LinkedIn Scraped Data - 125,698,496 breached accounts

2 months ago 264

Here's an overview of the assorted breaches that person been consolidated into this Have I Been Pwned. These are accessible programmatically via the HIBP API and besides via the RSS feed.


000webhost logo

000webhost

In astir March 2015, the escaped web hosting supplier 000webhost suffered a large information breach that exposed astir 15 cardinal lawsuit records. The information was sold and traded earlier 000webhost was alerted successful October. The breach included names, email addresses and plain substance passwords.

Breach date: 1 March 2015
Date added to HIBP: 26 October 2015
Compromised accounts: 14,936,670
Compromised data: Email addresses, IP addresses, Names, Passwords
Permalink


123RF logo

123RF

In March 2020, the banal photograph tract 123RF suffered a information breach which impacted implicit 8 cardinal subscribers and was subsequently sold online. The breach included email, IP and carnal addresses, names, telephone numbers and passwords stored arsenic MD5 hashes. The information was provided to HIBP by dehashed.com.

Breach date: 22 March 2020
Date added to HIBP: 15 November 2020
Compromised accounts: 8,661,578
Compromised data: Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Usernames
Permalink


126 logo

126

In astir 2012, it's alleged that the Chinese email work known arsenic 126 suffered a information breach that impacted 6.4 cardinal subscribers. Whilst determination is grounds that the information is legitimate, owed to the trouble of emphatically verifying the Chinese breach it has been flagged arsenic "unverified". The information successful the breach contains email addresses and plain substance passwords. Read much astir Chinese information breaches successful Have I Been Pwned.

Breach date: 1 January 2012
Date added to HIBP: 8 October 2016
Compromised accounts: 6,414,191
Compromised data: Email addresses, Passwords
Permalink


17 logo

17

In April 2016, lawsuit information obtained from the streaming app known arsenic "17" appeared listed for merchantability connected a Tor hidden work marketplace. The information contained implicit 4 cardinal unsocial email addresses on with IP addresses, usernames and passwords stored arsenic unsalted MD5 hashes.

Breach date: 19 April 2016
Date added to HIBP: 8 July 2016
Compromised accounts: 4,009,640
Compromised data: Device information, Email addresses, IP addresses, Passwords, Usernames
Permalink


17173 logo


2,844 Separate Data Breaches logo

2,844 Separate Data Breaches

In February 2018, a monolithic postulation of astir 3,000 alleged information breaches was recovered online. Whilst immoderate of the information had antecedently been seen successful Have I Been Pwned, 2,844 of the files consisting of much than 80 cardinal unsocial email addresses had not antecedently been seen. Each record contained some an email code and plain substance password and were consequently loaded arsenic a azygous "unverified" information breach.

Breach date: 19 February 2018
Date added to HIBP: 26 February 2018
Compromised accounts: 80,115,532
Compromised data: Email addresses, Passwords
Permalink


2fast4u logo

2fast4u

In December 2017, the Belgian motorcycle forum 2fast4u discovered a information breach of their system. The breach of the vBulletin connection committee impacted implicit 17k idiosyncratic users and exposed email addresses, usersnames and salted MD5 passwords.

Breach date: 20 December 2017
Date added to HIBP: 7 January 2018
Compromised accounts: 17,706
Compromised data: Email addresses, Passwords, Usernames
Permalink


500px logo

500px

In mid-2018, the online photography assemblage 500px suffered a information breach. The incidental exposed astir 15 cardinal unsocial email addresses alongside names, usernames, genders, dates of commencement and either an MD5 oregon bcrypt password hash. In 2019, the information appeared listed for merchantability connected a acheronian web marketplace (along with respective different ample breaches) and subsequently began circulating much broadly. The information was provided to HIBP by a root who requested it to beryllium attributed to "[email protected]".

Breach date: 5 July 2018
Date added to HIBP: 25 March 2019
Compromised accounts: 14,867,999
Compromised data: Dates of birth, Email addresses, Genders, Geographic locations, Names, Passwords, Usernames
Permalink


7k7k logo

7k7k

In astir 2011, it's alleged that the Chinese gaming tract known arsenic 7k7k suffered a information breach that impacted 9.1 cardinal subscribers. Whilst determination is grounds that the information is legitimate, owed to the trouble of emphatically verifying the Chinese breach it has been flagged arsenic "unverified". The information successful the breach contains usernames, email addresses and plain substance passwords. Read much astir Chinese information breaches successful Have I Been Pwned.

Breach date: 1 January 2011
Date added to HIBP: 26 September 2017
Compromised accounts: 9,121,434
Compromised data: Email addresses, Passwords, Usernames
Permalink


8fit logo

8fit

In July 2018, the wellness and fittingness work 8fit suffered a information breach. The information subsequently appeared for merchantability connected a acheronian web marketplace successful February 2019 and included implicit 15M unsocial email addresses alongside names, genders, IP addresses and passwords stored arsenic bcrypt hashes. The information was provided to HIBP by dehashed.com.

Breach date: 1 July 2018
Date added to HIBP: 21 March 2019
Compromised accounts: 15,025,407
Compromised data: Email addresses, Genders, Geographic locations, IP addresses, Names, Passwords
Permalink


8tracks logo

8tracks

In June 2017, the online playlists work known arsenic 8Tracks suffered a information breach which impacted 18 cardinal accounts. In their disclosure, 8Tracks advised that "the vector for the onslaught was an employee’s GitHub account, which was not secured utilizing two-factor authentication". Salted SHA-1 password hashes for users who didn't motion up with either Google oregon Facebook authentication were besides included. The information was provided to HIBP by whitehat information researcher and information expert Adam Davies and contained astir 8 cardinal unsocial email addresses. The implicit acceptable of 18M records was aboriginal provided by [email protected] and updated successful HIBP accordingly.

Breach date: 27 June 2017
Date added to HIBP: 16 February 2018
Compromised accounts: 17,979,961
Compromised data: Email addresses, Passwords
Permalink


Abandonia logo

Abandonia

In November 2015, the gaming website dedicated to classical DOS games Abandonia suffered a information breach resulting successful the vulnerability of 776k unsocial idiosyncratic records. The information contained email and IP addresses, usernames and salted MD5 hashes of passwords.

Breach date: 1 November 2015
Date added to HIBP: 5 June 2017
Compromised accounts: 776,125
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


AbuseWith.Us logo

AbuseWith.Us

In 2016, the tract dedicated to helping radical hack email and online gaming accounts known arsenic Abusewith.us suffered aggregate information breaches. The tract allegedly had an head successful communal with the nefarious LeakedSource site, some of which person since been unopen down. The exposed information included much than 1.3 cardinal unsocial email addresses, often accompanied by usernames, IP addresses and plain substance oregon hashed passwords retrieved from assorted sources and intended to beryllium utilized to compromise the victims' accounts.

Breach date: 1 July 2016
Date added to HIBP: 9 October 2017
Compromised accounts: 1,372,550
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


Acne.org logo

Acne.org

In November 2014, the acne website acne.org suffered a information breach that exposed implicit 430k forum members' accounts. The information was being actively traded connected underground forums and included email addresses, commencement dates and passwords.

Breach date: 25 November 2014
Date added to HIBP: 6 March 2016
Compromised accounts: 432,943
Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames
Permalink


Adapt logo

Adapt

In November 2018, security researcher Bob Diachenko identified an unprotected database hosted by information aggregator "Adapt". A supplier of "Fresh Quality Contacts", the work exposed implicit 9.3M unsocial records of individuals and leader accusation including their names, employers, occupation titles, interaction accusation and information relating to the leader including organisation description, size and revenue. No effect was received from Adapt erstwhile contacted.

Breach date: 5 November 2018
Date added to HIBP: 22 November 2018
Compromised accounts: 9,363,740
Compromised data: Email addresses, Employers, Job titles, Names, Phone numbers, Physical addresses, Social media profiles
Permalink


Adobe logo

Adobe

In October 2013, 153 cardinal Adobe accounts were breached with each containing an interior ID, username, email, encrypted password and a password hint successful plain text. The password cryptography was poorly done and many were rapidly resolved backmost to plain text. The unencrypted hints besides disclosed overmuch astir the passwords adding further to the hazard that hundreds of millions of Adobe customers already faced.

Breach date: 4 October 2013
Date added to HIBP: 4 December 2013
Compromised accounts: 152,445,165
Compromised data: Email addresses, Password hints, Passwords, Usernames
Permalink


Adult FriendFinder (2015) logo

Adult FriendFinder (2015)

In May 2015, the big hookup tract Adult FriendFinder was hacked and astir 4 cardinal records dumped publicly. The information dump included highly delicate idiosyncratic accusation astir individuals and their narration statuses and intersexual preferences combined with personally identifiable information.

Breach date: 21 May 2015
Date added to HIBP: 22 May 2015
Compromised accounts: 3,867,997
Compromised data: Dates of birth, Email addresses, Genders, Geographic locations, IP addresses, Races, Relationship statuses, Sexual orientations, Spoken languages, Usernames
Permalink


Adult FriendFinder (2016) logo

Adult FriendFinder (2016)

In October 2016, the big amusement institution Friend Finder Networks suffered a monolithic information breach. The incidental impacted aggregate abstracted online assets owned by the company, the largest of which was the Adult FriendFinder website alleged to beryllium "the world's largest enactment & swinger community". Exposed information included usernames, passwords stored arsenic SHA-1 hashes and 170 cardinal unsocial email addresses. This incidental is abstracted to the 2015 information breach Adult FriendFinder besides suffered. The information was provided to HIBP by dehashed.com.

Breach date: 16 October 2016
Date added to HIBP: 6 February 2020
Compromised accounts: 169,746,810
Compromised data: Email addresses, Passwords, Spoken languages, Usernames
Permalink


Adult-FanFiction.Org logo

Adult-FanFiction.Org

In May 2018, the website for sharing adult-orientated works of fabrication known arsenic Adult-FanFiction.Org had 186k records exposed successful a information breach. The information contained names, email addresses, dates of commencement and passwords stored arsenic both MD5 hashes and plain text. AFF did not respond erstwhile contacted astir the breach and the tract was antecedently reported arsenic compromised connected the Vigilante.pw breached database directory.

Breach date: 30 May 2018
Date added to HIBP: 6 August 2018
Compromised accounts: 186,082
Compromised data: Dates of birth, Email addresses, Names, Passwords
Permalink


AerServ logo

AerServ

In April 2018, the advertisement absorption level known arsenic AerServ suffered a information breach. Acquired by InMobi earlier successful the year, the AerServ breach impacted implicit 66k unsocial email addresses and besides included interaction accusation and passwords stored arsenic salted SHA-512 hashes. The information was publically posted to Twitter aboriginal successful 2018 aft which InMobi was notified and advised they were alert of the incident.

