# leaksear.ch > Reviewed-access breach research platform for vetted security researchers. leaksear.ch is a reviewed-access breach research platform for vetted security researchers. Researchers can review indexed breach-source metadata, search exposed fields such as email, username, phone, and IP address, and request API or MCP access for approved workflows. ## Blog - [Deep Well Services Leak Exposes 6,223 Salesforce CRM Records](https://leaksear.ch/blog/deep-well-services-6223-salesforce-crm-records-leak): leaksear.ch has indexed 6,223 Salesforce-derived Deep Well Services records from a ShinyHunters-attributed June 2026 breach. The dataset includes names, emails, phone numbers, addresses, usernames, IP addresses, and CRM account, case, opportunity, and user context. - [Huntress Leak Exposes 191K CRM and Salesforce Records](https://leaksear.ch/blog/huntress-191k-crm-salesforce-records-leak): A Huntress data leak indexed by leaksear.ch contains about 191,000 CRM and Salesforce records tied to business contacts, pricing, subscriptions, and sales communications. Public reporting links the exposure to the Klue security incident, where attackers abused stolen OAuth tokens to reach connected customer environments. - [Council of Europe Leak Exposes 2,093 HR and Payroll Records](https://leaksear.ch/blog/council-of-europe-2093-hr-payroll-records-leak): A Council of Europe breach dataset indexed by leaksear.ch contains 2,093 records tied to ShinyHunters' June 2026 claim of stolen HR, payroll, and personnel files. The exposed fields include identity, contact, employment, and payroll context that can support targeted phishing and fraud. - [Hitachi Vantara Leak Exposes 2.3M Salesforce CRM Records](https://leaksear.ch/blog/hitachi-vantara-2-3m-salesforce-crm-records-leak): A Hitachi Vantara Salesforce CRM export indexed by leaksear.ch contains 2.3 million records tied to contacts, leads, users, cases and account-contact data. The dataset includes names, emails, phone numbers, addresses, usernames and CRM metadata, and is associated in metadata with the 2025 Salesforce customer data-theft and extortion wave. - [Cbassociations Leak Exposes 2.36M Salesforce Records](https://leaksear.ch/blog/cbassociations-236m-salesforce-records-leak): A Cbassociations dataset indexed by leaksear.ch contains 2.36M Salesforce-derived records tied to Icarus extortion claims from June 22, 2026. Searchable data includes names, addresses, countries, IP addresses and usernames, giving defenders practical pivots for exposure checks. - [Gms-net Leak Exposes 31K Salesforce CRM Records](https://leaksear.ch/blog/gms-net-31k-salesforce-crm-records-leak): A Gms-net leak indexed by leaksear.ch contains 31,249 Salesforce CRM records with contact and account-related fields. Public reporting ties the alleged Salesforce data theft to the ICARUS extortion group's June 2026 SaaS and CRM-focused activity. - [American Tower Leak Exposes 212,642 Names and Emails](https://leaksear.ch/blog/american-tower-212642-records-data-leak-2026): A June 2026 American Tower leak indexed by leaksear.ch contains 212,642 records with names, emails, phone numbers, physical addresses and job titles. Public breach listings tie the incident to a ShinyHunters pay-or-leak campaign, while the initial access vector has not been publicly confirmed. - [Ralph Lauren Leak Exposes 140K Emails and Phone Numbers](https://leaksear.ch/blog/ralph-lauren-140k-emails-phone-numbers-leak): A Ralph Lauren dataset tied to a June 2026 ShinyHunters pay-or-leak incident contains 140,178 indexed records. Exposed data includes email addresses, names, phone numbers, country, gender, age group, and transaction or survey context. - [Madison Square Garden Sports Leak Exposes 9.8M CRM Records](https://leaksear.ch/blog/madison-square-garden-sports-9-8m-crm-support-data-leak): Madison Square Garden Sports was hit in a June 2026 ShinyHunters extortion campaign, with leaksear.ch indexing 9,796,326 records. The data includes names, email addresses, phone numbers, physical addresses, dates of birth, usernames, and CRM or support details tied to customers and staff. - [Nexstar Media Group Leak Exposes 14.6K Salesforce Records](https://leaksear.ch/blog/nexstar-media-group-14600-salesforce-records-leak): A June 2026 Nexstar Media Group Salesforce leak indexed by leaksear.ch contains 14,600 person-level CRM records. Public reporting tied the incident to a ShinyHunters extortion claim, while Nexstar's own confirmation and the full compromise path remain unclear. - [Pathstone Leak Exposes 70K Client and Document Records](https://leaksear.ch/blog/pathstone-70k-client-document-records-data-leak): A Pathstone leak indexed by leaksear.ch contains about 70,000 records tied to client CRM data and document-inventory metadata. Public reports attributed the incident claim to ShinyHunters, while the indexed fields include contact