In July 2022, the direct download website Exvagos suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 2.1M unique email addresses along with IP addresses, usernames, dates of birth and MD5 password hashes.
Source: HaveIBeenpwned
Source Link: https://haveibeenpwned.com/PwnedWebsites#Exvagos