Breach date: 1 April 2018
Date added to HIBP: 6 December 2018
Compromised accounts: 66,308
Compromised data: Email addresses, Employers, Job titles, Names, Passwords, Phone numbers, Physical addresses
Permalink


AgusiQ-Torrents.pl logo

AgusiQ-Torrents.pl

In September 2019, Polish torrent tract AgusiQ-Torrents.pl suffered a information breach. The incidental exposed 90k subordinate records including email and IP addresses, usernames and passwords stored arsenic MD5 hashes.

Breach date: 24 September 2019
Date added to HIBP: 4 December 2019
Compromised accounts: 90,478
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


AhaShare.com logo

AhaShare.com

In May 2013, the torrent tract AhaShare.com suffered a breach which resulted successful much than 180k idiosyncratic accounts being published publicly. The breach included a raft of idiosyncratic accusation connected registered users positive contempt assertions of not distributing personally identifiable information, the tract besides leaked the IP addresses utilized by the registered identities.

Breach date: 30 May 2013
Date added to HIBP: 6 November 2014
Compromised accounts: 180,468
Compromised data: Email addresses, Genders, Geographic locations, IP addresses, Partial dates of birth, Passwords, Usernames, Website activity
Permalink


ai.type logo

ai.type

In December 2017, the virtual keyboard exertion ai.type was recovered to person near a immense magnitude of information publically facing successful an unsecured MongoDB instance. Discovered by researchers astatine The Kromtech Security Center, the 577GB information acceptable included extended idiosyncratic accusation including implicit 20 cardinal unsocial email addresses, societal media profiles and code publication contacts. The email addresses unsocial were provided to HIBP to alteration impacted users to measure their exposure.

Breach date: 5 December 2017
Date added to HIBP: 8 December 2017
Compromised accounts: 20,580,060
Compromised data: Address publication contacts, Apps installed connected devices, Cellular web names, Dates of birth, Device information, Email addresses, Genders, Geographic locations, IMEI numbers, IMSI numbers, IP addresses, Names, Phone numbers, Profile photos, Social media profiles
Permalink


Aipai.com logo

Aipai.com

In September 2016, information allegedly obtained from the Chinese gaming website known arsenic Aipai.com and containing 6.5M accounts was leaked online. Whilst determination is grounds that the information is legitimate, owed to the trouble of emphatically verifying the Chinese breach it has been flagged arsenic "unverified". The information successful the breach contains email addresses and MD5 password hashes. Read much astir Chinese information breaches successful Have I Been Pwned.

Breach date: 27 September 2016
Date added to HIBP: 7 November 2016
Compromised accounts: 6,496,778
Compromised data: Email addresses, Passwords
Permalink


Ajarn logo

Ajarn

In September 2021, the Thai-based English connection teaching website Ajarn discovered they'd been the unfortunate of a information breach dating backmost to December 2018. The breach was self-submitted to HIBP and included 266k email addresses, names, genders, telephone numbers and different idiosyncratic information. Hashed passwords were besides impacted successful the breach.

Breach date: 13 December 2018
Date added to HIBP: 26 September 2021
Compromised accounts: 266,399
Compromised data: Dates of birth, Education levels, Email addresses, Genders, Geographic locations, Job applications, Marital statuses, Names, Nationalities, Passwords, Phone numbers, Profile photos
Permalink


AKP Emails logo


Ancestry logo

Ancestry

In November 2015, an Ancestry work known arsenic RootsWeb suffered a information breach. The breach was not discovered until precocious 2017 erstwhile a record containing astir 300k email addresses and plain substance passwords was identified.

Breach date: 7 November 2015
Date added to HIBP: 24 December 2017
Compromised accounts: 297,806
Compromised data: Email addresses, Passwords
Permalink


Android Forums logo

Android Forums

In October 2011, the Android Forums website was hacked and 745k idiosyncratic accounts were subsequently leaked publicly. The compromised information included email addresses, idiosyncratic commencement dates and passwords stored arsenic a salted MD5 hash.

Breach date: 30 October 2011
Date added to HIBP: 20 December 2015
Compromised accounts: 745,355
Compromised data: Dates of birth, Email addresses, Homepage URLs, Instant messenger identities, IP addresses, Passwords
Permalink


Animal Jam logo

Animal Jam

In October 2020, the online crippled for kids Animal Jam suffered a information breach which was subsequently shared done online hacking communities the pursuing month. The information contained 46 cardinal idiosyncratic accounts with implicit 7 cardinal unsocial email addresses. Impacted information besides included usernames, IP addresses and for immoderate records, dates of commencement (sometimes successful partial form), carnal addresses, genitor names and passwords stored arsenic PBKDF2 hashes.

Breach date: 12 October 2020
Date added to HIBP: 12 November 2020
Compromised accounts: 7,104,998
Compromised data: Dates of birth, Email addresses, Genders, IP addresses, Names, Passwords, Physical addresses, Usernames
Permalink


AnimeGame logo

AnimeGame

In February 2020, the gaming website AnimeGame suffered a information breach. The incidental affected 1.4M subscribers and exposed email addresses, usernames and passwords stored arsenic salted MD5 hashes. The information was subsequently shared connected a fashionable hacking forum and was provided to HIBP by dehashed.com.

Breach date: 27 February 2020
Date added to HIBP: 9 March 2020
Compromised accounts: 1,431,378
Compromised data: Email addresses, Passwords, Usernames
Permalink


Anime-Planet logo

Anime-Planet

In astir 2016, the anime website Anime-Planet suffered a information breach that impacted 369k subscribers. The exposed information included usernames, IP and email addresses, dates of commencement and passwords stored arsenic unsalted MD5 hashes and for newer accounts, bcrypt hashes. The information was provided to HIBP by dehashed.com.

Breach date: 1 January 2016
Date added to HIBP: 28 July 2019
Compromised accounts: 368,507
Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames
Permalink


Animoto logo

Animoto

In July 2018, the cloud-based video making work Animoto suffered a information breach. The breach exposed 22 cardinal unsocial email addresses alongside names, dates of birth, state of root and salted password hashes. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".

Breach date: 10 July 2018
Date added to HIBP: 18 July 2019
Compromised accounts: 22,437,749
Compromised data: Dates of birth, Email addresses, Geographic locations, Names, Passwords
Permalink


Anti Public Combo List logo

Anti Public Combo List

In December 2016, a immense database of email code and password pairs appeared successful a "combo list" referred to arsenic "Anti Public". The database contained 458 cardinal unsocial email addresses, galore with aggregate antithetic passwords hacked from assorted online systems. The database was broadly circulated and utilized for "credential stuffing", that is attackers employment it successful an effort to place different online systems wherever the relationship proprietor had reused their password. For elaborate inheritance connected this incident, work Password reuse, credential stuffing and different cardinal records successful Have I Been Pwned.

Breach date: 16 December 2016
Date added to HIBP: 4 May 2017
Compromised accounts: 457,962,538
Compromised data: Email addresses, Passwords
Permalink


Apollo logo

Apollo

In July 2018, the income engagement startup Apollo near a database containing billions of information points publically exposed without a password. The information was discovered by information researcher Vinny Troia who subsequently sent a subset of the information containing 126 cardinal unsocial email addresses to Have I Been Pwned. The information near exposed by Apollo was utilized successful their "revenue acceleration platform" and included idiosyncratic accusation specified arsenic names and email addresses arsenic good arsenic nonrecreational accusation including places of employment, the roles radical clasp and wherever they're located. Apollo stressed that the exposed information did not see delicate accusation specified arsenic passwords, societal information numbers oregon fiscal data. The Apollo website has a interaction form for those looking to get successful interaction with the organisation.

Breach date: 23 July 2018
Date added to HIBP: 5 October 2018
Compromised accounts: 125,929,660
Compromised data: Email addresses, Employers, Geographic locations, Job titles, Names, Phone numbers, Salutations, Social media profiles
Permalink


Appartoo logo

Appartoo

In March 2017, the French Flatsharing tract known arsenic Appartoo suffered a information breach. The incidental exposed an extended magnitude of idiosyncratic accusation connected astir 50k members including email addresses, genders, ages, backstage messages sent betwixt users of the work and passwords stored arsenic SHA-256 hashes. Appartoo advised that each subscribers were notified of the incidental successful aboriginal 2017.

Breach date: 25 March 2017
Date added to HIBP: 2 May 2019
Compromised accounts: 49,681
Compromised data: Ages, Auth tokens, Email addresses, Employment statuses, Genders, IP addresses, Marital statuses, Names, Passwords, Physical addresses, Private messages, Social media profiles
Permalink


Appen logo

Appen

In June 2020, the AI grooming information institution Appen suffered a information breach exposing the details of astir 5.9 cardinal users which were subsequently sold online. Included successful the breach were names, email addresses and passwords stored arsenic bcrypt hashes. Some records besides contained telephone numbers, employers and IP addresses. The information was provided to HIBP by dehashed.com.

Breach date: 22 June 2020
Date added to HIBP: 30 July 2020
Compromised accounts: 5,888,405
Compromised data: Email addresses, Employers, IP addresses, Names, Passwords, Phone numbers
Permalink


Aptoide logo

Aptoide

In April 2020, the autarkic Android app store Aptoide suffered a information breach. The incidental resulted successful the vulnerability of 20M lawsuit records which were subsequently shared online via a fashionable hacking forum. Impacted information included email and IP addresses, names, IP addresses and passwords stored arsenic SHA-1 hashes without a salt.

Breach date: 13 April 2020
Date added to HIBP: 19 April 2020
Compromised accounts: 20,012,235
Compromised data: Browser idiosyncratic cause details, Email addresses, IP addresses, Names, Passwords
Permalink


Armor Games logo

Armor Games

In January 2019, the crippled portal website Armor Games suffered a information breach. A full of 10.6 cardinal email addresses were impacted by the breach which besides exposed usernames, IP addresses, birthdays of head accounts and passwords stored arsenic salted SHA-1 hashes. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".

Breach date: 1 January 2019
Date added to HIBP: 20 July 2019
Compromised accounts: 10,604,307
Compromised data: Bios, Dates of birth, Email addresses, Genders, Geographic locations, IP addresses, Passwords, Usernames
Permalink


Army Force Online logo

Army Force Online

In May 2016, the online gaming tract Army Force Online suffered a information breach that exposed 1.5M accounts. The breached information was recovered being regularly traded online and included usernames, email and IP addresses and MD5 passwords.

Breach date: 18 May 2016
Date added to HIBP: 10 November 2016
Compromised accounts: 1,531,235
Compromised data: Avatars, Email addresses, Geographic locations, IP addresses, Names, Passwords, Usernames, Website activity
Permalink


Artsy logo

Artsy

In April 2018, the online arts database Artsy suffered a information breach which consequently appeared for merchantability connected a acheronian web marketplace. Over 1M accounts were impacted and included IP and email addresses, names and passwords stored arsenic salted SHA-512 hashes. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".

Breach date: 1 April 2018
Date added to HIBP: 25 May 2020
Compromised accounts: 1,079,970
Compromised data: Email addresses, IP addresses, Names, Passwords
Permalink


Artvalue logo

Artvalue

In June 2019, the France-based creation valuation website Artvalue.com near their 158k subordinate subscriber basal publically exposed successful a substance record connected their website. The exposed information included names, usernames, email addresses and passwords stored arsenic MD5 hashes. The tract relation did not respond erstwhile contacted astir the incident, though the exposed record was subsequently removed.