data, dates of birth, addresses and sensitive financial-document context. - [Inter-Con leak exposes 286K Salesforce and OneDrive records](https://leaksear.ch/blog/inter-con-security-systems-286k-salesforce-onedrive-data-leak): A ShinyHunters-linked leak involving Inter-Con Security Systems exposed 285,983 indexed Salesforce and OneDrive records. The data includes names, emails, phones, addresses, usernames, Salesforce business records, and employee document inventory metadata. - [JCPenney leak exposes 138K HR records, emails and DOBs](https://leaksear.ch/blog/jcpenney-138k-hr-records-data-leak): A JCPenney leak indexed by leaksear.ch contains 138,226 HR-related records from employee, candidate, payroll, banking and HR exports. Public reporting and Have I Been Pwned link the exposure to ShinyHunters' June 2026 Oracle PeopleSoft extortion campaign. - [Sysco ShinyHunters Leak Exposes 7.7M Contact Records](https://leaksear.ch/blog/sysco-shinyhunters-7-7m-contact-records-data-leak): A published Sysco dataset tied to ShinyHunters contains 7.7 million indexed records with customer and employee contact details. Public reporting links the incident to a Salesforce-focused extortion claim, while Have I Been Pwned reports 2.7 million unique email addresses in the published data. - [European Commission Leak Exposes 1.8K DIGIT SSO User Records](https://leaksear.ch/blog/european-commission-digit-sso-leak-1798-records): A ShinyHunters-linked European Commission leak indexed by leaksear.ch contains 1,798 DIGIT SSO user records. The data includes names, email addresses, usernames, and user IDs, creating phishing and account-enumeration risk for affected users. - [Vodafone Leak Exposes 1K Emails, Passwords and Usernames](https://leaksear.ch/blog/vodafone-1k-emails-passwords-usernames-leak): A Vodafone-labeled dataset indexed by leaksear.ch contains 1,000 records with email, password and username fields. The breach date is not supplied, and public reporting does not confirm whether this is a subset of earlier Vodafone incidents. - [DentaQuest Leak: 17.5K Records Expose Names and Usernames](https://leaksear.ch/blog/dentaquest-175k-records-names-usernames-data-leak): leaksear.ch has indexed 17,462 DentaQuest breach records from a May 2026 dataset with names and usernames searchable. Public reporting ties the broader DentaQuest incident to a ShinyHunters extortion leak affecting 2.6 million accounts. - [Loozap leak exposes 6.9M user records and passwords](https://leaksear.ch/blog/loozap-6-9m-user-records-passwords-data-leak): A Loozap leak indexed by leaksear.ch contains 6.9 million user records tied to the online classifieds platform. The data includes contact details, dates of birth, IP addresses and hashed passwords, raising phishing and account takeover risks for affected users. - [BCD Travel Leak: 232K Records Expose Emails, Cases](https://leaksear.ch/blog/bcd-travel-232k-records-email-case-data-leak): A BCD Travel leak indexed by leaksear.ch contains 232,540 structured records from Azure and Salesforce exports. Public reporting links the incident to ShinyHunters' May 2026 pay-or-leak campaign, with exposed contact details, job titles, employer relationships and support-ticket metadata. - [Baker Distributing Leak Exposes 254K Contact Records](https://leaksear.ch/blog/baker-distributing-254k-contact-records-leak): A May 2026 Baker Distributing leak exposed nearly 254,000 indexed records tied to Salesforce and SharePoint data. The data includes customer and employee contact details, support-ticket information, and internal account metadata that can fuel targeted phishing and fraud. - [University of Nottingham Leak Exposes 332,810 Student Records](https://leaksear.ch/blog/university-of-nottingham-332810-student-records-leak): The University of Nottingham leak indexed by leaksear.ch contains 332,810 student and applicant records, while HIBP reports 454.6 thousand affected accounts in the broader incident. The data includes names, emails, usernames, dates of birth, addresses, phone numbers, demographic details and academic or application data. - [Salesfloor leak exposes 7.8M names, emails and phones](https://leaksear.ch/blog/salesfloor-7-8m-names-emails-phones-leak): leaksear.ch has indexed a Salesfloor dataset with 7,754,615 records containing retail customer contact data. Public reporting tied the January 2026 incident to alleged dark-web claims against the Canadian retail SaaS platform. - [Allure Clinics Leak Exposes 80K Patient and Staff Records](https://leaksear.ch/blog/allure-clinics-80k-patient-staff-records-leak): A leaksear.ch indexed dataset tied to Allure Clinics contains 80,498 staff, doctor, and patient records. Public reporting links the September 2025 incident to KillSec, with exposed fields including names, emails, phone numbers, dates of birth, usernames, and hashed passwords. - [Pet Stop Link Leak Exposes 10K