SkilloVilla, an Indian ed-tech firm, suffered a mega-exposure breach in 2025, resulting in the leak of over 33 million private records onto the dark web. The compromised data included sensitive personally identifiable information (PII), such as passwords, home addresses, email addresses, phone numbers, and potentially government IDs or health records aligning with Proton’s findings that 34% of breaches contained highly sensitive data and 90% exposed names. The scale of the leak raises severe risks of targeted phishing, identity theft, and financial fraud against affected individuals, particularly students and professionals engaged with the platform. Given the education sector’s vulnerability and the high volume of exposed records, the breach underscores systemic security failures in safeguarding user data, with long-term reputational and operational consequences for SkilloVilla. The incident also reflects broader trends where SMBs (70.5% of breaches) are prime targets due to weaker cybersecurity defenses, exacerbating the risk of large-scale data exploitation by threat actors.
Source: https://www.digit.fyi/dark-web-flooded-with-300-million-leaked-records-in-2025/
TPRM report: https://www.rankiteo.com/company/juniorkoder
"id": "jun2832728103125",
"linkid": "juniorkoder",
"type": "Breach",
"date": "6/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '11.8 million',
'industry': 'Aviation/Transportation',
'location': 'Australia',
'name': 'Qantas Airlines',
'size': 'Large',
'type': 'Airline'},
{'customers_affected': '33 million',
'industry': 'Education/Technology',
'location': 'India',
'name': 'SkilloVilla',
'size': 'Medium/Large',
'type': 'Ed-Tech Firm'},
{'industry': 'Telecommunications',
'location': 'Europe',
'name': 'PhoneMondo',
'type': 'Telecom Firm'},
{'industry': 'Telecommunications',
'location': 'Romania',
'name': 'Orange Romania',
'type': 'Telecom Firm'},
{'industry': 'Telecommunications',
'location': 'France',
'name': 'Free',
'type': 'Telecom Firm'},
{'customers_affected': '10 million',
'industry': 'Technology',
'location': 'Singapore',
'name': 'amai',
'type': 'IT Company'},
{'industry': 'Retail',
'location': 'United Kingdom',
'name': 'Unnamed Retail Firms (British High Street)',
'type': 'Retail'},
{'industry': ['Retail',
'Tech',
'Media',
'Business Services',
'Financial Services',
'Insurance',
'Education',
'Public Sector',
'Non-Profit'],
'location': 'Global',
'name': 'Unnamed SMEs (Multiple Sectors)',
'size': 'Small/Medium',
'type': ['Small Business', 'Medium Business']}],
'customer_advisories': ['Proton recommends monitoring for phishing attempts '
'due to exposed PII.'],
'data_breach': {'data_exfiltration': 'Yes (leaked to dark web)',
'number_of_records_exposed': '300 million+ (across 794 '
'breaches)',
'personally_identifiable_information': 'Yes (names, emails, '
'addresses, phone '
'numbers, government '
'IDs, health records)',
'sensitivity_of_data': 'High (includes passwords, medical '
'data, government IDs)',
'type_of_data_compromised': ['Passwords',
'Home Addresses',
'Medical Histories',
'Government IDs',
'Health Records',
'Personally Identifiable '
'Information (PII)',
'Phone Numbers',
'Names',
'Email Addresses']},
'date_publicly_disclosed': '2025',
'description': 'Hundreds of millions of private records, including passwords, '
'home addresses, and medical histories, have spilled onto the '
"dark web in the past year, according to Proton's Data Breach "
'Observatory. Over 300 million private records were leaked '
"across 794 breaches in 2025, with notable 'mega-exposures' "
'affecting Qantas Airlines (11.8M records), SkilloVilla (33M '
'records), PhoneMondo, Orange Romania, Free (33M combined), '
'and amai (10M records). 49% of breaches contained passwords, '
'34% included sensitive data like government IDs or health '
'records, and 72% exposed phone numbers and home addresses. '
'Retail was the hardest-hit sector (25.3%), followed by tech '
'(15%) and media (10.7%). SMEs accounted for 70.5% of breaches '
'due to weaker security infrastructure.',
'impact': {'brand_reputation_impact': ['High (due to exposure of sensitive '
'PII)',
'Potential phishing risks'],
'data_compromised': {'email_addresses': '100% of breaches',
'home_addresses': '72% of breaches',
'names': '90% of breaches',
'passwords': '49% of breaches',
'phone_numbers': '72% of breaches',
'sensitive_data': '34% of breaches '
'(government IDs, health '
'records, PII)',
'total_records': '300 million+'},
'identity_theft_risk': 'High (due to exposure of PII, passwords, '
'and sensitive data)'},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes (300M+ records across '
'794 breaches)',
'high_value_targets': ['SMEs (70.5% of breaches)',
'Retail sector (25.3%)']},
'investigation_status': "Ongoing (via Proton's dark web tracking)",
'lessons_learned': ['SMEs are disproportionately targeted (70.5% of breaches) '
'due to weaker security infrastructure.',
'Dark web monitoring is critical for detecting unreported '
'breaches.',
'Passwords and PII are frequently exposed, increasing '
'identity theft and phishing risks.',
'Retail is the most targeted sector (25.3%), but breaches '
'span nearly all industries.'],
'motivation': ['Financial Gain', 'Data Theft'],
'post_incident_analysis': {'corrective_actions': ['Enhance SME cybersecurity '
'measures.',
'Adopt proactive dark web '
'monitoring.',
'Improve incident response '
'and disclosure practices.'],
'root_causes': ['Weak security infrastructure in '
'SMEs.',
'Lack of dark web monitoring '
'leading to undetected breaches.',
'Targeted attacks on retail and '
'sectors with high-value PII.']},
'recommendations': ['Implement dark web monitoring to detect breaches early.',
'Strengthen security infrastructure, especially for SMEs.',
'Prioritize protection of PII and sensitive data (e.g., '
'passwords, health records).',
'Raise awareness about phishing risks due to exposed '
'emails and personal data.',
"Use platforms like Proton's Data Breach Observatory to "
'track exposure patterns.'],
'references': [{'source': 'Proton VPN - Data Breach Observatory'}],
'response': {'communication_strategy': ["Public disclosure via Proton's "
'report',
'Awareness campaign through Data '
'Breach Observatory'],
'enhanced_monitoring': ['Dark web monitoring (recommended by '
'Proton)'],
'third_party_assistance': ['Proton (via Data Breach '
'Observatory)']},
'title': 'Massive Dark Web Data Breach Exposures in 2025',
'type': ['Data Breach', 'Dark Web Leak']}