By Andréanne Bergeron, Security Researcher
The impact of a leaked password or credit card numbers is easy to understand, but the danger of other data types is less obvious. Details like a date of birth, home address, employer, or relationship status may seem harmless on their own, but they become far more powerful when aggregated.
On the dark web, cybercriminals routinely combine these pieces across multiple leaks to build detailed victim profiles and fuel targeted scams, account takeover, and impersonation.
We’ve analyzed named leaks over the last two decades to better understand the direct consequences of different types of leaked information.
Key Takeaways of Personal Data Leaks
- Data leaks take different forms such as combolists, stealer logs, Telegram chat dumps, forum posts, and named leaks
- Since 2007, the biggest leak by different types of PII leaked was by a dating site, and revealed information such as users’ drinking and drug habits, fitness levels, income levels, parenting plans, physical attributes, political views, and more
- The most dangerous attacks occur when threat actors combine multiple pieces of personal and financial data to orchestrate a sophisticated, personalized attack. For example:
- Critical data (SSNs, passports, banking info, passwords) → immediate identity and financial theft
- Behavioral data (messages, health info, habits) → blackmail and reputational harm
- Profiling data (education, lifestyle, beliefs) → targeted scams and manipulation
Mapping Data Exposure Since 2007
At Flare, we’ve been collecting and analyzing data leaks from the dark web since 2016, and some leaks collected go back as far as 2007. These leaks take many forms:
- Combolists
- Stealer logs
- Telegram chat dumps
- Forum posts
- Named leaks
A named leak occurs when a specific website that requires account creation is compromised, and the threat actor exfiltrates the data of registered users. These leaks often contain email addresses and passwords, but can also include phone numbers, home addresses, or even highly sensitive information such as social security numbers, credit card details, or intimate personal data depending on the nature of the breached platform.
At the time of writing, the Flare Named Leak Database contains data from 2,908 leaks, including both explicitly named breaches and other leaks where the affected organization or service has been identified through URLs attribution.
Customers can view the specific personally identifiable information (PII) compromised in each leak. This shows an individual’s overall PII exposure surface and heightens the risk of fraud, scams, and identity misuse. Below is a walkthrough of how customers can look at leaked credentials:
Measuring the Impact of PII Exposure
Across these 2,908 named leaks, we identified 91 distinct types of PII. While nearly every source shared emails and passwords, we wanted to go deeper and determine which leaks exposed the largest number of different PII types.
The Leaks with the Highest Number of Exposed PII Types
We studied the top ten named leaks defined by the greatest variety of PII exposed.
At the top of the list sits Mate1, a dating website breach that exposed 25 different types of personal information from approximately 27 million user accounts. This incident represents an exceptionally severe privacy violation, not only due to the volume of affected accounts but because of the deeply personal nature of the information involved.
The second entry in the ranking is even more alarming in a different way: a bank breach, in which there is a high potential risk of direct financial fraud.
| Year | Company Name | PII | Count of Types of PII Leaked |
|---|---|---|---|
| 2016 | Mate1 | Astrological signs, Dates of birth, Drinking habits, Drug habits, Education levels, Email addresses, Ethnicities, Fitness levels, Genders, Geographic locations, Income levels, Job titles, Names, Parenting plans, Passwords, Personal descriptions, Physical attributes, Political views, Relationship statuses, Religions, Sexual fetishes, Travel habits, Usernames, Website activity, Work habits | 25 |
| 2015 | Qatar National Bank | Bank account numbers, Customer feedback, Dates of birth, Financial transactions, Genders, Geographic locations, Government issued IDs, IP addresses, Marital statuses, Names, PINs, Passwords, Phone numbers, Physical addresses, Security questions and answers, Spoken languages | 16 |
| 2020 | MeetMindful | Dates of birth, Drinking habits, Drug habits, Email addresses, Genders, Geographic locations, IP addresses, Marital statuses, Names, Passwords, Physical attributes, Religions, Sexual orientations, Smoking habits, Social media profiles, Usernames | 16 |
| 2021 | Upstox | Bank account numbers, Dates of birth, Email addresses, Family member names, Genders, Government issued IDs, Income levels, Marital statuses, Nationalities, Occupations, Passwords, Phone numbers, Physical addresses | 13 |
| 2021 | Liker | Auth tokens, Dates of birth, Education levels, Email addresses, Geographic locations, IP addresses, Names, Passwords, Phone numbers, Private messages, Security questions and answers, Social media profiles, Usernames | 13 |
| 2021 | Ajarn | Dates of birth, Education levels, Email addresses, Genders, Geographic locations, Job applications, Marital statuses, Names, Nationalities, Passwords, Phone numbers, Profile photos | 12 |
| 2021 | Aditya Birla Fashion and Retail (ABFRL) | Email addresses, Genders, Income levels, Job titles, Marital statuses, Names, Passwords, Phone numbers, Physical addresses, Purchases, Religions, Salutations | 12 |
| 2016 | ClixSense | Account balances, Dates of birth, Email addresses, Genders, IP addresses, Names, Passwords, Payment histories, Payment methods, Physical addresses, Usernames, Website activity | 12 |
| 2012 | Multiple Breaches (Including jobstreet.com) | Dates of birth, Email addresses, Genders, Geographic locations, Government issued IDs, Marital statuses, Names, Nationalities, Passwords, Phone numbers, Physical addresses, Usernames | 12 |
| 2020 | Wattpad | Bios, Dates of birth, Email addresses, Genders, Geographic locations, IP addresses, Names, Passwords, Social media profiles, User website URLs, Usernames | 11 |
Top ten most severe leaks by number of PII
The Real-World Consequences of Data Exposure
For many types of data, the potential damage is immediately obvious. The risk of identity theft and financial fraud is clear and well-understood. Information such as bank account details, credit card numbers, social security numbers, and government-issued IDs allows threat actors to impersonate victims, open new lines of credit, or drain existing accounts.
