Newsroom
The newsroom.
Reporting on breaches, stealer log dumps, and credential leaks as they surface. Original analysis. No press releases.
Threat brief
Plaintext credentials from ys168.com surface in a Chinese-language dump
A plaintext credential dump from ys168.com, a Chinese file-hosting service, is being shared on BreachForums. The archive contains around 657,000 records of usernames, plaintext pas…
Threat brief
An expanded Elance archive resurfaces with 2.6M user records and admin accounts
A new variant of the Elance breach archive is being shared on BreachForums. Elance was the early freelance-work marketplace that eventually merged into what became Upwork, and this…
Threat brief
Havenly database dump exposes 1.7M interior-design-platform accounts
A MySQL database dump and customer CSV from Havenly, the Denver-based online interior-design platform, is circulating on dark-web forums. The combined data covers roughly 1.7 milli…
Threat brief
PoliceOne forum dump exposes 712k law-enforcement community accounts
An old breach of PoliceOne, the long-running online community for US law-enforcement professionals, has resurfaced. The archive contains roughly 712,000 accounts in username:email:…
Threat brief
Valve developer accounts surface in a 2016 dev.dota2.com forum dump
A pair of files from a 2016 breach of dev.dota2.com, the developer-facing community forum that Valve runs for Dota 2 modders, is circulating again. The interesting part is the cast…
Threat brief
An internal DataCamp database export with 760k accounts is circulating
A near-complete user export from DataCamp, the data-science learning platform, is circulating through closed channels and recently surfaced on a public forum. The dataset spans rou…
Threat brief
Kickstarter's 2014 breach archive resurfaces with 5.2M salted hashes
The Kickstarter breach from February 2014 has resurfaced on BreachForums in a more complete form than was previously available, with about 5.2 million user records distributed in e…
Threat brief
BabyNames.com leak puts 843k email-and-password pairs in circulation
A user dump from BabyNames.com, the parenting-community website, is circulating in dark-web channels. The archive contains roughly 843,000 records of email:MD5 , with a small subse…
Threat brief
NextGenUpdate gaming-forum dump exposes 1.2M accounts including staff
A flat-file dump of NextGenUpdate, a long-running gaming and modding forum, is circulating on BreachForums. The archive contains roughly 1.2 million records of username:email:ip:pa…
Threat brief
CrackingForum's 2015 user dump pairs 659k accounts with crackable hashes
A user export from CrackingForum, a now-defunct community forum that hosted credential-cracking tutorials and tooling, has been redistributed on BreachForums. The file covers about…
Threat brief
A Comcast customer list with home addresses is being distributed on BreachForums
An archive labeled as a Comcast customer dump is being shared on BreachForums. The file is split into three parts: roughly 27,000 customer records with full names and physical addr…
Threat brief
Yatra leak exposes contact details for 10.6 million Indian travelers
An archive containing roughly 10.6 million Yatra customer records is circulating in dark-web channels. Yatra is one of India's larger online travel-booking platforms, and the leak…
Threat brief
Ledger's 2020 customer-order leak is still fueling targeted attacks on hardware-wallet owners
Five years on, the customer-order portion of the 2020 Ledger breach continues to drive a steady trickle of phishing, swatting, and in-person threats against the people whose names,…
Threat brief
Cracked Imgur passwords from 2013 surface on BreachForums
Six years after the original incident, the cracked password trove from Imgur's 2013 breach has resurfaced on BreachForums in plaintext form. The file pairs roughly 1.75 million ema…