Breach Intelligence

2,852

Total breached databases

Coubic.com

Coubic.com

At an unknown point in time, Coubic (coubic.com), a Japanese online reservation and scheduling service, allegedly suffered a data breach. Reports suggest approximately 552,000 user accounts were exposed, including email addresses, MD5-hashed passwords, geographic locations, and language preferences.
  • Domain: coubic.com
  • Country: Japan
  • Category: Professional & Corporate
  • Data: Email Addresses Passwords Geographic Locations Languages
  • Records: 554,806
  • Lines: 554,806
  • Size: 40.27 MB
  • Passwords: MD5
  • Cracked: 0%
Deercase.com 2020

Deercase.com 2020

In early 2020, Deercase.com, a Turkish e-commerce website, allegedly suffered a data breach. Reports suggest approximately 48,000 user records were exposed, including email addresses, full names, phone numbers, salted password hashes (MD5 and SHA-1), IP addresses, government-issued ID numbers, and site activity data.
  • Date: Mar 2020
  • Domain: deercase.com
  • Country: Turkey
  • Category: E-commerce & Retail
  • Data: Email Addresses Passwords Names Phone Numbers Geographic Locations Government IDs IP Addresses Site Activity
  • Records: 47,974
  • Lines: 47,974
  • Size: 33.83 MB
  • Passwords: MD5 Salted, SHA-1 Salted
  • Cracked: 0%
Socket.io

Socket.io

Socket.io is an open-source JavaScript library for real-time web communication. The dataset associated with this entry is a synthetic demo JSON file bundled with socket.io tutorial examples, containing entirely fictitious user records. It allegedly exposes approximately 3,956 fabricated records, including fictional email addresses, phone numbers, usernames, genders, company names, geographic locations, and account creation dates. No real user data is believed to be involved.
  • Data: Email Addresses Phone Numbers Geographic Locations Usernames Genders Site Activity Company Information
  • Records: 3,956
  • Lines: 174,066
  • Size: 5.88 MB
  • Passwords: No
Dearmentor.com 2020

Dearmentor.com 2020

In 2020, the study-abroad mentorship platform DearMentor (dearmentor.com) allegedly suffered a data breach. DearMentor is a service that connects students with mentors at overseas universities to assist with applications. Reports suggest approximately 9,000 individuals were affected. The exposed data allegedly included email addresses, MD5-hashed passwords, names, phone numbers, usernames, geographic locations, social profiles, and site activity details.
  • Data: Email Addresses Passwords Names Phone Numbers Geographic Locations Usernames Site Activity Social Profiles
  • Records: 15,542
  • Lines: 484,972
  • Size: 14.5 MB
  • Passwords: MD5
  • Cracked: 0%
Venezuela Army 2024

Venezuela Army 2024

In July 2024, the website of the Venezuelan Army (ejercito.mil.ve), the land warfare branch of Venezuela's national armed forces, allegedly suffered a data breach. Reports suggest the internal database of the server was accessed and extracted, exposing approximately 180,000 individuals across military and government personnel records. It has been reported that the compromised data included full names, email addresses, usernames, plaintext passwords, dates of birth, genders, government-issued identification numbers, physical and geographic locations, and job information.
  • Date: Jul 30, 2024
  • Domain: ejercito.mil.ve
  • Threat Actor: @ctf & @Valerie
  • Country: Venezuela
  • Category: Government
  • Data: Email Addresses Passwords Names Physical Locations Geographic Locations Usernames Government IDs Genders Site Activity Job Information Birthdates
  • Records: 784,795
  • Lines: 785,042
  • Size: 258.75 MB
  • Passwords: MD5
  • Cracked: 437%
Rajabets.com 2021

Rajabets.com 2021

In 2021, Rajabets allegedly suffered a data breach affecting its online casino and sports betting platform targeting users in India. Reports suggest approximately 38,000 records were exposed, including email addresses, names, usernames, phone numbers, and geographic locations.
  • Data: Email Addresses Names Phone Numbers Geographic Locations Usernames
  • Records: 38,676
  • Lines: 38,676
  • Size: 8.36 MB
  • Passwords: No

Pally.live 2020

In April 2020, the live video streaming and strangers-chat social app Pally Live (pally.live) allegedly suffered a data breach. It has been reported that an exposed database compromised the records of approximately 950,000 users. The leaked data reportedly included email addresses, usernames, names, phone numbers, genders, birthdates, geographic locations, profile photos and websites. No passwords were exposed.
  • Date: Apr 2020
  • Domain: pally.live
  • Category: Social Media & Communication
  • Data: Email Addresses Names Phone Numbers Geographic Locations Usernames Genders Profile Photos Websites Birthdates
  • Records: 1,104,947
  • Lines: 1,212,541
  • Size: 436.93 MB
  • Passwords: No

Frequently Asked Questions

A data breach is unauthorized access to data (often involving account takeover, malware, or misconfigured infrastructure). A data leak is exposure of data due to mistakes like public cloud storage, open databases, or accidental publishing. A database dump is a packaged dataset that may come from a breach, leak, scraping, or aggregation.

Change passwords for any affected accounts immediately, prioritizing email, banking, and any account that shares the same password. Enable multi-factor authentication wherever possible. Monitor your accounts for suspicious activity and consider placing a fraud alert or credit freeze if financial data was exposed.

Start with containment and verification: confirm what data was exposed, identify the entry point, rotate credentials (especially SSO, VPN, email), and enforce MFA. Then investigate affected systems, notify stakeholders as required, and harden controls to prevent recurrence. A structured incident response plan helps keep the work measurable and compliant.

Dark web monitoring helps you spot exposure signals early — before stolen data is widely reused for account takeover or targeted attacks. Monitoring complements vulnerability management by revealing when attackers already have leverage. Pair it with continuous attack surface monitoring and strong Asset Discovery to reduce blind spots.

Not always. Some datasets are old, incomplete, or derived from third parties. However, any exposure increases risk because credentials and personal data can be reused indefinitely. Treat it as a priority signal: rotate credentials, enforce MFA, review suspicious logins, and audit the systems that could have produced the data.

SynScan helps you connect the dots between attack surface exposure, vulnerabilities, and breach signals so you can prioritize remediation and reduce the chance of repeat incidents.