Breach date: 19 June 2019
Date added to HIBP: 19 July 2019
Compromised accounts: 157,692
Compromised data: Email addresses, Names, Passwords, Salutations, Usernames
Permalink


Ashley Madison logo

Ashley Madison

In July 2015, the infidelity website Ashley Madison suffered a superior information breach. The attackers threatened Ashley Madison with the afloat disclosure of the breach unless the work was unopen down. One period later, the database was dumped including much than 30M unsocial email addresses. This breach has been classed arsenic "sensitive" and is not publically searchable, though individuals whitethorn observe if they've been impacted by registering for notifications. Read astir this attack successful detail.

Breach date: 19 July 2015
Date added to HIBP: 18 August 2015
Compromised accounts: 30,811,934
Compromised data: Dates of birth, Email addresses, Ethnicities, Genders, Names, Passwords, Payment histories, Phone numbers, Physical addresses, Security questions and answers, Sexual orientations, Usernames, Website activity
Permalink


Astropid logo

Astropid

In December 2013, the vBulletin forum for the societal engineering tract known arsenic "AstroPID" was breached and leaked publicly. The tract provided tips connected fraudulently obtaining goods and services, often by providing a morganatic "PID" oregon Product Information Description. The breach resulted successful astir 6k idiosyncratic accounts and implicit 220k backstage messages betwixt forum members being exposed.

Breach date: 19 December 2013
Date added to HIBP: 6 July 2014
Compromised accounts: 5,788
Compromised data: Email addresses, Instant messenger identities, IP addresses, Names, Passwords, Private messages, Usernames, Website activity
Permalink


Aternos logo

Aternos

In December 2015, the work for creating and moving escaped Minecraft servers known arsenic Aternos suffered a information breach that impacted 1.4 cardinal subscribers. The information included usernames, email and IP addresses and hashed passwords.

Breach date: 6 December 2015
Date added to HIBP: 1 October 2016
Compromised accounts: 1,436,486
Compromised data: Email addresses, IP addresses, Passwords, Usernames, Website activity
Permalink


Atlas Quantum logo

Atlas Quantum

In August 2018, the cryptocurrency concern level Atlas Quantum suffered a information breach. The breach leaked the idiosyncratic information of 261k investors connected the level including their names, telephone numbers, email addresses and relationship balances.

Breach date: 25 August 2018
Date added to HIBP: 27 August 2018
Compromised accounts: 261,463
Compromised data: Account balances, Email addresses, Names, Phone numbers
Permalink


Audi logo

Audi

In August 2019, Audi USA suffered a information breach aft a vendor near information unsecured and exposed connected the internet. The information contained 2.7M unsocial email addresses on with names, telephone numbers, carnal addresses and conveyance accusation including VIN. In a disclosure connection from Audi, they besides advised immoderate customers had driver's licenses, dates of birth, societal information numbers and different idiosyncratic accusation exposed.

Breach date: 14 August 2019
Date added to HIBP: 23 July 2021
Compromised accounts: 2,743,539
Compromised data: Dates of birth, Driver's licenses, Email addresses, Names, Phone numbers, Physical addresses, Social information numbers, Vehicle details
Permalink


Autocentrum.pl logo


Avast logo

Avast

In May 2014, the Avast anti-virus forum was hacked and 423k subordinate records were exposed. The Simple Machines Based forum included usernames, emails and password hashes.

Breach date: 26 May 2014
Date added to HIBP: 12 March 2016
Compromised accounts: 422,959
Compromised data: Email addresses, Passwords, Usernames
Permalink


B2B USA Businesses logo

B2B USA Businesses

In mid-2017, a spam database of implicit 105 cardinal individuals successful firm America was discovered online. Referred to arsenic "B2B USA Businesses", the database categorised email addresses by employer, providing accusation connected individuals' occupation titles positive their enactment telephone numbers and carnal addresses. Read much astir spam lists successful HIBP.

Breach date: 18 July 2017
Date added to HIBP: 18 July 2017
Compromised accounts: 105,059,554
Compromised data: Email addresses, Employers, Job titles, Names, Phone numbers, Physical addresses
Permalink


Baby Names logo

Baby Names

In astir 2008, the tract to assistance parents sanction their children known arsenic Baby Names suffered a information breach. The incidental exposed 846k email addresses and passwords stored arsenic salted MD5 hashes. When contacted successful October 2018, Baby Names advised that "the breach happened astatine slightest 10 years ago" and that members were notified astatine the time.

Breach date: 24 October 2008
Date added to HIBP: 24 October 2018
Compromised accounts: 846,742
Compromised data: Email addresses, Passwords
Permalink


Badoo logo

Badoo

In June 2016, a information breach allegedly originating from the societal website Badoo was recovered to beryllium circulating amongst traders. Likely obtained respective years earlier, the information contained 112 cardinal unsocial email addresses with idiosyncratic information including names, birthdates and passwords stored arsenic MD5 hashes. Whilst determination are galore indicators suggesting Badoo did so endure a information breach, the legitimacy of the information could not beryllium emphatically proven truthful this breach has been categorised arsenic "unverified".

Breach date: 1 June 2013
Date added to HIBP: 6 July 2016
Compromised accounts: 112,005,531
Compromised data: Dates of birth, Email addresses, Genders, Names, Passwords, Usernames
Permalink


BannerBit logo

BannerBit

In astir December 2018, the online advertisement level BannerBit suffered a information breach. Containing 213k unsocial email addresses and plain substance passwords, the information was provided to HIBP by a 3rd party. Multiple attempts were made to interaction BannerBit, but nary effect was received.

Breach date: 29 December 2018
Date added to HIBP: 8 January 2019
Compromised accounts: 213,415
Compromised data: Email addresses, Passwords
Permalink


Battlefield Heroes logo


Beautiful People logo

Beautiful People

In November 2015, the dating website Beautiful People was hacked and implicit 1.1M accounts were leaked. The information was being traded successful underground circles and included a immense magnitude of idiosyncratic accusation related to dating.

Breach date: 11 November 2015
Date added to HIBP: 25 April 2016
Compromised accounts: 1,100,089
Compromised data: Beauty ratings, Car ownership statuses, Dates of birth, Drinking habits, Education levels, Email addresses, Genders, Geographic locations, Home ownership statuses, Income levels, IP addresses, Job titles, Names, Passwords, Personal descriptions, Personal interests, Physical attributes, Sexual orientations, Smoking habits, Website activity
Permalink


Bell (2014 breach) logo

Bell (2014 breach)

In February 2014, Bell Canada suffered a information breach via the hacker corporate known arsenic NullCrew. The breach included information from aggregate locations wrong Bell and exposed email addresses, usernames, idiosyncratic preferences and a fig of unencrypted passwords and recognition paper information from 40,000 records containing conscionable implicit 20,000 unsocial email addresses and usernames.

Breach date: 1 February 2014
Date added to HIBP: 1 February 2014
Compromised accounts: 20,902
Compromised data: Credit cards, Genders, Passwords, Usernames
Permalink


Bell (2017 breach) logo

Bell (2017 breach)

In May 2017, the Bell telecommunications institution successful Canada suffered a information breach resulting successful the vulnerability of millions of lawsuit records. The information was consequently leaked online with a connection from the attacker stating that they were "releasing a important information of Bell.ca's information owed to the information that they person failed to cooperate with us" and included a menace to leak more. The impacted information included implicit 2 cardinal unsocial email addresses and 153k survey results dating backmost to 2011 and 2012. There were besides 162 Bell worker records with much broad idiosyncratic information including names, telephone numbers and plain substance "passcodes". Bell suffered different breach successful 2014 which exposed 40k records.

Breach date: 15 May 2017
Date added to HIBP: 16 May 2017
Compromised accounts: 2,231,256
Compromised data: Email addresses, Geographic locations, IP addresses, Job titles, Names, Passwords, Phone numbers, Spoken languages, Survey results, Usernames
Permalink


Bestialitysextaboo logo

Bestialitysextaboo

In March 2018, the carnal bestiality website known arsenic Bestialitysextaboo was hacked. A postulation of assorted sites moving connected the aforesaid work were besides compromised and details of the hack (including links to the data) were posted connected a fashionable forum. In all, much than 3.2k unsocial email addresses were included alongside usernames, IP addresses, dates of birth, genders and bcrypt hashes of passwords.

Breach date: 19 March 2018
Date added to HIBP: 29 March 2018
Compromised accounts: 3,204
Compromised data: Dates of birth, Email addresses, Genders, Geographic locations, IP addresses, Passwords, Private messages, Usernames
Permalink


bigbasket logo

bigbasket

In October 2020, the Indian market level bigbasket suffered a information breach that exposed implicit 20 cardinal lawsuit records. The information was primitively sold earlier being leaked publically successful April the pursuing twelvemonth and included email, IP and carnal addresses, names, phones numbers, dates of commencement passwords stored arsenic Django(SHA-1) hashes.

Breach date: 14 October 2020
Date added to HIBP: 26 April 2021
Compromised accounts: 24,500,011
Compromised data: Dates of birth, Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses
Permalink


BigMoneyJobs logo

BigMoneyJobs

In April 2014, the occupation tract bigmoneyjobs.com was hacked by an attacker known arsenic "ProbablyOnion". The onslaught resulted successful the exposure of implicit 36,000 idiosyncratic accounts including email addresses, usernames and passwords which were stored successful plain text. The onslaught was allegedly mounted by exploiting a SQL injection vulnerability.

Breach date: 3 April 2014
Date added to HIBP: 8 April 2014
Compromised accounts: 36,789
Compromised data: Career levels, Education levels, Email addresses, Names, Passwords, Phone numbers, Physical addresses, Salutations, User website URLs, Website activity
Permalink


Bin Weevils logo

Bin Weevils

In September 2014, the online crippled Bin Weevils suffered a information breach. Whilst primitively stating that lone usernames and passwords had been exposed, a consequent communicative connected DataBreaches.net indicated that a much extended acceptable of idiosyncratic attributes were impacted (comments determination besides suggest the information whitethorn person travel from a aboriginal breach). Data matching that signifier was aboriginal provided to Have I Been Pwned by @akshayindia6 and included astir 1.3m unsocial email addresses, genders, ages and plain substance passwords.

Breach date: 1 September 2014
Date added to HIBP: 18 August 2017
Compromised accounts: 1,287,073
Compromised data: Ages, Email addresses, Genders, IP addresses, Passwords, Usernames
Permalink


Biohack.me logo

Biohack.me

In December 2016, the forum for the biohacking website Biohack.me suffered a information breach that exposed 3.4k accounts. The information included usernames, email addresses and hashed passwords on with the backstage messages of forum members. The information was self-submitted to HIBP by the Biohack.me operators.

