leaksear.ch has indexed 797,968 Tout records from a breach dated to approximately September 2014, involving the now-defunct short-video social networking service (leaksear.ch metadata). Have I Been Pwned lists the Tout incident as a breach that exposed email addresses, names, IP addresses, user locations, bios, usernames, and bcrypt password hashes (haveibeenpwned.com).
What happened
Tout was a social video service where users could post video messages of up to 15 seconds and reply with their own short videos, according to TechCrunch coverage from 2012 (techcrunch.com). Have I Been Pwned says Tout suffered a breach in approximately September 2014 and that the data appeared years later (haveibeenpwned.com).
The leaksear.ch metadata records September 1, 2014 as the breach date and June 29, 2026 as the indexing date (leaksear.ch metadata). The available public sources reviewed for this article do not identify the intrusion vector, such as ransomware, scraping, third-party compromise, or misconfigured storage, so the cause should be treated as unconfirmed.
What data was exposed
The leaksear.ch indexing metadata lists searchable fields for email addresses, bcrypt password hashes, IP addresses, names, and usernames (leaksear.ch metadata). Other record fields include profile and account context such as bios, locations, avatar metadata, sign-in timestamps, last sign-in IP data, follower and following counts, privacy and notification settings, social account identifiers, admin and verified flags, and reset-password-related fields (leaksear.ch metadata).
Have I Been Pwned lists the compromised data categories as bios, email addresses, geographic locations, IP addresses, names, passwords, and usernames, and states that the passwords were stored as bcrypt hashes (haveibeenpwned.com).
Why this matters
Even though the breach is old and the passwords were bcrypt-hashed, the combination of email addresses, usernames, names, IP addresses, profile locations, and bios can still help attackers personalize phishing or account-recovery social engineering. Users who reused a Tout password elsewhere should change it on any other service where it was reused and enable two-factor authentication where available, which aligns with Have I Been Pwned’s recommended actions for this breach (haveibeenpwned.com). If you used Tout, check whether your email, username, name, IP address, or password hash appears in this leak before responding to suspicious messages tied to that old account.
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include email, hashed password, ip address, name, and username.