Breach Intelligence

2,693

Total breached databases

Search breaches

In March 2024, the Indian audio and wearables brand boAt suffered a data breach that exposed 7.5M customer records. The data included physical and email address, names and phone numbers, all of which were subsequently published to a popular clear web hacking forum.
  • Date: Mar 25, 2024
  • Domain: boat-lifestyle.com
  • Threat Actor: ShopifyGUY
  • Country: India
  • Category: E-commerce & Retail
  • Records Announced: 7,550,000
  • Numer of lines: 469,366,293
  • Records Imported: 7,550,001
  • Size: 13.06 GB
  • Data: Email Addresses, Names, Phone Numbers, Physical Locations
  • Passwords: No
  • Imported:
  • Source: haveibeenpwned.com
In October 2019, security researchers Vinny Troia and Bob Diachenko identified an unprotected Elasticsearch server holding 1.2 billion records of personal data. The exposed data included an index indicating it was sourced from data enrichment company People Data Labs (PDL) and contained 622 million unique email addresses. The server was not owned by PDL and it's believed a customer failed to properly secure the database. Exposed information included email addresses, phone numbers, social media profiles and job history data.
  • Date: Oct 16, 2019
  • Domain: peopledatalabs.com
  • Category: Data Brokers
  • Records Announced: 416,656,058
  • Numer of lines: 416,656,058
  • Records Imported: 415,432,208
  • Size: 62.96 GB
  • Data: Company Information, Email Addresses, Geographic Locations, Job Information, Names, Phone Numbers, Social Profiles
  • Passwords: No
  • Imported:
  • Sources:
In December 2018, the Indian job portal IIMJobs suffered a data breach that exposed 4.1 million unique email addresses. The data also included names, phone numbers, geographic locations, dates of birth, job titles, job applications and cover letters plus passwords stored as unsalted MD5 hashes.
  • Date: Dec 31, 2018
  • Domain: iimjobs.com
  • Country: India
  • Category: Professional & Corporate
  • Records Announced: 4,216,063
  • Numer of lines: 413,748,452
  • Size: 43.18 GB
  • Data: Birthdates, Email Addresses, Geographic Locations, IP Addresses, Job Information, Names, Passwords, Phone Numbers
  • Passwords: MD5
  • Cracked:
  • Imported:
  • Sources:
During the first half of 2021, LinkedIn was targeted by attackers who scraped data from hundreds of millions of public profiles and later sold them online. Whilst the scraping did not constitute a data breach nor did it access any personal data not intended to be publicly accessible, the data was still monetised and later broadly circulated in hacking circles. The scraped data contains approximately 400M records with 125M unique email addresses, as well as names, geographic locations, genders and job titles. LinkedIn specifically addresses the incident in their post on An update on report of scraped data.
  • Date: Apr 8, 2021
  • Domain: linkedin.com
  • Category: Social Media & Communication
  • Records Announced: 125,698,496
  • Numer of lines: 400,100,434
  • Records Imported: 400,098,328
  • Size: 1.41 TB
  • Data: Education, Email Addresses, Genders, Geographic Locations, Job Information, Names, Social Profiles
  • Passwords: No
  • Imported:
  • Source: haveibeenpwned.com
In January 2017, a massive trove of data from River City Media was found exposed online. The data was found to contain almost 1.4 billion records including email and IP addresses, names and physical addresses, all of which was used as part of an enormous spam operation. Once de-duplicated, there were 393 million unique email addresses within the exposed data.