Breach date: 2 December 2016
Date added to HIBP: 23 August 2017
Compromised accounts: 3,402
Compromised data: Email addresses, Passwords, Private messages, Usernames
Permalink


Bitcoin Security Forum Gmail Dump logo

Bitcoin Security Forum Gmail Dump

In September 2014, a ample dump of astir 5M usernames and passwords was posted to a Russian Bitcoin forum. Whilst commonly reported arsenic 5M "Gmail passwords", the dump besides contained 123k yandex.ru addresses. Whilst the root of the breach remains unclear, the breached credentials were confirmed by aggregate root arsenic correct, albeit a fig of years old.

Breach date: 9 January 2014
Date added to HIBP: 10 September 2014
Compromised accounts: 4,789,599
Compromised data: Email addresses, Passwords
Permalink


Bitcoin Talk logo

Bitcoin Talk

In May 2015, the Bitcoin forum Bitcoin Talk was hacked and implicit 500k unsocial email addresses were exposed. The onslaught led to the vulnerability of a raft of idiosyncratic information including usernames, email and IP addresses, genders, commencement dates, information questions and MD5 hashes of their answers positive hashes of the passwords themselves.

Breach date: 22 May 2015
Date added to HIBP: 27 March 2017
Compromised accounts: 501,407
Compromised data: Dates of birth, Email addresses, Genders, IP addresses, Passwords, Security questions and answers, Usernames, Website activity
Permalink


Bitly logo

Bitly

In May 2014, the nexus absorption institution Bitly announced they'd suffered a information breach. The breach contained implicit 9.3 cardinal unsocial email addresses, usernames and hashed passwords, astir utilizing SHA1 with a tiny fig utilizing bcrypt.

Breach date: 8 May 2014
Date added to HIBP: 6 October 2017
Compromised accounts: 9,313,136
Compromised data: Email addresses, Passwords, Usernames
Permalink


BitTorrent logo

BitTorrent

In January 2016, the forum for the fashionable torrent bundle BitTorrent was hacked. The IP.Board based forum stored passwords arsenic anemic SHA1 salted hashes and the breached information besides included usernames, email and IP addresses.

Breach date: 1 January 2016
Date added to HIBP: 8 June 2016
Compromised accounts: 34,235
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


Black Hat World logo

Black Hat World

In June 2014, the hunt motor optimisation forum Black Hat World had 3 quarters of a cardinal accounts breached from their system. The breach included assorted personally identifiable attributes which were publically released successful a MySQL database script.

Breach date: 23 June 2014
Date added to HIBP: 3 November 2015
Compromised accounts: 777,387
Compromised data: Dates of birth, Email addresses, Instant messenger identities, IP addresses, Passwords, Usernames, Website activity
Permalink


BlackSpigotMC logo

BlackSpigotMC

In July 2019, the hacking website BlackSpigotMC suffered a information breach. The XenForo forum based tract was allegedly compromised by a rival hacking website and resulted successful 8.5GB of information being leaked including the database and website itself. The exposed information included 140k unsocial email addresses, usernames, IP addresses, genders, geographic locations and passwords stored arsenic bcrypt hashes.

Breach date: 14 July 2019
Date added to HIBP: 17 July 2019
Compromised accounts: 140,029
Compromised data: Device information, Email addresses, Genders, Geographic locations, IP addresses, Passwords, Usernames
Permalink


BlankMediaGames logo

BlankMediaGames

In December 2018, the Town of Salem website produced by BlankMediaGames suffered a information breach. Reported to HIBP by DeHashed, the information contained 7.6M unsocial idiosyncratic email addresses alongside usernames, IP addresses, acquisition histories and passwords stored arsenic phpass hashes. DeHashed made aggregate attempts to interaction BlankMediaGames implicit assorted channels and galore days but had yet to person a effect astatine the clip of publishing.

Breach date: 28 December 2018
Date added to HIBP: 2 January 2019
Compromised accounts: 7,633,234
Compromised data: Browser idiosyncratic cause details, Email addresses, IP addresses, Passwords, Purchases, Usernames, Website activity
Permalink


Bolt logo

Bolt

In astir March 2017, the record sharing website Bolt suffered a information breach resulting successful the vulnerability of 995k unsocial idiosyncratic records. The information was sourced from their vBulletin forum and contained email and IP addresses, usernames and salted MD5 password hashes. The tract was antecedently reported arsenic compromised connected the Vigilante.pw breached database directory.

Breach date: 1 March 2017
Date added to HIBP: 24 November 2017
Compromised accounts: 995,274
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


Bombuj.eu logo

Bombuj.eu

In December 2018, the Slovak website for watching movies online for escaped Bombuj.eu suffered a information breach. The incidental exposed implicit 575k unsocial email addresses and passwords stored arsenic unsalted MD5 hashes. No effect was received from Bombuj.eu erstwhile contacted astir the incident.

Breach date: 7 December 2018
Date added to HIBP: 10 December 2018
Compromised accounts: 575,437
Compromised data: Email addresses, Passwords
Permalink


Bonobos logo

Bonobos

In August 2020, the covering store Bonobos suffered a information breach that exposed astir 70GB of information containing 2.8 cardinal unsocial email addresses. The breach besides exposed names, carnal and IP addresses, telephone numbers, bid histories and passwords stored arsenic salted SHA-512 hashes, including humanities passwords. The breach besides exposed partial recognition paper information including paper type, the sanction connected the card, expiry day and the past 4 digits of the card. The information was provided to HIBP by dehashed.com.

Breach date: 14 August 2020
Date added to HIBP: 31 January 2021
Compromised accounts: 2,811,929
Compromised data: Email addresses, Historical passwords, IP addresses, Names, Partial recognition paper data, Passwords, Phone numbers, Physical addresses, Purchases
Permalink


Bookmate logo

Bookmate

In mid-2018, the societal ebook subscription work Bookmate was among a raft of sites that were breached and their information past sold successful early-2019. The information included astir 4 cardinal unsocial email addresses alongside names, genders, dates of commencement and passwords stored arsenic salted SHA-512 hashes. The information was provided to HIBP by a root who requested it to beryllium attributed to "[email protected]".

Breach date: 8 July 2018
Date added to HIBP: 22 March 2019
Compromised accounts: 3,830,916
Compromised data: Dates of birth, Email addresses, Genders, Geographic locations, Names, Passwords, Usernames
Permalink


Bot of Legends logo

Bot of Legends

In November 2014, the forum for Bot of Legends suffered a information breach. The IP.Board forum contained 238k accounts including usernames, email and IP addresses and passwords stored arsenic salted MD5 hashes.

Breach date: 13 November 2014
Date added to HIBP: 27 December 2016
Compromised accounts: 238,373
Compromised data: Email addresses, IP addresses, Passwords, Usernames, Website activity
Permalink


Boxee logo

Boxee

In March 2014, the location theatre PC bundle shaper Boxee had their forums compromised successful an attack. The attackers obtained the full vBulletin MySQL database and promptly posted it for download connected the Boxee forum itself. The information included 160k users, password histories, backstage messages and a assortment of different information exposed crossed astir 200 publically exposed tables.

Breach date: 29 March 2014
Date added to HIBP: 30 March 2014
Compromised accounts: 158,093
Compromised data: Dates of birth, Email addresses, Geographic locations, Historical passwords, Instant messenger identities, IP addresses, Passwords, Private messages, User website URLs, Usernames
Permalink


Brazzers logo

Brazzers

In April 2013, the big website known arsenic Brazzers was hacked and 790k accounts were exposed publicly. Each grounds included a username, email code and password stored successful plain text. The breach was brought to airy by the Vigilante.pw information breach reporting tract successful September 2016.

Breach date: 1 April 2013
Date added to HIBP: 5 September 2016
Compromised accounts: 790,724
Compromised data: Email addresses, Passwords, Usernames
Permalink


BTC-E logo

BTC-E

In October 2014, the Bitcoin speech BTC-E was hacked and 568k accounts were exposed. The information included email and IP addresses, wallet balances and hashed passwords.

Breach date: 1 October 2014
Date added to HIBP: 12 March 2017
Compromised accounts: 568,340
Compromised data: Account balances, Email addresses, IP addresses, Passwords, Usernames, Website activity
Permalink


BtoBet logo

BtoBet

In December 2019, a ample postulation of information from Nigerian gambling institution Surebet247 was sent to HIBP. Alongside the Surebet247, database backups from gambling sites BetAlfa, BetWay, BongoBongo and TopBet was besides included. Further probe implicated betting level supplier BtoBet arsenic being the communal root of the data. Impacted information included idiosyncratic records and extended accusation connected gambling histories.

Breach date: 26 December 2019
Date added to HIBP: 11 January 2020
Compromised accounts: 444,241
Compromised data: Dates of birth, Email addresses, Financial transactions, Geographic locations, IP addresses, Names, Usernames
Permalink


Bukalapak logo

Bukalapak

In March 2019, the Indonesian e-commerce website Bukalapak discovered a information breach of the organisation's backups dating backmost to October 2017. The incidental exposed astir 13 cardinal unsocial email addresses alongside IP addresses, names and passwords stored arsenic bcrypt and salted SHA-512 hashes. The information was provided to HIBP by a root who requested it to beryllium attributed to "Maxime Thalet".

Breach date: 23 October 2017
Date added to HIBP: 18 April 2019
Compromised accounts: 13,369,666
Compromised data: Email addresses, IP addresses, Names, Passwords, Usernames
Permalink


Bulgarian National Revenue Agency logo

Bulgarian National Revenue Agency

In July 2019, a monolithic information breach of the Bulgarian National Revenue Agency began circulating with information connected 5 cardinal people. Allegedly obtained successful June, the information was broadly shared online and included taxation accusation alongside names, telephone numbers, carnal addresses and 471 1000 unsocial email addresses. The breach is said to person affected "nearly each adults successful Bulgaria".

Breach date: 15 July 2019
Date added to HIBP: 18 July 2019
Compromised accounts: 471,167
Compromised data: Email addresses, Names, Phone numbers, Physical addresses, Taxation records
Permalink


Business Acumen Magazine logo

Business Acumen Magazine

In April 2014, the Australian "Business Acumen Magazine" website was hacked by an attacker known arsenic 1337MiR. The breach resulted successful implicit 26,000 accounts being exposed including usernames, email addresses and password stored with a anemic cryptographic hashing algorithm (MD5 with nary salt).

Breach date: 25 April 2014
Date added to HIBP: 11 May 2014
Compromised accounts: 26,596
Compromised data: Email addresses, Names, Passwords, Usernames, Website activity
Permalink


CafeMom logo

CafeMom

In 2014, the societal web for mothers CafeMom suffered a information breach. The information surfaced alongside a fig of different humanities breaches including Kickstarter, Bitly and Disqus and contained 2.6 cardinal email addresses and plain substance passwords.

Breach date: 10 April 2014
Date added to HIBP: 9 November 2017
Compromised accounts: 2,628,148
Compromised data: Email addresses, Passwords
Permalink


CafePress logo

CafePress

In February 2019, the customized merchandise retailer CafePress suffered a information breach. The exposed information included 23 cardinal unsocial email addresses with immoderate records besides containing names, carnal addresses, telephone numbers and passwords stored arsenic SHA-1 hashes. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".

