credential exposure

Breach chronology

The Live.com PDF lists eighteen incidents, and the Gmail exports add three more (MangaDex, Luxottica, Under Armour).

Earliest leak: MySpace (01 Jul 2008) · Latest: Synthient credential stuffing feed (11 Apr 2025).
Gmail-specific hits: MangaDex (22 Mar 2021), Luxottica (16 Mar 2021), Under Armour (17 Nov 2025).
Data types span passwords, DOB, phones, addresses, purchases, security Q&A, and geographic traces.

Gmail export exposures

MangaDex

22 Mar 2021 · Emails, IP addresses, passwords, usernames

Luxottica

16 Mar 2021 · DOB, emails, genders, names, phone numbers, physical addresses

Under Armour

17 Nov 2025 · DOB, emails, genders, geographic locations, names, purchases

Live.com exposures

Tumblr

28 Feb 2013 · Emails + passwords

MySpace

01 Jul 2008 · Emails, passwords, usernames

iMesh

22 Sep 2013 · Emails, IPs, passwords, usernames

Modern Business Solutions

08 Oct 2016

DOB, genders, job titles
Emails, phones, physical addresses

River City Media spam list

01 Jan 2017 · Emails, IPs, names, physical addresses

Anti Public combo list

16 Dec 2016 · Email/password combos

Exploit.In

13 Oct 2016 · Email/password combos

Edmodo

11 May 2017 · Emails, passwords, usernames

CashCrate

17 Nov 2016 · Emails, names, physical addresses, passwords

BlankMediaGames

28 Dec 2018

Browser fingerprints + IPs
Emails, passwords, purchases, activity

Collection #1

07 Jan 2019 · Email/password dump

MyFitnessPal

01 Feb 2018 · Emails, IPs, passwords, usernames

StockX

26 Jul 2019

Emails, names, physical addresses
Passwords, purchase history, usernames

Chegg

28 Apr 2018 · Emails, names, phone numbers, addresses, passwords

Poshmark

16 May 2018 · Emails, genders, geo locations, names, passwords, usernames

DatPiff

25 Aug 2021 · Emails, passwords, security Q&A, usernames

ALIEN / TXTBASE stealer logs

15 Feb 2025 · Email/password capture

Synthient credential stuffing feed

11 Apr 2025 · Email/password set