Tag: Have I Been Pwned latest breaches

Read the original article: WiziShop – 2,856,769 breached accounts In July 2020, the French e-commerce platform WiziShop suffered a data breach. The breach exposed 18GB worth of data including names, phone numbers, dates of birth, physical and IP addresses, SHA-1…

Read more →

Read the original article: Experian (South Africa) – 1,284,637 breached accounts In August 2020, Experian South Africa suffered a data breach which exposed the personal information of tens of millions of individuals. Only 1.3M of the records contained email addresses,…

Read more →

Read the original article: Experian (South Africa) – 1,284,637 breached accounts In August 2020, Experian South Africa suffered a data breach which exposed the personal information of tens of millions of individuals. Only 1.3M of the records contained email addresses,…

Read more →

Read the original article: LiveAuctioneers – 3,385,862 breached accounts In June 2020, the online antiques marketplace LiveAuctioneers suffered a data breach which was subsequently sold online then extensively redistributed in the hacking community. The data contained 3.4 million records including…

Read more →

Read the original article: Unico Campania – 166,031 breached accounts In August 2020, the Neapolitan public transport website Unico Campania was hacked and the data extensively circulated. The breach contained 166k user records with email addresses and plain text passwords.…

Read more →

Read the original article: Utah Gun Exchange – 235,233 breached accounts In July 2020, the Utah Gun Exchange website suffered a data breach which included several other associated websites. In total, 235k unique email addresses were exposed before being traded…

Read more →

Read the original article: Catho – 1,173,012 breached accounts In approximately March 2020, the Brazilian recruitment website Catho was compromised and subsequently appeared alongside 20 other breached websites listed for sale on a dark web marketplace. The breach included almost…

Read more →

Read the original article: Sonicbids – 751,700 breached accounts In December 2019, the booking website Sonicbids suffered a data breach which they attributed to "a data privacy event involving our third-party cloud hosting services". The breach contained 752k user records…

Read more →

Read the original article: ProctorU – 444,453 breached accounts In June 2020, the online exam service ProctorU suffered a data breach which was subsequently shared extensively across online hacking communities. The breach contained 444k user records including names, email and…

Read more →

Read the original article: Kreditplus – 768,890 breached accounts In June 2020, the Indonesian credit service Kreditplus suffered a data breach which exposed 896k records containing 769k unique email addresses. The breach exposed extensive personal information including names, family makeup,…

Read more →

Read the original article: Kreditplus – 768,890 breached accounts In June 2020, the Indonesian credit service Kreditplus suffered a data breach which exposed 896k records containing 769k unique email addresses. The breach exposed extensive personal information including names, family makeup,…

Read more →

Read the original article: TrueFire – 599,667 breached accounts In February 2020, the guitar tuition website TrueFire suffered a data breach which impacted 600k members. The breach exposed extensive personal information including names, email and physical addresses, account balances and…

Read more →

Read the original article: 집꾸미기 – 1,298,651 breached accounts In March 2020, the Korean interior decoration website ???? (Decorating the House) suffered a data breach which impacted almost 1.3 million members. Served via the URL ggumim.co.kr, the exposed data included…

Read more →

Read the original article: Vakinha – 4,775,203 breached accounts In June 2020, the Brazilian fund raising service Vakinha suffered a data breach which impacted almost 4.8 million members. The exposed data included email addresses, names, phone numbers, geographic locations and…

Read more →

Read the original article: Havenly – 1,369,180 breached accounts In June 2020, the interior design website Havenly suffered a data breach which impacted almost 1.4 million members of the service. The exposed data included email addresses, names, phone numbers, geographic…

Read more →

Read the original article: Swvl – 4,195,918 breached accounts In June 2020, the Egyptian bus operator Swvl suffered a data breach which impacted over 4 million members of the service. The exposed data included names, email addresses, phone numbers, profile…

Read more →

Read the original article: Appen – 5,888,405 breached accounts In June 2020, the AI training data company Appen suffered a data breach exposing the details of almost 5.9 million users which were subsequently sold online. Included in the breach were…

Read more →

Read the original article: Scentbird – 5,814,988 breached accounts In June 2020, the online fragrance service Scentbird suffered a data breach that exposed the personal information of over 5.8 million customers. Personal information including names, email addresses, genders, dates of…

