This is a long list, but by no means complete or exhaustive. Data breach sources come and go.

Torrents

There are likely plenty of torrents floating around with breach data. Said torrents may lack seeders, so you may have to wait for some time. BitTorrent search engines such as BTdig[0] and BT4G[1] can be helpful.

Blogs

Various blogs can sometimes have links to breaches, or at least sources to them. Beyond the aforementioned SizeOf(Cat) list of data breaches, SizeOf(Cat) has also done write ups on various data breaches[2]. There are some listed on the maia kitten blog[3].

I wouldn't call this a data breach as it's open data, but OhShint! maintains a list of open data sets[4] for OSINT purposes.

Michael Bazzel of IntelTechniques plans to release a OSINT breach data guide [5] in the future. Until then, his book on OSINT Techniques has a chapter on data breaches. It can be found on Anna's Archive[6].

He has some podcast[7] episodes on finding and managing breach data that may be relevant. His podcast has been removed from SoundCloud and all other sources, and he has stated that 'it is on an indefinite "hiatus”'[5]. That being said, a torrent of all previous podcast episodes (except for Episode 306), as well as AI-generated text transcripts, exists here[8].

Telegram

Various Telegram channels can have data breaches posted. The OSINT Techniques book has some notes on this. They come and go, but here are some that are still up as of writing:

BreachForums:

  • BreachForum Official Announcements[9]
  • BreachForum Archive Repo[10]
  • BreachForum Archive Repo Chat[11]
  • BreachForum "New breach added to official section"[12]

Baphomet (Administrator on BreachForums)

  • Official Updates from Baphomet[13]
  • The Jacuzzi (Chat started by Baphomet after the fall of the first BreachForums)[14]

search.0t.rocks Related:

  • Zero Trust LTD[15]
  • Zero Trust LTD Chat[16]
  • Illicit Services LTD Leaks Sharing Chat[17]

Ransomware Gangs

Breach data often comes from ransomware groups such as LockBit, ALPHV, etc. Said groups have onion sites where they post their breaches. There are projects designed to monitor these groups such as Ransomwatch[18], as well as Twitter bots such as the Ransomware News bot[19]. The former maintains an up to date index on these groups and their onion sites.

Archives/Libraries

Archive.org has several data breaches: A LinkedIn users breach from 2015[20], a SnapChat data breach[21], a Nulled.io breach[22], a BlackHat forums breach[23], and a HackForums scrape[24]. They also host the NVidia leak[25].

Image Boards

4Chan has been a source of quite a few breaches over the years. Notable ones include the Twitch data breach[26], a NovelAI leak[27], the Stable Diffusion leak[28], the Facebook AI leak [29], and so on.

News Outlets

Various news sources report on data breaches. Some, such as DataBreaches.net[30] and KrebsOnSecurity[31] list the source of the breach in question. With some basic digging, you should be able to find the original source and download it. More mainstream news sources will be more coy about the source of the breach, but they can be a decent start.

YouTube/Odysee

There are some YouTubers who post about data breaches. Mental Outlaw[32] does this, and sometimes includes the links to the breach in his Odysee channel[33]. If he does not link it himself, there is likely someone in the comments that has. SomeOrdinaryGamers[34] (Odysee)[35] also does this from time to time.

Twitter

There are Twitter accounts for data breach forums, monitoring and reporting on data breaches, threat actors, and so on.
Forums: HackForums[36], OnniForums [37], XSS [38].
Reporting: VX-Underground (somewhat)[39], Have I Been Pwnd [40], OhShint![41] (somewhat)[42], SOSIntel[43].
People: cybersecuwu (creator of search.0t.rocks search engine)[44]

Search Engines

Not quite a download source for data breaches, but it can be a way of learning what is out there. Data breach search engines exist [45], but conventional search engines such as Yandex[46] can also be effective.

