GFAN, AI Type and others fall victim of data leaks.

A total of 11 breach events were found and analysed resulting in 34,097,640 exposed accounts containing a total of 8 different data types of personal datum . The breaches found publicly and freely available included GFAN, AI Type, Funimation, Flash Flash Revolution and Habbo. Sign in to view the full library of breach events which includes, where available, reference articles relating to each breach.

Data Breach Analysis

The affected entities spanned several industries, from mobile app ecosystems and anime streaming services to gaming communities and online forums. Among the more recognisable breached services were GFAN, AI Type, Funimation, Flash Flash Revolution, and Habbo.

GFAN, also known as GFan or Gfan.com, is a Chinese Android app store and mobile technology community. As an alternative Android app market, it hosts APK files and app listings outside of the Google Play ecosystem, often attracting users looking for custom or region-specific apps. The particular concern with app store platforms is their position at the intersection of identity and functionality, users might reuse login credentials or connect other services, and app download data provides rich behavioural insight.

Moreover, app markets can be weaponised by attackers if they gain access to backend user lists or app developer contact information. For instance, threat actors could impersonate GFAN or associated developers to distribute malware, trojans, or phishing apps to users who previously downloaded content from the platform.

AI Type, a customisable keyboard app, represents another category of service where the data breach potential is often underestimated. The AI Type breach is an example of how auxiliary services, like keyboard apps, which seem benign or purely functional, may have extensive access to user data. While the app’s purpose is limited to facilitating typing, the permissions it requires, combined with poor data handling, make it a significant privacy risk. The implications are even more serious when one considers the number of apps that request elevated permissions on mobile devices without clear justification or safeguards.

Funimation, a streaming service known for its extensive library of anime series and films, rounds out a more entertainment-focused portion of this breach list. The company has millions of users worldwide, many of whom sign up for premium streaming services.

With a loyal and highly engaged user base, platforms like Funimation can be a useful target for phishing attacks. Cybercriminals might craft convincing emails about subscription issues, content updates, or billing changes to trick users into revealing their credentials or payment data. As with other entertainment platforms, the value of this data extends beyond the individual account, it represents a touchpoint in the user’s digital behaviour and preferences.

Flash Flash Revolution (FFR), a rhythm gaming community and browser-based dance game, is part of the older web ecosystem with roots in early 2000s online culture. While not as prominent today, the platform retains a nostalgic following and a long-standing user database. This represents a classic case of legacy platforms presenting long-term security risks, particularly if they maintain old cryptographic standards or minimal security oversight.

In many cases, users of these long-standing forums and hobbyist communities forget they even had accounts, leaving personal data lingering in outdated systems. These are precisely the kinds of platforms that attackers might target for low-effort high-reward breaches: easy entry, but access to usernames, emails, and hashed or plaintext passwords that may still be valid elsewhere.

Habbo, formerly known as Habbo Hotel, is a long-established virtual world and social networking platform popular with teens and young adults in the early 2000s. It allows users to create avatars, interact in chat rooms, and build spaces.

Even though Habbo's popularity has declined, many of those accounts are still tied to email addresses and usernames that users continue to rely on for other services. Moreover, old chat logs or interaction data can sometimes reveal usernames or phrases that individuals still use, aiding in security question guessing or credential recovery attacks.

Across these eleven breaches, the presence of eight data types suggests a wide spectrum of impact. The overarching theme among these breaches is the variety in platform types and data significance. From niche gaming communities and virtual keyboards to mainstream anime platforms and legacy chat environments, the breached services demonstrate that no domain is too obscure or trivial to be a data target. The cumulative effect of breaches like these is particularly potent when considered in terms of long-term digital traceability: even when users abandon platforms, their data often remains, insecure and unmonitored.

The analysis of these incidents further underscores the persistent value of "old data" in the hands of cybercriminals. The risks associated with dormant accounts, reused credentials, or persistent online identities continue to rise as breach data remains publicly available in aggregated dumps or dark web trading forums.