Tag: Have I Been Pwned latest breaches

In April 2024, 86k records from the T2 tea store were posted to a popular hacking forum. Data included email and physical addresses, names, phone numbers, dates of birth, purchases and passwords stored as scrypt hashes. This article has been…

Read more →

In April 2024, the French underwear maker Le Slip Français suffered a data breach. The breach included 1.5M email addresses, physical addresses, names and phone numbers. This article has been indexed from Have I Been Pwned latest breaches Read the…

Read more →

In March 2024, Canadian discount store Giant Tiger suffered a data breach that exposed 2.8M customer records. Attributed to a vendor of the retailer, the breach included physical and email addresses, names and phone numbers. This article has been indexed…

Read more →

In April 2024, nearly 6 million records of Salvadoran citizens were published to a popular hacking forum. The data included names, dates of birth, phone numbers, physical addresses and nearly 1M unique email addresses. Further, over 5M corresponding profile photos…

Read more →

In February 2024, the paid survey website SurveyLama suffered a data breach that exposed 4.4M customer email addresses. The incident also exposed names, physical and IP addresses, phone numbers, dates of birth and passwords stored as either salted SHA-1, bcrypt…

Read more →

In March 2024, 1.3M unique email addresses from the online store for purchasing goods from China, Pandabuy, were posted to a popular hacking forum. The data also included IP and physical addresses, names, phone numbers and order enquiries. The breach…

Read more →

In June 2023, the Tacoma-Pierce County Health Department announced a data breach of their Washington State Food Worker Card online training system. The breach was published to a popular hacking forum the year before and dated back to a 2018…

Read more →

In March 2024, English Cricket’s icoachcricket website suffered a data breach that exposed over 40k records. The data included email addresses and passwords stored as either bcrypt hashes, salted MD5 hashes or both. The data was provided to HIBP by…

Read more →

In July 2022, the direct download website Exvagos suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 2.1M unique email addresses along with IP addresses, usernames, dates of birth and…

Read more →

In August 2016, breached data from the vBulletin forum for GSM-Hosting appeared for sale alongside dozens of other hacked services. The breach impacted 2.6M users of the service and included email and IP addresses, usernames and salted MD5 password hashes.…

Read more →

In January 2019, the now defunct MMO and RPG game SwordFantasy suffered a data breach that exposed 2.7M unique email addresses. Other impacted data included username, IP address and salted MD5 password hashes. This article has been indexed from Have…

Read more →

In March 2024, millions of rows of data from the New Zealand media company MediaWorks was publicly posted to a popular hacking forum. The incident exposed 163k unique email addresses provided by visitors who filled out online competitions and included…

Read more →

In March 2024, tens of millions of records allegedly breached from AT&T were posted to a popular hacking forum. Dating back to August 2021, the data was originally posted for sale before later being freely released. AT&T maintains that there…

Read more →

In March 2024, tens of millions of records allegedly breached from AT&T were posted to a popular hacking forum. Dating back to August 2021, the data was originally posted for sale before later being freely released. AT&T maintains that there…

Read more →

In September 2022, the online photo sharing platform ClickASnap suffered a data breach. The incident exposed almost 3.3M personal records including email addresses, usernames and passwords stored as SHA-512 hashes. Further, a collection of paid subscriptions were also included and…

Read more →

In September 2022, over 500k customer records from the Indian e-commerce service Flipkart appeared on a popular hacking forum. The breach exposed email addresses, latitudes and longitudes, names and phone numbers. This article has been indexed from Have I Been…

Read more →

In August 2021, the Brazilian fast food company "Habib’s" suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 3.5M unique email addresses along with IP addresses, names, phone numbers, dates…

Read more →

In September 2022, the Taiwanese Android forum APK.TW suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 2.5M unique email addresses along with IP addresses, usernames and salted MD5 password…

Read more →

In September 2022, the Russian e-commerce website Online Trade (Онлайн Трейд) suffered a data breach that exposed 3.8M customer records. The data included email and IP addresses, names, phone numbers, dates of birth and MD5 password hashes. This article has…

Read more →

In March 2024, WoTLabs (World of Tanks Statistics and Resources) suffered a data breach and and website defacement attributed to "chromebook breachers". The breach exposed 22k forum members’ personal data including email and IP addresses, usernames, dates of birth and…