Breach date: 20 February 2019
Date added to HIBP: 5 August 2019
Compromised accounts: 23,205,290
Compromised data: Email addresses, Names, Passwords, Phone numbers, Physical addresses
Permalink


Cannabis.com logo

Cannabis.com

In February 2014, the vBulletin forum for the Marijuana tract cannabis.com was breached and leaked publicly. Whilst determination has been nary nationalist attribution of the breach, the leaked information included implicit 227k accounts and astir 10k backstage messages betwixt users of the forum.

Breach date: 5 February 2014
Date added to HIBP: 1 June 2014
Compromised accounts: 227,746
Compromised data: Dates of birth, Email addresses, Geographic locations, Historical passwords, Instant messenger identities, IP addresses, Passwords, Private messages, Usernames, Website activity
Permalink


Canva logo

Canva

In May 2019, the graphic plan instrumentality website Canva suffered a information breach that impacted 137 cardinal subscribers. The exposed information included email addresses, usernames, names, cities of residence and passwords stored arsenic bcrypt hashes for users not utilizing societal logins. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".

Breach date: 24 May 2019
Date added to HIBP: 9 August 2019
Compromised accounts: 137,272,116
Compromised data: Email addresses, Geographic locations, Names, Passwords, Usernames
Permalink


Carding Mafia logo

Carding Mafia

In March 2021, the Carding Mafia forum suffered a information breach that exposed astir 300k members' email addresses. Dedicated to the theft and trading of stolen recognition cards, the forum breach besides exposed usernames, IP addresses and passwords stored arsenic salted MD5 hashes.

Breach date: 18 March 2021
Date added to HIBP: 23 March 2021
Compromised accounts: 297,744
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


CashCrate logo

CashCrate

In June 2017, quality broke that CashCrate had suffered a information breach exposing 6.8 cardinal records. The breach of the cash-for-surveys tract dated backmost to November 2016 and exposed names, carnal addresses, email addresses and passwords stored successful plain substance for older accounts on with anemic MD5 hashes for newer ones.

Breach date: 17 November 2016
Date added to HIBP: 20 April 2018
Compromised accounts: 6,844,490
Compromised data: Email addresses, Names, Passwords, Physical addresses
Permalink


Catho logo

Catho

In astir March 2020, the Brazilian recruitment website Catho was compromised and subsequently appeared alongside 20 different breached websites listed for merchantability connected a acheronian web marketplace. The breach included astir 11 cardinal records with 1.2 cardinal unsocial email addresses. Names, usernames and plain substance passwords were besides exposed. The information was provided to HIBP by breachbase.pw.

Breach date: 1 March 2020
Date added to HIBP: 18 August 2020
Compromised accounts: 1,173,012
Compromised data: Email addresses, Names, Passwords, Usernames
Permalink


CD Projekt RED logo

CD Projekt RED

In March 2016, Polish crippled developer CD Projekt RED suffered a information breach. The hack of their forum led to the vulnerability of astir 1.9 cardinal accounts on with usernames, email addresses and salted SHA1 passwords.

Breach date: 1 March 2016
Date added to HIBP: 31 January 2017
Compromised accounts: 1,871,373
Compromised data: Email addresses, Passwords, Usernames
Permalink


Chatbooks logo

Chatbooks

In March 2020, the photograph people work Chatbooks suffered a information breach which was subsequently enactment up for merchantability connected a acheronian web marketplace. The breach contained 15 cardinal idiosyncratic records with 2.5 cardinal unsocial email addresses alongside names, telephone numbers, societal media profiles and salted SHA-512 password hashes. The information was provided to HIBP by dehashed.com.

Breach date: 26 March 2020
Date added to HIBP: 29 July 2020
Compromised accounts: 2,520,441
Compromised data: Email addresses, Names, Passwords, Phone numbers, Social media profiles
Permalink


CheapAssGamer.com logo

CheapAssGamer.com

In astir mid-2015, the forum for CheapAssGamer.com suffered a information breach. The database from the IP.Board based forum contained 445k accounts including usernames, email and IP addresses and salted MD5 password hashes.

Breach date: 1 July 2015
Date added to HIBP: 8 November 2016
Compromised accounts: 444,767
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


Chegg logo

Chegg

In April 2018, the textbook rental work Chegg suffered a information breach that impacted 40 cardinal subscribers. The exposed information included email addresses, usernames, names and passwords stored arsenic unsalted MD5 hashes. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".

Breach date: 28 April 2018
Date added to HIBP: 16 August 2019
Compromised accounts: 39,721,127
Compromised data: Email addresses, Names, Passwords, Usernames
Permalink


Chowbus logo


Cit0day logo


CityBee logo


Civil Online logo

Civil Online

In mid-2011, information was allegedly obtained from the Chinese engineering website known arsenic Civil Online and contained 7.8M accounts. Whilst determination is grounds that the information is legitimate, owed to the trouble of emphatically verifying the Chinese breach it has been flagged arsenic "unverified". The information successful the breach contains email and IP addresses, idiosyncratic names and MD5 password hashes. Read much astir Chinese information breaches successful Have I Been Pwned.

Breach date: 10 July 2011
Date added to HIBP: 7 November 2016
Compromised accounts: 7,830,195
Compromised data: Email addresses, IP addresses, Passwords, Usernames, Website activity
Permalink


Clash of Kings logo

Clash of Kings

In July 2016, the forum for the crippled "Clash of Kings" suffered a information breach that impacted 1.6 cardinal subscribers. The impacted information included usernames, IP and email addresses and passwords stored arsenic MD5 hashes. The information was provided to HIBP by dehashed.com.

Breach date: 14 July 2016
Date added to HIBP: 27 July 2019
Compromised accounts: 1,604,957
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


ClearVoice Surveys logo

ClearVoice Surveys

In April 2021, the marketplace probe surveys institution ClearVoice Surveys had a publically facing database backup from 2015 taken and redistributed connected a fashionable hacking forum. The information included 15M unsocial email addresses crossed much than 17M rows of information that besides included names, carnal and IP addresses, genders, dates of commencement and plain substance passwords. ClearVoice Surveys advised they were alert of the breach and confirmed its authenticity.

Breach date: 23 August 2015
Date added to HIBP: 23 April 2021
Compromised accounts: 15,074,786
Compromised data: Dates of birth, Email addresses, Genders, IP addresses, Names, Passwords, Phone numbers, Physical addresses
Permalink


ClixSense logo

ClixSense

In September 2016, the paid-to-click tract ClixSense suffered a information breach which exposed 2.4 cardinal subscriber identities. The breached information was past posted online by the attackers who claimed it was a subset of a larger information breach totalling 6.6 cardinal records. The leaked information was extended and included names, physical, email and IP addresses, genders and commencement dates, relationship balances and passwords stored arsenic plain text.

Breach date: 4 September 2016
Date added to HIBP: 11 September 2016
Compromised accounts: 2,424,784
Compromised data: Account balances, Dates of birth, Email addresses, Genders, IP addresses, Names, Passwords, Payment histories, Payment methods, Physical addresses, Usernames, Website activity
Permalink


CloudPets logo

CloudPets

In January, the shaper of teddy bears that grounds children's voices and sends them to household and friends via the net CloudPets near their database publically exposed and it was subsequently downloaded by outer parties (the information was besides taxable to 3 antithetic ransom demands). 583k records were provided to HIBP via a information trader and included email addresses and bcrypt hashes, but the afloat grade of idiosyncratic information exposed by the strategy was implicit 821k records and besides included children's names and references to representation photos and dependable recordings.

Breach date: 1 January 2017
Date added to HIBP: 27 February 2017
Compromised accounts: 583,503
Compromised data: Email addresses, Family members' names, Passwords
Permalink


Club Penguin Rewritten (January 2018) logo

Club Penguin Rewritten (January 2018)

In January 2018, the children's gaming tract Club Penguin Rewritten (CPRewritten) suffered a information breach (note: CPRewritten is an autarkic recreation of Disney's Club Penguin game). The incidental exposed astir 1.7 cardinal unsocial email addresses alongside IP addresses, usernames and passwords stored arsenic bcrypt hashes. When contacted, CPRewritten advised they were alert of the breach and had "contacted affected users".

Breach date: 21 January 2018
Date added to HIBP: 23 April 2019
Compromised accounts: 1,688,176
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


Club Penguin Rewritten (July 2019) logo

Club Penguin Rewritten (July 2019)

In July 2019, the children's gaming tract Club Penguin Rewritten (CPRewritten) suffered a information breach (note: CPRewritten is an autarkic recreation of Disney's Club Penguin game). In summation to an earlier information breach that impacted 1.7 cardinal accounts, the consequent breach exposed 4 cardinal unsocial email addresses alongside IP addresses, usernames and passwords stored arsenic bcrypt hashes.

Breach date: 27 July 2019
Date added to HIBP: 30 July 2019
Compromised accounts: 4,007,909
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


Coachella logo


Coinmama logo

Coinmama

In August 2017, the crypto coin brokerage work Coinmama suffered a information breach that impacted 479k subscribers. The breach was discovered successful February 2019 with exposed information including email addresses, usernames and passwords stored arsenic MD5 WordPress hashes. The information was provided to HIBP by achromatic chapeau information researcher and information expert Adam Davies.

Breach date: 3 August 2017
Date added to HIBP: 30 August 2019
Compromised accounts: 478,824
Compromised data: Email addresses, Passwords, Usernames
Permalink


Collection #1 logo

Collection #1

In January 2019, a ample postulation of credential stuffing lists (combinations of email addresses and passwords utilized to hijack accounts connected different services) was discovered being distributed connected a fashionable hacking forum. The information contained astir 2.7 billion records including 773 cardinal unsocial email addresses alongside passwords those addresses had utilized connected different breached services. Full details connected the incidental and however to hunt the breached passwords are provided successful the blog station The 773 Million Record "Collection #1" Data Breach.

Breach date: 7 January 2019
Date added to HIBP: 16 January 2019
Compromised accounts: 772,904,991
Compromised data: Email addresses, Passwords
Permalink


Comcast logo


COMELEC (Philippines Voters) logo

COMELEC (Philippines Voters)

In March 2016, the Philippines Commission of Elections website (COMELEC) was attacked and defaced, allegedly by Anonymous Philippines. Shortly after, data connected 55 cardinal Filipino voters was leaked publicly and included delicate accusation specified arsenic genders, marital statuses, tallness and value and biometric fingerprint data. The breach lone included 228k email addresses.

