The dataset catalog.

Every public corpus we've gotten our hands on. Breaches, stealer logs, paste dumps, combolists. Click any one to see the fields it exposed and search it directly.

Datasets

sort
2,847 datasets

puppyfinder.com

154,986
records
Disclosed Dec 1, 2022scraping

Breach of PuppyFinder.com, a pet listing and adoption website. The dataset contains user account records including email addresses, usernames, hashed passwords (SHA-1, some with salts), Facebook IDs, account creation dates, scammer/block flags, and verification statuses. The latest date visible in the data is late 2022, suggesting the breach occurred around that time.

mc.hypermine.net

269,509
records
Disclosed Jul 15, 2026other

Breach of mc.hypermine.net, a Minecraft gaming server. The dataset contains usernames, hashed passwords (using a SHA-based scheme with salt), and IP addresses of registered players.

Gazelle

72,498,733
records
Disclosed Jul 12, 2026other

A database archive containing MySQL MyISAM table files and CSV exports from a database named 'gazelle'. The data includes e-commerce or logistics-related tables such as invoices, couriers, organizations, items, categories, and fashion product listings. The schema suggests a South/Southeast Asian e-commerce or logistics platform given the presence of district/country tables and fashion category data. The target entity cannot be conclusively identified from the available metadata.

modocmedical.com

1,511,093
records
Disclosed Feb 5, 2023other

Database dump from Modoc Medical containing user account records from their internal system (database named 'ModocMedicaldbo'). The file contains user credentials including login names, hashed/encrypted passwords, staff type IDs, account status, and secure messaging details. Data appears to be from a healthcare provider's electronic health records or practice management system, with records dating from 2013 through early 2023.

modocmedical.org

47,568
records
Disclosed Jul 10, 2026database

Database dump from Modoc Medical Center containing patient and people records including full names, Social Security Numbers, dates of birth, home addresses, phone numbers, email addresses, sex, marital status, and other personally identifiable health-related information. Data appears to originate from a SQL Server database (dbo schema) and includes records from at least 2022.

cityoffulton.us

0
records
Disclosed May 1, 2021other

Leaked internal operational documents from the Fulton Police Department (Fulton, NY), covering daily desk reports, shift rosters, officer assignments, equipment (long guns, cameras, tasers, vehicles), officer identification numbers (OINs), custody records, and arrest/warrant information spanning May 2021. The filename hint references 'NYPD docs' but the content clearly identifies the Fulton Police Department in Fulton, NY. Documents include sensitive personnel scheduling and law enforcement operational data.

Rewardthefan

96,554
records
Disclosed Jul 9, 2026database

A database dump from RewardTheFan (rewardthefan.com), a sports fan rewards and quiz platform. The data was shared via BreachForums and contains customer records including customer IDs, email addresses, phone numbers, reward points balances (active_reward_points, rtf_points, rtf_cur_val_bal), OTP verification status, account block status, profile image paths, quiz-related fields (no_of_lives, sf_ques_level, super_fan_chances, magicwand), and user IDs/handles. The JSON file is named 'rtfquizmasterks_customer.json', suggesting this is specifically the quiz master component of the platform.

vk.com

930,606
records
Disclosed Mar 22, 2011other

A SQL database dump from VKontakte (VK), the Russian social network founded by Pavel Durov. The source database is named 'durov_live', referencing VK's founder Pavel Durov. The dump dated 2011-03-22 contains a members table with extensive user profile data including names, emails, hashed passwords, IP addresses, birth dates, phone numbers, location data, university info, and various privacy settings.

fastcash.com.br

6,788
records
Disclosed May 8, 2015other

Breach of FastCash (fastcash.com.br), a Brazilian payment processing platform. The leaked data contains checkout transaction logs including URLs with embedded PII: CPF (Brazilian tax ID numbers), email addresses, phone numbers, names, payment amounts, and event/product descriptions. The filename references 'Sem Hora', a Brazilian ticketing/event company that was a merchant customer of FastCash. Data dates from May–July 2015.

CV2 Telecom Spain

7,386
records
Disclosed Jul 9, 2026other

Database dump from a Spanish telecommunications company's CRM system (internally referred to as 'cv2'). Contains service request records with hex-encoded JSON bodies including customer PII: full names, NIF (Spanish national ID), dates of birth, addresses, IBAN bank account numbers, email addresses, phone numbers, and telecom service subscription details (TV packages, mobile/fixed tariffs, router models). The data appears to relate to new service installations or contract applications.

vk.com

840,514
records
Disclosed Mar 22, 2011other

SQL database dump from VKontakte (VK), the Russian social network founded by Pavel Durov. The dump is dated 2011-03-22 and contains the 'members2' table with extensive user profile data including names, email addresses, hashed passwords, IP addresses, phone numbers, birthdates, location data, university information, and privacy settings. The source database is named 'durov_live', referencing Pavel Durov, the founder of VK.

vk.com

840,847
records
Disclosed Mar 21, 2011other

A MySQL database dump from the Russian social network VKontakte (VK), dated March 21, 2011. The source database is named 'durov_live' (referencing Pavel Durov, VK's founder). The dump contains a members table with extensive user profile data including names, email addresses, hashed passwords, IP addresses, phone numbers, birthdates, education details, location information, and various privacy settings. This appears to be an early internal database snapshot of VK's user data.

peytonlawfirm.com

2,283
records
Disclosed Jul 9, 2026database

A contacts database export from Peyton Law Firm, likely sourced from a CRM system (HubSpot, based on field structure and Associated Company IDs). Contains contact records including names, email addresses, phone numbers, associated companies, and last activity dates ranging from early 2020 onward. The data appears to be a business contacts list used by the firm for client and networking relationship management.

ameli.fr

3
records
Disclosed Jul 9, 2026database

Sample dataset purportedly from L'Assurance Maladie (CNAM), the French national health insurance fund. Contains healthcare reimbursement records including patient/insured IDs, care dates, medical act codes and descriptions, treating professionals, reimbursement amounts, co-payment details, IBAN bank account numbers, payment dates, and statement reference numbers. The presence of future-dated records (2025–2026) and the 'sample' label suggest this may be a fabricated or synthetic demonstration dataset rather than a confirmed production breach.

costasolutions.com

17,168
records
Disclosed Jan 1, 2026other

Employee HR data from Costa Solutions, a logistics/warehouse staffing company operating in San Antonio, Texas. The dataset contains detailed employee records including full names, file numbers, hire dates, job titles, business unit assignments, department codes, termination dates, termination reasons, rehire eligibility, and HR file tracking status. Data includes both active and terminated employees, with the most recent termination dates in January 2026. The data appears to have been extracted from their Rippling HR system.

galaxylifts.com

94
records
Disclosed Jan 1, 2023other

An internal credential spreadsheet from Galaxy Lifts LLC (a Texas-based elevator/lift company) containing plaintext usernames and passwords for dozens of business accounts including banking, payroll, insurance, social media, vendor portals, and government services. The file appears to be a company password manager export dated 2023.