Read more →

In March 2024, the online games community Mr. Green Gaming suffered a data breach that exposed 27k user records. Acknowledged on their Discord server, the incident exposed email and IP addresses, usernames, geographic locations and dates of birth. This article…

Read more →

In March 2024, the online games community Mr. Green Gaming suffered a data breach that exposed 27k user records. Acknowledged on their Discord server, the incident exposed email and IP addresses, usernames, geographic locations and dates of birth. This article…

Read more →

In February 2024, the AI-powered visual design platform Cutout.Pro suffered a data breach that exposed 20M records. The data included email and IP addresses, names and salted MD5 password hashes which were subsequently broadly distributed on a popular hacking forum…

Read more →

In February 2024, the Australian Telco Tangerine suffered a data breach that exposed over 200k customer records. Attributed to a legacy customer database, the data included physical and email addresses, names, phone numbers and dates of birth. Whilst the Tangerine…

Read more →

In February 2024, 200k Facebook Marketplace records allegedly obtained from a Meta contractor in October 2023 were posted to a popular hacking forum. The data contained 77k unique email addresses alongside names, phone numbers, Facebook profile IDs and geographic locations.…

Read more →

In January 2024, Spoutible had 207k records scraped from a misconfigured API that inadvertently returned excessive personal information. The data included names, usernames, email and IP addresses, phone numbers (where provided to the platform), genders and bcrypt password hashes. The…

Read more →

In November 2022, the Indonesian oil and gas company Pertamina suffered a data breach of their MyPertamina service. The incident exposed 44M records with 6M unique email addresses along with names, dates of birth, genders, physical addresses and purchases. This…

Read more →

In January 2024, data was scraped from Trello and posted for sale on a popular hacking forum. Containing over 15M email addresses, names and usernames, the data was obtained by enumerating a publicly accessible resource using email addresses from previous…

Read more →

In September 2023, over 100GB of stealer logs and credential stuffing lists titled "Naz.API" was posted to a popular hacking forum. The incident contained a combination of email address and plain text password pairs alongside the service they were entered…

Read more →

In December 2023, hundreds of gigabytes of data allegedly taken from Indian ISP and digital TV provider Hathway appeared on a popular hacking website. The incident exposed extensive personal information including 4.7M unique email addresses along with names, physical and…

Read more →

In October 2017, the now defunct Brazilian service for retrieving subtitles in Portuguese Legendas.TV suffered a data breach that exposed nearly 4M customer records. The impacted data included names, usernames, email and IP addresses and unsalted SHA-1 hashes. This article…

Read more →

In December 2023, the inflatable and balloon fetish videos website InflateVids suffered a data breach. The incident exposed over 13k unique email addresses alongside usernames, IP addresses, genders and SHA-1 password hashes. This article has been indexed from Have I…

Read more →

In July 2016, now defunct website Kaneva, the service to "build and explore virtual worlds", suffered a data breach that exposed 3.9M user records. The data included email addresses, usernames, dates of birth and salted MD5 password hashes. This article…

Read more →

In February 2021, the Indian streaming platform Gemplex suffered a data breach that exposed 4.6M user accounts. The impacted data included device information, names, phone numbers, email addresses and bcrypt password hashes. This article has been indexed from Have I…

Read more →

In December 2022, the Movie Forums website suffered a data breach that affected 40k users. The breach exposed email and IP addresses, usernames, dates of birth and passwords stored as easily crackable salted MD5 hashes. The data was subsequently posted…

Read more →

In December 2019, the forum for the JoyGames website suffered a data breach that exposed 4.5M unique email addresses. The impacted data also included usernames, IP addresses and salted MD5 password hashes. This article has been indexed from Have I…

Read more →

In December 2022, India’s government-approved online travel agency RailYatri suffered a data breach. The incident impacted over 31M customers and exposed 23M unique email addresses. Also impacted were names, genders, phone numbers and tickets purchased, including travel information and fares.…

Read more →

In December 2019, the now defunct gaming website SoarGames suffered a data breach that exposed 4.8M unique email addresses. The impacted data included usernames, email and IP addresses and salted MD5 password hashes. A significant number of the email addresses…