Another direct and highly impactful threat involves the exposure of authentication data. When passwords, PINs, or authentication tokens are leaked, attackers can log directly into user accounts. This type of incident might lead to account takeover and unauthorized access, allowing threat actors to exploit personal, professional, or financial platforms. Cryptocurrency breaches like GateHub fall into this category, where stolen keys or mnemonic phrases can translate to immediate monetary loss.
Even when sensitive information is incomplete, it can still enable attackers to narrow down a victim’s identity because many authentication systems rely on multiple personal data points rather than a single identifier. When combined with data from breaches, public sources, or social media, these partial details can be enough to bypass weak knowledge-based authentication mechanisms and gain unauthorized access.
The Risks Associated with Information that May Seem “Harmless”
But what about other, less obvious types of information, the data that might seem harmless at first glance?
With access to email addresses, phone numbers, or employer information, cybercriminals can craft highly convincing phishing messages. For example, using your company name and job title, an attacker could send a fake “HR update” email designed to trick you into revealing your login credentials. These kinds of personalized attacks are powered by leaked personal and professional details, fueling targeted phishing and social engineering campaigns.
Leaked messages, photos, or sensitive lifestyle data can also be weaponized for blackmail or public humiliation. Once shared on the dark web, this type of information rarely disappears. It can be resold, reposted, or repurposed multiple times over the years. These leaks pose serious risks of privacy invasion and reputation damage, affecting both individuals and organizations.
Meanwhile, large volumes of so-called “soft data” (such as income level, relationship status, or travel habits) can be aggregated to build detailed psychological profiles. This information can be used to target specific groups with scams, misinformation, or political influence campaigns, driving profiling and psychological manipulation on a mass scale.
Finally, the exposure of physical addresses, vehicle details, or travel patterns creates real-world dangers. When cybercriminals know where someone lives (and when they’re away) they can exploit this information to carry out stalking, burglary, or physical targeting. These are tangible physical and personal safety risks that extend far beyond the digital realm.
The Dangers of Aggregating Multiple Points of Information
The most dangerous attacks occur when threat actors combine multiple leaks.
A name from one breach, a date of birth from another, and bank data from a third can create a blueprint for total impersonation. The presence of personal and financial data on the dark web creates a multilayered risk landscape:
- Critical data (SSNs, passports, banking info, passwords) → immediate identity and financial theft
- Behavioral data (messages, health info, habits) → blackmail and reputational harm
- Profiling data (education, lifestyle, beliefs) → targeted scams and manipulation
The true danger lies not in any single data point, but in how these categories reinforce one another. A lone password leak may seem minor, but when combined with financial or identity data, it can be catastrophic. Our next step is to deepen this analysis by studying how different data types interact and how those combinations amplify the risk of exploitation across the dark web ecosystem.
Monitor Data Leaks with Flare
The Flare Threat Exposure Management solution empowers organizations to proactively detect, prioritize, and mitigate the types of exposures commonly exploited by threat actors. Our platform automatically scans the clear & dark web and prominent threat actor communities 24/7 to discover unknown events, prioritize risks, and deliver actionable intelligence you can use instantly to improve security.
Flare integrates into your security program in 30 minutes, and it often consolidates multiple SaaS and open-source tools into one platform. See what external threats are exposed for your organization by signing up for our free trial.
