Appen, Home Chef and others fall victim of data leaks.

A total of 27 breach events were found and analysed resulting in 11,349,253 exposed accounts containing a total of 4 different data types of personal datum . The breaches found publicly and freely available included Appen, Home Chef, Corevin, Dafont and Todo Torrents. Sign in to view the full library of breach events which includes, where available, reference articles relating to each breach.

Data Breach Analysis

The affected services and platforms span multiple sectors, from artificial intelligence training companies and recipe delivery services to design font repositories and torrent-sharing forums. Notable names impacted in these publicly and freely available breaches include Appen, Home Chef, Corevin, Dafont, and Todo Torrents.

Appen, a global provider of data for AI training and human-in-the-loop machine learning, represents perhaps the most structurally significant of the breached entities. The company's data contributors and contractors form a distributed workforce often working on projects involving voice recognition, image tagging, and natural language processing. The concern isn’t just about traditional cybersecurity risk, but also the integrity of training data used in AI systems. If adversaries gain access to profiles of those contributing to datasets, there’s a possibility of manipulation, subtle or otherwise, within the training lifecycle itself.

Beyond that, Appen's workforce is global and includes freelancers in regions where data protection norms are weaker or inconsistent. This could increase exposure to phishing campaigns or scams targeted at less-resourced individuals under the guise of follow-up employment opportunities. The downstream effects extend beyond the individuals to the AI ecosystems that rely on the assumption that their data sources are untainted and secure.

Home Chef, a US-based meal kit and food delivery company, was also among the impacted. A breach affecting a food delivery company can be deceptively impactful. When breached, data serves as a useful base for social engineering campaigns. For instance, threat actors might impersonate a service representative and send convincing phishing emails containing fabricated delivery updates or loyalty rewards.

In this context, the overlap between food delivery and broader e-commerce becomes clearer. Users tend to reuse email and password combinations across services. Once an attacker obtains those credentials from a breach like Home Chef’s, they may try them against retail, banking, or communication platforms. The fact that food services are often linked to family accounts or shared household logins further complicates the potential spread of exposure.

Corevin, a name less immediately recognisable to the general public, may relate to industry-specific platforms or tools that manage internal logistics or supply chains. If this breach included login credentials, it could give rise to unauthorised access in business-to-business settings or internal portals, especially in sectors that are not tightly regulated in cybersecurity terms. In such contexts, even if only emails and usernames were exposed, this information could be used to probe for broader vulnerabilities, particularly if the organisation's email structure is predictable.

Then there is Dafont, a long-standing font repository and design resource used widely by graphic designers, web developers, and hobbyists. Dafont has a large user base of contributors who upload typefaces and of designers who download them for commercial or personal projects. A breach involving Dafont can have ripple effects on creative portfolios, software used in marketing materials, and design assets stored online. Although the service likely stores minimal data, the intersection of creative communities and data privacy remains under-explored. Many users on platforms like Dafont overlap with freelancing communities on sites such as Behance, Fiverr, or GitHub. If an attacker can correlate usernames or email addresses across these services, the scope of exploitation widens substantially.

Todo Torrents, on the other hand, represents a different layer of online risk. As a torrent indexing site, it most likely attracted users interested in peer-to-peer file sharing, often of copyright sensitive or grey-market content. While most users engage with torrent sites under usernames or pseudonymous accounts, breaches here can be particularly concerning. Exposure of email addresses or IP logs associated with torrent activity can lead to legal exposure in some jurisdictions. Additionally, these communities are sometimes used to spread malware-laced files or gather data from unwitting users, meaning a breach could amplify those pre-existing risks.

The lower diversity of data types does not equate to lower risk. In fact, the high reusability of certain core credentials like email-password combinations ensures that even relatively lean datasets can have broad implications when circulated in underground forums or used in credential stuffing attacks.

The thematic spread of these 27 breaches is also worth highlighting. It touches on several dimensions of the digital experience: gig economy labor (Appen), domestic convenience and logistics (Home Chef), specialised industry tools (Corevin), creative resources (Dafont), and fringe digital culture (Todo Torrents). What they have in common is the increasingly blurred line between 'low-risk' user accounts and real-world consequences. The assumption that only banking or healthcare platforms matter in breach analysis no longer holds. Every platform, regardless of its perceived sensitivity, collects user data that can be useful or harmful depending on context.

This also brings into focus the issue of digital permanence. Some of the affected platforms may not have been actively used by individuals for years. Dafont accounts created a decade ago might still exist, their passwords forgotten and emails unchanged. Torrenting habits, once abandoned, still leave traces. In all of these cases, users rarely consider the long-term exposure risks of their dormant accounts, yet attackers do.

From a broader perspective, these breaches invite consideration of how users compartmentalise their digital identities. It is often assumed that having separate accounts across varied platforms creates silos of exposure, but the persistence of usernames, password reuse, and identifiable email addresses undermines that notion. Once one point of entry is compromised, attackers can reconstruct a much broader digital profile than users expect.

As with all publicly available breach data, what was leaked may not be the complete set of compromised information. In some cases, data has been redacted or minimised before being published on public forums. In others, partial data leaks serve as teasers for deeper datasets being sold privately. This means the full scope of some of these breaches may remain undisclosed to users, with new risks only emerging months or years later.

In summary, the exposure of over 11 million accounts across these 27 breach events highlights the quiet ubiquity of data compromise. The platforms involved serve vastly different purposes but converge on a single, uncomfortable truth: the modern digital user has little control over how widely their data travels once shared. And while each breach might appear limited in scope, their combined effect contributes to a much larger ecosystem of digital vulnerability.