Read more →

Read the original article: Chatbooks – 2,520,441 breached accounts In March 2020, the photo print service Chatbooks suffered a data breach which was subsequently put up for sale on a dark web marketplace. The breach contained 15 million user records…

Read more →

Read the original article: Dunzo – 3,465,259 breached accounts In approximately June 2019, the Indian delivery service Dunzo suffered a data breach. Exposing 3.5 million unique email addresses, the Dunzo breach also included names, phone numbers and IP addresses which…

Read more →

Read the original article: Drizly – 2,479,044 breached accounts In approximately July 2020, the US-based online alcohol delivery service Drizly suffered a data breach. The data was sold online before being extensively redistributed and contained 2.5 million unique email addresses…

Read more →

Read the original article: Hurb – 20,727,771 breached accounts In approximately March 2019, the online Brazilian travel agency Hurb (formerly Hotel Urbano) suffered a data breach. The data subsequently appeared online for download the following year and included over 20…

Read more →

Read the original article: Dave – 2,964,182 breached accounts In June 2020, the digital banking app Dave suffered a data breach which exposed 7.5 million rows of data and subsequently appeared for public download on a hacking forum. The breach…

Read more →

Read the original article: Promo – 14,610,585 breached accounts In July 2020, the self-proclaimed "World’s #1 Marketing Video Maker" Promo suffered a data breach which was then shared extensively on a hacking forum. The incident exposed 22 million records containing…

Read more →

Read the original article: Wattpad – 268,765,495 breached accounts In June 2020, the user-generated stories website Wattpad suffered a huge data breach that exposed almost 270 million records. The data was initially sold then published on a public hacking forum…

Read more →

Read the original article: Quidd – 3,805,863 breached accounts In 2019, online marketplace for trading stickers, cards, toys, and other collectibles Quidd suffered a data breach. The breach exposed almost 4 million users’ email addresses, usernames and passwords stored as…

Read more →

Read the original article: Quidd – 3,805,863 breached accounts In 2019, online marketplace for trading stickers, cards, toys, and other collectibles Quidd suffered a data breach. The breach exposed almost 4 million users’ email addresses, usernames and passwords stored as…

Read more →

Read the original article: Foodora – 582,578 breached accounts In April 2016, the online food delivery service Foodora suffered a data breach which was then extensively redistributed online. The breach included the personal information of hundreds of thousands of customers…

Read more →

Read the original article: Foodora – 582,578 breached accounts In April 2016, the online food delivery service Foodora suffered a data breach which was then extensively redistributed online. The breach included the personal information of hundreds of thousands of customers…

Read more →

Read the original article: Mathway – 25,692,862 breached accounts In January 2020, the math solving website Mathway suffered a data breach that exposed over 25M records. The data was subsequently sold on a dark web marketplace and included names, Google…

Read more →

Read the original article: Zoomcar – 3,589,795 breached accounts In July 2018, the Indian self-drive car rental company Zoomcar suffered a data breach which was subsequently sold on a dark web marketplace in 2020. The breach exposed over 3.5M records…

Read more →

Read the original article: Lead Hunter – 68,693,853 breached accounts In March 2020, a massive trove of personal information referred to as "Lead Hunter" was provided to HIBP after being found left exposed on a publicly facing Elasticsearch server. The…

Read more →

Read the original article: Wishbone (2020) – 9,705,172 breached accounts In January 2020, the mobile app to "compare anything" Wishbone suffered another data breach which followed their breach from 2016. An extensive amount of personal information including almost 10M unique…

Read more →

Read the original article: Wishbone (2020) – 9,705,172 breached accounts In January 2020, the mobile app to "compare anything" Wishbone suffered another data breach which followed their breach from 2016. An extensive amount of personal information including almost 10M unique…

Read more →

Read the original article: LiveJournal – 26,372,781 breached accounts In mid-2019, news broke of an alleged LiveJournal data breach. This followed multiple reports of credential abuse against Dreamwith beginning in 2018, a fork of LiveJournal with a significant crossover in…

Read more →

Read the original article: PetFlow – 990,919 breached accounts In December 2017, the pet care delivery service PetFlow suffered a data breach which consequently appeared for sale on a dark web marketplace. Almost 1M accounts were impacted and exposed email…

Read more →

Read the original article: Artsy – 1,079,970 breached accounts In April 2018, the online arts database Artsy suffered a data breach which consequently appeared for sale on a dark web marketplace. Over 1M accounts were impacted and included IP and…

