MyHeritage, Roll20 and others fall victim of data leaks.
27 June 2021BREACHAWARE HQ
A total of 23 breach events
were found and analysed resulting in 95,737,105 exposed accounts
containing a total of 11 different data types of personal datum
. The breaches found publicly and freely available included MyHeritage, Combo List [3] (Anonymous), USA (Anonymous), Florida Voter Data (Anonymous) and Roll20. Sign in to view the full
library of breach events which includes, where available, reference articles relating to
each breach.
Categories of Personal Data Discovered
Contact Data, Technical Data, Socia-Demographic Data, Social Relationships Data, Financial Data.
Data Breach Analysis
MyHeritage, a prominent genealogy and DNA testing service, is particularly significant due to the nature of the information it holds. The risk lies not only in potential credential reuse but also in the personal sensitivity of family history-related accounts, which are often tied to long-term records and contain familial links that may be leveraged for identity fraud.The breach titled Combo List [3] (Anonymous) represents a common and dangerous trend in the breach ecosystem, the compilation and redistribution of aggregated credential dumps. These lists are often created from previous breaches and repackaged by threat actors to be reused in credential stuffing attacks. Although the data is recycled, the threat remains potent: many users still reuse passwords across platforms, and automated tools can quickly test these combinations across numerous login portals.
Similarly, the breach categorised as USA (Anonymous) appears to reference either a dataset with entries purporting to come from various U.S. based services or scraped records from unknown sources. These types of leaks are difficult to trace but are frequently used to assemble broader identity profiles for fraud, spam, or voter manipulation. The volume of exposed accounts in this dataset adds to its concern, especially given its anonymised origin, which limits transparency and remediation.
The Florida Voter Data breach highlights another dimension of data exposure: the public availability of voter registration records. While some U.S. states permit open access to voter data, the aggregation and redistribution of this information on hacker forums or through breach dumps elevates the risk. Personal details such as full name, address, voter status, and party affiliation may be included, opening the door to politically targeted phishing campaigns, identity theft, or voter suppression tactics.
The scope of the data exposed suggests a mix of credential focused leaks and identity oriented dumps, which together present a significant cybersecurity and privacy concern. Some datasets were assembled from known services, while others came from unidentified or anonymous sources, indicating ongoing challenges in attribution and takedown enforcement.
As with many large breach compilations, the long-term danger lies in how these datasets are reused. Once data is leaked, it enters a circulation that can last indefinitely. Even anonymised or partial records, when matched with other publicly available information, become tools for profiling, spam campaigns, and fraud.
This breach collection serves as a clear example of the layered and evolving threat posed by data reuse, platform aggregation, and insufficiently secured legacy systems. While individual breaches may fade from headlines, their impact lingers through the continued availability of data in credential dumps and targeted attack vectors.