Category: Have I Been Pwned latest breaches

In early 2024, a large corpus of data from DemandScience (a company owned by Pure Incubation), appeared for sale on a popular hacking forum. Later attributed to a leak from a decommissioned legacy system, the breach contained extensive data that…

Read more →

In October 2024, retailer Hot Topic suffered a data breach that exposed 57 million unique email addresses. The impacted data also included physical addresses, phone numbers, purchases, genders, dates of birth and partial credit data containing card type, expiry and…

Read more →

In October 2024, 421k unique email addresses from the virtual earth game Earth 2 were derived from embedded Gravatar images. Appearing alongside player usernames, the root cause was related to how Gravatar presents links to avatars as MD5 hashes within…

Read more →

In October 2024, almost 20GB of data containing 1.3M unique email addresses from motorcycle supplies store Dennis Kirk was circulated. Dating back to September 2021, the data also contained purchases from the online store along with customer names, phone numbers…

Read more →

In June 2022, the malicious "carding" (referring to credit card fraud) website Altenen suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 1.3M unique email addresses, usernames, bcrypt password hashes…

Read more →

In June 2024, almost 10M user records from Z-lib were discovered exposed online. Now defunct, Z-lib was a malicious clone of Z-Library, a well-known shadow online platform for pirating books and academic papers. The exposed data included usernames, email addresses,…

Read more →

In May 2020, over 1.3M records from the MMO game Stalker Online were breached. The data included email and IP addresses, usernames and hashed passwords. This article has been indexed from Have I Been Pwned latest breaches Read the original…

Read more →

In June 2022, the adult website TNAFlix suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 1.4M records of email and IP addresses, usernames and plain text passwords. This article…

Read more →

In October 2018, the Russian Minecraft service VimeWorld suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 3.1M records of usernames, email and IP addresses and passwords stored as either…

Read more →

In July 2020, the Russian Minecraft service StreamCraft suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 1.8M records of usernames, email and IP addresses and passwords stored as either…

Read more →

In October 2024, The Club Penguin Experience (TCPE) suffered a data breach. The incident exposed over 6k subscribers’ email addresses alongside usernames, age groups, passwords stored as bcrypt hashes and in some cases, plain text password hints. TCPE sent prompt…

Read more →

In September 2024, a data breach sourced from the Australian retailer digiDirect was published to a popular hacking forum. The breach exposed over 300k rows of data including email and physical address, name, phone number and date of birth. Approximately…

Read more →

In March 2024, the Canadian national citizens’ campaign for proportional representation Fair Vote Canada suffered a data breach. The incident was attributed to "a well-meaning volunteer" who inadvertently exposed data from 2020 which included 134k unique email addresses, names, physical…

Read more →

In 2019, the snow sports tracking app AlpineReplay suffered a data breach that exposed 900k unique email addresses. Later rolled into the Trace service, the breach included names, usernames, genders, dates of birth, weights and passwords stored as either unsalted…

Read more →

In September 2024, the digital library of internet sites Internet Archive suffered a data breach that exposed 31M records. The breach exposed user records including email addresses, screen names and bcrypt password hashes. This article has been indexed from Have…

Read more →

In September 2024, the "AI girlfriend" website Muah.AI suffered a data breach. The breach exposed 1.9M email addresses alongside prompts to generate AI-based images. Many of the prompts were highly sexual in nature, with many also describing child exploitation scenarios.…

Read more →

In October 2024, the Hungarian IT headhunting service Switch inadvertently exposed thousands of customer records via a public GitHub repository. The exposed data contained job applications with names, email addresses and in some cases, commentary on the applicant. This article…

Read more →

In July 2024, a data breach of the now defunct cannabis social platform BudTrader was posted for sale on a hacking forum. Dating back to the previous month, the breach of the website exposed 2.7M email addresses, usernames and WordPress…

Read more →

In September 2024, data from the ticketing service Central Tickets was publicly posted to a hacking forum. The data suggests the breach occurred several months earlier and exposed 723k unique email addresses alongside names, phone numbers, IP addresses, purchases and…

