Researchers created a tool that can detect when user-registration-based websites suffer a data breach. Tripwire registers one or more accounts on websites by using a unique email address that they do not use for anything else. The tool would check at regular intervals if someone used this password to access the email account, which would indicate the website suffered a breach and an attacker used the stolen account data to log into the associated email account. Researchers say they registered accounts at over 2,300 sites, including one with a userbase of over 45 million.
Source: https://www.bleepingcomputer.com/news/security/data-breach-at-website-with-45-million-users-discovered-during-academic-research/