Incident Overview

A threat actor has leaked the database of DevChallenges, a platform built to help developers practice and sharpen their coding skills through hands-on challenges. The breach reportedly occurred in February 2026, and the full database has been made available as a free download.

The leaked dataset contains 20,218 records and includes user profile information such as display names, email addresses, GitHub usernames, avatar URLs, and linked social media accounts including Instagram, LinkedIn, and Twitter handles. Additional profile fields like bios, skills, programming languages, locations, and UUIDs are also part of the dump. Beyond user profiles, the breach includes subscription invoice data and feedback invoice records that tie user interactions and payment activity to individual accounts.

The data is being offered for free, with the download link hidden behind a reply wall. Samples posted in the listing show JSON-formatted records with detailed user profile structures and invoice entries dating back to 2023.