Read more →

In December 2019, the now defunct German gaming website Go Ninja suffered a data breach that exposed 5M unique email addresses. The impacted data included usernames, email and IP addresses and salted MD5 password hashes. More than 4M of the…

Read more →

In February 2019, the Brazilian book store Estante Virtual suffered a data breach that impacted 5.4M customers. The exposed data included names, usernames, email and physical addresses, phone numbers, dates of birth and unsalted SHA-1 password hashes. This article has…

Read more →

In 2015, the now defunct independent forum for the Bleach Anime series suffered a data breach that exposed 144k user records. The impacted data included usernames, email addresses and salted MD5 password hashes. This article has been indexed from Have…

Read more →

In mid-2021, reports emerged of a data breach of Indonesia’s telecommunications company, IndiHome. Over 26M rows of data alleged to have been sourced from the company was posted to a popular hacking forum and contained 12.6M unique email addresses alongside…

Read more →

In July 2021, the online Indonesian watch store, Jam Tangan (AKA Machtwatch), suffered a data breach that exposed over 400k customer records which were subsequently posted to a popular hacking forum. The data included email and IP addresses, names, phone…

Read more →

In November 2023, the kitchen management application KitchenPal suffered a data breach that exposed 146k lines of data. When contacted about the incident, KitchenPal advised the corpus of data came from a staging environment, although acknowledged it contained a small…

Read more →

In approximately 2013, the maker of the Draw Something game OMGPOP suffered a data breach. Formerly known as i’minlikewithyou or iilwy and later purchased by Zynga, the breach exposed over 7M email address and plain text password pairs which were…

Read more →

In mid-2020, a 437GB corpus of data attributed to an entity named "Acuity" was created and later extensively distributed. However, the source could not be confidently verified as any known companies named Acuity. The data totalled over 14M unique email…

Read more →

In mid-2020, a 437GB corpus of data attributed to an entity named "Acuity" was created and later extensively distributed. However, the source could not be confidently verified as any known companies named Acuity. The data totalled over 14M unique email…

Read more →

In November 2022, the Moroccan e-commerce service Avito suffered a data breach that exposed the personal information of 2.7M customers. The data included name, email, phone, IP address and geographic location. This article has been indexed from Have I Been…

Read more →

In November 2023, over 800k user records were scraped from the Chess website and posted to a popular hacking forum. The data included email address, name, username and the geographic location of the user. This article has been indexed from…

Read more →

In November 2023, a post to a popular hacking forum alleged that millions of LinkedIn records had been scraped and leaked. On investigation, the data turned out to be a combination of legitimate data scraped from LinkedIn and email addresses…

Read more →

In November 2023, a post to a popular hacking forum alleged that millions of LinkedIn records had been scraped and leaked. On investigation, the data turned out to be a combination of legitimate data scraped from LinkedIn and email addresses…

Read more →

In December 2020, India’s "largest esports community" GamingMonk (since acquired by and redirected to MPL Esports), suffered a data breach. The incident exposed 655k unique email addresses along with names, usernames, phone numbers, dates of birth and bcrypt password hashes.…

Read more →

In October 2021, data from the German fitness supplies store Fitmart was obtained and later redistributed online. The data included 214k unique email addresses accompanied by plain text passwords, allegedly "dehashed" from the original stored version. This article has been…

Read more →

In December 2019, the now defunct gaming platform GameSprite suffered a data breach that exposed over 6M unique email addresses. The impacted data also included usernames, IP addresses and salted MD5 password hashes. This article has been indexed from Have…

Read more →

In December 2019, the now defunct gaming platform GameSprite suffered a data breach that exposed over 6M unique email addresses. The impacted data also included usernames, IP addresses and salted MD5 password hashes. This article has been indexed from Have…

Read more →

In mid-2022, "the ultimate hub of memes" MemeChat suffered a data breach that exposed 7.4M records. Alleged to be due to a misconfigured Elasticsearch instance, the data contained 4.3M unique email addresses alongside usernames. This article has been indexed from…

Read more →

In October 2023, the Japanese consultancy firm Toumei suffered a data breach. The breach exposed over 100M lines and 10GB of data including 77k unique email addresses along with names, phone numbers and physical addresses. This article has been indexed…

Read more →