doosan.com

246
records
Disclosed Jul 31, 2007other

Internal employee directory data from Doosan (branch/division 5908-IF, likely Doosan Equipment or a related North American subsidiary operating out of West Fargo, Bismarck, and Gwinner, ND). The dataset contains approximately 5,908 employee records including full names, cost center codes, job titles, locations, and branch assignments. The filename date hint '073107' strongly suggests July 31, 2007.

costasolutionsllc.com

56
records
Disclosed Jul 9, 2026other

Employee benefits data from Costa Solutions LLC, containing personally identifiable information including employee names, position IDs, hire dates, benefit plan types (life insurance, AD&D), providers (Lincoln Financial Group), enrollment dates, deduction amounts, and coverage notes. The data appears to reflect benefit enrollment records from approximately 2020–2022.

bayoutitle.com

97
records
Disclosed Jul 9, 2026database

Employee records from Bayou Title (bayoutitle.com / besttitle.org), a Louisiana-based title and settlement company. The dataset contains a staff directory including full names, hire dates, termination dates, employment type (FTE or Temp), job titles, departments, and corporate email addresses.

handisport.org

59,931
records
Disclosed Jul 9, 2026database

Data breach of the French Handisport Federation (Fédération Française Handisport), the governing body for Paralympic and disability sports in France. The leaked dataset contains detailed member/licensee records including full names, birthdates, gender, contact information (email, phone, mobile), license details, license status, structure affiliations, identity verification steps, and internal administrative metadata. The data appears to be exported from their membership/licensing management system.

azazie.com

12,123,417
records
Disclosed Jul 8, 2026chatter

Database dump from Azazie, an online retailer specializing in bridesmaid dresses and formal wear. The archive contains a full SQL database export with approximately 2,576 data files totaling ~973 MB, including order/shipment records, admin users, access tokens, customer data, product pricing, and internal operational tables. The credit file attributes the leak to Telegram channel @weleakdatabases and actor @GuntherMagnuson.

Japan Email Credential Compilation

309,699,919
records
Disclosed Jul 8, 2026combolist

A large credential dump (20+ GB) containing email:password pairs predominantly from Japanese email domains including yahoo.co.jp, docomo.ne.jp, ezweb.ne.jp, softbank.ne.jp, and various Japanese ISP and corporate domains. The file is named 'urluserpass' suggesting it may be a URL:user:pass or user:pass combo list. No single source breach is identifiable; this appears to be a compilation or combo list targeting Japanese internet users.

kirkpatrickpartners.com

19,911
records
Disclosed Jul 8, 2026database

A WordPress user export from Kirkpatrick Partners, LLC, a professional training and consulting firm. The data contains detailed user account information including login names, email addresses, hashed passwords, billing and shipping addresses, WooCommerce customer data, membership (MemberPress) details, phone numbers, company names, job titles, and various WordPress metadata. The file appears to be a direct database export of the site's user table with all associated usermeta fields.

US SSN Database

153,208
records
Disclosed Jul 8, 2026other

A compilation of US individuals' personally identifiable information including full names, email addresses, physical addresses, phone numbers, bank account numbers, routing numbers, Social Security Numbers (SSNs), dates of birth, and driver's license numbers. The data appears to be a compiled/aggregated dataset of US residents rather than a breach from a single identifiable company.

magmutual.com

320,553
records
Disclosed Jul 8, 2026other

Data breach of MAG Mutual (magmutual.com), a medical malpractice insurance provider. The leaked data contains detailed physician/provider records including names, addresses, contact information, medical specialties, practice locations, hospital affiliations, board certifications, graduation years, medical schools, residency information, tax IDs, group affiliations, and other sensitive professional and personal details about healthcare providers.

zvendo.com

5,730
records
Disclosed Feb 20, 2022other

SQL database dump from Zvendo (zvendo.com / zvendostore.com), a white-label e-commerce platform. The exposed data contains bug report logs from multiple tenant stores, including device identifiers, user email addresses, GPS coordinates, session tokens, API bearer tokens, shipping addresses, phone numbers, and mobile device metadata (manufacturer, model, OS version, storage/memory stats). Data appears to span multiple tenant stores built on the Zvendo platform.

enfit.net

2,025
records
Disclosed Jul 8, 2026scraping

Database dump from enfit.net, a South Korean fitness/health platform. Contains user account records including usernames, nicknames, email addresses, bcrypt-hashed passwords, phone numbers, birthdates, gender, IP addresses (created and last login), profile photo URLs, social media handles (Instagram, Facebook, YouTube, TikTok), push/FCM tokens, and device information. Data spans account creation dates from 2015 through at least 2024.

berkadia.com

397,598
records
Disclosed Dec 4, 2025other

A CRM contact database export from Berkadia, a commercial real estate finance and investment sales company. The file contains Salesforce CRM contact records including full names, email addresses, phone numbers, mailing addresses, account names, account types, account statuses, websites, contact IDs, and internal CRM metadata. The data appears to span records created from 2018 through at least late 2025, with the most recent modification dates in late 2025.

pixartprinting.com

141,476
records
Disclosed Jul 8, 2026database

A data breach of PixartPrinting.com, an Italian online printing company. The dataset contains approximately 141,000 user records exported from what appears to be a product analytics/onboarding platform (likely Userpilot or similar), including user email addresses, behavioral tracking data, tour/onboarding states, survey answers, segmentation tags, browser metadata, country, and user activity timestamps.

salesprophet.io

2,270
records
Disclosed Jul 8, 2026scraping

Data breach of SalesProphet (salesprophet.io), a B2B sales intelligence and lead generation platform. The leaked data contains detailed professional and personal profiles including full names, business email addresses, personal email addresses, phone numbers (business and cell), home city/state, company details (name, address, industry, revenue range, employee count), job title, seniority level, LinkedIn URLs, and email validation status. The data appears to be SalesProphet's underlying contact/prospect database.

nike.com

7,882,276
records
Disclosed Jun 25, 2026other

Breach of Nike's internal Splunk logging infrastructure, exposing detailed application logs from Nike's e-commerce and checkout systems. Data includes customer PII (names, email addresses, phone numbers, shipping addresses), checkout session details, cart contents, pricing information, product SKUs, UPM IDs, and internal microservice logs from services including checkoutpreviews, carts, pricing, and checkouts. Logs appear to have been exfiltrated directly from Nike's Splunk Cloud instance (nike.splunkcloud.com) covering activity around June 25, 2026.

awo-suedost.de

157
records
Disclosed Jul 8, 2026other

Data breach of AWO Südost (Arbeiterwohlfahrt Südost), a German social welfare organization operating kindergartens (Kitas) in southeastern Germany. The leaked data includes sensitive records of families enrolled in their childcare facilities, including parent names, addresses, phone numbers, email addresses, income information, and children's personal data (names, dates of birth, gender, group assignments, entry/exit dates). Also includes kindergarten operational data such as facility details, group structures, and child rosters.