Read more →

In May 2016, the Vietnamese gaming forum GameVN suffered a data breach that was later redistributed as part of a larger corpus of data. Data breached from the XenForo-based forum included 1.4M unique email addresses, usernames, IP addresses and salted…

Read more →

In March 2024, millions of records scraped from the hunting and land management service HuntStand were publicly posted to a popular hacking forum. The data included 2.8M unique email addresses with many records also containing name, date of birth and…

Read more →

In September 2024, the Instituto Nacional de Deportes de Chile (Chile’s National Sports Institute) suffered a data breach. The incident exposed 1.7M rows of data with 320k unique email addresses alongside names, dates of birth, genders and bcrypt password hashes.…

Read more →

In September 2020, now defunct website Games Box suffered a data breach that was later redistributed as part of a larger corpus of data. The impacted data included 1.4M email addresses alongside usernames, genders, ages and passwords stored as either…

Read more →

In April 2024, 15M records from the online florist Blooms Today were listed for sale on a popular hacking forum. The most recent data in the breach corpus was from November 2023 and appeared alongside 3.2M unique email addresses, names,…

Read more →

In August 2023, the Portugese home decor company Market Moveis suffered a data breach that impacted 28k records. The exposed records were limited to names and email addresses. This article has been indexed from Have I Been Pwned latest breaches…

Read more →

In August 2024, a data breach from the online styling service Lookiero was posted to a popular hacking forum. Dating back to March 2024, the data included 5M unique email addresses, with many of the records also including name, phone…

Read more →

In April 2024, the French sporting equipment manufacturer Sport 2000 announced it had suffered a data breach. The data was subsequently put up for sale on a popular hacking forum and included 4.4M rows with 3.2M unique email addresses alongside…

Read more →

In September 2022, the in-game trading marketplace Traderie suffered a data breach that exposed almost 400k records (this preceded a subsequent breach the following year). The incident exposed email and IP addresses, usernames and links to social media profiles. The…

Read more →

In August 2024, a slew of security vulnerabilities were identified with a conglomerate of online services which included the GPS tracking service Tracki. Multiple vulnerabilities exposed the personal records of 372k users of the service including names and email addresses.…

Read more →

In August 2024, a slew of security vulnerabilities were identified with a conglomerate of online services which included the talent network Explore Talent. A vulnerable API exposed the personal records of 11.4M users of the service of which 8.9M unique…

Read more →

In August 2024, the website of Master Chris Leong "a leading Tit Tar practitioner in Malaysia" suffered a data breach. The incident exposed 27k unique email addresses along with names, physical addresses, dates of birth, genders, nationalities and in many…

Read more →

In March 2024, French retailer LDLC disclosed a data breach that impacted customers of their physical stores. The data was previously listed for sale on a popular hacking forum and contained 1.26M unique email addresses along with names, phone numbers…

Read more →

In April 2024, a large trove of data made headlines as having exposed "3 billion people" due to a breach of the National Public Data background check service. The initial corpus of data released in the breach contained billions of…

Read more →

In September 2023, the cloud gaming provider Shadow suffered a data breach that exposed over half a million customer records. The data included email and physical addresses, names and dates of birth. This article has been indexed from Have I…

Read more →

In August 2024, over 332M rows of email addresses were posted to a popular hacking forum. The post alleged the addresses were scraped from cybersecurity firm SOCRadar, however an investigation on their behalf concluded that "the actor merely utilised functionalities…

Read more →

In June 2024, the UK footwear chain Shoe Zone disclosed a data breach that was subsequently posted for sale on a popular hacking forum. The data included over 100k orders containing names, addresses, partial credit card numbers (card type and…

Read more →

In July 2024, the Emirati-based LuLu retail store suffered a data breach. The impacted data included 190k email addresses and associated phone numbers which were subsequently shared on a popular hacking forum. This article has been indexed from Have I…

Read more →

In April 2024, over half a million records taken from the Italian gaming website Multiplayer.it were posted to a popular hacking forum. The impacted data included email addresses, usernames and salted MD5 password hashes. This article has been indexed from…

Read more →

In July 2024, info stealer logs with 26M unique email addresses were collated from malicious Telegram channels. The data contained 22GB of logs consisting of email addresses, passwords and the websites they were used on, all obtained by malware running…

