elance.com
Apr 14, 2026
A secondary or variant archive of the Elance (elance.com) breach distributed via BreachForums. This archive ('Elance BF') contains overlapping data with the previously imported 'elance' breach entry, including user account records with usernames, SHA-1 hashed passwords, email addresses, first and last names, physical addresses, phone numbers, and account status flags. A VIP file contains admin/special accounts with some cracked plaintext passwords. The data spans early Elance users and internal staff accounts. This appears to be a differently packaged or expanded version of the same source breach.
Data found in this dataset
Source files
Expand any file to inspect its column headers and the LLM's field-mapping reasoning, recorded during ingestion.
Breached_Info.txt0 rows
File structure
Format: CSV·Delimiter: comma·Has header: yes·Quote: "
Elance_BF__data__Elance_VIP.txt16 rows
File structure
Notes: Pre-LLM auto-detection: free-form text with visible emails / phones
Elance_BF__data__table_USER_INFO.txt2 columns1,512,020 rows
File structure
Format: CSV·Delimiter: semicolon·Has header: no·Quote: "
| Source column | Mapped field | Confidence | LLM assessment |
|---|---|---|---|
| 1 | username | high | [1] Values are usernames with account status markers (e.g., 'Elance_Admin', 'SamTest_inactive', 'shubh'); consistent with login identifiers |
| 2 | password | high | [2] 40-character hexadecimal strings matching SHA-1 hash format (e.g., '0188a2903317dea8d2cb3f17d56d347d9f35e4cc'); consistent with hashed password storage from Elance breach |
Notes: File contains 3 columns total. Column 0 appears to be a row counter/ID (numeric, auto-incrementing). Only columns 1 and 2 contain PII (username and password hash). This is a delimited account credential list from the Elance breach archive.
Elance_BF__data__table_USER_INFO2.txt12 columns80,801 rows
File structure
| Source column | Mapped field | Confidence | LLM assessment |
|---|---|---|---|
| 0 | username | high | First field contains usernames, many with '_inactive' suffix indicating account status |
| 1 | password | high | 40-character hexadecimal strings consistent with SHA-1 hashes |
| 2 | firstName | medium | Often contains first names or 'Not Available' placeholder; sometimes empty |
| 3 | lastName | medium | Often contains last names or 'Not Available' placeholder; sometimes empty |
| 4 | high | Email addresses with @ symbol consistently present | |
| 5 | skip | high | Consistently empty or minimal data; appears to be unused/reserved field |
| 6 | address1 | medium | Contains city names or address information |
| 7 | address2 | medium | Contains region/state or second-level administrative division |
| 8 | state | high | Two-letter country/state codes (US, GB, RO, SE, FX, RU, HU, CN, AE, PA, etc.) |
| 9 | zip | high | Numeric postal/zip codes (e.g., 22467, 92660, 75008, 55240) |
| 10 | skip | high | Consistently empty field |
| 11 | phone | high | Phone numbers in various formats with country codes and area codes |
Notes: Elance breach data with semicolon delimiter. Variable field presence - many records have 'Not Available' placeholders for name fields. Some records have minimal data (early users or deleted accounts). Phone numbers present in international formats. Country codes in column 8. Breach includes both active and inactive ('_inactive' suffix) accounts.
Elance_BF__data__table_USER_INFO3.txt12 columns480,185 rows
File structure
| Source column | Mapped field | Confidence | LLM assessment |
|---|---|---|---|
| 0 | username | high | Values are usernames, many with _inactive suffix indicating account status |
| 1 | password | high | 40-character hexadecimal strings consistent with SHA-1 hashes |
| 2 | firstName | high | First names or partial names when present |
| 3 | lastName | high | Last names or middle names/suffixes when present |
| 4 | high | Email addresses with @ symbol | |
| 5 | skip | high | Consistently empty field, likely reserved for unused data |
| 6 | address1 | medium | City names or location identifiers |
| 7 | address2 | medium | State/province abbreviations or secondary location data |
| 8 | country | high | 2-letter country codes (US, IN, PH, GB, IT, etc.) |
| 9 | zip | medium | Postal codes when present (e.g., 110001, 43402, V7E 4W2) |
| 10 | skip | high | Consistently empty field |
| 11 | phone | high | Phone numbers in various formats with country/area codes |
Notes: Elance breach database export with 12 semicolon-delimited fields. SHA-1 password hashes indicate passwords were hashed at breach time. Many accounts marked with _inactive suffix. Geographic data spans multiple countries. Some fields consistently empty (5, 10), suggesting database schema with unused columns. Duplicated records present.
