behrmanhouse.com
Jun 1, 2025
In June 2025, Behrman House — a leading publisher specializing in Jewish educational materials — suffered a data breach affecting approximately 298,722 users and exposing over 302,218 unique email addresses. The leaked data includes usernames, email addresses, and hashed passwords (scrypt / Drupal $S$ and $P$ variants). The breach was carried out by threat actor @donjuji and subsequently leaked on BreachForums by @Sphere.
Data found in this dataset
Source files
Expand any file to inspect its column headers and the LLM's field-mapping reasoning, recorded during ingestion.
BehrmanHouse__Info.txt4 columns20 rows
File structure
Format: CSV·Delimiter: comma·Has header: yes·Quote: "
| Source column | Mapped field | Confidence | LLM assessment |
|---|---|---|---|
| 0 | username | high | [0] header 'uid', values are usernames (e.g., 'admin', 'Sunny Yudkoff', 'jeremy', 'Andy', 'gila', 'jlasday') |
| 1 | fullName | high | [1] header 'name', values are full names (e.g., 'Sunny Yudkoff', 'Mark Levine', 'David Behrman', 'Eve Pasternak') |
| 2 | password | high | [2] header 'pass', values are scrypt/Drupal hashed passwords with $S$ and $P$ prefixes matching breach description |
| 3 | high | [3] header 'mail', values are email addresses (e.g., '[email protected]', '[email protected]', '[email protected]') |
Notes: Drupal user database export from Behrman House breach (June 2025). 20 columns total, 4 contain PII (uid/username, name/fullName, pass/password, mail/email). Remaining columns are application metadata (timestamps, theme settings, serialized user preferences, timezone) and are skipped. All rows contain searchable identifiers: usernames, full names, email addresses, and hashed passwords.
BehrmanHouse__data__behrmanhouse.com_scrypt_371k.csv4 columns298,555 rows
File structure
Format: CSV·Delimiter: comma·Has header: yes·Quote: "
| Source column | Mapped field | Confidence | LLM assessment |
|---|---|---|---|
| 1 | fullName | high | [1] header 'name', values are full personal names (e.g., 'Sunny Yudkoff', 'Mark Levine') |
| 2 | password | high | [2] header 'pass', values are hashed passwords (Drupal scrypt $S$ and $U$S$ variants) |
| 3 | high | [3] header 'mail', values are email addresses with @ symbol | |
| 17 | medium | [17] header 'init', sample value '[email protected]' is an email address, likely initialization/recovery email |
Notes: Behrman House breach (June 2025). 20 columns total, 4 contain PII. Columns 0, 4–16, 18–19 are non-PII (UIDs, flags, timestamps, settings, serialized data, timezone). Column [7] 'theme', [8] 'signature', [15] 'language', [16] 'picture' are user preferences/settings. Column [18] 'data' is serialized PHP array (non-structured, skipped).