turk.internet.com

308,363
records
Disclosed Jul 7, 2026other

SQL injection breach of turk-internet company (turk.internet.com), hosted on IP 195.87.51.21 via Vodafone/Koc.Net infrastructure. The dump contains 2,218 user records from the 'ticdb' database including full names, email addresses, phone numbers, usernames, MD5-hashed passwords, IP addresses, physical addresses, gender, and company affiliations. Attack vector was blind SQL injection against a MySQL backend on Linux CentOS 6.8 / Apache 2.2.15.

rm.ng

1
records
Disclosed Aug 27, 2013other

WordPress database dump from rm.ng (Renaissance Man), a Nigerian lifestyle magazine website. Contains full WordPress database tables including users, posts, comments, options, and metadata. The site URL is http://www.rm.ng and the blog tagline is 'The Lifestyle Magazine for the Nigerian Man'. Data appears to have been extracted around August 2013 based on post dates and WordPress initialization timestamps.

rightweightcenter.com

2
records
Disclosed Mar 20, 2013database

WordPress database dump from Right Weight Center (rightweightcenter.com), a weight management/medical center whose blog was hosted under Meditab infrastructure. The dump contains WordPress core tables including users, posts, comments, options, and metadata. The site appears to have been set up in March 2013. Admin email is associated with meditab.com domain. Data includes WordPress user credentials and site configuration.

habbo.com

900,891
records
Disclosed Jul 7, 2026other

A credential dump associated with Habbo Hotel (a social networking site/online game), containing username:MD5-hashed-password:email:IP address records. The dataset appears to be a compilation of German-speaking Habbo users, predominantly with .de, .at, .ch email domains across providers like hotmail.de, web.de, gmx.de, and live.de. The SQL header references a 'hotmail_data' table, suggesting this may be a secondary credential stuffing or phishing-harvested set tied to Habbo accounts.

Brazilian Stealer Log Compilation

15,361,246
records
Disclosed Jul 7, 2026stealer-logs

A stealer/infostealer log dump containing credential pairs harvested from a Brazilian individual or small group. Data includes email addresses, CPF numbers (Brazilian tax IDs), plaintext passwords, and the URLs where credentials were used — spanning dozens of sites including LinkedIn, PayPal, Netflix, Coinbase, Poloniex, Hotmart, Detran SP, Serasa, and others. The data appears to be a personal credential log from a single victim or a small household, not a breach of a specific company.

CrownLogCloud Stealer Logs 7M

653,303
records
Disclosed Jul 7, 2026stealer-logs

A compilation of approximately 7 million credential records harvested by the 'CrownLogCloud' infostealer/credential-harvesting operation, distributed via Telegram (t.me/CROWNLOGCLOUD). The data is formatted as browser-saved credential dumps (URL, Username, Password, Application) captured from Chrome and Edge browsers across multiple victims. Credentials span a wide range of services including Facebook, Netflix, LinkedIn, Microsoft Live, VK, government portals (Ethiopia), and many others. The file contains no single target — it is a multi-victim stealer log compilation.

stc.nl

1,658,358
records
Disclosed Feb 7, 2019other

A database dump from a production system ('stc_prod') dated February 7, 2019, containing a MailMessage table. The data appears to be transactional emails from a ticketing/travel platform that sent booking confirmations on behalf of Dutch retailers including Kruidvat (via 'Effe Weg' bus trips). The 4.58 GB CSV contains email addresses, sender/recipient details, and full HTML email bodies including customer names, order numbers, pickup locations, and ticket details. The 'stc' prefix and Azure blob storage domain 'stcprod.blob.core.windows.net' suggest the operator is STC (likely a Dutch travel/ticketing service provider).

Compilation of Many Breaches (COMB) Expanded

625,287,516
records
Disclosed Jul 7, 2026other

A large compilation dataset containing email:password credential pairs aggregated from numerous individual breaches. The data spans multiple languages and email providers (mail.ru, yandex.ru, gmail.com, yahoo.com, hotmail.com, etc.), consistent with large credential compilation datasets like COMB or its variants. Files are organized alphabetically by the first character of the email address. Contains hundreds of millions of plaintext or previously cracked credential pairs sourced from many underlying breaches.

Unknown TIN Database Leak

22,528
records
Disclosed Sep 22, 2017other

A database table containing Tax Identification Numbers (TINs) linked to persons, including issuing country codes and internal party IDs. The data appears to originate from a financial or government-adjacent system, with records created in September 2017. The TIN values include passport-style alphanumeric identifiers and numeric tax IDs from multiple countries.

LOG OTPUSKI

295,513
records
Disclosed Jun 19, 2012other

A Bulgarian/Russian-language database export containing employee leave (отпуски/otpuski means 'vacations/leaves') and sick leave (болнични) records. The data appears to be from a Bulgarian organization's HR system, containing user IDs, department codes, date ranges, and a reference code (KOD_HERMES). Records span 2003–2012. The filename 'LOG OTPUSKI' translates to 'Leave Log' in Bulgarian/Russian. The target organization cannot be clearly identified from available metadata.

zooville.org

7,805
records
Disclosed Jul 7, 2026chatter

A breach of Zooville, a zoophilia community forum, exposing user profile field data including user IDs, locations, interests, gender, and bio/about text. The file contains user-supplied profile fields from the forum's database.

NAPS

246
records
Disclosed Jul 7, 2026other

Database dump from an entity referred to as 'NAPS' (naps_db_new), containing order status history records. The data includes order IDs, status codes, timestamps, and customer notification flags. Payment references to MoneyGram and Western Union suggest this may be a marketplace or e-commerce platform accepting alternative payment methods. Data begins from January 2013.

guns.com

84,900
records
Disclosed Jan 4, 2021other

Database backup from an online firearms retailer (likely Guns.com or a similar platform) containing order-to-FFL (Federal Firearms Licensee) transfer records. Data includes FFL license numbers, FFL dealer names, order IDs, transfer statuses (contact_ffl, confirmed_ffl, canceled_ffl), and timestamps. Records date from February 2019 onward. The backup filename suggests it was taken on January 4, 2021.

lugera.com

255,946
records
Disclosed Jul 7, 2026other

Data breach of Lugera, a recruitment and staffing agency. The leaked dataset contains detailed candidate/applicant profile records including full names, email addresses, physical addresses, phone numbers, gender, job titles, work experience, education levels, skills, language proficiencies, salary expectations, geolocation data, and more. The JSON and CSV files suggest this is a database export from their candidate management system.