Breach date: 27 March 2016
Date added to HIBP: 14 April 2016
Compromised accounts: 228,605
Compromised data: Biometric data, Dates of birth, Email addresses, Family members' names, Genders, Job titles, Marital statuses, Names, Passport numbers, Phone numbers, Physical addresses, Physical attributes
Permalink


Coupon Mom / Armor Games logo

Coupon Mom / Armor Games

In 2014, a record allegedly containing information hacked from Coupon Mom was created and included 11 cardinal email addresses and plain substance passwords. On further investigation, the record was besides recovered to incorporate information indicating it had been sourced from Armor Games. Subsequent verification with HIBP subscribers confirmed the passwords had antecedently been utilized and galore subscribers had utilized either Coupon Mom oregon Armor Games successful the past. On disclosure to some organisations, each recovered that the information did not correspond their full lawsuit basal and perchance includes records from different sources with communal subscribers. The breach has subsequently been flagged arsenic "unverified" arsenic the root cannot beryllium emphatically proven. In July 2020, the information was besides recovered to incorporate BeerAdvocate accounts sourced from a antecedently chartless breach.

Breach date: 8 February 2014
Date added to HIBP: 9 November 2017
Compromised accounts: 11,010,525
Compromised data: Email addresses, Passwords
Permalink


Covve logo

Covve

In February 2020, a monolithic trove of idiosyncratic accusation referred to arsenic "db8151dd" was provided to HIBP aft being recovered near exposed connected a publically facing Elasticsearch server. Later identified arsenic originating from the Covve contacts app, the exposed information included extended idiosyncratic accusation and interactions betwixt Covve users and their contacts. The information was provided to HIBP by dehashed.com.

Breach date: 20 February 2020
Date added to HIBP: 15 May 2020
Compromised accounts: 22,802,117
Compromised data: Email addresses, Job titles, Names, Phone numbers, Physical addresses, Social media profiles
Permalink


Crack Community logo

Crack Community

In precocious 2013, the Crack Community forum specialising successful cracks for games was compromised and implicit 19k accounts published online. Built connected the MyBB forum platform, the compromised information included email addresses, IP addresses and salted MD5 passwords.

Breach date: 9 September 2013
Date added to HIBP: 3 February 2015
Compromised accounts: 19,210
Compromised data: Email addresses, IP addresses, Passwords, Usernames, Website activity
Permalink


Cracked.to logo

Cracked.to

In July 2019, the hacking website Cracked.to suffered a information breach. There were 749k unsocial email addresses dispersed crossed 321k forum users and different tables successful the database. A rival hacking website claimed work for breaching the MyBB based forum which disclosed email and IP addresses, usernames, backstage messages and passwords stored arsenic bcrypt hashes.

Breach date: 21 July 2019
Date added to HIBP: 12 August 2019
Compromised accounts: 749,161
Compromised data: Email addresses, IP addresses, Passwords, Private messages, Usernames
Permalink


CrackingForum logo

CrackingForum

In astir mid-2016, the cracking assemblage forum known arsenic CrackingForum suffered a information breach. The vBulletin based forum exposed 660k email and IP addresses, usernames and salted MD5 hashes.

Breach date: 1 July 2016
Date added to HIBP: 10 December 2017
Compromised accounts: 660,305
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


Creative logo

Creative

In May 2018, the forum for Singaporean hardware institution Creative Technology suffered a information breach which resulted successful the disclosure of 483k unsocial email addresses. Running connected an aged mentation of vBulletin, the breach besides disclosed usernames, IP addresses and salted MD5 password hashes. After being notified of the incident, Creative permanently unopen down the forum.

Breach date: 1 May 2018
Date added to HIBP: 7 June 2018
Compromised accounts: 483,015
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


CrimeAgency vBulletin Hacks logo


Cross Fire logo

Cross Fire

In August 2016, the Russian gaming forum known arsenic Cross Fire (or cfire.mail.ru) was hacked on with a fig of different forums connected the Russian message provider, mail.ru. The vBulletin forum contained 12.8 cardinal accounts including usernames, email addresses and passwords stored arsenic salted MD5 hashes.

Breach date: 8 August 2016
Date added to HIBP: 28 December 2016
Compromised accounts: 12,865,609
Compromised data: Email addresses, Passwords, Usernames
Permalink


D3Scene logo

D3Scene

In January 2016, the gaming website D3Scene, suffered a information breach. The compromised vBulletin forum exposed 569k cardinal email addresses, IP address, usernames and passwords stored arsenic salted MD5 hashes. The information was provided to HIBP by dehashed.com.

Breach date: 1 January 2016
Date added to HIBP: 15 June 2019
Compromised accounts: 568,827
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


DaFont logo

DaFont

In May 2017, font sharing tract DaFont suffered a information breach resulting successful the vulnerability of 637k records. Allegedly owed to a SQL injection vulnerability exploited by aggregate parties, the exposed information included usernames, email addresses and passwords stored arsenic MD5 without a salt.

Breach date: 16 May 2017
Date added to HIBP: 18 May 2017
Compromised accounts: 637,340
Compromised data: Email addresses, Passwords, Usernames
Permalink


Daily Quiz logo

Daily Quiz

In January 2021, the quiz website Daily Quiz suffered a information breach that exposed implicit 8 cardinal unsocial email addresses. The information besides included usernames, IP addresses and passwords stored successful plain text.

Breach date: 13 January 2021
Date added to HIBP: 21 May 2021
Compromised accounts: 8,032,404
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


Dailymotion logo

Dailymotion

In October 2016, the video sharing level Dailymotion suffered a information breach. The onslaught led to the vulnerability of much than 85 cardinal idiosyncratic accounts and included email addresses, usernames and bcrypt hashes of passwords.

Breach date: 20 October 2016
Date added to HIBP: 7 August 2017
Compromised accounts: 85,176,234
Compromised data: Email addresses, Passwords, Usernames
Permalink


DailyObjects logo

DailyObjects

In astir January 2018, a postulation of much than 464k lawsuit records from the Indian online retailer DailyObjects were leaked online. The information included names, carnal and email addresses, telephone numbers and "pincodes" stored successful plain text. After aggregate attempts to interaction them, DailyObjects responded and received a transcript of the information for verification, nevertheless failed to respond to aggregate interaction attempts pursuing that.

Breach date: 1 January 2018
Date added to HIBP: 28 January 2020
Compromised accounts: 464,260
Compromised data: Email addresses, Names, Passwords, Phone numbers, Physical addresses
Permalink


Dangdang logo

Dangdang

In 2011, the Chinese e-commerce tract Dangdang suffered a information breach. The incidental exposed implicit 4.8 cardinal unsocial email addresses which were subsequently traded online implicit the ensuing years.

Breach date: 1 June 2011
Date added to HIBP: 10 January 2019
Compromised accounts: 4,848,734
Compromised data: Email addresses
Permalink


DaniWeb logo

DaniWeb

In precocious 2015, the exertion and societal tract DaniWeb suffered a information breach. The onslaught resulted successful the disclosure of 1.1 cardinal accounts including email and IP addresses which were besides accompanied by salted MD5 hashes of passwords. However, DaniWeb person advised that "the breached password hashes and salts are incorrect" and that they person since switched to caller infrastructure and software.

Breach date: 1 December 2015
Date added to HIBP: 28 December 2016
Compromised accounts: 1,131,636
Compromised data: Email addresses, IP addresses, Passwords
Permalink


Data & Leads logo

Data & Leads

In November 2018, security researcher Bob Diachenko identified an unprotected database believed to beryllium hosted by a information aggregator. Upon further investigation, the information was linked to selling institution Data & Leads. The exposed Elasticsearch lawsuit contained implicit 44M unsocial email addresses on with names, IP and carnal addresses, telephone numbers and employment information. No effect was received from Data & Leads erstwhile contacted by Bob and their tract subsequently went offline.

Breach date: 14 November 2018
Date added to HIBP: 28 November 2018
Compromised accounts: 44,320,330
Compromised data: Email addresses, Employers, IP addresses, Job titles, Names, Phone numbers, Physical addresses
Permalink


Data Enrichment Exposure From PDL Customer logo

Data Enrichment Exposure From PDL Customer

In October 2019, security researchers Vinny Troia and Bob Diachenko identified an unprotected Elasticsearch server holding 1.2 cardinal records of idiosyncratic data. The exposed information included an scale indicating it was sourced from information enrichment institution People Data Labs (PDL) and contained 622 cardinal unsocial email addresses. The server was not owned by PDL and it's believed a lawsuit failed to decently unafraid the database. Exposed accusation included email addresses, telephone numbers, societal media profiles and occupation past data.

Breach date: 16 October 2019
Date added to HIBP: 22 November 2019
Compromised accounts: 622,161,052
Compromised data: Email addresses, Employers, Geographic locations, Job titles, Names, Phone numbers, Social media profiles
Permalink


Data Enrichment Records logo

Data Enrichment Records

In December 2016, more than 200 cardinal "data enrichment profiles" were recovered for merchantability connected the darknet. The seller claimed the information was sourced from Experian and whilst that assertion was rejected by the company, the information itself was recovered to beryllium morganatic suggesting it whitethorn person been sourced from different morganatic locations. In total, determination were much than 8 cardinal unsocial email addresses successful the information which besides contained a raft of different idiosyncratic attributes including recognition ratings, location ownership status, household operation and different fields described successful the communicative linked to above. The email addresses unsocial were provided to HIBP.

Breach date: 23 December 2016
Date added to HIBP: 8 June 2017
Compromised accounts: 8,176,132
Compromised data: Buying preferences, Charitable donations, Credit presumption information, Dates of birth, Email addresses, Family structure, Financial investments, Home ownership statuses, Income levels, Job titles, Marital statuses, Names, Net worths, Phone numbers, Physical addresses, Political donations
Permalink


DataCamp logo

DataCamp

In December 2018, the information subject website DataCamp suffered a information breach of records dating backmost to January 2017. The incidental exposed 760k unsocial email and IP addresses on with names and passwords stored arsenic bcrypt hashes. In 2019, the information appeared listed for merchantability connected a acheronian web marketplace (along with respective different ample breaches) and subsequently began circulating much broadly. The information was provided to HIBP by a root who requested it to beryllium attributed to "[email protected]".

Breach date: 30 January 2017
Date added to HIBP: 9 April 2019
Compromised accounts: 760,561
Compromised data: Email addresses, Geographic locations, IP addresses, Names, Passwords
Permalink


Dave logo

Dave

In June 2020, the integer banking app Dave suffered a information breach which exposed 7.5 cardinal rows of information and subsequently appeared for nationalist download connected a hacking forum. The breach exposed extended idiosyncratic accusation including astir 3 cardinal unsocial email addresses alongside names, dates of birth, encrypted societal information numbers and passwords stored arsenic bcrypt hashes. The information was provided to HIBP by dehashed.com.

Breach date: 28 June 2020
Date added to HIBP: 27 July 2020
Compromised accounts: 2,964,182
Compromised data: Dates of birth, Email addresses, Names, Passwords, Phone numbers, Physical addresses, Social information numbers
Permalink


Demon Forums logo

Demon Forums

In February 2019, the hacking forum Demon Forums suffered a information breach. The compromise of the vBulletin forum exposed 52k unsocial email addresses alongside usernames and passwords stored arsenic salted MD5 hashes.

