See your exposure before adversaries do.

In April 2024, a large trove of data made headlines as having exposed "3 billion people" due to a breach of the National Public Data background check service. The initial corpus of data released in the breach contained billions of rows of personal information, including US social security numbers. Further partial data sets were later released including extensive personal information and 134M unique email addresses, although the origin and accuracy of the data remains in question.

A massive 1.2 billion record data exposure discovered in October 2019 involving an unsecured Elasticsearch server. This file represents a 416 million record subset in JSON format. Data includes names, LinkedIn profile IDs and URLs, email addresses, phone numbers, and geographic locations aggregated by People Data Labs (PDL), a data enrichment company. The data was not a direct hack of PDL but rather an exposed server belonging to an unknown third party that had licensed PDL data.

A breach of the Commission on Elections (COMELEC) of the Philippines, exposing the entire Philippine voter registration database. The archive contains voter registration records (new_id_released.txt, web_id_onhand.txt, web_id_disapproved.txt), overseas absentee voter data (overseas_absentee_all.txt, overseas_absentee_scratch.txt), geographic reference codes, embassy and country codes, web application user accounts with hashed passwords (dbadmin_usersinformation.txt), and internal system user accounts (fum_users.txt). The data includes full names, dates of birth, addresses, fingerprint data, voter identification numbers (VINs), passport numbers, and biometric information for millions of Filipino voters including overseas absentee voters.

A large-scale LinkedIn data scrape/breach containing approximately 700 million records. The dataset includes full names, email addresses, phone numbers, LinkedIn profile URLs, LinkedIn IDs, Facebook URLs, job titles, company information, location data, inferred salaries, skills, education, work history, gender, birth year, Twitter/GitHub handles, and more. Data appears to have been harvested via scraping or API abuse and compiled into structured CSV files partitioned into ~700 parts, plus separate email-only and phone-only files.

A dataset containing numeric user IDs paired with what appear to be SHA-1 password hashes (40 hex characters), with some entries redacted as 'xxx'. The IDs range from low values (1410) to ~20 million, suggesting a moderately large platform. No filename, domain, or company name is available to identify the target. The format is consistent with a leaked user credentials table.

Breach of AIType, an Android AI keyboard application. The dataset contains user records including IP addresses, city, country, device brand and model, device ID, Android version, app package name, username (email addresses), geographic coordinates, GCM push notification IDs, and user language preferences. The data appears to be a MongoDB export from AIType's backend infrastructure.