EU VAT Refund System

547
records
Disclosed Jul 7, 2026other

A CSV file cataloging document attachments associated with VAT refund applications across multiple EU member states (DE, BE, ES, GB, LV, PL). Records include message IDs, file types (PDF, TIFF, JPEG), and internal document reference numbers. The data appears to be from a cross-border EU VAT refund processing system, with documents dating to around 2010. Contains references to business documents such as invoices and VAT applications submitted by companies including Ecophos.

saludculiacan.gob.mx

3,842
records
Disclosed Jul 7, 2026other

Breach of the health portal of Culiacán, Sinaloa, Mexico (Portal de Salud de Culiacán). The dataset contains sensitive personal and medical records of municipal employees and their beneficiaries, including full names, CURP (Mexican national ID), employee numbers, ages, phone numbers, addresses, email addresses, birth dates, sex, marital status, nationality, education level, healthcare entitlement status, and extensive medical history fields including hereditary conditions, pathologies, habits, physiological data, and gynecological data.

usbizdata.com

8,285,615
records
Disclosed Jul 7, 2026other

A large dataset of approximately 267 million US residential records, organized by state, containing personally identifiable information including full names, physical addresses, phone numbers, birthdates, gender, ethnicity codes, estimated age, estimated income, estimated wealth, homeowner status, marital status, latitude/longitude coordinates, and other demographic attributes. The data appears to originate from or be sold by USBizData, a data broker. Files are organized by US state abbreviation.

STC 2019

268,577
records
Disclosed Feb 7, 2019stealer-logs

Database dump from a ticketing/reservation platform using the identifier 'stc_prod', dated February 7, 2019. The data contains a change history log (dbo.ChangeHistory) from what appears to be a ticket sales system, including customer PII such as names, email addresses, postal addresses, IP addresses, payment methods (iDeal, CreditCard), bank account numbers (IBAN), and reservation details. Dutch-language context (Netherlands addresses, iDeal payments, Dutch names) suggests a Dutch or Benelux-based ticketing company.

guideline.com

235,178
records
Disclosed Jul 7, 2026other

A large CSV export (~650MB) of CRM contact records, highly consistent with Guideline Inc. (guideline.com), a 401(k) retirement plan provider. The data contains extremely detailed fields referencing 401(k) plans, plan advisors, payroll integrations, participant data, billing (Stripe), NPS surveys, Safe Harbor matches, SECURE Act provisions, and internal CRM workflow metadata. Fields like 'Ad Hoc_Plan ID', '401k plan type', 'Advisor Referral', and survey cohort years (2023–2025) strongly suggest this is an internal CRM/HubSpot or Salesforce export from Guideline's operations.

nulledforums.org

84
records
Disclosed Jul 7, 2026chatter

This dataset contains internal transaction/purchase notification emails from Nulled (nulledforums.org), a hacking and credential-trading forum. The records show membership purchase notifications (Prime, Supreme, Royal tiers) sent to the merchant account at support@nulledforums.org, including usernames, transaction amounts, processing fees, and net revenue. Some transactions include cryptocurrency payment references.

nap.bg

65
records
Disclosed Sep 21, 2010other

A dataset containing records from the Bulgarian National Revenue Agency (НАП - Национална агенция за приходите). The data includes Bulgarian EGN (personal identification numbers), organization names, tax reference numbers, official names and addresses, and administrative correspondence details. Records appear to be from September-October 2010 and relate to tax inspections and revenue collection proceedings.

se.net

679
records
Disclosed Jul 7, 2026chatter

A data cache dump from the MyBB forum software running on se.net. The file contains serialized PHP data from the MyBB datacache table, including internal settings (such as an encryption key), user group configurations, and forum permissions. This type of dump typically originates from a database breach or unauthorized access to the forum's backend.

ZEM Pro 2006

0
records
Disclosed Jan 1, 2006other

A dataset containing Bulgarian EGN (Единен граждански номер) numbers — the Bulgarian national personal identification numbers. The filename suggests it relates to 'ZEM PRO 2006 DEK1', possibly a Bulgarian land registry, agricultural, or professional database from 2006. The data consists solely of EGN codes which encode birthdate and gender and serve as unique citizen identifiers in Bulgaria.

qrshs.com

1
records
Disclosed Jul 7, 2026other

A data breach of QRS Medical Clinic (also referenced as QRS Health Systems, qrshs.com) located in Knoxville, TN. The exposed data consists of patient portal billing/statement records including patient names, home addresses, itemized medical charges, physician names, insurance claim details (Medicare), and payment histories. The records appear to date from 2009-2010.

stc.com.sa

0
records
Disclosed Feb 7, 2019other

A database dump from STC (Saudi Telecom Company) production environment dated February 7, 2019. The file contains a single-column CSV from the 'dbo.Numbers' table, appearing to contain a sequential list of numeric identifiers or phone numbers. The data was extracted from what appears to be a SQL Server database (dbo schema prefix).

semhora.com.br

1,047
records
Disclosed Oct 27, 2015scraping

Breach of Sem Hora, a Brazilian online service (likely a delivery or scheduling platform). The dataset contains merged log records linking Facebook OAuth data with internal user accounts, including names, email addresses, phone numbers, birthdates, gender, Brazilian postal addresses (CEP), Facebook access tokens, session tokens, and internal user IDs. Data appears to originate from late 2015 based on timestamps. The platform appears to have used Parse (parsetfss.com) as its backend.

preen.me

828
records
Disclosed Jul 7, 2026scraping

Data breach from Preen.me, a social influencer marketing platform. The exposed data includes invitation records with email addresses, invite codes, user IDs, tags, timestamps, and detailed JSON metadata about promotional campaigns, influencer groups, and creator profiles. Data appears to originate from around 2014 based on timestamps.

liker.com

535
records
Disclosed Feb 18, 2021other

Exposed Amazon SES (Simple Email Service) mail delivery log from liker.com, containing SNS notification payloads with email delivery records. Data includes recipient email addresses, delivery timestamps, SMTP responses, sending IP addresses, and AWS account/topic ARN identifiers. The log appears to be from a database or application backend storing Amazon SNS webhook callbacks for email delivery tracking.

apexclearing.com

0
records
Disclosed Jul 7, 2026database

A data extract from Apex Clearing's internal reporting system (EXT1024 - 'About to Expire Voluntary Action Report'), containing brokerage account and corporate action data including account numbers, account holder names, share quantities, CUSIP/ISIN identifiers, ticker symbols, and corporate action details. Sample data rows use placeholder 'John Doe' values but the schema and system identifiers (Firm code '10' = PRODUCTION for Apex Clearing) clearly identify the source as Apex Clearing's internal corporate actions platform.

guns.com

309
records
Disclosed Jan 4, 2021other

A backup of the Guns.com dealer profiles database, dated January 4, 2021. Contains dealer/FFL (Federal Firearms License) holder records including business names, FFL IDs, business hours, websites, transfer fees, bank account IDs, Dwolla payment IDs, tax/margin settings, and approval status. Includes both individual gun shops and distributors.

ownagepranks.com

16,486
records
Disclosed Jul 7, 2026chatter

A breach of the OwnagePranks community forum database containing thread metadata. The data includes thread IDs, titles, forum IDs, post counts, usernames, timestamps, view counts, tags, and other vBulletin forum fields. OwnagePranks is a prank call entertainment website. The earliest thread dates to around May 2008 based on the dateline values.