Admin Emails and Hashes](https://leaksear.ch/blog/pet-stop-link-10k-admin-emails-password-hashes-leak): A Pet Stop Link dataset indexed by leaksear.ch contains 10,052 internal admin/staff records, including emails, usernames and salted MD5 password hashes. The leak is relevant to Pet Stop Link users, dealers and security teams tracking account exposure tied to the app-connected dog fence platform. - [Alert 360 leak exposes 1.9M contact records](https://leaksear.ch/blog/alert-360-1-9m-contact-records-leak): An Alert 360 dataset indexed by leaksear.ch contains 1,905,385 records tied to customer, dealer, and CRM data. The records include names, emails, phones, addresses, dates of birth, usernames, and account-related context. - [Gap Salesforce leak exposes 271K user records](https://leaksear.ch/blog/gap-salesforce-leak-271k-user-records): A Gap Inc. Salesforce dataset indexed by leaksear.ch contains 271,049 user records with names, usernames, emails, phone numbers, addresses, countries, and dates of birth. Public reporting ties Gap to the October 2025 ShinyHunters and Scattered Lapsus$ Hunters Salesforce extortion leak site. - [Engie Resources Leak Exposes 449K Records With PII](https://leaksear.ch/blog/engie-resources-449k-salesforce-data-leak): A Salesforce-linked Engie Resources dataset indexed by leaksear.ch contains 449,645 records, including names, emails, phones, addresses, dates of birth, usernames, IP addresses, and account data. Public reporting tied Engie Resources to the Scattered LAPSUS$ Hunters/ShinyHunters Salesforce extortion leaks. - [Albertsons leak exposes 623K Salesforce CRM contact records](https://leaksear.ch/blog/albertsons-salesforce-crm-contact-records-leak): A dataset tied to Albertsons Companies contains 623,796 Salesforce CRM records with customer contact details. Public reporting places the leak in the Scattered LAPSUS$ Hunters Salesforce extortion wave, while the specific Albertsons incident remains publicly reported as alleged. - [Qantas Data Leak: 11M Records Expose Customer Contact Data](https://leaksear.ch/blog/qantas-data-leak-11m-records-contact-data): Qantas customer data from a July 2025 third-party platform breach has been indexed by leaksear.ch at more than 11 million records. The exposed data includes names, emails, phones, dates of birth and loyalty-related customer details. - [Ticketmaster Leak Exposes 928K Orders, Masked Card Data](https://leaksear.ch/blog/ticketmaster-928k-orders-masked-card-data-leak): A Ticketmaster dataset indexed by leaksear.ch contains 928,546 customer order records tied to the May 2024 Snowflake-related breach. The records include contact details, IP addresses, masked payment-card metadata, and event, venue, and ticket information. - [SF Express Leak Exposes 125.7M Names, Phones, Addresses](https://leaksear.ch/blog/sf-express-shunfeng-leak-125-7m-names-phones-addresses): A ShunFeng/SF Express dataset indexed by leaksear.ch contains 125.7 million Chinese courier customer records with recipient names, phone numbers, and full shipping addresses. The dataset is described as allegedly stolen in 2020 and offered on BreachForums, creating phishing and address-fraud risk for affected recipients. - [Cushman & Wakefield Leak Exposes 490K CRM Records](https://leaksear.ch/blog/cushman-wakefield-490k-crm-records-leak): A May 2026 Cushman & Wakefield leak tied to ShinyHunters exposed Salesforce CRM data later indexed by leaksear.ch. The records include business-contact and identity fields that can support targeted phishing and account-recovery abuse. - [Vimeo Leak: 74K Records and 119K Emails Exposed](https://leaksear.ch/blog/vimeo-anodot-data-leak-119k-emails-2026): A Vimeo leak tied to the April 2026 Anodot third-party incident exposed roughly 119,000 email addresses and business analytics data. The indexed records include names, emails, IP addresses, account identifiers, CRM fields, and Vimeo plan metadata. - [Charter Communications 37.5M-record leak exposes CRM data](https://leaksear.ch/blog/charter-communications-37-5m-record-crm-data-leak): leaksear.ch has indexed 37.5M Charter Communications records tied to the April 2026 ShinyHunters Salesforce breach. The data includes CRM contacts, support tickets, business account context, and internal Spectrum employee directory fields. - [Ashley Madison 35.7M-Record Leak Exposed Emails, Passwords](https://leaksear.ch/blog/ashley-madison-35-7m-record-leak-emails-passwords): The 2015 Ashley Madison breach exposed a leaksear.ch index of 35.7 million records tied to the infidelity-focused dating site. The data included emails, names, usernames, phone numbers, addresses, dates of birth, IP addresses and hashed passwords, creating long-term risks for phishing, extortion and identity theft. - [Bureau van Dijk Leak Exposes 88.8M Records, Emails and DOBs](https://leaksear.ch/blog/bureau-van-dijk-88-8m-records-emails-dobs-leak): An 