Read more →

In July 2024, AnimeLeague disclosed a data breach of their services. The data was posted for sale on a popular hacking forum and included 2 databases covering both event registration records and a dump of the phpBB bulletin board. The…

Read more →

In July 2024, 700k unique email addresses from the audiobook platform Ubook were posted to a popular hacking forum. Allegedly scraped from the service, the data appears to be sourced from the Ubook Exchange (UBX) and also includes names, genders,…

Read more →

In June 2019, now defunct website Condo.com suffered a data breach that was later redistributed as part of a larger corpus of data. The impacted data included 1.5M email addresses alongside names, phone numbers and for a small number of…

Read more →

In July 2024, a data breach attributed to Explore Talent was publicly posted to a popular hacking forum. Containing 5.7M rows with 5.4M unique email addresses, the incident has been described by various sources as occurring between early 2022 to…

Read more →

In July 2024, data scraped from a misconfigured Life360 API was posted online after being obtained several months earlier. The records included 443k unique email addresses and in most cases, corresponding names and phone numbers (some records were null or…

Read more →

In July 2024, hacktivists published almost 2GB of data taken from The Heritage Foundation and their media arm, The Daily Signal. The data contained 72k unique email addresses, primarily used for commenting on articles (along with names, IP addresses and…

Read more →

In May 2024, the American luxury retailer Neiman Marcus suffered a data breach which was later posted to a popular hacking forum. The data included 31M unique email addresses, names, phone numbers, dates of birth, physical addresses and partial credit…

Read more →

In July 2024, the Husky Owners forum website was defaced and linked to a breach of user data containing 16k records. The exposed data included usernames, email addresses, dates of birth and time zones. This article has been indexed from…

Read more →

In July 2024, Roblox disclosed a data breach related to a vendor inadvertently exposing user information from a 2022-2024 Roblox Developer Conference registration list. The data included 10k unique email addresses alongside names and IP addresses. This article has been…

Read more →

In May 2024, the Australian event ticketing company Ticketek reported a data breach linked to a third party cloud-based platform. The following month, the data appeared for sale on a popular hacking forum and was later linked to a series…

Read more →

In June 2024, Advance Auto Parts confirmed they had suffered a data breach which was posted for sale to a popular hacking forum. Linked to unauthorised access to Snowflake cloud services, the breach exposed a large number of records related…

Read more →

In June 2024, a data brach sourced from French fashion brand Zadig & Voltaire was publicly posted to a popular hacking forum. The data included names, email and physical addresses, phone numbers and genders. When contacted about the incident, Zadig…

Read more →

In May 2024, 2B rows of data with 361M unique email addresses were collated from malicious Telegram channels. The data contained 122GB across 1.7k files with email addresses, usernames, passwords and in many cases, the website they were entered into.…

Read more →

In May 2024, a coalition of international law enforcement agencies took down a series of botnets in a campaign they coined "Operation Endgame". Data seized in the operation included impacted email addresses and passwords which were provided to HIBP to…

Read more →

In May 2024, a coalition of international law enforcement agencies took down a series of botnets in a campaign they coined "Operation Endgame". Data seized in the operation included impacted email addresses and passwords which were provided to HIBP to…

Read more →

In May 2024, the spyware service pcTattletale suffered a data breach that defaced the website and posted tens of gigabytes of data to the homepage, allegedly due to pcTattletale not responding to a previous security vulnerability report. The breach exposed…

Read more →

In July 2016, the Dota2 official developers forum suffered a data breach that exposed almost 2 million users. The hack of the vBulletin forum led to the disclosure of email and IP addresses, usernames and passwords stored as salted MD5…

Read more →

In May 2024, the conservative news website The Post Millennial suffered a data breach. The breach resulted in the defacement of the website and links posted to 3 different corpuses of data including hundreds of writers and editors (IP, physical…

Read more →

In April 2024, a substantial volume of data was taken from the Bangladeshi IT services provider Tappware and published to a popular hacking forum. Comprising of 95k unique email addresses, the data also included extensive labour information on local citizens…