Breach date: 20 February 2019
Date added to HIBP: 4 April 2019
Compromised accounts: 52,623
Compromised data: Email addresses, Passwords, Usernames
Permalink


Descomplica logo

Descomplica

In March 2021, the Brazilian EdTech institution Descomplica suffered a information breach which was subsequently posted to a fashionable hacking forum. The information included astir 5 cardinal email addresses, names, the archetypal 6 and past 4 digits and the expiry day of recognition cards, acquisition histories and password hashes.

Breach date: 14 March 2021
Date added to HIBP: 28 April 2021
Compromised accounts: 4,845,378
Compromised data: Email addresses, Names, Partial recognition paper data, Passwords, Purchases
Permalink


devkitPro logo

devkitPro

In February 2019, the devkitPro forum suffered a information breach. The phpBB based forum had 1,508 unsocial email addresses exposed successful the breach alongside forum posts, backstage messages and passwords stored arsenic anemic salted hashes. The information breach was self-submitted to HIBP by the forum operator.

Breach date: 3 February 2019
Date added to HIBP: 11 February 2019
Compromised accounts: 1,508
Compromised data: Email addresses, Passwords, Private messages
Permalink


diet.com logo

diet.com

In August 2014, the fare and nutrition website diet.com suffered a information breach resulting successful the vulnerability of 1.4 cardinal unsocial idiosyncratic records dating backmost arsenic acold arsenic 2004. The information contained email and IP addresses, usernames, plain substance passwords and dietary accusation astir the tract members including eating habits, BMI and commencement date. The tract was antecedently reported arsenic compromised connected the Vigilante.pw breached database directory.

Breach date: 10 August 2014
Date added to HIBP: 13 October 2017
Compromised accounts: 1,383,759
Compromised data: Dates of birth, Eating habits, Email addresses, IP addresses, Names, Passwords, Physical attributes, Usernames
Permalink


Digimon logo

Digimon

In September 2016, implicit 16GB of logs from a work indicated to beryllium digimon.co.in were obtained, astir apt from an unprotected Mongo DB instance. The work ceased moving soon afterwards and nary accusation remains astir the precise quality of it. Based connected enquiries made via Twitter, it appears to person been a message work perchance based connected PowerMTA and utilized for delivering spam. The logs contained accusation including 7.7M unsocial email recipients (names and addresses), message server IP addresses, email subjects and tracking accusation including message opens and clicks.

Breach date: 5 September 2016
Date added to HIBP: 28 September 2018
Compromised accounts: 7,687,679
Compromised data: Email addresses, Email messages, IP addresses, Names
Permalink


Disqus logo

Disqus

In October 2017, the blog commenting work Disqus announced they'd suffered a information breach. The breach dated backmost to July 2012 but wasn't identified until years aboriginal erstwhile the information yet surfaced. The breach contained implicit 17.5 cardinal unsocial email addresses and usernames. Users who created logins connected Disqus had salted SHA1 hashes of passwords whilst users who logged successful via societal providers lone had references to those accounts.

Breach date: 1 July 2012
Date added to HIBP: 6 October 2017
Compromised accounts: 17,551,044
Compromised data: Email addresses, Passwords, Usernames
Permalink


DLH.net logo

DLH.net

In July 2016, the gaming quality tract DLH.net suffered a information breach which exposed 3.3M subscriber identities. Along with the keys utilized to redeem and activate games connected the Steam platform, the breach besides resulted successful the vulnerability of email addresses, commencement dates and salted MD5 password hashes. The information was donated to Have I Been Pwned by information breach monitoring work Vigilante.pw.

Breach date: 31 July 2016
Date added to HIBP: 7 September 2016
Compromised accounts: 3,264,710
Compromised data: Dates of birth, Email addresses, Names, Passwords, Usernames, Website activity
Permalink


Dodonew.com logo

Dodonew.com

In precocious 2011, information was allegedly obtained from the Chinese website known arsenic Dodonew.com and contained 8.7M accounts. Whilst determination is grounds that the information is legitimate, owed to the trouble of emphatically verifying the Chinese breach it has been flagged arsenic "unverified". The information successful the breach contains email addresses and idiosyncratic names. Read much astir Chinese information breaches successful Have I Been Pwned.

Breach date: 1 December 2011
Date added to HIBP: 10 November 2016
Compromised accounts: 8,718,404
Compromised data: Email addresses, Usernames
Permalink


Domino's logo

Domino's

In June 2014, Domino's Pizza successful France and Belgium was hacked by a radical going by the sanction "Rex Mundi" and their lawsuit information held to ransom. Domino's refused to wage the ransom and six months later, the attackers released the data on with troves of different hacked accounts. Amongst the lawsuit information was passwords stored with a anemic MD5 hashing algorithm and nary salt.

Breach date: 13 June 2014
Date added to HIBP: 4 January 2015
Compromised accounts: 648,231
Compromised data: Email addresses, Names, Passwords, Phone numbers, Physical addresses
Permalink


Domino's India logo

Domino's India

In April 2021, 13TB of compromised Domino's India appeared for merchantability connected a hacking forum aft which the institution acknowledged a large information breach they dated backmost to March. The compromised information included 22.5 cardinal unsocial email addresses, names, telephone numbers, bid histories and carnal addresses.

Breach date: 24 March 2021
Date added to HIBP: 3 June 2021
Compromised accounts: 22,527,655
Compromised data: Email addresses, Names, Phone numbers, Physical addresses, Purchases
Permalink


DriveSure logo

DriveSure

In December 2020, the car dealership work supplier DriveSure suffered a information breach. The incidental resulted successful 26GB of information being downloaded and aboriginal shared connected a hacking forum. Impacted idiosyncratic accusation included 3.6 cardinal unsocial email addresses, names, telephone numbers and carnal addresses. Vehicle information was besides exposed and included makes, models, VIN numbers and odometer readings. A tiny fig of passwords stored arsenic bcrypt hashes were besides included successful the information set.

Breach date: 19 December 2020
Date added to HIBP: 10 May 2021
Compromised accounts: 3,675,099
Compromised data: Email addresses, Names, Passwords, Phone numbers, Physical addresses, Vehicle details
Permalink


Drizly logo

Drizly

In astir July 2020, the US-based online intoxicant transportation work Drizly suffered a information breach. The information was sold online earlier being extensively redistributed and contained 2.5 cardinal unsocial email addresses alongside names, carnal and IP addresses, telephone numbers, dates of commencement and passwords stored arsenic bcrypt hashes. The information was provided to HIBP by dehashed.com.

Breach date: 2 July 2020
Date added to HIBP: 28 July 2020
Compromised accounts: 2,479,044
Compromised data: Dates of birth, Device information, Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses
Permalink


Dropbox logo

Dropbox

In mid-2012, Dropbox suffered a information breach which exposed the stored credentials of tens of millions of their customers. In August 2016, they forced password resets for customers they believed whitethorn beryllium astatine risk. A ample measurement of information totalling implicit 68 cardinal records was subsequently traded online and included email addresses and salted hashes of passwords (half of them SHA1, fractional of them bcrypt).

Breach date: 1 July 2012
Date added to HIBP: 31 August 2016
Compromised accounts: 68,648,009
Compromised data: Email addresses, Passwords
Permalink


Dubsmash logo

Dubsmash

In December 2018, the video messaging work Dubsmash suffered a information breach. The incidental exposed 162 cardinal unsocial email addresses alongside usernames and PBKDF2 password hashes. In 2019, the information appeared listed for merchantability connected a acheronian web marketplace (along with respective different ample breaches) and subsequently began circulating much broadly. The information was provided to HIBP by a root who requested it to beryllium attributed to "[email protected]".

Breach date: 1 December 2018
Date added to HIBP: 25 February 2019
Compromised accounts: 161,749,950
Compromised data: Email addresses, Geographic locations, Names, Passwords, Phone numbers, Spoken languages, Usernames
Permalink


Dueling Network logo

Dueling Network

In March 2017, the Flash crippled based connected the Yu-Gi-Oh trading paper crippled Dueling Network suffered a information breach. The tract itself was taken offline successful 2016 owed to a cease-and-desist bid but the forum remained online for different year. The information breach exposed usernames, IP and email addresses and passwords stored arsenic MD5 hashes. The information was provided to HIBP by a root who requested it beryllium attributed to "burger vault".

Breach date: 29 March 2017
Date added to HIBP: 30 March 2020
Compromised accounts: 6,486,626
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


Dungeons & Dragons Online logo

Dungeons & Dragons Online

In April 2013, the interactive video crippled Dungeons & Dragons Online suffered a information breach that exposed astir 1.6M players' accounts. The information was being actively traded connected underground forums and included email addresses, commencement dates and password hashes.

Breach date: 2 April 2013
Date added to HIBP: 12 March 2016
Compromised accounts: 1,580,933
Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames, Website activity
Permalink


Dunzo logo

Dunzo

In astir June 2019, the Indian transportation work Dunzo suffered a information breach. Exposing 3.5 cardinal unsocial email addresses, the Dunzo breach besides included names, telephone numbers and IP addresses which were each broadly distributed online via a hacking forum. The information was provided to HIBP by dehashed.com.

Breach date: 19 June 2020
Date added to HIBP: 29 July 2020
Compromised accounts: 3,465,259
Compromised data: Device information, Email addresses, Geographic locations, IP addresses, Names, Phone numbers
Permalink


Duowan.com logo

Duowan.com

In astir 2011, information was allegedly obtained from the Chinese gaming website known arsenic Duowan.com and contained 2.6M accounts. Whilst determination is grounds that the information is legitimate, owed to the trouble of emphatically verifying the Chinese breach it has been flagged arsenic "unverified". The information successful the breach contains email addresses, idiosyncratic names and plain substance passwords. Read much astir Chinese information breaches successful Have I Been Pwned.

Breach date: 1 January 2011
Date added to HIBP: 7 November 2016
Compromised accounts: 2,639,894
Compromised data: Email addresses, Passwords, Usernames
Permalink


dvd-shop.ch logo

dvd-shop.ch

In December 2017, the online Swiss DVD store known arsenic dvd-shop.ch suffered a information breach. The incidental led to the vulnerability of 68k email addresses and plain substance passwords. The tract has since been updated to bespeak that it is presently closed.

Breach date: 5 December 2017
Date added to HIBP: 10 December 2017
Compromised accounts: 67,973
Compromised data: Email addresses, Passwords
Permalink


Eatigo logo

Eatigo

In October 2018, the edifice preservation work Eatigo suffered a information breach that exposed 2.8 cardinal accounts. The information included email addresses, names, telephone numbers, societal media profiles, genders and passwords stored arsenic unsalted MD5 hashes.

Breach date: 16 October 2018
Date added to HIBP: 25 August 2021
Compromised accounts: 2,789,609
Compromised data: Email addresses, Genders, Names, Passwords, Phone numbers, Social media profiles
Permalink


EatStreet logo

EatStreet

In May 2019, the online nutrient ordering work EatStreet suffered a information breach affecting 6.4 cardinal customers. An extended magnitude of idiosyncratic information was obtained including names, telephone numbers, addresses, partial recognition paper information and passwords stored arsenic bcrypt hashes. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".