88.8 million-record Bureau van Dijk-related dataset contains names, dates of birth, emails, phone numbers, addresses, nationalities, and job titles. Public breach listings say the data came from a customer of the Orbis business intelligence product and was later posted to a hacking forum. - [Bell Canada 2017 Leak Exposed 3.4M Records, Passcodes](https://leaksear.ch/blog/bell-canada-2017-3-4m-records-emails-passcodes): A Bell Canada 2017 breach dataset indexed by leaksear.ch contains about 3.4 million records from an internal WEB_USERS table. Public reporting at the time confirmed illegal access to customer emails, names and phone numbers, while the indexed dataset also includes usernames, IP addresses, passwords or passcodes and survey data. - [AstraZeneca Leak Exposes 133K Employee Access Records](https://leaksear.ch/blog/astrazeneca-133k-employee-access-records-leak): LAPSUS$ claimed in March 2026 that it stole about 3GB of AstraZeneca internal data, including source code, cloud configuration, secrets, and employee information. leaksear.ch indexes roughly 133,000 employee and access records from the leaked archive, including emails, names, usernames, countries, and GitHub Enterprise details. - [Epik leak exposes 20.9M WHOIS and credential records](https://leaksear.ch/blog/epik-20-9m-whois-credential-data-leak): Epik's 2021 Operation Epik Fail breach exposed WHOIS contact data, account credentials, billing records, invoices, payment-card data, and other registrar records. leaksear.ch has indexed 20.9 million records so affected domain owners, contacts, and exposed individuals can assess risk. - [Facebook Leak: 171.5M Records Expose Phones and Names](https://leaksear.ch/blog/facebook-171-5m-records-phone-name-data-leak): leaksear.ch has indexed 171.5M Facebook records tied to the widely reported 2019 scraping incident. The data links phone numbers, names, location details, birth dates, profile URLs and some emails, increasing phishing, smishing and identity-fraud risk. - [Axcera Leak Exposes 677 Records With Passwords and KYC Data](https://leaksear.ch/blog/axcera-677-records-passwords-kyc-data-leak): leaksear.ch has indexed an Axcera dataset containing 677 records with contact, account, credential and KYC-related fields. Public reporting previously described security claims against AXCERA.IO, while Axcera said a repository exposure did not affect customer data. - [ENI Leak Exposes 58K Records With Emails and Phones](https://leaksear.ch/blog/eni-58k-records-emails-phones-leak): An ENI customer dataset indexed by leaksear.ch contains 58,047 records with names, emails, phone numbers and account metadata. Public reporting says ENI confirmed an unauthorized disclosure after hackers posted French customer data online. - [n-d-f.com Leak Exposes 52K Records With Passwords](https://leaksear.ch/blog/n-d-f-com-52322-records-passwords-data-leak): A leaksear.ch-indexed dataset for n-d-f.com contains 52,322 records with names, contact details, dates of birth, usernames, and passwords. Public sources tie the domain to Japanese pet and animal-health content, but no public reporting reviewed here confirms the exposure method. - [Ordine Avvocati di Roma Leak Exposes 39K Lawyer Records](https://leaksear.ch/blog/ordine-avvocati-di-roma-39k-lawyer-records-leak): The 2019 Ordine Avvocati di Roma breach is tied to Anonymous Italia and the release of data on Roman lawyers. leaksear.ch indexes 39,134 records including emails, phones, addresses, dates of birth, passwords, and lawyer registration details. - [Nival Leak Exposed 2.6M Records With Emails and DOBs](https://leaksear.ch/blog/nival-2016-data-leak-2-6m-records): A Nival data leak indexed by leaksear.ch contains 2,575,282 records tied to game user accounts. The exposed data includes emails, usernames, names, dates of birth, profile details, social identifiers, tokens, and activity data. - [pcTattletale Leak Exposes 119K Records With Emails, IPs](https://leaksear.ch/blog/pctattletale-119k-records-emails-ips-data-leak): pcTattletale, a consumer spyware service, was breached in May 2024 and leaksear.ch has indexed 118,951 records tied to member, device, IP, renewal, and location-history data. Public reporting said the company's site was defaced and server data was posted online. - [PlexusMD Leak Exposes 232K Doctor Records and Hashes](https://leaksear.ch/blog/plexusmd-232k-doctor-records-password-hashes-data-leak): A November 2020 PlexusMD data leak indexed by leaksear.ch contains 232,346 healthcare professional account and profile records, including contact details and password hashes. The exposed fields create practical risk for phishing, credential-reuse checks, and identity fraud. - [vBulletin Leak Exposes 508K Emails, IPs and Hashes](https://leaksear.ch/blog/vbulletin-508k-emails-ips-hashes-leak): A 2015 vBulletin breach exposed forum account data tied to more