Elance_BF__data__table_USER_INFO4.txt12 columns529,354 rows
File structure
| Source column | Mapped field | Confidence | LLM assessment |
|---|---|---|---|
| 0 | username | high | First field contains usernames/account identifiers (sasoo, toparas, jetskiron, etc.) |
| 1 | password | high | Second field contains SHA-1 hashes (40 hex characters), matching breach context of hashed passwords |
| 2 | firstName | high | Contains first names or dashes for missing values |
| 3 | lastName | high | Contains last names or dashes for missing values |
| 4 | high | Contains email addresses with @ symbol | |
| 5 | skip | medium | Appears to be company/organization name or internal field, often empty |
| 6 | address1 | medium | Contains city or street address information |
| 7 | address2 | medium | Contains state/region abbreviations or city names |
| 8 | country | high | Contains country codes (IN, US, GB, PK, etc.) |
| 9 | zip | high | Contains postal/ZIP codes (500267, 44641, 610328, etc.) |
| 10 | skip | medium | Consistently empty field, likely reserved or unused column |
| 11 | phone | high | Contains phone numbers in various international formats |
Notes: Elance breach data with 12 semicolon-delimited fields. Username and SHA-1 hashed password in positions 0-1, followed by name components, email, organization, address details, country, ZIP code, and phone number. Some fields contain placeholder values ('--' or '--') indicating missing data. Duplicate records present in dataset.
Elance_VIP.txt2 columns0 rows
File structure
| Source column | Mapped field | Confidence | LLM assessment |
|---|---|---|---|
| 1 | username | high | [1] Second token after 'Elance' prefix contains usernames: '007', '@user_inactive', 'Work', '_Admin', '_Ajay', '_Alex', etc. Consistent with breach context describing username field. |
| 2 | password | high | [2] 40-character hexadecimal strings are SHA-1 password hashes per breach context. Some rows also contain embedded cracked plaintext passwords (e.g., 'snowman11', 'letmein', 'fabio1', 'lovebug', 'aries123', 'glomeruli', 'welcome', 'doberman') inserted between the hash and the trailing flags. |
Notes: 37 rows analyzed. File is a non-delimited concatenated flat file from the Elance VIP/admin account list. Only two PII-bearing fields are reliably extractable: username (position 1, after 'Elance' prefix) and password hash + occasional cracked plaintext (position 2). No email, name, address, phone, or DOB fields are present in this subset. The trailing characters (e.g., '1f01', 'c1f01', '1f10') appear to be internal status/flag bytes and should be skipped.
table_USER_INFO.txt2 columns1,512,017 rows
File structure
Format: CSV·Delimiter: semicolon·Has header: no·Quote: "
| Source column | Mapped field | Confidence | LLM assessment |
|---|---|---|---|
| 0 | username | high | [0] No header; values are alphanumeric login handles (e.g. 'SamTest_inactive', 'beerud', 'deepak'). On rows with a leading numeric ID, this shifts to col 1, but the dominant pattern places usernames at col 0. |
| 1 | password | high | [1] No header; values are 40-character hexadecimal strings consistent with SHA-1 password hashes. On 3-field rows col 1 is username and col 2 is the hash, but majority of rows place the hash at col 1. Breach context confirms these are hashed passwords. |
Notes: No header row present. File is semicolon-delimited with an inconsistent column count: most rows have 2 fields (username, SHA-1 hash), while a minority of rows (e.g. rows 0, 21, 42) have 3 fields with a leading numeric ID. The SHA-1 hashes are mapped as 'password' per breach context. No other PII fields (email, name, address, etc.) are present in this file — this appears to be a credentials-only subset of the broader Elance breach.
