you can prioritize remediation and reduce the chance of repeat incidents.