[0] https://btdig.com/
[1] https://bt4gprx.com
[2] https://maia.crimew.gay/posts/tagged/leak/
[3] https://sizeof.cat/tags/leaks/
[4] https://ohshint.gitbook.io/oh-shint-its-a-blog/osint-web-resources/data-sets
[5] https://inteltechniques.com/blog/2023/11/20/my-irish-exit/
[6] https://annas-archive.org
[7] https://inteltechniques.com/podcast.html
[8] magnet:?xt=urn:btih:3c21f5f3a8e4fe2319617c9df6548b02ecab20ac&dn=The%20Privacy%2c%20Security%20and%20OSINT%20Show%20-%20Ep%20001-305&tr=udp%3a%2f%2ftracker.openbittorrent.com%3a80&tr=udp%3a%2f%2ftracker.opentrackr.org%3a1337%2fannounce
[9] https://t.me/s/breached
[10] https://t.me/s/breachforums_cdn
[11] https://t.me/s/BFRepo
[12] https://t.me/+4In04nQg3oBmMWJh
[13] https://t.me/s/OfficialBaphomet
[14] https://t.me/baphchat
[15] https://t.me/illsvc/
[16] https://t.me/illsvcchat/
[17] https://t.me/illsvcleaksupload/
[18] https://ransomwatch.telemetry.ltd/#/INDEX
[19] https://twitter.com/RansomwareNews
[20] https://archive.org/details/LIUsers.7z
[21] https://archive.org/details/SnapChat.7z
[22] https://archive.org/details/nulled.io_database_dump_06052016
[23] https://archive.org/details/BlackhatWorldDump
[24] https://archive.org/details/hackforums_scrape
[25]https://archive.org/details/nvidia_leak_2022
[26] https://desuarchive.org/g/thread/83691438
[27] https://desuarchive.org/g/thread/89031771/
[28] https://desuarchive.org/g/thread/89928985/#89929721
[29] https://desuarchive.org/g/thread/91848262/#91850335
[30] https://www.databreaches.net/
[31] https://krebsonsecurity.com/
[32] https://www.youtube.com/channel/UC7YOGHUfC1Tb6E4pudI9STA
[33] https://odysee.com/@AlphaNerd:8
[34] https://www.youtube.com/channel/UCtMVHI3AJD4Qk4hcbZnI9ZQ
[35] https://odysee.com/@SomeOrdinaryGamers:a
[36] https://twitter.com/HackForumsNet
[37] https://twitter.com/OnniForums
[38] https://twitter.com/xss_is
[39] https://twitter.com/vxunderground
[40] https://twitter.com/haveibeenpwned
[41] https://twitter.com/ohshint_
[42] https://twitter.com/ohshint_/status/1638825402155286530#m
[43] https://twitter.com/SOSIntel
[44] https://twitter.com/cybersecuwu
[45] https://search.0t.rocks/
[46] https://yandex.com/

Data dump collections can be found on DHT search engines like BTDig along with their magnets. All 4 magnets found in the links below should be live with active seeders. Search with keywords like leak/Dump or just the site name if you don't see something you like here

Few examples of db collections I have found searching through BTDig

https://btdig.com/595ff005ad0faf81c7126f07e30f50384345d746/ <---- 388.29 GB torrent from 5 years ago
https://btdig.com/85f39f1d94917d61277725e7da85d8177a5c12eb/ <------ 593.90 GB torrent from 6 years ago
https://btdig.com/ba304cab082bad215263bd7f66902e128eccc7a3/ <-------- 595.32 GB torrent from 4 years ago
https://btdig.com/85ae71166b3129f0f9517c7dc6417de5f3e8cfd3/ <------- 448.93 GB torrent that looks pre-parsed from 8 months ago

Tool for managing data breaches. https://github.com/sensepost/Frack

"Frack is an attempt at creating an end-to-end solution to store, manage and query your breach data. The tool has got a very basic workflow, making it easy to use."

Can also just grep or whatever way you prefer to look through it, I believe there is an ongoing topic about this right now you can check in on.

Also, heath from TCM Academy has put this on his GitHub https://github.com/hmaverickadams/breach-parse

"A tool for parsing breached passwords"

that includes a torrent link of 40gb of db dumps

Data Breach Sources:
https://en.wikipedia.org/wiki/List_of_data_breaches - Wikipedia list of past data breaches
https://sizeof.cat/post/data-leaks/ - Large list of data breaches with torrent links
https://breachforums.is - Data breach forum, decent selection, uses a credit system to download leaks
https://ddosecrets.com/wiki/Distributed_Denial_of_Secrets - "Journalist non-profit devoted to publishing and archiving leaks"
https://wikileaks.org/ - One of the original data breach operations, with a political twist
https://enlacehacktivista.org/ - Hacktivist wiki designed to "[p]rovide a space for hackers to publish their hacks, leaks, and communiques"

There are also likely various Discord servers, Telegram channels, IRC channels, XMPP servers, and the like that facilitate the buying and selling of data breaches.

Check Data Breaches:
https://haveibeenpwned.com/

More links to database dumps can be found here:
https://github.com/hacxx-underground/Files-1
https://github.com/hacxx-underground/Files-2
https://github.com/hack-ito/Files
https://maia.crimew.gay/posts/rosgosstrakh-hack/
https://breachforums.is/Thread-Rosgosstrakh-700K-Customers-400GB
https://xss.is/
https://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/
https://cracked.io/
https://www.nulled.to/
https://hackforums.net/
https://sizeof.cat/links/
https://www.ransomlook.io/recent
https://rebreached.vc/
http://breachedu76kdyavc6szj6ppbplfqoz3pgrk3zw57my4vybgblpfeayd.onion
https://i.suffer.rip/buF6mVTL.csv
https://i.suffer.rip/ht0k4qYO.sql
http://onnii6niq53gv3rvjpi7z5axkasurk2x5w5lwliep4qyeb2azagxn4qd.onion/

Edit
Pub: 13 Dec 2023 11:51 UTC
Edit: 13 Dec 2023 12:13 UTC
Views: 264