Breach Intelligence

3,151

Total breached databases

In January 2016, the Minecraft community known as Lifeboat was hacked and more than 7 million accounts leaked. Lifeboat knew of the incident for three months before the breach was made public but elected not to advise customers. The leaked data included usernames, email addresses and passwords stored as straight MD5 hashes.
  • Data: Email Addresses Passwords Usernames
  • Records: 11,869,870
  • Lines: 11,870,145
  • Size: 810.36 MB
  • Passwords: MD5
  • Cracked: 99%
In March 2020, Sina Weibo, one of China's largest social media platforms, experienced a data breach that exposed the records of over 500 million users. The compromised data reportedly included phone numbers and other account-related information.
  • Date: Mar 2020
  • Domain: weibo.com
  • Country: China
  • Category: Social Media & Communication
  • Source: zdnet.com
  • Data: Phone Numbers
  • Records: 503,850,000
  • Lines: 503,925,370
  • Size: 11.26 GB
  • Passwords: No
In January 2014 just one week after Gibson Security detailed vulnerabilities in the service, Snapchat had 4.6 million usernames and phone number exposed. The attack involved brute force enumeration of a large number of phone numbers against the Snapchat API in what appears to be a response to Snapchat's assertion that such an attack was "theoretical". Consequently, the breach enabled individual usernames (which are often used across other services) to be resolved to phone numbers which users usually wish to keep private.
  • Data: Geographic Locations Phone Numbers Usernames
  • Records: 4,609,624
  • Lines: 4,613,065
  • Size: 167.9 MB
  • Passwords: No
In May 2015 the database of DayZForum.net was breached with it 10 thousand users had their information breached most accounts had a IPB encrypted password hash but others have no password on the database.
  • Data: Email Addresses IP Addresses Passwords Usernames
  • Records: 7,902
  • Lines: 7,901
  • Size: 669.81 KB
  • Passwords: MyBB
  • Cracked: 0%
xHamster 2016

xHamster 2016

Sensitive
In November 2016, news broke that hackers were trading hundreds of thousands of xHamster porn account details. In total, the data contained almost 380k unique user records including email addresses, usernames and unsalted MD5 password hashes.
  • Data: Email Addresses Passwords Usernames
  • Records: 378,982
  • Lines: 378,990
  • Size: 23.57 MB
  • Passwords: MD5
  • Cracked: 100%
In October 2018, the restaurant reservation service Eatigo suffered a data breach that exposed 2.8 million accounts. The data included email addresses, names, phone numbers, social media profiles, genders and passwords stored as unsalted MD5 hashes.
  • Data: Email Addresses Genders Names Passwords Phone Numbers Social Profiles
  • Records: 2,765,689
  • Lines: 2,765,742
  • Size: 1.12 GB
  • Passwords: MD5
  • Cracked: 77%
In late 2011, a series of data breaches in China affected up to 100 million users, including 7.5 million from the gaming site known as 17173. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified". The data in the breach contains usernames, email addresses and salted MD5 password hashes and was provided with support from dehashed.com.
  • Data: Email Addresses Passwords Usernames
  • Records: 9,746,086
  • Lines: 9,746,093
  • Size: 703.03 MB
  • Passwords: MD5, Plaintext

Frequently Asked Questions

A data breach is unauthorized access to data (often involving account takeover, malware, or misconfigured infrastructure). A data leak is exposure of data due to mistakes like public cloud storage, open databases, or accidental publishing. A database dump is a packaged dataset that may come from a breach, leak, scraping, or aggregation.

Change passwords for any affected accounts immediately, prioritizing email, banking, and any account that shares the same password. Enable multi-factor authentication wherever possible. Monitor your accounts for suspicious activity and consider placing a fraud alert or credit freeze if financial data was exposed.

Start with containment and verification: confirm what data was exposed, identify the entry point, rotate credentials (especially SSO, VPN, email), and enforce MFA. Then investigate affected systems, notify stakeholders as required, and harden controls to prevent recurrence. A structured incident response plan helps keep the work measurable and compliant.

Dark web monitoring helps you spot exposure signals early — before stolen data is widely reused for account takeover or targeted attacks. Monitoring complements vulnerability management by revealing when attackers already have leverage. Pair it with continuous attack surface monitoring and strong Asset Discovery to reduce blind spots.

Not always. Some datasets are old, incomplete, or derived from third parties. However, any exposure increases risk because credentials and personal data can be reused indefinitely. Treat it as a priority signal: rotate credentials, enforce MFA, review suspicious logins, and audit the systems that could have produced the data.

SynScan helps you connect the dots between attack surface exposure, vulnerabilities, and breach signals so you can prioritize remediation and reduce the chance of repeat incidents.