Breach Intelligence

3,151

Total breached databases

In February 2018, the diet and exercise service MyFitnessPal suffered a data breach. The incident exposed 144 million unique email addresses alongside usernames, IP addresses and passwords stored as SHA-1 and bcrypt hashes (the former for earlier accounts, the latter for newer accounts). In 2019, the data appeared listed for sale on a dark web marketplace (along with several other large breaches) and subsequently began circulating more broadly.
  • Data: Email Addresses IP Addresses Passwords Usernames
  • Records: 150,633,046
  • Lines: 150,633,048
  • Size: 10.47 GB
  • Passwords: BCrypt, SHA-1 Salted
  • Cracked: 100%
In early 2020, the food delivery service Home Chef suffered a data breach which was subsequently sold online. The breach exposed the personal information of almost 9 million customers including names, IP addresses, post codes, the last 4 digits of credit card numbers and passwords stored as bcrypt hashes.
  • Data: Credit Card Information Email Addresses Geographic Locations IP Addresses Names Passwords Phone Numbers
  • Records: 8,717,764
  • Lines: 8,717,768
  • Size: 3.68 GB
  • Passwords: BCrypt
  • Cracked: 12%
In mid-2019, the video game cheats website "Aimware" suffered a data breach that exposed hundreds of thousands of subscribers' personal information. Data included email and IP addresses, usernames, forum posts, private messages, website activity and passwords stored as salted MD5 hashes.
  • Data: Email Addresses IP Addresses Messages Passwords Site Activity Usernames
  • Records: 247,019
  • Lines: 7,619,893
  • Size: 990.13 MB
  • Passwords: MyBB
  • Cracked: 52%
In approximately June 2022, a government messaging system for Turkey named "IYS (İleti Yönetim Sistemi)", had its database leaked due to an exposed ElasticSearch server. The leak exposed Names, Email addresses, Phone numbers, Usernames and Home Addresses.
  • Date: Jun 2022
  • Domain: iys.org.tr
  • Country: Turkey
  • Category: Government
  • Data: Email Addresses Names Phone Numbers Physical Locations Usernames
  • Records: 302,377
  • Lines: 302,377
  • Size: 170.12 MB
  • Passwords: No
In 2019 the Russian gaming website Ongab.ru suffered a data breach exposing aproximately 250,000 users data. Please note these are approximations from what I could find in the files provided by @ROLLEX313.
  • Data: Bios Email Addresses Passwords Site Activity Social Profiles Usernames
  • Records: 101,191
  • Lines: 285,394
  • Size: 61.47 MB
  • Passwords: MD5
  • Cracked: 92%
In September 2013, the media and file sharing client known as iMesh was hacked and approximately 50M accounts were exposed. The data was later put up for sale on a dark market website in mid-2016 and included email and IP addresses, usernames and salted MD5 hashes.
  • Data: Email Addresses IP Addresses Passwords Usernames
  • Records: 9,804,480
  • Lines: 9,804,510
  • Size: 823.95 MB
  • Passwords: vBulletin
  • Cracked: 100%
In December 2015, Minecraft Resolver, a platform used to look up Minecraft usernames and their associated IP addresses, experienced a major data breach. The incident exposed over 13 million records. While the breach did not include passwords or email addresses, the leaked data included Minecraft usernames and IP addresses, making player identities and geographic information vulnerable to misuse such as privacy violations, targeted attacks, or doxxing.
  • Data: IP Addresses Usernames
  • Records: 13,028,000
  • Lines: 13,080,236
  • Size: 451.49 MB
  • Passwords: No

Frequently Asked Questions

A data breach is unauthorized access to data (often involving account takeover, malware, or misconfigured infrastructure). A data leak is exposure of data due to mistakes like public cloud storage, open databases, or accidental publishing. A database dump is a packaged dataset that may come from a breach, leak, scraping, or aggregation.

Change passwords for any affected accounts immediately, prioritizing email, banking, and any account that shares the same password. Enable multi-factor authentication wherever possible. Monitor your accounts for suspicious activity and consider placing a fraud alert or credit freeze if financial data was exposed.

Start with containment and verification: confirm what data was exposed, identify the entry point, rotate credentials (especially SSO, VPN, email), and enforce MFA. Then investigate affected systems, notify stakeholders as required, and harden controls to prevent recurrence. A structured incident response plan helps keep the work measurable and compliant.

Dark web monitoring helps you spot exposure signals early — before stolen data is widely reused for account takeover or targeted attacks. Monitoring complements vulnerability management by revealing when attackers already have leverage. Pair it with continuous attack surface monitoring and strong Asset Discovery to reduce blind spots.

Not always. Some datasets are old, incomplete, or derived from third parties. However, any exposure increases risk because credentials and personal data can be reused indefinitely. Treat it as a priority signal: rotate credentials, enforce MFA, review suspicious logins, and audit the systems that could have produced the data.

SynScan helps you connect the dots between attack surface exposure, vulnerabilities, and breach signals so you can prioritize remediation and reduce the chance of repeat incidents.