Gravatar, Webtretho and others fall victim of data leaks.
06 March 2022BREACHAWARE HQ
A total of 18 breach events
were found and analysed resulting in 5,572,421 exposed accounts
containing a total of 14 different data types of personal datum
. The breaches found publicly and freely available included Gravatar, Webtretho, Lime Leads, Leads Hunter and Thingiverse. Sign in to view the full
library of breach events which includes, where available, reference articles relating to
each breach.
Categories of Personal Data Discovered
Contact Data, Technical Data, Socia-Demographic Data, Communications Data, Usage Data.
Data Breach Analysis
Among the most recognisable platforms affected was Gravatar, an avatar service widely integrated into blogs, forums, and CMS platforms like WordPress. Although Gravatar doesn’t typically store highly sensitive data, its core service links email addresses to public profile images and usernames. When compromised, these associations can be weaponised for targeted phishing, credential stuffing, or profiling attacks. Previous concerns around Gravatar’s API allowing mass scraping have already raised red flags in the cybersecurity community.Webtretho, a large Vietnamese online forum with a focus on parenting, lifestyle, and community discussion, was also involved. Forums like this often collect user-contributed content alongside registration information such as usernames, emails, and IP addresses. Due to the conversational and often personal nature of forum posts, breaches can result in reputational exposure, particularly if linked back to real-world identities.
Lime Leads and Leads Hunter, both operating in the B2B lead generation and sales intelligence space, represent a category of breach that can have cascading effects across businesses. These platforms aggregate business contact information, often including email addresses, job roles, and company affiliations, for use in marketing or sales outreach. When leaked, these data sets can become tools for more sophisticated spear-phishing, impersonation, or social engineering campaigns.
Another noteworthy inclusion is Thingiverse, a platform popular among 3D printing enthusiasts for sharing open-source designs. While it may seem less risky at first glance, the user accounts on Thingiverse often belong to individuals working in tech, education, and design communities. If their credentials are reused elsewhere, attackers can gain access to more sensitive environments by exploiting low-priority sites as entry points.
The diverse industries involved, from hobbyist forums to B2B marketing platforms, illustrate how widely personal data is distributed across the web, often in places users may not immediately consider high-risk.
What’s particularly concerning is the ongoing leakage of business-oriented contact data. While consumers often receive the bulk of attention in breach discussions, professionals whose data is stored in sales intelligence platforms like Lime Leads may face an uptick in unsolicited outreach, phishing attempts, or even fraud attempts tied to their employer's domain or infrastructure.
These 18 breach events also highlight a recurring trend: older or utility-based platforms, like avatar services, forums, and niche SaaS tools, continue to contribute significantly to the public data breach ecosystem. Their age, limited security updates, or third-party integrations often become weak links, exploited by attackers looking for easy access points.
For individuals and organisations alike, these events reinforce the need for vigilance in password hygiene, the minimisation of unnecessary profile data, and regular monitoring of exposed credentials. In particular, accounts used for secondary services (e.g., community forums or marketing dashboards) should not reuse login credentials tied to primary systems or work environments.
In summary, this batch of breach data underlines the subtle but potent risks of the long tail of digital platforms, spaces that may seem benign but still house enough user data to be valuable in the wrong hands. Whether for reputation exploitation, business disruption, or credential attacks, the exposed 5.5 million accounts add to a growing dataset that fuels cybercriminal ecosystems.