than 508,000 indexed records. The leak includes emails, usernames, IP addresses and MD5 password hashes with salts, creating ongoing credential and phishing risk. - [Match Group Leak Exposes 8.35M User Records With Emails, IPs](https://leaksear.ch/blog/match-group-2026-leak-835m-user-records): A 2026 Match Group leak indexed by leaksear.ch contains 8.35 million records tied to dating platforms and related systems. The data includes emails, phones, names, birth dates, IPs, device and attribution data, and a subset of POF plaintext passwords. - [Brand New Tube Breach Exposes 347K Accounts and SHA-1 Hashes](https://leaksear.ch/blog/brand-new-tube-347k-accounts-sha1-hashes): Brand New Tube had 347,388 user records indexed from an August 2022 breach, including emails, usernames, IP addresses, names and unsalted SHA-1 password hashes. Public breach listings put the incident at roughly 350,000 affected subscribers, creating phishing and credential-reuse risk for former users. - [Deezer leak exposes 244.6M records with emails, birth dates](https://leaksear.ch/blog/deezer-244-6m-records-emails-birth-dates-leak): A Deezer leak indexed by leaksear.ch contains 244.6 million records, including searchable emails, names, usernames, countries, and dates of birth. Public notices tie the incident to a former third-party service provider and a 2019 data snapshot that surfaced publicly in 2022. - [mod.gov.il Leak Exposes 8.6K Aharai Participant Records](https://leaksear.ch/blog/mod-gov-il-8603-aharai-participant-records-leak): A leaksear.ch indexed leak attributed to mod.gov.il contains 8,603 Aharai participant records. The exposed data includes identity numbers, contact details, birth dates, addresses, family information, program details, status fields, and notes. - [BestCombo List Exposes 1.6M Emails and Passwords](https://leaksear.ch/blog/bestcombo-gaming-streaming-credential-list-1-6m): A BestCombo/GGBestC credential stuffing list contains about 1.56 million plaintext email and password records advertised for popular gaming and streaming services. The data appears to be an aggregated combolist, not evidence of a direct breach at the named platforms. - [Tout Data Leak Exposes 798K Records and Password Hashes](https://leaksear.ch/blog/tout-data-leak-798k-records-password-hashes): A Tout leak indexed by leaksear.ch contains 797,968 records tied to the defunct short-video social network. The data includes emails, usernames, names, IP addresses, profile data, and bcrypt password hashes. - [Tigo Leak Exposed 10.3M User Records and Profile Data](https://leaksear.ch/blog/tigo-10-3m-records-data-leak-2023): A Tigo dataset indexed by leaksear.ch contains 10.3 million records tied to the video chat and dating platform. The exposed data includes emails, usernames, IP addresses, names, phone numbers, device data, profile photos, and activity metadata. - [Dave Breach Exposed 7.4M Records With PII, Password Hashes](https://leaksear.ch/blog/dave-7-4m-records-pii-password-hashes-data-leak): Dave's 2020 Waydev-linked breach is indexed by leaksear.ch at 7,387,232 records, including contact details, birth dates, encrypted SSNs, and bcrypt password hashes. Public reporting tied the incident to a former third-party provider and a hacker-forum dump. - [Bonobos Leak Exposes 1.85M Customer Records and Password Hashes](https://leaksear.ch/blog/bonobos-1-85m-customer-records-password-hashes): A Bonobos leak indexed by leaksear.ch contains 1.85 million customer account records tied to the retailer’s 2020 e-commerce backup exposure. The data includes contact details, IP addresses, usernames, and salted SHA-512 password hashes. - [Click.org Leak Exposes 89,889 Accounts and Passwords](https://leaksear.ch/blog/click-org-89889-account-password-data-leak): A Click.org dataset indexed by leaksear.ch exposes 89,889 account records, including emails, usernames, IP addresses, phone numbers, postal addresses, plaintext passwords, and MD5-hashed passwords. Security teams should treat the credentials and contact data as exposed and review Click.org-linked accounts and integrations. - [Clf09.com Leak Exposes 2.5M Emails, Usernames and Hashes](https://leaksear.ch/blog/clf09-com-2-5m-emails-usernames-hashed-passwords-leak): A Clf09.com (草榴社區) forum leak indexed by leaksear.ch contains roughly 2.5 million records with usernames, email addresses, and hashed passwords. Public records list a Clf09.com leak entry from August 2022, but the intrusion method and official disclosure remain unconfirmed. - [Business Gazeta 155K-record leak exposes account data](https://leaksear.ch/blog/business-gazeta-155k-records-account-data-leak): A Business Gazeta dataset indexed by leaksear.ch contains 155,663 records tied to account and contact data. The exposed fields include emails, usernames, hashed passwords, names, phone numbers, dates of birth, and IP addresses. - [CDEK Leak