NameBase Dump EXT765

0
records
Disclosed Jul 7, 2026other

A schema/data dictionary file (no actual records present) describing a brokerage or financial account data extract labeled 'NameBase Dump' (Report EXT765). The schema includes highly sensitive fields: customer account numbers, Social Security Numbers / Tax ID numbers, names, addresses, branch codes, registered representative codes, and various financial account metadata (dividend codes, cash management codes, account class, etc.). The presence of Social Insurance Numbers (Canada) and references to AMEX suggest this may originate from a legacy brokerage or financial services firm. No company name or domain is explicitly identified in the available data.

guns.com

2
records
Disclosed Jan 4, 2021other

A backup database dump from Guns.com containing POS (point-of-sale) activation credentials for dealer integrations. The data includes dealer IDs, POS system types (SportsSouth, Bill Hicks, Lipsey's, NCR Counterpoint, etc.), API credentials, usernames, passwords, and API keys stored in plaintext JSON fields. The filename suggests this was a backup taken on January 4, 2021.

ownage.com

25,574
records
Disclosed May 26, 2009other

Payment and membership records from what appears to be 'Ownage' VIP membership site, using the aMember subscription management platform. The data contains payment transaction records including member IDs, product IDs, subscription dates, PayPal transaction details, payer names, email addresses, IP addresses, and billing amounts. Data dates back to at least 2008-2009.

apexclearing.com

0
records
Disclosed Sep 11, 2006other

A schema/extract document from Apex Clearing (brokerage clearing firm) describing a 'Voluntary Action Report' extract format (EXT236) containing brokerage account holder information including account numbers, names, share quantities, office/branch details, CUSIP/ISIN securities identifiers, and corporate action announcements. The sample data rows use placeholder 'John Doe' / '999999999' values dated September 2006, suggesting this is either a sample/template document or an early data extract. The Firm code '10' corresponds to Apex Clearing production environment.

traedex.com

152,997
records
Disclosed Dec 1, 2025stealer-logs

Database breach of Traedex (traedex.com), a Brazilian binary options / auto-trading platform. The dump contains user authentication credentials (email, hashed passwords, salts), KYC verification records, deposit and withdrawal transaction data, auto-trading robot configurations (including martingale settings, risk parameters), trading history, referral partner and payout data, premium subscription orders, Facebook Pixel event logs with hashed PII (email, name), push notification subscriptions, and session data. User records appear to be primarily Brazilian (pt-BR locale, BRL currency, Brazilian phone numbers). Data timestamps range from approximately July 2025 through early 2026, suggesting the breach captured a live database snapshot in late 2025.

Stigma3

2
records
Disclosed Jul 7, 2026other

Database dump from Stigma3, an online game server (appears to be a Tibia/OTServer private server based on the schema structure including players, guilds, houses, items, and spells tables). Contains account data, player characters, guild information, and game state.

janekahan.com

2,169
records
Disclosed Apr 8, 2011database

WordPress database dump from the Jane Kahan Gallery website (janekahan.com), an art gallery in New York specializing in Picasso, Chagall, Miro, Leger, and Calder works. The dump includes all standard WordPress tables: users, posts, comments, options, and metadata. Contains site configuration, content, and potentially user/admin account data.

Stealer Logs Compilation

11,672,112
records
Disclosed Jul 7, 2026stealer-logs

A 3.45 GB compilation of infostealer malware logs aggregated from multiple victims. The file contains URL:username:password triplets harvested from infected devices across many countries and services, including Google, Facebook, Apple, Spotify, Steam, Netflix, and various regional sites. Data includes plaintext credentials for hundreds of distinct services, internal corporate URLs (e.g., rollins.com internal hosts), Android app credentials, and personal banking/gaming accounts. This is not a single-target breach but rather a credential dump aggregated from stealer malware (e.g., RedLine, Raccoon, or similar).

LinkSort Compilation #100

8,413,405
records
Disclosed Jul 7, 2026combolist

A credential stuffing list / combo list labeled 'LinkSort #100', containing URL:username:password triples across hundreds of different websites. This is not a single-target breach but rather a compiled stealer log or credential compilation sorted by login URL. Data includes plaintext passwords, emails, and usernames for services such as Spotify, Amazon, Netflix, Facebook, Twitch, and many others.

LinkSort #5

9,999,614
records
Disclosed Jul 7, 2026combolist

A credential stuffing compilation known as 'LinkSort #5' containing approximately 10 million records in URL:username:password format. The data spans hundreds of different websites and services including Google, Facebook, Netflix, Steam, Roblox, and many others. This is a stealer log or credential compilation aggregated from multiple sources, not a breach of a single target.

URL:Login:Pass Combo List #99

4,931,640
records
Disclosed Jul 7, 2026combolist

A credential stuffing combo list in URL:login:password format, numbered volume 99 in a series. Contains plaintext credentials for hundreds of different services including social media platforms (Facebook, Instagram, Discord, Twitter), gaming platforms (Steam, Epic Games, Roblox), financial services (PayPal, OneMain Financial), and many others. This is an aggregated stealer log or combo list, not a breach of a single target — credentials span dozens of unrelated domains worldwide.

URL:Login:Pass Compilation #95

4,932,207
records
Disclosed Jul 7, 2026combolist

A credential stuffing combo list in URL:login:password format, numbered as volume 95 in a series. Contains plaintext credentials paired with their associated login URLs spanning hundreds of different websites including social media, banking, gaming, e-commerce, and other services. Data appears aggregated from multiple sources/stealer logs rather than a single breach.

Infostealer Logs Compilation

562,415
records
Disclosed Jul 7, 2026stealer-logs

A compilation of infostealer malware logs containing plaintext credentials harvested from infected devices. Data includes credentials from browser-saved passwords (including 'about:blank' entries indicating local app/browser storage), Android app credentials extracted via stealer malware, and credentials spanning numerous services and apps across multiple countries. The format is URL/app:username:password. No single target company — this is a multi-source stealer log dump aggregated from many victims.

LinkSort Stealer Log #67

999,369
records
Disclosed Jul 7, 2026combolist

A stealer log or credential compilation file labeled 'LinkSort#67' containing URL:username:password triplets harvested from multiple victims, predominantly associated with UAE-based users (Abu Dhabi University students, UAE Ministry of Education accounts, government portals). Data includes credentials for dozens of sites including Google, Amazon, Autodesk, UAE government SSO portals, and academic systems. No single breached target — this is an infostealer log aggregating credentials from infected machines.

t.me

295,821
records
Disclosed Jul 7, 2026combolist

A credential stealer log dump distributed via the Telegram channel 'OCTOPUSCLOUDLOGS'. The file contains URL:login:password combos harvested from infected machines, covering a wide range of services including Google, Facebook, Discord, Steam, Netflix, Roblox, Spotify, Epic Games, and various Australian educational platforms. The data appears to be from individual victims in Australia, with credentials for school portals (nudgee.qld.edu.au), streaming services, gaming platforms, and social media. This is infostealer output, not a single corporate breach.