table_USER_INFO2.txt12 columns80,801 rows
File structure
| Source column | Mapped field | Confidence | LLM assessment |
|---|---|---|---|
| 0 | username | high | Elance usernames, often with _inactive suffix, no @ symbol, alphanumeric handles |
| 1 | password | high | 40-character hex strings consistent with SHA-1 hashes |
| 2 | firstName | high | Values contain first names (e.g. 'neko', 'ergun', 'jessica', 'yaakup') or 'Not Available' placeholder |
| 3 | lastName | high | Values contain last names (e.g. 'nekonut', 'filiz', 'chen', 'johnsson') or 'Not Available' placeholder |
| 4 | high | Values contain @ symbol and recognizable email addresses | |
| 5 | skip | high | Consistently empty across all rows, no data |
| 6 | address1 | medium | Values contain street-level or city/locality data (e.g. 'nekopolis', 'lund', 'Chelmsford', 'London', 'bucurest') |
| 7 | city | medium | Values appear to be city or region names (e.g. 'surrey', 'sweden', 'Essex', 'romania', 'Panamé') |
| 8 | country | high | Two-letter ISO country codes (US, GB, SE, RO, PA) consistent with country field |
| 9 | zip | high | Values are postal/zip codes (e.g. 'ef5 6th', '22467', 'CM2 6UB', '55240', '507') |
| 10 | skip | high | Consistently empty across all rows, no data |
| 11 | phone | high | Values contain phone numbers with international dialing formats (e.g. '0956 678 8769', '0046145287', '507-239-1635', '002564857458') |
Notes: Elance platform breach. Semicolon-delimited with 12 fields. SHA-1 hashed passwords. Many records have 'Not Available' placeholders for firstName/lastName. Address fields (6, 7) are loosely structured — field 6 appears to be a locality/suburb and field 7 a broader region or country name in text form, with field 8 holding the ISO country code. Some accounts marked _inactive. VIP/admin accounts may contain cracked plaintext passwords per breach context.
table_USER_INFO3.txt12 columns400,000 rows
File structure
| Source column | Mapped field | Confidence | LLM assessment |
|---|---|---|---|
| 0 | username | high | Alphanumeric usernames, often with '_inactive' suffix, consistent with Elance platform usernames |
| 1 | password | high | 40-character hexadecimal strings consistent with SHA-1 hashed passwords |
| 2 | firstName | high | Values like 'Creative', 'Tom', 'dharmendra', 'Steve', 'David' are first names; frequently empty |
| 3 | lastName | high | Values like 'Wiggins', 'verma', 'Ellison', 'Cooke' are last names; frequently empty |
| 4 | high | All populated values contain @ symbol and valid email format | |
| 5 | skip | medium | Consistently empty across all rows; likely unused or reserved field |
| 6 | city | high | Values like 'delhi', 'Bowling Green' are city names; frequently empty |
| 7 | state | high | Values like 'delhi', 'Ohio' are state/region names; frequently empty |
| 8 | country | high | Values like 'IN', 'US', 'PK' are ISO 2-letter country codes |
| 9 | zip | high | Values like '110001', '43402' are postal/zip codes; frequently empty |
| 10 | skip | medium | Consistently empty across all rows; likely unused or reserved field |
| 11 | phone | high | Values like '011-242424432', '210-695-9816', '+92-3215860844' are phone numbers in various international formats |
Notes: Semicolon-delimited Elance user records. 12 fields per row. SHA-1 hashed passwords in field 1. Many records have '_inactive' appended to usernames indicating deactivated accounts. Fields 5 and 10 appear to be unused/empty placeholder columns throughout the dataset. Country field uses ISO 2-letter codes. Phone numbers appear in field 11 in mixed international formats. Some records (e.g., VIP/admin accounts per breach context) may contain cracked plaintext passwords instead of hashes in field 1.
table_USER_INFO4.txt12 columns529,354 rows
File structure
| Source column | Mapped field | Confidence | LLM assessment |
|---|---|---|---|
| 0 | username | high | Alphanumeric handles/usernames, no @ symbol, consistent with Elance usernames |
| 1 | password | high | 40-character hexadecimal strings consistent with SHA-1 hashed passwords |
| 2 | firstName | high | Given names or '--' placeholder; matches known first name field from breach context |
| 3 | lastName | high | Surnames or '--' placeholder; matches known last name field from breach context |
| 4 | high | Values contain @ symbol and standard email format | |
| 5 | address1 | medium | Mostly empty; occasional company/organization name or street address |
| 6 | city | high | Values like 'Louisville', 'Singapore', 'GURGAON' consistent with city names |
| 7 | state | high | Values like 'OH', 'Haryana', 'singapore' consistent with state/province |
| 8 | country | high | ISO 2-letter country codes like 'US', 'IN', 'SG' |
| 9 | zip | high | Numeric values like '44641', '122001', '500267' consistent with postal/ZIP codes |
| 10 | skip | high | Consistently empty across all rows; likely reserved or unused field |
| 11 | phone | high | Values match international and domestic phone number formats, e.g. '+919967065315', '330-224-8879', '561.596.0520' |
Notes: Semicolon-delimited Elance breach export. 12 fields per record. SHA-1 hashed passwords in field 1. '--' used as placeholder for missing first/last name values. Field 5 is sparsely populated and appears to contain company names or partial address data. Field 10 is empty in all observed rows. Phone numbers in field 11 include international prefix variants.