Exposes 7,445 Customer Emails and Names](https://leaksear.ch/blog/cdek-leak-7445-customer-emails-names): A leaksear.ch index of the CDEK breach contains 7,445 records tied to the Russian courier service, with email addresses and names searchable. Public breach trackers describe the wider March 2022 incident as an unverified leak of CDEK customer contact data attributed to the IT Army collective. - [Atmeltomo Leak Exposes 579,885 Records With MD5 Hashes](https://leaksear.ch/blog/atmeltomo-579885-records-md5-password-hashes): Atmeltomo, a Japanese email-friend and pen-pal service, has a 2021 leak indexed with 579,885 records. The data includes emails, usernames, IP addresses, profile details, optional birthdates, and unsalted MD5 password hashes. - [ArmA 3 Life Leak Exposes 125K Emails and Password Hashes](https://leaksear.ch/blog/arma-3-life-125k-emails-password-hashes-data-leak): A leaked ArmA 3 Life user database indexed by leaksear.ch contains 125,358 records, including emails, usernames, dates of birth, IP addresses, Steam IDs, and salted password hashes. Public sources identify ArmA 3 Life as an Arma 3 roleplay mod community, but the exposure method is not confirmed. - [Air Miles España Leak Exposes 5.1M Names, Emails](https://leaksear.ch/blog/air-miles-espana-travel-club-5-1m-data-leak): A leak tied to Air Miles España, operator of Spain’s Travel Club loyalty program, exposes 5.1 million records. The indexed data includes names, emails, usernames, dates of birth, and loyalty account metadata. - [Zara Leak: 151.4M Records Include Emails and Purchase Data](https://leaksear.ch/blog/zara-104-9m-records-email-purchase-data-leak): A Zara leak tied to Inditex has been indexed by leaksear.ch with 151,368,047 records, including emails, country data and purchase related fields. Public reporting says the incident involved a former technology provider and that passwords and payment information were not affected. - [Charter Communications Leak Exposes 84.8K CRM Records](https://leaksear.ch/blog/charter-communications-848k-crm-records-data-leak): leaksear.ch indexed 84,818 Charter Communications records tied to the ShinyHunters Salesforce data theft. The leak includes contact details, CRM and support data, and internal Spectrum directory fields, creating phishing and impersonation risk. - [NBS Trading Leak Exposes 10 User Records and Password Hashes](https://leaksear.ch/blog/nbs-trading-10-user-records-password-hashes-leak): A small dataset tied to NBS Trading's e-commerce site exposes emails, usernames, names, phone numbers, addresses, and bcrypt password hashes. The breach date in the metadata is December 29, 2024, and the dataset contains 10 records. - [Flywell Bowling Leak Exposes 14 Records With Emails, Hashes](https://leaksear.ch/blog/flywell-bowling-14-records-email-password-hashes): A Flywell Bowling dataset indexed by leaksear.ch contains 14 records tied to the Pakistan-based bowling and sports goods business. The exposed fields include names, usernames, email addresses, phone data, addresses, countries, and hashed passwords. - [Cairo University FGSE Leak Exposes 7 Credential Records](https://leaksear.ch/blog/cairo-university-fgse-7-credential-records-leak): A small credential dataset tied to Cairo University's Faculty of Graduate Studies for Education has been indexed with 7 records, including names, usernames, and passwords. Public ransomware trackers and reporting connect the January 2025 incident to GDLockerSec. - [Vercel Leak Exposes 230 Customer Account Metadata Records](https://leaksear.ch/blog/vercel-230-customer-account-metadata-leak): A leaksear.ch-indexed Vercel dataset contains 230 customer account metadata records tied to an April 2026 Context.ai-related compromise. The exposed fields are useful for targeted phishing and account review, even though public reporting separates the indexed metadata from Vercel's broader environment-variable incident. - [Sun Moon University leak exposes 617 email, username records](https://leaksear.ch/blog/sun-moon-university-617-email-username-records): A Nova ransomware leak tied to Sun Moon University contains 617 records indexed by leaksear.ch, with emails and usernames available as search pivots. Public ransomware reporting lists the university's portal among Nova victims discovered on May 29, 2025. - [Lloyd Motor Group Mercedes-Benz Leak Exposes 69K Customer Records](https://leaksear.ch/blog/lloyd-motor-group-mercedes-benz-69k-customer-records-leak): A leaksear.ch-indexed dataset for Lloyd Motor Group Mercedes-Benz contains 69,281 customer and vehicle records, including contact details and service-related fields. The metadata lists a 14 April 2016 breach date, but does not identify an attack vector or source system. - [DarkForums 45K-Record Leak Exposes IPs and Usernames](https://leaksear.ch/blog/darkforums-45k-record-leak-exposes-ips-usernames): leaksear.ch