See your exposure before adversaries do.

In March 2024, approximately 70 million records allegedly breached from AT&T were posted to BreachForums by ShinyHunters. The data originally dates to August 2021 and was previously offered for sale before being freely released. AT&T initially denied a breach before later acknowledging data fields specific to their systems were present. The dataset contains AT&T customer records including full names, physical addresses, email addresses, phone numbers, dates of birth, US Social Security Numbers (encrypted), government-issued IDs, and account passcodes. The data is pipe-delimited and includes both current and billing address information for US consumers.

A breach of the Commission on Elections (COMELEC) of the Philippines, exposing the entire Philippine voter registration database. The archive contains voter registration records (new_id_released.txt, web_id_onhand.txt, web_id_disapproved.txt), overseas absentee voter data (overseas_absentee_all.txt, overseas_absentee_scratch.txt), geographic reference codes, embassy and country codes, web application user accounts with hashed passwords (dbadmin_usersinformation.txt), and internal system user accounts (fum_users.txt). The data includes full names, dates of birth, addresses, fingerprint data, voter identification numbers (VINs), passport numbers, and biometric information for millions of Filipino voters including overseas absentee voters.

Breach of Zoosk, an online dating platform. The dataset contains records with registration/activity dates (spanning 2012–2015), usernames, email addresses, and MD5-hashed passwords. This data is consistent with the widely reported Zoosk breach that surfaced around 2020, containing approximately 30 million records originally collected from the platform.

A SQL database dump containing user records with usernames, email addresses, SHA1-hashed passwords, and plaintext passwords. The dataset appears to be from a gaming or forum community platform. The name 'Takoyaki' likely refers to the platform or service breached. Contains approximately thousands of records based on file size.

Web server access logs from SSNDOB (ssndob.cc), an underground marketplace that sold Social Security Numbers and dates of birth of US individuals. The logs dated February 23, 2014 capture HTTP requests including login and registration events with plaintext credentials visible in POST request logs. SSNDOB was a cybercriminal service that traded in PII including SSNs, DOBs, and other personal data on millions of Americans.

User credential dump from SoulSplit, a RuneScape private server (RSPS). Contains usernames, email addresses (many using placeholder 'none@none.com'), and SHA1 password hashes. Data is consistent with a game account database leak from an RSPS community.