Read more →

In April 2024, over 6M records from the streaming service MovieBoxPro were scraped from a vulnerable API. Of questionable legality, the service provided no contact information to disclose the incident, although reportedly the vulnerability was rectified after being mass enumerated.…

Read more →

In April 2024, 2.1M email addresses from the online health products store Piping Rock were publicly posted to a popular hacking forum. The data also included names, phone numbers and physical addresses. The account posting the data had previously posted…

Read more →

In April 2024, 95k records from the T2 tea store were posted to a popular hacking forum. Data included email and physical addresses, names, phone numbers, dates of birth, purchases and passwords stored as scrypt hashes. This article has been…

Read more →

In April 2024, 86k records from the T2 tea store were posted to a popular hacking forum. Data included email and physical addresses, names, phone numbers, dates of birth, purchases and passwords stored as scrypt hashes. This article has been…

Read more →

In April 2024, the French underwear maker Le Slip Français suffered a data breach. The breach included 1.5M email addresses, physical addresses, names and phone numbers. This article has been indexed from Have I Been Pwned latest breaches Read the…

Read more →

In March 2024, Canadian discount store Giant Tiger suffered a data breach that exposed 2.8M customer records. Attributed to a vendor of the retailer, the breach included physical and email addresses, names and phone numbers. This article has been indexed…

Read more →

In April 2024, nearly 6 million records of Salvadoran citizens were published to a popular hacking forum. The data included names, dates of birth, phone numbers, physical addresses and nearly 1M unique email addresses. Further, over 5M corresponding profile photos…

Read more →

In February 2024, the paid survey website SurveyLama suffered a data breach that exposed 4.4M customer email addresses. The incident also exposed names, physical and IP addresses, phone numbers, dates of birth and passwords stored as either salted SHA-1, bcrypt…

Read more →

In March 2024, 1.3M unique email addresses from the online store for purchasing goods from China, Pandabuy, were posted to a popular hacking forum. The data also included IP and physical addresses, names, phone numbers and order enquiries. The breach…

Read more →

In June 2023, the Tacoma-Pierce County Health Department announced a data breach of their Washington State Food Worker Card online training system. The breach was published to a popular hacking forum the year before and dated back to a 2018…

Read more →

In March 2024, English Cricket’s icoachcricket website suffered a data breach that exposed over 40k records. The data included email addresses and passwords stored as either bcrypt hashes, salted MD5 hashes or both. The data was provided to HIBP by…

Read more →

In July 2022, the direct download website Exvagos suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 2.1M unique email addresses along with IP addresses, usernames, dates of birth and…

Read more →

In August 2016, breached data from the vBulletin forum for GSM-Hosting appeared for sale alongside dozens of other hacked services. The breach impacted 2.6M users of the service and included email and IP addresses, usernames and salted MD5 password hashes.…

Read more →

In January 2019, the now defunct MMO and RPG game SwordFantasy suffered a data breach that exposed 2.7M unique email addresses. Other impacted data included username, IP address and salted MD5 password hashes. This article has been indexed from Have…

Read more →

In March 2024, millions of rows of data from the New Zealand media company MediaWorks was publicly posted to a popular hacking forum. The incident exposed 163k unique email addresses provided by visitors who filled out online competitions and included…

Read more →

In March 2024, tens of millions of records allegedly breached from AT&T were posted to a popular hacking forum. Dating back to August 2021, the data was originally posted for sale before later being freely released. AT&T maintains that there…

Read more →

In March 2024, tens of millions of records allegedly breached from AT&T were posted to a popular hacking forum. Dating back to August 2021, the data was originally posted for sale before later being freely released. AT&T maintains that there…

Read more →

In September 2022, the online photo sharing platform ClickASnap suffered a data breach. The incident exposed almost 3.3M personal records including email addresses, usernames and passwords stored as SHA-512 hashes. Further, a collection of paid subscriptions were also included and…

Read more →

In September 2022, over 500k customer records from the Indian e-commerce service Flipkart appeared on a popular hacking forum. The breach exposed email addresses, latitudes and longitudes, names and phone numbers. This article has been indexed from Have I Been…

Read more →

In August 2021, the Brazilian fast food company "Habib’s" suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 3.5M unique email addresses along with IP addresses, names, phone numbers, dates…