indexed 45,122 DarkForums records tied to a July 2025 SSRF exploit that exposed IP addresses and usernames. The leak matters because IP-linked forum activity can help investigators, rivals, and scammers connect handles to network locations. - [Stripchat Leak: 10M User Records Exposed With Emails and IPs](https://leaksear.ch/blog/stripchat-10m-user-records-email-ip-leak): leaksear.ch has indexed 10,002,085 Stripchat user records tied to the 2021 exposure of the adult live-streaming platform. The dataset includes email addresses, usernames, IP addresses, country data, ISP details, and browser fingerprints. - [Sport 2000 Leak Exposes 4.3M Loyalty Records](https://leaksear.ch/blog/sport-2000-4-3m-loyalty-records-data-leak): A 2024 Sport 2000 breach exposed more than 4.3 million indexed loyalty database records containing names, emails, phone numbers, postal addresses, dates of birth, loyalty card details, and purchase history. Public reporting tied the incident to data offered on hacking forums, creating phishing and fraud risk for affected customers. - [Kik.name Leak Exposes 144,565 Profiles With Emails and IPs](https://leaksear.ch/blog/kik-name-144565-profiles-email-ip-leak): A leaked Kik.name MySQL database dump exposes 144,565 profiles tied to a public Kik Messenger username-sharing site. The indexed data includes usernames, emails, registration IPs, ages, genders, and location fields. - [Addka72424 3.3B Email Leak Exposes 61.3M Indexed Records](https://leaksear.ch/blog/addka72424-3-3b-email-leak-61-3m-indexed-records): The Addka72424 3.3B email compilation is not a single-company breach, but a large aggregation of email addresses from prior breaches and combolists. leaksear.ch indexes 61.3M email records from the corpus, creating a useful exposure check for phishing and credential-stuffing risk. - [Telegram 1 Billion Leak Exposes 1.6M User Records](https://leaksear.ch/blog/telegram-1-billion-leak-1-6m-user-records): A Telegram-related compilation indexed by leaksear.ch contains 1.6 million records with emails, names, phone numbers, usernames and Telegram identifiers. The data appears to be an aggregated multi-source package rather than a confirmed breach of Telegram’s core systems. - [Russian National Tourist Office Leak Exposed 728 Visa Records](https://leaksear.ch/blog/russian-national-tourist-office-728-visa-records-leak): A Russian National Tourist Office dataset indexed by leaksear.ch contains 728 booking and visa application records tied to an exposed RNTO UK server. The records include names, passport numbers, postal addresses, visa dates, booking references, cardholder names, and pricing. - [AT&T 2023 Leak: 5M Records Expose Phones, Emails, CPNI](https://leaksear.ch/blog/att-2023-leak-5m-records-wireless-cpni): A leaksear.ch index covers nearly 5 million AT&T 2023 records tied to a third-party marketing vendor incident that AT&T said affected about 9 million wireless accounts. The exposed data includes emails, names, phone numbers, billing account numbers, device details, ZIP codes, and upgrade-eligibility data, but not SSNs, payment cards, or passwords. - [Facebook Combo List Exposes 1.3M Emails and Passwords](https://leaksear.ch/blog/facebook-combo-list-1-3m-emails-passwords): A Facebook-targeted credential-stuffing combo list contains 1.3 million email, username, and plaintext password pairs. The dataset is described as aggregated from prior public breaches and infostealer logs, not a new breach of Facebook itself. - [Israeli Defense Ministry Leak Exposes 8,865 Trainee Records](https://leaksear.ch/blog/israeli-defense-ministry-8865-trainee-records-leak): leaksear.ch has indexed 8,865 Israeli Ministry of Defense records tied to pre-military trainees and enlistment candidates. The records include contact details, Israeli national IDs, dates of birth, family context, and enlistment-related metadata. - [Chinese Banks Leak Exposes 64.9K Customer Records](https://leaksear.ch/blog/chinese-banks-customer-data-leak-64885-records): A Chinese banking customer dataset indexed by leaksear.ch contains 64,885 records tied to a December 2023 leak listing. The records include names, phone numbers, dates of birth, addresses, bank identifiers, account numbers, and national ID card numbers. - [Telecom Egypt Leak Exposes 32 Broadband Session Records](https://leaksear.ch/blog/telecom-egypt-32-broadband-session-records-leak): A Telecom Egypt, TE Data, leak indexed by leaksear.ch contains 32 FreeRADIUS accounting records tied to broadband sessions. The records expose usernames, IP addresses, MAC address fields, timestamps, and usage counters, not passwords. - [Universidad del Quindío Leak Exposes 30,991 Login Records](https://leaksear.ch/blog/universidad-del-quindio-30991-login-records-data-leak): A leaksear.ch-indexed leak tied to Universidad del Quindío contains 30,991 records from university intranet sources. The