Read more →

Read the original article: Lifebear – 3,670,561 breached accounts In early 2019, the Japanese schedule app Lifebear appeared for sale on a dark web marketplace amongst a raft of other hacked websites. The breach exposed almost 3.7M unique email addresses,…

Read more →

Read the original article: Nulled.ch – 43,491 breached accounts In May 2020, the hacking forum Nulled.ch was breached and the data published to a rival hacking forum. Over 43k records were compromised and included IP and email addresses, usernames and…

Read more →

Read the original article: Covve – 22,802,117 breached accounts In February 2020, a massive trove of personal information referred to as "db8151dd" was provided to HIBP after being found left exposed on a publicly facing Elasticsearch server. Later identified as…

Read more →

Read the original article: db8151dd – 22,802,117 breached accounts In February 2020, a massive trove of personal information referred to as "db8151dd" was provided to HIBP after being found left exposed on a publicly facing Elasticsearch server. The exposed data…

Read more →

Read the original article: Ulmon – 777,769 breached accounts In January 2020, the travel app creator Ulmon suffered a data breach. The service had almost 1.3M records with 777k unique email addresses, names, passwords stored as bcrypt hashes and in…

Read more →

Read the original article: Elanic – 2,325,283 breached accounts In January 2020, the Indian fashion marketplace Elanic had 2.8M records with 2.3M unique email addresses posted publicly to a popular hacking forum. Elanic confirmed that they had "verified the data…

Read more →

Read the original article: Elanic – 2,325,283 breached accounts In January 2020, the Indian fashion marketplace Elanic had 2.8M records with 2.3M unique email addresses posted publicly to a popular hacking forum. Elanic confirmed that they had "verified the data…

Read more →

Read the original article: TaiLieu – 7,327,477 breached accounts In November 2019, the Vietnamese education website TaiLieu allegedly suffered a data breach exposing 7.3M customer records. Impacted data included names and usernames, email addresses, dates of birth, genders and passwords…

Read more →

Read the original article: Tokopedia – 12,115,583 breached accounts In April 2020, Indonesia’s largest online store Tokopedia suffered a data breach. The incident resulted in 15M rows of data (allegedly a subset of the complete breach) being posted to a…

Read more →

Read the original article: Vianet – 94,353 breached accounts In April 2020, the Nepalese internet service provider Vianet suffered a data breach. The attack on the ISP led to the exposure of 177k customer records including 94k unique email addresses.…

Read more →

Read the original article: Vianet – 94,353 breached accounts In April 2020, the Nepalese internet service provider Vianet suffered a data breach. The attack on the ISP led to the exposure of 177k customer records including 94k unique email addresses.…

Read more →

Read the original article: Aptoide – 20,012,235 breached accounts In April 2020, the independent Android app store Aptoide suffered a data breach. The incident resulted in the exposure of 20M customer records which were subsequently shared online via a popular…

Read more →

Read the original article: Aptoide – 20,012,235 breached accounts In April 2020, the independent Android app store Aptoide suffered a data breach. The incident resulted in the exposure of 20M customer records which were subsequently shared online via a popular…

Read more →

In January 2020, the Spanish mobile phone forum HTC Mania suffered a data breach of the vBulletin based site. The incident exposed 1.5M member email addresses, usernames, IP addresses, dates of birth and salted MD5 password hashes and password histories.…

Read more →

In January 2020, the Spanish mobile phone forum HTC Mania suffered a data breach of the vBulletin based site. The incident exposed 1.5M member email addresses, usernames, IP addresses, dates of birth and salted MD5 password hashes. Data from the…

Read more →

In April 2020, the account hijacking and SIM swapping forum OGUsers suffered their second data breach in less than a year. As with the previous breach, the exposed data included email and IP addresses, usernames, private messages and passwords stored…

Read more →

In March 2017, the Flash game based on the Yu-Gi-Oh trading card game Dueling Network suffered a data breach. The site itself was taken offline in 2016 due to a cease-and-desist order but the forum remained online for another year.…

Read more →

In March 2017, the Flash game based on the Yu-Gi-Oh trading card game Dueling Network suffered a data breach. The site itself was taken offline in 2016 due to a cease-and-desist order but the forum remained online for another year.…