LinkSort Compilation #3

3,445,123
records
Disclosed Jul 7, 2026combolist

A credential stuffing / stealer log compilation titled 'LinkSort #3' containing approximately 3.5 million records in URL:username:password format. Data spans dozens of unrelated websites including gaming platforms, social media, financial services, and e-commerce sites, indicating this is an aggregated stealer log or combo list rather than a single-source breach.

URL:Login:Pass Combo List #100

2,527,567
records
Disclosed Jul 7, 2026combolist

A credential stuffing combo list in URL:login:password format containing credentials for hundreds of different websites including Google, Facebook, Instagram, Netflix, PayPal, Amazon, Roblox, Discord, and many others. This is not a single-source breach but a compiled stealer log or aggregated combo list, likely sourced from infostealer malware or multiple credential dumps. The filename 'url.login.pass_100' suggests it is part of a numbered series of such files.

LinkSort #60 Stealer Logs

999,194
records
Disclosed Jul 7, 2026combolist

A credential stuffing / infostealer log compilation labeled 'LinkSort #60', containing URL:username:password triplets harvested from various websites. The data appears to be West African (primarily Côte d'Ivoire) in origin based on domains like uvci.edu.ci, farfarci.com, djoganapayci.com, and French-language services. Contains plaintext credentials for Google, Facebook, Instagram, Netflix, Apple ID, Snapchat, PayPal, and dozens of other services. This is a stealer log sorted/compiled file, not a breach of a single company.

LinkSort Stealer Log Compilation #64

999,933
records
Disclosed Jul 7, 2026combolist

A stealer log compilation labeled 'LinkSort #64' containing credential data in URL:username:password format. The data appears to be aggregated from infostealer malware targeting primarily Brazilian users, containing credentials for Google, Facebook, Netflix, Disney+, Mercado Libre, Brazilian government portals (acesso.gov.br, detran.pe.gov.br, jucepe.pe.gov.br), banking (Caixa), and various other services. Includes CPF numbers (Brazilian tax IDs) used as usernames for government portals.

LinkSort Stealer Log Compilation #65

999,896
records
Disclosed Jul 7, 2026combolist

A stealer log compilation labeled 'LinkSort #65' containing credential pairs in URL:username:password format. The data appears to be aggregated from infostealer malware logs across multiple victims, covering a wide variety of services including Google, Facebook, Steam, Roblox, Discord, Minecraft, Wargaming, Spotify, and others. Victims appear to be from multiple countries including Germany, Malaysia, Hungary, and Indonesia. This is not a breach of a single organization but rather a compiled dump of stolen credentials from individual victims' infected devices.

LinkSort Compilation #53

999,924
records
Disclosed Jul 7, 2026combolist

A credential stuffing / infostealer log compilation labeled 'LinkSort #53'. Contains URL:username:password triplets harvested from multiple sites including Facebook, Google, Roblox, Twitch, Instagram, Discord, Minecraft, and many others. Data appears to originate from browser-saved password logs or infostealer malware, aggregated into a sorted list by URL. Multiple identities are present, with recurring usernames suggesting individual victim device dumps.

LinkSort #58

993,481
records
Disclosed Jul 7, 2026stealer-logs

A stealer log / credential compilation file labeled 'LinkSort #58' containing URL:username:password triplets harvested from infostealer malware. The data spans numerous sites including Amazon, PayPal, Facebook, Google, LinkedIn, UAE government portals (moe.gov.ae, eehc.gov.eg), and many others. Credentials appear to belong primarily to users in Egypt and the UAE. This is not a breach of a single target but rather a numbered entry in a credential-sorting/distribution series aggregating stealer logs.

t.me

542,165
records
Disclosed Jul 7, 2026combolist

A stealer log dump sold via Telegram channel @OCTOPUSCLOUDLOGS and threat actor @WASTINGT1M3. Contains credential pairs in URL:username:password format harvested from infostealer malware. Credentials span numerous services including Facebook, Instagram, Google, Steam, Discord, Daraz, Riot Games, and various Pakistani government/education portals. Data appears to originate primarily from Pakistani users. This is not a breach of a single target but a compiled stealer log collection of approximately 586 GB according to the seller.

LinkSort Stealer Log #62

999,921
records
Disclosed Jul 7, 2026combolist

A stealer log compilation labeled 'LinkSort #62' containing credential pairs in URL:username:password format. The data spans numerous services including Facebook, Instagram, Discord, Roblox, Netflix, LinkedIn, PayPal, Google, and various Brazilian government and banking portals. This appears to be an infostealer log aggregation — not a breach of a single target — with credentials harvested from multiple victims' browsers/devices.

LinkSort #59 Stealer Log Compilation

998,479
records
Disclosed Jul 7, 2026combolist

A stealer log / credential stuffing compilation file labeled 'LinkSort#59', containing URL:username:password triplets harvested from infostealer malware. Credentials span dozens of services including Google, Facebook, Netflix, LinkedIn, Sony, Adobe, Amazon, Discord, Zoom, GitHub, and numerous Bangladeshi/UAE educational and government portals. Data appears to have been aggregated from multiple victims, predominantly from Bangladesh and the UAE region.

t.me

630,355
records
Disclosed Jul 7, 2026combolist

A credential stuffing / infostealer log dump distributed via a Telegram channel. Contains URL:username:password combos harvested from multiple victims across various services including Netflix, Instagram, Roblox, Facebook, Snapchat, Discord, Steam, and others. Data appears to originate from stealer malware logs aggregated and shared on Telegram. No single target company — this is a multi-service credential log compilation.

LinkSort Stealer Log #63

998,760
records
Disclosed Jul 7, 2026combolist

A stealer log compilation labeled 'LinkSort #63' containing credential pairs in URL:username:password format. Data spans numerous services including Google, Facebook, Discord, Roblox, Steam, Amazon, Apple, PayPal, and various government portals (Malaysian, Indian). Credentials appear to have been harvested from multiple victims via infostealer malware, then sorted/compiled into this numbered collection. No single target company — this is a credential aggregation artifact.

LinkSort #61 Stealer Log

999,900
records
Disclosed Jul 7, 2026stealer-logs

A stealer/infostealer log compilation labeled 'LinkSort #61' containing credential pairs harvested from a single victim's devices. The data includes plaintext usernames, passwords, and associated URLs spanning dozens of services including Google, Facebook, Discord, Steam, Roblox, Minecraft, Riot Games, Sony, and others. The credentials appear to belong predominantly to one individual (username patterns around 'Axel64', 'axelladechia94@gmail.com') based in Argentina. This is not a corporate breach but rather a stealer log dump of an individual victim's credentials across multiple platforms.