dataset includes account, directory, portal, COVID-19 log, CV, complaint, and credential-related data, creating phishing and account-takeover risk for affected people. - [Bank of Brazil Leak: 202 Contact and Bank Records Exposed](https://leaksear.ch/blog/bank-of-brazil-202-contact-bank-records-leak): A dataset labelled Bank of Brazil contains 202 records with names, emails, phone numbers, addresses, country fields, and bank information. The breach date and exposure method are not listed, so affected parties should treat the data as a contact-focused leak and watch for phishing. - [Cryptofalka leak exposes 2,317 emails and password hashes](https://leaksear.ch/blog/cryptofalka-2317-emails-password-hashes-leak): A Cryptofalka breach dataset indexed by leaksear.ch contains 2,317 records tied to the Hungarian crypto education and media site. The indexed fields include email addresses, names, usernames, and hashed passwords, creating credential and phishing risk for affected users. - [The Crypto Merchant Leak: 1,326 Records Expose Emails, Addresses](https://leaksear.ch/blog/the-crypto-merchant-1326-records-emails-addresses-leak): Leaksear.ch has indexed 1,326 records from an alleged The Crypto Merchant database leak, including customer contact, shipping, account, and order data. The exposure matters because hardware-wallet buyer data can fuel targeted phishing, account attacks, and physical-address risk. - [Vietnam Airlines Leak Exposes 9.8M CRM Customer Records](https://leaksear.ch/blog/vietnam-airlines-9-8m-crm-data-leak-2025): Vietnam Airlines customer CRM data tied to a 2025 Salesforce-related breach has been indexed with 9,792,201 records. The exposed fields include names, email addresses, phone numbers, dates of birth, addresses, and loyalty identifiers, creating phishing and identity-fraud risk for travelers. - [Fujifilm Leak Exposes 222K Salesforce Account Records](https://leaksear.ch/blog/fujifilm-222k-salesforce-account-records-leak): A Fujifilm dataset indexed by leaksear.ch contains 222,058 Salesforce account records with names, emails, phones, addresses, and CRM metadata. Public reporting ties Fujifilm to the Scattered Lapsus$ Hunters/ShinyHunters leak wave targeting Salesforce customer environments. - [ADT Leak Exposes 8.66M Customer PII Records](https://leaksear.ch/blog/adt-2026-data-leak-8-66m-customer-pii-records): ADT disclosed unauthorized access to cloud environments after an April 20, 2026 incident later claimed by ShinyHunters. The leaksear.ch index covers 8.66M customer, lead, and support-case records, while Have I Been Pwned lists 5.5M unique email addresses. - [Aman Resorts Leak Exposes 283K CRM Records and PII](https://leaksear.ch/blog/aman-resorts-283k-crm-records-data-leak): Aman Resorts CRM data indexed by leaksear.ch contains 283,251 records from an April 2026 breach. Public reporting ties the exposure to a ShinyHunters pay-or-leak campaign involving Salesforce CRM data, with emails, names, addresses, phones, dates of birth, nationalities, and VIP status in scope. - [B1ack's Stash Dumps 4.6M Stolen Credit Cards on Dark Web](https://leaksear.ch/blog/b1acks-stash-4-6m-credit-card-dump-may-2026): B1ack's Stash, a dark-web carding marketplace, released roughly 4.6 million stolen credit card records for free on May 18, 2026. leaksear.ch has indexed 4,162,208 of the entries, each pairing full card details with the cardholder's name, billing address, email, phone and source IP. - [Zurich Insurance Spain Leak Exposes 4.3M Policy Records](https://leaksear.ch/blog/zurich-insurance-spain-4-3m-policy-records-leak): A Zurich Insurance Spain dataset indexed by leaksear.ch contains 4,321,100 policy records from a leaked MySQL table. The searchable data includes names, addresses, dates of birth, emails and phone numbers, and the indexed schema also lists policy, vehicle, DNI/NIF and IBAN/account-number fields. ## Documentation - [API Reference](https://leaksear.ch/docs/reference): Public REST API reference for breach record search. - [Request Access](https://leaksear.ch/request-access): Apply for reviewed researcher access, API tokens, and MCP setup materials. ## Machine-readable Indexes - [Full LLM Corpus](https://leaksear.ch/llms-full.txt): Expanded Markdown export of published leak-source articles. - [XML Sitemap](https://leaksear.ch/sitemap.xml): Canonical URL inventory for public pages and discovery files. - [Blog RSS Feed](https://leaksear.ch/blog/feed.xml): Recent published leak-source research articles. ## Optional - [About](https://leaksear.ch/about): Company information and mission. - [Partnerships](https://leaksear.ch/partnerships): Contact leaksear.ch about leak-source, research, commercial, and integration partnerships. - [Legal](https://leaksear.ch/legal): Terms of service and privacy policy. - [FAQ](https://leaksear.ch/#faq): Access review, credits, submissions, and workflow details.