picsart.com
Mar 27, 2014
A breach of PicsArt, the photo editing and social platform, containing user account records from March 2014. The data includes usernames, email addresses, profile photo URLs (hosted on cdn.picsart.com and cdn28.picsart.com), OAuth tokens (Google), provider information, account creation timestamps, and internal user metadata. This appears to be a MongoDB dump of the user collection. OAuth tokens present in some records represent a significant security risk.
Data found in this dataset
Source files
Expand any file to inspect its column headers and the LLM's field-mapping reasoning, recorded during ingestion.
part3.json25 columns100,000 rows
File structure
Format: NDJSON
| Source column | Mapped field | Confidence | LLM assessment |
|---|---|---|---|
| date | skip | high | Account creation date string, not PII field type |
| skip | high | OAuth provider object; token and secret are credentials, not direct PII fields in this schema | |
| top | skip | high | Boolean metadata flag |
| provider | skip | high | OAuth provider identifier (site, google, facebook, twitter) |
| permissions | skip | high | Metadata array |
| origins | skip | high | Metadata array |
| id | skip | high | Internal numeric user ID |
| categories | skip | high | Metadata array |
| key | skip | high | Internal UUID key |
| high | Key contains 'email', values are email addresses with @ symbol | ||
| is_searchable | skip | high | Boolean metadata flag |
| subscribe | skip | high | Boolean metadata flag |
| created | skip | high | Timestamp metadata |
| skip | high | OAuth provider object; nested email, token, and id are OAuth metadata, not direct PII fields in this schema | |
| verified | skip | high | Boolean metadata flag |
| photo | skip | high | Profile photo URLs, not PII |
| blacklist | skip | high | Boolean metadata flag |
| skip | high | OAuth provider object; nested email, token, and id are OAuth metadata, not direct PII fields in this schema | |
| email_confirmed | skip | high | Boolean metadata flag |
| name | fullName | high | Contains user display names with full names (e.g., 'Prianca Yadav', 'Ardian Pradinata') |
| username_changed | skip | high | Boolean metadata flag |
| comment | skip | high | Free-text user comment field, not a PII type |
| _id | skip | high | MongoDB internal object ID |
| updated | skip | high | Timestamp metadata |
| username | username | high | Key named 'username', values are social media/account usernames (e.g., 'elfaa', 'aadid', 'priancayadav') |
Notes: MongoDB user collection dump from PicsArt 2014 breach. The 'name' field consistently contains user display names that map to fullName. The 'username' field contains account/social media handles. Email is present in the top-level 'email' key (primary contact email). Nested OAuth objects (google, facebook, twitter) contain provider-specific tokens, emails, and user IDs but are mapped to skip as they represent OAuth provider metadata rather than the core PII fields requested. Social media handle values (e.g., screen_name within OAuth objects) are embedded in provider metadata and not extracted as separate username fields at the top level.