As a leading Managed Service Provider (MSP), IT Partners is committed to keeping you informed and prepared in the face of ever-evolving cyber threats. It’s not just about reactive measures—understanding the landscape of data breaches is a crucial part of proactive cybersecurity.
We present the top five biggest data breaches, collected from the I Been Pwned database, a leading source for data breach information.
Top 5 Data Breaches
Last updated: December 11, 2025
Synthient Credential Stuffing Threat Data
Description: During 2025, the threat-intelligence firm Synthient aggregated 2 billion unique email addresses disclosed in credential-stuffing lists found across multiple malicious internet sources. Comprised of email addresses and passwords from previous data breaches, these lists are used by attackers to compromise other, unrelated accounts of victims who have reused their passwords. The data also included 1.3 billion unique passwords, which are now searchable in Pwned Passwords. Working to turn breached data into awareness, Synthient partnered with HIBP to help victims of cybercrime understand their exposure.
Accounts breached: 1,957,476,021
Collection #1
Description: In January 2019, a large collection of credential stuffing lists (combinations of email addresses and passwords used to hijack accounts on other services) was discovered being distributed on a popular hacking forum. The data contained almost 2.7 billion records including 773 million unique email addresses alongside passwords those addresses had used on other breached services. Full details on the incident and how to search the breached passwords are provided in the blog post The 773 Million Record "Collection #1" Data Breach.
Accounts breached: 772,904,991
Verifications.io
Description: In February 2019, the email address validation service verifications.io suffered a data breach. Discovered by Bob Diachenko and Vinny Troia, the breach was due to the data being stored in a MongoDB instance left publicly facing without a password and resulted in 763 million unique email addresses being exposed. Many records within the data also included additional personal attributes such as names, phone numbers, IP addresses, dates of birth and genders. No passwords were included in the data. The Verifications.io website went offline during the disclosure process, although an archived copy remains viewable.
Accounts breached: 763,117,241
Onliner Spambot
Description: In August 2017, a spambot by the name of Onliner Spambot was identified by security researcher Benkow moʞuƎq. The malicious software contained a server-based component located on an IP address in the Netherlands which exposed a large number of files containing personal information. In total, there were 711 million unique email addresses, many of which were also accompanied by corresponding passwords. A full write-up on what data was found is in the blog post titled Inside the Massive 711 Million Record Onliner Spambot Dump.
Accounts breached: 711,477,622
Data Enrichment Exposure From PDL Customer
Description: In October 2019, security researchers Vinny Troia and Bob Diachenko identified an unprotected Elasticsearch server holding 1.2 billion records of personal data. The exposed data included an index indicating it was sourced from data enrichment company People Data Labs (PDL) and contained 622 million unique email addresses. The server was not owned by PDL and it's believed a customer failed to properly secure the database. Exposed information included email addresses, phone numbers, social media profiles and job history data.
Accounts breached: 622,161,052
Collected from the I Been Pwned database, a leading source for data breach information.
Why Should You Care About These Breaches?
At IT Partners, we emphasize the importance of these breaches to heighten your awareness of the risks faced by businesses like yours. By comprehending the impact of data breaches, you can proactively implement robust security measures and protect your organization’s sensitive information.
If you seek further insights on data breaches and valuable guidance on safeguarding your business, we invite you to explore our comprehensive guide on data breaches.
To assess the strength of your email security, utilize the free email checker tool.
For personalized solutions and services tailored to your specific requirements, feel free to contact us today. Together, let’s fortify your cybersecurity defences and secure your business in the digital landscape.
Share This Post