LinkSort #2 Credential Compilation

999,891
records
Disclosed Jul 7, 2026combolist

A credential stuffing / infostealer compilation file containing username:password pairs organized by target URL. The file 'LinkSort#2.txt' contains thousands of plaintext credentials sorted by login URL spanning hundreds of different websites including Google, Facebook, PayPal, Roblox, Steam, Discord, Netflix, and many others. This appears to be a stealer log or credential list aggregation rather than a breach of a single target organization.

LinkSort Stealer Log #1

970,269
records
Disclosed Jul 7, 2026combolist

A credential stealer log dump labeled 'LinkSort#1' containing URL:username:password triplets harvested from multiple victims across dozens of services including Facebook, Google, PayPal, Instagram, Discord, Roblox, VK, and many others. The data appears to originate from infostealer malware (likely a credential harvester or browser password stealer) rather than a single-target breach. Credentials belong to multiple individuals, many appearing to be from Italian, Russian, and Indian contexts based on domains and usernames.

LinkSort #5 Stealer Log Compilation

999,933
records
Disclosed Jul 7, 2026combolist

A stealer log / credential stuffing compilation file labeled 'LinkSort#5', containing URL:username:password triplets harvested from info-stealer malware across many unrelated victims. Credentials span gaming platforms (Steam, Rockstar, Battle.net, Epic Games, Roblox, Mihoyo/Genshin), social media (Discord, Twitter, Facebook, Twitch), e-commerce (eBay, Amazon, PayPal), and miscellaneous sites. No single breached organization is identifiable; data appears to be aggregated stealer logs sorted by URL.

LinkSort #4 Credential Compilation

999,655
records
Disclosed Jul 7, 2026combolist

A credential stuffing / stealer log compilation labeled 'LinkSort #4'. Contains URL:username:password triplets harvested from infostealer malware or credential stuffing tools across hundreds of different websites including Google, Facebook, Netflix, Spotify, Instagram, Riot Games, and many others. Not a breach of a single target — a multi-source aggregated credential list sorted by login URL.

LinkSort Compilation #9

999,871
records
Disclosed Jul 7, 2026combolist

A credential stuffing list / stealer log compilation labeled 'LinkSort#9'. Contains URL:username:password triplets aggregated from multiple sources across many different websites including Google, Discord, Roblox, Epic Games, banking portals, casino sites, and various educational and government portals. This is not a single-target breach but rather a compiled credential list organized by login URL.

LinkSort #10

999,873
records
Disclosed Jul 7, 2026combolist

A credential stuffing compilation file labeled 'LinkSort#10' containing URL:username:password triplets aggregated from multiple sources. Entries span dozens of services including Facebook, Google, Netflix, LinkedIn, Steam, Roblox, Twitch, PayPal, and many others. The format is consistent with stealer log aggregations or credential list compilations sorted by login URL. No single target company — this is a multi-source compilation.

LinkSort #7

999,848
records
Disclosed Jul 7, 2026combolist

A credential stuffing list / combo list compilation labeled 'LinkSort #7', containing URL:username/email:password triplets aggregated from various sources. The data spans hundreds of different websites and services globally, including Google, Facebook, Discord, Steam, Netflix, Roblox, and many others. This is a sorted credential compilation rather than a breach of a single target.

LinkSort Compilation #3

999,764
records
Disclosed Jul 7, 2026combolist

A credential stuffing / stealer log compilation file named 'LinkSort#3'. Contains URL:username:password triplets scraped from across many different websites and services worldwide, including Google, Facebook, Spotify, Netflix, Steam, Discord, PayPal, and hundreds of others. The data is formatted as login URLs paired with credentials, characteristic of infostealer malware output or credential list aggregation. No single target company — this is a multi-source compilation sorted by login URL.

LinkSort #17

993,566
records
Disclosed Jul 7, 2026combolist

A credential stuffing list / combo list labeled 'LinkSort #17' containing plaintext URL:username:password triplets across hundreds of different websites. The data appears to be a compilation of stealer logs or previously breached credentials aggregated into a sorted list format, covering services such as Spotify, Amazon, Netflix, Facebook, Twitch, and many others. No single breach source is identifiable; this is a multi-source aggregation.

LinkSort Compilation #8

999,872
records
Disclosed Jul 7, 2026stealer-logs

A credential stuffing compilation list labeled 'LinkSort #8' containing URL:username:password triplets aggregated from multiple sources. The data includes login credentials for hundreds of different websites and services spanning multiple countries and languages, formatted as stealer-log style output with Android app deep-link URIs alongside web URLs. No single breach target is identifiable — this is a multi-source credential compilation.

LinkSort Compilation #14

999,897
records
Disclosed Jul 7, 2026combolist

A credential stuffing / stealer log compilation labeled 'LinkSort #14'. Contains URL:username:password triplets aggregated from multiple sources, covering a wide variety of services including Google, Facebook, Steam, Discord, Netflix, PayPal, Nintendo, Twitch, Roblox, and many others. Data appears to originate from infostealer malware logs or credential stuffing lists rather than a single breach of one organization.

LinkSort Compilation #21

966,248
records
Disclosed Jul 7, 2026stealer-logs

A credential stuffing / stealer log compilation labeled 'LinkSort #21', containing URL:username:password triplets across hundreds of different websites. Data appears to be aggregated from infostealer malware logs or credential stuffing lists, covering a wide range of services including Google, Netflix, Steam, PayPal, LinkedIn, Twitch, and many others. No single breach source is identifiable — this is a multi-source compilation.

LinkSort #16 Stealer Log Compilation

997,582
records
Disclosed Jul 7, 2026combolist

A stealer log / credential stuffing compilation file labeled 'LinkSort #16'. The file contains URL:username:password triplets harvested from infostealer malware across hundreds of different websites including Google, Facebook, Netflix, Steam, Discord, Roblox, and many others. Credentials span multiple countries and services with no single target — this is an aggregated combolist sorted by login URL.

LinkSort Compilation #15

998,750
records
Disclosed Jul 7, 2026combolist

A credential stuffing compilation file labeled 'LinkSort #15' containing URL:username:password triplets across hundreds of different websites including Google, Facebook, Amazon, PayPal, Discord, Twitter, Epic Games, and many others. This is not a single-source breach but a sorted credential list aggregated from multiple sources, organized by login URL. Data includes email addresses, usernames, phone numbers, and plaintext passwords.

LinkSort #22 Stealer Log Compilation

999,898
records
Disclosed Jul 7, 2026combolist

A stealer log / credential stuffing compilation labeled 'LinkSort #22'. The file contains URL:username:password triplets harvested from infostealer malware across multiple victims. Credentials span a wide range of services including social media (Facebook, Instagram, Twitter, TikTok), gaming platforms (Rockstar, Epic Games, Roblox, Battle.net), Microsoft/Google accounts, PayPal, Adobe, and also includes router/device admin credentials for private IP addresses (Ubiquiti firmware endpoints). Victims appear to be located across multiple countries including El Salvador (mined.edu.sv/mined.gob.sv), Brazil, and the UK/US. No single breached company is the source — this is an aggregated infostealer log dump.

