Breach Intelligence

3,151

Total breached databases

In 2019, the insurance company acuity suffered a data breach that exposed 241.8M. The data was published in raidforums by "Crazyoldfart" in 2021. The data contains US household and personal information, including Full names, Addresses, Phone numbers, Occupations, Ethnicities and more. The "data dictionary" is also included in the archive and it details what each field of the data stands for. Some samples are provided in the Spoiler below, so you can see what you are getting.
  • Data: Ethnicities Job Information Names Phone Numbers Physical Locations
  • Records: 241,767,915
  • Lines: 241,767,916
  • Size: 63.68 GB
  • Passwords: No
In December 2022, over 400GB of data belonging to restaurant customer management platform SevenRooms was posted for sale to a popular hacking forum. The data included 1.2M unique email addresses alongside names and purchases. SevenRooms advised that the breach was due to unauthorised access of "a file transfer interface of a third-party vendor".
  • Data: Email Addresses Names Order Information
  • Records: 1,201,992
  • Lines: 1,205,433
  • Size: 744.21 MB
  • Passwords: No
In approximately February 2015, PSX-Scene, a Sony PlayStation forum, allegedly suffered a data breach that exposed more than 340,000 accounts. The vBulletin-based platform reportedly leaked IP addresses and passwords stored as salted hashes, though the weak implementation allowed many of them to be quickly cracked.
  • Data: Email Addresses IP Addresses Passwords Usernames
  • Records: 364,934
  • Lines: 365,064
  • Size: 740.27 MB
  • Passwords: vBulletin
  • Cracked: 33%
In mid-2018, the housing design website Houzz suffered a data breach. The company learned of the incident later that year then disclosed it to impacted members in February 2019. Almost 49 million unique email addresses were in the breach alongside names, IP addresses, geographic locations and either salted hashes of passwords or links to social media profiles used to authenticate to the service.
  • Data: Email Addresses Geographic Locations IP Addresses Names Passwords Social Profiles Usernames
  • Records: 51,733,978
  • Lines: 55,296,108
  • Size: 23.08 GB
  • Passwords: SHA-512 Salted
  • Cracked: 28%
In October 2018, the internet television service Pluto TV suffered a data breach which was then shared extensively in hacking communities. Pluto TV "decided not to proactively inform users of the breach" which contained 3.2M unique email and IP addresses, names, usernames, genders, dates of birth and passwords stored as bcrypt hashes.
  • Data: Birthdates Device Information Email Addresses Genders IP Addresses Names Passwords Social Profiles Usernames
  • Records: 3,225,904
  • Lines: 3,225,904
  • Size: 2.04 GB
  • Passwords: BCrypt
  • Cracked: 25%
In June 2020, the online fragrance service Scentbird suffered a data breach that exposed the personal information of over 5.8 million customers. Personal information including names, email addresses, genders, dates of birth, passwords stored as bcrypt hashes and indicators of password strength were all exposed.
  • Data: Birthdates Email Addresses Genders Names Passwords Security Hints
  • Records: 5,816,040
  • Lines: 5,816,211
  • Size: 2.18 GB
  • Passwords: BCrypt
  • Cracked: 29%
In August 2022, millions of records from the Mexican bank Banorte were publicly leaked on a popular hacking forum. The breach reportedly exposed data from 2.1 million unique individuals. Among the compromised information were names, email addresses, phone numbers, physical locations, genders, government IDs, and account balances.
  • Data: Balances Email Addresses Genders Government IDs Names Phone Numbers Physical Locations
  • Records: 10,858,585
  • Lines: 10,858,587
  • Size: 1.34 GB
  • Passwords: No

Frequently Asked Questions

A data breach is unauthorized access to data (often involving account takeover, malware, or misconfigured infrastructure). A data leak is exposure of data due to mistakes like public cloud storage, open databases, or accidental publishing. A database dump is a packaged dataset that may come from a breach, leak, scraping, or aggregation.

Change passwords for any affected accounts immediately, prioritizing email, banking, and any account that shares the same password. Enable multi-factor authentication wherever possible. Monitor your accounts for suspicious activity and consider placing a fraud alert or credit freeze if financial data was exposed.

Start with containment and verification: confirm what data was exposed, identify the entry point, rotate credentials (especially SSO, VPN, email), and enforce MFA. Then investigate affected systems, notify stakeholders as required, and harden controls to prevent recurrence. A structured incident response plan helps keep the work measurable and compliant.

Dark web monitoring helps you spot exposure signals early — before stolen data is widely reused for account takeover or targeted attacks. Monitoring complements vulnerability management by revealing when attackers already have leverage. Pair it with continuous attack surface monitoring and strong Asset Discovery to reduce blind spots.

Not always. Some datasets are old, incomplete, or derived from third parties. However, any exposure increases risk because credentials and personal data can be reused indefinitely. Treat it as a priority signal: rotate credentials, enforce MFA, review suspicious logins, and audit the systems that could have produced the data.

SynScan helps you connect the dots between attack surface exposure, vulnerabilities, and breach signals so you can prioritize remediation and reduce the chance of repeat incidents.