About, oh … six years ago I tried out a CD cataloging service called ICollectMedia (ICM). Didn’t use it beyond the first time I signed up and forgot all about it until I recently began receiving ransom emails from online crooks who populated their emails with the unique password I used for ICM. Since this was a unique password for a service I no longer use, I wasn’t concerned about the breach affecting me, but it did show me that the folks who run ICM didn’t properly hash the passwords of their users. If they had used hashes then there is no way my complex, unique password would have been easily recovered and subsequently shared on the DarkWeb.
The breach-tracking site Hacked-Emails.com indicates that the ICM data hit the Darkweb on March 1st, 2018.