epik, Oracle WebCentre Portal and others fall victim of data leaks.

A total of 29 breach events were found and analysed resulting in 22,266,485 exposed accounts containing a total of 20 different data types of personal datum . The breaches found publicly and freely available included epik, Oracle WebCentre Portal, DCEmu Network, Chart Nexus (Investor Relations) and Smogon University. Sign in to view the full library of breach events which includes, where available, reference articles relating to each breach.

Data Breach Analysis

These incidents were spread across a wide variety of industries, reflecting the increasingly pervasive nature of data risk in the digital age. Importantly, the affected platforms spanned enterprise software, web hosting, investment tools, gaming communities, and user-generated content networks, demonstrating how breach threats transcend sectors and user demographics alike.

Among the more high-profile and structurally significant breaches in this group is the Epik incident. Epik is a domain registrar and web hosting company known for servicing a wide spectrum of websites, including some that operate at the controversial edges of internet discourse. Because Epik functions at the infrastructural layer of the web, this breach was particularly significant not just for exposing user data but for revealing deeper insights into domain ownership, hosting metadata, administrative access credentials, and operational infrastructure. Many of the users affected in this breach were administrators, website owners, and digital service providers, roles that often come with access to broader networks, compounding the potential impact.

Similarly, the inclusion of Oracle WebCentre Portal points to a breach affecting enterprise-level content management systems. Oracle’s WebCentre solutions are typically deployed by medium-to-large businesses to manage intranet portals, knowledge repositories, and internal collaboration tools. A breach associated with this platform raises concerns about the exposure of internal corporate communication, employee login credentials, customer support data, and potentially proprietary knowledge. Users affected here may include business analysts, IT teams, HR departments, and project managers, those who work with structured data in a professional capacity and often operate across multiple platforms.

Another notable entry is Chart Nexus, which focuses on providing financial charting tools, market insights, and investor relations platforms for retail and institutional investors. This suggests a significant portion of affected users are engaged in stock trading, portfolio management, or corporate governance. Exposure of data from such platforms, even if limited to login credentials or email addresses, has outsized risks due to the likelihood of account reuse and the financial intelligence associated with these users. Attackers often target such profiles for credential stuffing on brokerage platforms, phishing attempts posing as investment opportunities, or fraud campaigns that exploit perceived financial literacy.

On the community side, DCEmu Network and Smogon University represent popular forums centred around emulation and competitive gaming, respectively. These platforms attract technically savvy and highly engaged user bases, often including gamers, developers, hobbyists, and modders. While these communities may not hold high-value financial data, their forums frequently become targets due to their active user engagement, presence of administrator accounts, and integration with third-party tools such as Discord, Reddit, or GitHub.

DCEmu Network, in particular, focuses on retro gaming and emulator software, topics that frequently draw in a global, niche audience with deep investment in custom hardware or archival knowledge. A breach here could compromise not only forum credentials, but also shared project files, collaborative repositories, or private messages. Likewise, Smogon University, well-known for its role in the competitive Pokémon scene, features a dense social layer, with rankings, tournaments, and discussions that, while innocuous on the surface, form part of users’ broader digital identity. Compromising such data can contribute to targeted harassment, impersonation, or doxxing, particularly in tightly knit digital communities.

What ties all these breach events together is the sheer diversity in who is being impacted. Unlike breaches focused solely on consumer services or e-commerce platforms, this batch affects users across professional, technical, and enthusiast domains. Some of the affected users are likely to be corporate employees operating within internal IT environments. Others are private investors using technical charting tools. And others still are everyday users participating in gaming communities, forums, or niche hobbyist spaces.

Another common thread is the potential for cross-platform exposure. Even if individual breaches only reveal seemingly mundane details, such as usernames, hashed passwords, or email addresses, these fragments of identity can be recombined with other datasets to build more complete user profiles. For example, an email exposed via Smogon University might be reused by the same individual on Chart Nexus, where it is tied to investment activity, or even on Oracle WebCentre, where it might be associated with business login credentials. This illustrates the risk posed by a fragmented breach ecosystem, where malicious actors operate as aggregators, collecting small leaks from many platforms to reconstruct full digital identities.

Furthermore, this batch of breach events underscores the vulnerability of platforms that support other platforms, namely, service providers like Epik and Oracle. When vendors of infrastructure-level technology are breached, the fallout can extend beyond their direct user base. Clients of Epik, for instance, may have their domain configurations, administrative emails, and DNS routing data exposed. Similarly, companies using Oracle WebCentre may have internal communications or customer portals compromised. These “meta-breaches” ripple outward, potentially affecting dozens or hundreds of other organisations.

From a demographic standpoint, the affected users here likely span several continents, professional backgrounds, and age groups. Investors using Chart Nexus may skew older and more financially literate. Developers on DCEmu may be younger and technically inclined. Forum contributors on Smogon likely include students, gamers, and streamers. Users of Oracle WebCentre range from enterprise-level employees to mid-market consultants. In this way, the data exposed through these incidents represents not just individual identities, but digital personas, complex constellations of personal, professional, and recreational data that users may not even realise are interconnected.

Given the scope, 29 breach events and over 22 million records exposed, it’s clear that attackers continue to exploit weak spots across a broad digital surface area. Even relatively obscure or mid-tier platforms are valuable targets, particularly when their users overlap with other sectors or represent entry points into organisational systems. As digital identity becomes increasingly fragmented across apps, devices, and use cases, the potential for seemingly minor breaches to escalate into significant security incidents grows substantially.

This reinforces the importance of strong credential hygiene, multifactor authentication, and organisational awareness of third-party risk. It also highlights the need for transparency and coordinated disclosure: without timely communication, many users may never know their data was compromised, leaving them vulnerable to ongoing exploitation.

In summary, this batch of breach events serves as a microcosm of the modern data exposure landscape. It shows how technical, financial, community, and infrastructural platforms alike are susceptible to compromise, and how interconnected the risks have become across domains, devices, and user roles.