LinkSort #11 Stealer Log Compilation

999,864
records
Disclosed Jul 7, 2026combolist

A stealer log / credential stuffing compilation labeled 'LinkSort #11'. Contains URL:username:password triplets harvested from infostealer malware across numerous individuals and services including Steam, Epic Games, Riot Games, Discord, Twitch, Amazon, PayPal, Facebook, and many others. Data represents credentials stolen from infected end-user machines rather than a breach of a single organization.

LinkSort Stealer Log Compilation #23

999,793
records
Disclosed Jul 7, 2026combolist

A stealer log compilation labeled 'LinkSort #23' containing credential pairs in URL:username:password format. Data appears to originate from infostealer malware targeting primarily Brazilian users, with credentials for Google, Facebook, Microsoft Live, Steam, Roblox, Netflix, iFood, and various Brazilian services. Includes both plaintext passwords and some encrypted/token values. No single breached company — this is a multi-source stealer log aggregation.

LinkSort #27

897
records
Disclosed Jul 7, 2026combolist

A credential stuffing compilation file labeled 'LinkSort #27', containing URL:username:password triplets aggregated from multiple sources. Entries span a wide range of services including PayPal, Facebook, Google, Amazon, Steam, Netflix, Discord, and many Brazilian and South Asian regional platforms. The format is consistent with infostealer log aggregations or credential list compilations sorted by target URL.

LinkSort Combo List #18

999,195
records
Disclosed Jul 7, 2026combolist

A credential stuffing combo list formatted as URL:username:password entries, aggregated from multiple sources across many different services including Google, Facebook, Amazon, LinkedIn, Coinbase, Binance, and dozens of others. This is not a single-target breach but a compiled stealer log or combo list collection, labeled as 'LinkSort #18', suggesting it is part of a numbered series of such compilations.

LinkSort #25 Credential Compilation

999,827
records
Disclosed Jul 7, 2026combolist

A credential stuffing / infostealer log compilation labeled 'LinkSort#25'. Contains URL:username:password triplets harvested from multiple individuals across dozens of platforms including Google, Facebook, Discord, Roblox, Steam, Netflix, Twitch, and various educational platforms. Data appears to originate from infostealer malware logs rather than a single target breach. Multiple individuals' credentials are present, with apparent focus on Middle East / UAE-based users (almawakeb.sch.ae, horizonintlschool.com, charterschools.ae, madarschool.ae). The file ends with a reference to cyberleaks.to.

LinkSort #29

968,055
records
Disclosed Jul 7, 2026combolist

A credential stuffing / stealer log compilation in URL:username:password format. The file contains thousands of plaintext credentials across hundreds of different websites including social media (Facebook, Twitter, Instagram), gaming platforms (Roblox, Garena, Steam), financial services (EPF India, GST India, Maybank), and various other services. The data spans multiple geographies with notable concentrations of Vietnamese, South African, Indian, and Malaysian users. This appears to be part of a numbered series of sorted credential lists ('LinkSort') derived from infostealer malware logs.

LinkSort #30

999,848
records
Disclosed Jul 7, 2026combolist

A credential stuffing / stealer log compilation file labeled 'LinkSort#30'. Contains URL:username:password triplets (combo list format) aggregated from various sources, spanning hundreds of different websites including Google, Facebook, Steam, Netflix, Roblox, and many Vietnamese services. This is a sorted credential list likely derived from infostealer malware logs or prior breaches, not a single-target breach.

LinkSort Stealer Log Compilation #26

999,891
records
Disclosed Jul 7, 2026combolist

A stealer log compilation labeled 'LinkSort #26' containing credential pairs in URL:username:password format. Data spans hundreds of websites including Google, Facebook, Discord, Netflix, Apple, Roblox, and many others. This is not a single-target breach but rather a compiled credential dump sourced from infostealer malware logs, sorted and packaged as a numbered series ('LinkSort'). Contains plaintext passwords and usernames/emails for victims across multiple countries.

LinkSort #19

997,121
records
Disclosed Jul 7, 2026combolist

A credential stuffing compilation file labeled 'LinkSort #19' containing URL:username:password triplets aggregated from numerous different websites and services worldwide. The data spans dozens of domains including social media, gaming, retail, banking, and government portals. This is a combolist/stealer log compilation rather than a single-source breach.

LinkSort #33 Stealer Log Compilation

999,907
records
Disclosed Jul 7, 2026combolist

A stealer log / credential stuffing compilation labeled 'LinkSort#33'. Contains URL:username:password triplets aggregated from infostealer malware across hundreds of services including Google, Facebook, Instagram, Discord, Netflix, Spotify, Apple, Steam, Roblox, and many others. Data appears to be a sorted/filtered extract from a larger stealer log aggregation, not a breach of a single target.

LinkSort Stealer Log Compilation #31

999,840
records
Disclosed Jul 7, 2026stealer-logs

A stealer log compilation labeled 'LinkSort #31' containing credential triplets in the format URL:username/email:password. The data appears to be harvested by infostealer malware from multiple Polish-speaking victims, covering accounts across Steam, Google, Facebook, Discord, Roblox, Twitch, Allegro, Netflix, and many other services. Also includes Android app credential captures. No single target company — this is a multi-target stealer log dump aggregated under the 'LinkSort' series label.

LinkSort #24

997,855
records
Disclosed Jul 7, 2026combolist

A credential stuffing list / combo list labeled 'LinkSort #24' containing URL:username:password triplets aggregated from multiple sources. The data spans numerous services including Google, Facebook, Netflix, Discord, Spotify, Steam, and many Italian-language websites. Credentials appear to be sourced from infostealer malware logs or prior breaches, heavily skewed toward Italian and Romanian users.

LinkSort Compilation #28

999,844
records
Disclosed Jul 7, 2026combolist

A credential stuffing list / stealer log compilation labeled 'LinkSort #28'. Contains URL:username:password triplets aggregated from multiple sources, covering a wide variety of sites including Facebook, Google, Yahoo, Roblox, Discord, Amazon, LinkedIn, and numerous regional government and banking portals primarily from India, Malaysia, Thailand, and Indonesia. Includes both Android app credential entries and web login URLs. This is a multi-source aggregation/compilation rather than a breach of a single target.

LinkSort Stealer Log Compilation #32

999,803
records
Disclosed Jul 7, 2026stealer-logs

A stealer log compilation labeled 'LinkSort #32', containing URL:username:password credential triplets harvested from infostealer malware across a wide range of services including Google, Facebook, PayPal, Epic Games, Roblox, Steam, Amazon, Coinbase, and many others. Credentials appear to originate from multiple countries and victims. This is a credential aggregation/stealer log dump, not a breach of a single target.

showing 120 of 2,847