Read more →

In September 2022, the Taiwanese Android forum APK.TW suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 2.5M unique email addresses along with IP addresses, usernames and salted MD5 password…

Read more →

In September 2022, the Russian e-commerce website Online Trade (Онлайн Трейд) suffered a data breach that exposed 3.8M customer records. The data included email and IP addresses, names, phone numbers, dates of birth and MD5 password hashes. This article has…

Read more →

In March 2024, WoTLabs (World of Tanks Statistics and Resources) suffered a data breach and and website defacement attributed to "chromebook breachers". The breach exposed 22k forum members’ personal data including email and IP addresses, usernames, dates of birth and…

Read more →

In March 2024, the online games community Mr. Green Gaming suffered a data breach that exposed 27k user records. Acknowledged on their Discord server, the incident exposed email and IP addresses, usernames, geographic locations and dates of birth. This article…

Read more →

In March 2024, the online games community Mr. Green Gaming suffered a data breach that exposed 27k user records. Acknowledged on their Discord server, the incident exposed email and IP addresses, usernames, geographic locations and dates of birth. This article…

Read more →

In February 2024, the AI-powered visual design platform Cutout.Pro suffered a data breach that exposed 20M records. The data included email and IP addresses, names and salted MD5 password hashes which were subsequently broadly distributed on a popular hacking forum…

Read more →

In February 2024, the Australian Telco Tangerine suffered a data breach that exposed over 200k customer records. Attributed to a legacy customer database, the data included physical and email addresses, names, phone numbers and dates of birth. Whilst the Tangerine…

Read more →

In February 2024, 200k Facebook Marketplace records allegedly obtained from a Meta contractor in October 2023 were posted to a popular hacking forum. The data contained 77k unique email addresses alongside names, phone numbers, Facebook profile IDs and geographic locations.…

Read more →

In January 2024, Spoutible had 207k records scraped from a misconfigured API that inadvertently returned excessive personal information. The data included names, usernames, email and IP addresses, phone numbers (where provided to the platform), genders and bcrypt password hashes. The…

Read more →

In November 2022, the Indonesian oil and gas company Pertamina suffered a data breach of their MyPertamina service. The incident exposed 44M records with 6M unique email addresses along with names, dates of birth, genders, physical addresses and purchases. This…

Read more →

In January 2024, data was scraped from Trello and posted for sale on a popular hacking forum. Containing over 15M email addresses, names and usernames, the data was obtained by enumerating a publicly accessible resource using email addresses from previous…

Read more →

In September 2023, over 100GB of stealer logs and credential stuffing lists titled "Naz.API" was posted to a popular hacking forum. The incident contained a combination of email address and plain text password pairs alongside the service they were entered…

Read more →

In December 2023, hundreds of gigabytes of data allegedly taken from Indian ISP and digital TV provider Hathway appeared on a popular hacking website. The incident exposed extensive personal information including 4.7M unique email addresses along with names, physical and…

Read more →

In October 2017, the now defunct Brazilian service for retrieving subtitles in Portuguese Legendas.TV suffered a data breach that exposed nearly 4M customer records. The impacted data included names, usernames, email and IP addresses and unsalted SHA-1 hashes. This article…

Read more →

In December 2023, the inflatable and balloon fetish videos website InflateVids suffered a data breach. The incident exposed over 13k unique email addresses alongside usernames, IP addresses, genders and SHA-1 password hashes. This article has been indexed from Have I…

Read more →

In July 2016, now defunct website Kaneva, the service to "build and explore virtual worlds", suffered a data breach that exposed 3.9M user records. The data included email addresses, usernames, dates of birth and salted MD5 password hashes. This article…

Read more →

In February 2021, the Indian streaming platform Gemplex suffered a data breach that exposed 4.6M user accounts. The impacted data included device information, names, phone numbers, email addresses and bcrypt password hashes. This article has been indexed from Have I…

Read more →

In December 2022, the Movie Forums website suffered a data breach that affected 40k users. The breach exposed email and IP addresses, usernames, dates of birth and passwords stored as easily crackable salted MD5 hashes. The data was subsequently posted…

Read more →