Read more →

In February 2020, the affiliate marketing network Tamodo suffered a data breach which was subsequently shared on a popular hacking forum. The incident exposed almost 500k accounts including names, email addresses, dates of birth and passwords stored as bcrypt hashes.…

Read more →

In January 2018, the Indian property website PropTiger suffered a data breach which resulted in a 3.46GB database file being exposed and subsequently shared extensively on a popular hacking forum 2 years later. The exposed data contained both user records…

Read more →

In September 2019, the Halloween costume store The Halloween Spot suffered a data breach. Originally misattributed to fancy dress store Smiffys, the breach contained 13GB of data with over 10k unique email addresses alongside names, physical and IP addresses, phone…

Read more →

In September 2019, the Halloween costume store The Halloween Spot suffered a data breach. Originally misattributed to fancy dress store Smiffys, the breach contained 13GB of data with over 10k unique email addresses alongside names, physical and IP addresses, phone…

Read more →

In February 2020, the gaming website AnimeGame suffered a data breach. The incident affected 1.4M subscribers and exposed email addresses, usernames and passwords stored as salted MD5 hashes. The data was subsequently shared on a popular hacking forum and was…

Read more →

In February 2020, the gaming website AnimeGame suffered a data breach. The incident affected 1.4M subscribers and exposed email addresses, usernames and passwords stored as salted MD5 hashes. The data was subsequently shared on a popular hacking forum and was…

Read more →

In February 2020, Israeli marketing company Straffic exposed a database with 140GB of personal data. The publicly accessible Elasticsearch database contained over 300M rows with 49M unique email addresses. Exposed data also included names, phone numbers, physical addresses and genders.…

Read more →

In February 2020, the online store for consumer electronics wraps Slickwraps suffered a data breach. The incident resulted in the exposure of 858k unique email addresses across customer records and newsletter subscribers. Additional impacted data included names, physical addresses, phone…

Read more →

In July 2017, MGM Resorts discovered a data breach of one of their cloud services. The breach included more than 10M guest records with 3.1M unique email addresses stemming back to 2017. The exposed data included email and physical addresses,…

Read more →

In approximately January 2018, a collection of more than 464k customer records from the Indian online retailer DailyObjects were leaked online. The data included names, physical and email addresses, phone numbers and "pincodes" stored in plain text. After multiple attempts…

Read more →

In approximately January 2018, a collection of more than 464k customer records from the Indian online retailer DailyObjects were leaked online. The data included names, physical and email addresses, phone numbers and "pincodes" stored in plain text. After multiple attempts…

Read more →

In approximately September 2014, the now defunct social networking service Tout suffered a data breach. The breach subsequently appeared years later and included 653k unique email addresses, names, IP addresses, the location of the user, their bio and passwords stored…

Read more →

In August 2019, the now defunct European jobs website europa.jobs (Google cache link) suffered a data breach. The incident exposed 226k unique email addresses alongside extensive personal information including names, dates of birth, job applications and passwords. The data was…

Read more →

In August 2019, the now defunct European jobs website europa.jobs (Google cache link) suffered a data breach. The incident exposed 226k unique email addresses alongside extensive personal information including names, dates of birth, job applications and passwords. The data was…

Read more →

In approximately July 2019, the forums for the Planet Calypso game suffered a data breach. The breach of the vBulletin based forum exposed email and IP addresses, usernames and passwords stored as salted MD5 hashes.   Advertise on IT Security…

Read more →

In December 2019, a large collection of data from Nigerian gambling company Surebet247 was sent to HIBP. Alongside the Surebet247, database backups from gambling sites BetAlfa, BetWay, BongoBongo and TopBet was also included. Further investigation implicated betting platform provider BtoBet…

Read more →

In approximately October 2015, the manga website Go Games suffered a data breach. The exposed data included 3.4M customer records including email and IP addresses, usernames and passwords stored as salted MD5 hashes. Go Games did not respond when contacted…

Read more →

In November 2019, the website for Indian Rail left more than 2M records exposed on an unprotected Firebase database instance. The exposed data included 583k unique email addresses alongside usernames and passwords stored in plain text.   Advertise on IT…

Read more →

In approximately November 2019, the Russian "Remote preparatory faculty for IT specialties" Universarium suffered a data breach. The incident exposed 565k email addresses and passwords in plain text. Universarium did not respond to multiple attempts to make contact over a…

Read more →