Breach date: 3 May 2019
Date added to HIBP: 19 July 2019
Compromised accounts: 6,353,564
Compromised data: Dates of birth, Email addresses, Genders, Names, Partial recognition paper data, Passwords, Phone numbers, Physical addresses, Social media profiles
Permalink


Edmodo logo

Edmodo

In May 2017, the acquisition level Edmodo was hacked resulting successful the vulnerability of 77 cardinal records comprised of implicit 43 cardinal unsocial lawsuit email addresses. The information was consequently published to a fashionable hacking forum and made freely available. The records successful the breach included usernames, email addresses and bcrypt hashes of passwords.

Breach date: 11 May 2017
Date added to HIBP: 1 June 2017
Compromised accounts: 43,423,561
Compromised data: Email addresses, Passwords, Usernames
Permalink


Elance logo

Elance

Sometime successful 2009, staffing level Elance suffered a information breach that impacted 1.3 cardinal accounts. Appearing online 8 years later, the information contained usernames, email addresses, telephone numbers and SHA1 hashes of passwords, amongst different idiosyncratic data.

Breach date: 1 January 2009
Date added to HIBP: 18 February 2017
Compromised accounts: 1,291,178
Compromised data: Email addresses, Employers, Geographic locations, Passwords, Phone numbers, Usernames
Permalink


Elanic logo

Elanic

In January 2020, the Indian manner marketplace Elanic had 2.8M records with 2.3M unsocial email addresses posted publically to a fashionable hacking forum. Elanic confirmed that they had "verified the information and it was pulled from 1 of our trial servers wherever this information was exposed publicly" and that the information was "old" (the hacking forum reported it arsenic being from 2016-2018). When asked astir disclosure to impacted customers, Elanic advised that they had "decided to not person arsenic specified immoderate connection and nationalist disclosure".

Breach date: 1 January 2018
Date added to HIBP: 4 May 2020
Compromised accounts: 2,325,283
Compromised data: Email addresses, Geographic locations, Usernames
Permalink


Elasticsearch Instance of Sales Leads connected  AWS logo

Elasticsearch Instance of Sales Leads connected AWS

In October 2018, security researcher Bob Diachenko identified aggregate exposed databases with hundreds of millions of records. One of those datasets was an Elasticsearch lawsuit connected AWS containing income pb information and 5.8M unsocial email addresses. The information contained accusation relating to individuals and the companies they worked for including their names, email addresses and institution sanction and interaction information. Despite champion efforts, it was not imaginable to place the proprietor of the information hence this breach arsenic been titled "Elasticsearch Sales Leads".

Breach date: 29 October 2018
Date added to HIBP: 17 November 2018
Compromised accounts: 5,788,169
Compromised data: Email addresses, Employers, Names, Physical addresses
Permalink


Emotet logo


Emuparadise logo

Emuparadise

In April 2018, the self-proclaimed "biggest retro gaming website connected earth", Emuparadise, suffered a information breach. The compromised vBulletin forum exposed 1.1 cardinal email addresses, IP address, usernames and passwords stored arsenic salted MD5 hashes. The information was provided to HIBP by dehashed.com.

Breach date: 1 April 2018
Date added to HIBP: 9 June 2019
Compromised accounts: 1,131,229
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


Epic Games logo

Epic Games

In August 2016, the Epic Games forum suffered a information breach, allegedly owed to a SQL injection vulnerability successful vBulletin. The onslaught resulted successful the vulnerability of 252k accounts including usernames, email addresses and salted MD5 hashes of passwords.

Breach date: 11 August 2016
Date added to HIBP: 7 November 2016
Compromised accounts: 251,661
Compromised data: Email addresses, Passwords, Usernames
Permalink


EpicBot logo

EpicBot

In September 2019, the RuneScape bot supplier EpicBot suffered a information breach that impacted 817k subscribers. Data from the breach was subsequently shared connected a fashionable hacking forum and included usernames, email and IP addresses and passwords stored arsenic either salted MD5 oregon bcrypt hashes. EpicBot did not respond erstwhile contacted astir the incident.

Breach date: 1 September 2019
Date added to HIBP: 19 November 2019
Compromised accounts: 816,662
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


EpicNPC logo

EpicNPC

In January 2016, the hacked relationship reseller EpicNPC suffered a information breach that impacted 409k subscribers. The impacted information included usernames, IP and email addresses and passwords stored arsenic salted MD5 hashes. The information was provided to HIBP by dehashed.com.

Breach date: 2 January 2016
Date added to HIBP: 27 July 2019
Compromised accounts: 408,795
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


Epik logo

Epik

In September 2021, the domain registrar and web big Epik suffered a important information breach, allegedly successful retaliation for hosting alt-right websites. The breach exposed a immense measurement of information not conscionable of Epik customers, but besides scraped WHOIS records belonging to individuals and organisations who were not Epik customers. The information included implicit 15 cardinal unsocial email addresses (including anonymised versions for domain privacy), names, telephone numbers, carnal addresses, purchases and passwords stored successful assorted formats.

Breach date: 13 September 2021
Date added to HIBP: 19 September 2021
Compromised accounts: 15,003,961
Compromised data: Email addresses, Names, Phone numbers, Physical addresses, Purchases
Permalink


Eroticy logo

Eroticy

In mid-2016, it's alleged that the big website known arsenic Eroticy was hacked. Almost 1.4 cardinal unsocial accounts were recovered circulating successful precocious 2016 which contained a raft of idiosyncratic accusation ranging from email addresses to telephone numbers to plain substance passwords. Whilst galore HIBP subscribers confirmed their information was legitimate, the existent root of the breach remains inconclusive. A elaborate relationship of the information has been published successful the anticipation of identifying the root of the breach.

Breach date: 1 June 2015
Date added to HIBP: 10 January 2017
Compromised accounts: 1,370,175
Compromised data: Email addresses, IP addresses, Names, Passwords, Payment histories, Phone numbers, Physical addresses, Usernames, Website activity
Permalink


Estonian Citizens (via Estonian Cybercrime Bureau) logo

Estonian Citizens (via Estonian Cybercrime Bureau)

In June 2018, the Cybercrime Bureau of the Estonian Central Criminal Police contacted HIBP and asked for assistance successful making a information acceptable of 655k email addresses searchable. The Estonian constabulary suspected the email addresses and passwords they obtained were being utilized to entree mailboxes, cryptocurrency exchanges, unreality work accounts and different akin online assets. They've requested that individuals who find themselves successful the information acceptable and besides place that cryptocurrency has been stolen interaction them astatine [email protected].

Breach date: 7 June 2018
Date added to HIBP: 11 June 2018
Compromised accounts: 655,161
Compromised data: Email addresses, Passwords
Permalink


eThekwini Municipality logo

eThekwini Municipality

In September 2016, the caller eThekwini eServices website successful South Africa was launched with a fig of information holes that pb to the leak of implicit 98k residents' idiosyncratic accusation and inferior bills crossed 82k unsocial email addresses. Emails were sent anterior to motorboat containing passwords successful plain substance and the tract allowed anyone to download inferior bills without capable authentication. Various methods of lawsuit information enumeration was imaginable and phishing attacks began appearing the time aft launch.

Breach date: 7 September 2016
Date added to HIBP: 15 September 2016
Compromised accounts: 81,830
Compromised data: Dates of birth, Deceased date, Email addresses, Genders, Government issued IDs, Names, Passport numbers, Passwords, Phone numbers, Physical addresses, Utility bills
Permalink


Ethereum logo

Ethereum

In December 2016, the forum for the nationalist blockchain-based distributed computing level Ethereum suffered a information breach. The database contained implicit 16k unsocial email addresses on with IP addresses, backstage forum messages and (mostly) bcrypt hashed passwords. Ethereum elected to self-submit the information to HIBP, providing the work with a database of email addresses impacted by the incident.

Breach date: 16 December 2016
Date added to HIBP: 20 December 2016
Compromised accounts: 16,431
Compromised data: Email addresses, IP addresses, Passwords, Private messages, Usernames, Website activity
Permalink


europa.jobs logo

europa.jobs

In August 2019, the present defunct European jobs website europa.jobs (Google cache link) suffered a information breach. The incidental exposed 226k unsocial email addresses alongside extended idiosyncratic accusation including names, dates of birth, occupation applications and passwords. The information was subsequently redistributed connected a fashionable hacking forum.

Breach date: 11 August 2019
Date added to HIBP: 15 January 2020
Compromised accounts: 226,095
Compromised data: Dates of birth, Email addresses, Geographic locations, Job applications, Names, Passwords, Phone numbers, Spoken languages
Permalink


Evermotion logo

Evermotion

In May 2015, the Polish 3D modelling website known arsenic Evermotion suffered a information breach resulting successful the vulnerability of 435k unsocial idiosyncratic records. The information was sourced from a vBulletin forum and contained email addresses, usernames, dates of commencement and salted MD5 hashes of passwords. The tract was antecedently reported arsenic compromised connected the Vigilante.pw breached database directory.

Breach date: 7 May 2015
Date added to HIBP: 2 July 2017
Compromised accounts: 435,510
Compromised data: Dates of birth, Email addresses, Passwords, Usernames
Permalink


Everybody Edits logo

Everybody Edits

In March 2019, the multiplayer level crippled Everybody Edits suffered a information breach. The incidental exposed 871k unsocial email addresses alongside usernames and IP addresses. The information was subsequently distributed online crossed a postulation of files.

Breach date: 23 March 2019
Date added to HIBP: 3 April 2019
Compromised accounts: 871,190
Compromised data: Email addresses, IP addresses, Usernames
Permalink


Evite logo

Evite

In April 2019, the societal readying website for managing online invitations Evite identified a information breach of their systems. Upon investigation, they recovered unauthorised entree to a database archive dating backmost to 2013. The exposed information included a full of 101 cardinal unsocial email addresses, astir belonging to recipients of invitations. Members of the work besides had names, telephone numbers, carnal addresses, dates of birth, genders and passwords stored successful plain substance exposed. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".

Breach date: 11 August 2013
Date added to HIBP: 14 July 2019
Compromised accounts: 100,985,047
Compromised data: Dates of birth, Email addresses, Genders, Names, Passwords, Phone numbers, Physical addresses
Permalink


Evony logo

Evony

In June 2016, the online multiplayer crippled Evony was hacked and implicit 29 cardinal unsocial accounts were exposed. The onslaught led to the vulnerability of usernames, email and IP addresses and MD5 hashes of passwords (without salt).

Breach date: 1 June 2016
Date added to HIBP: 25 March 2017
Compromised accounts: 29,396,116
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


Exactis logo

Exactis

In June 2018, the selling steadfast Exactis inadvertently publically leaked 340 cardinal records of idiosyncratic data. Security researcher Vinny Troia of Night Lion Security discovered the leak contained aggregate terabytes of idiosyncratic accusation dispersed crossed hundreds of abstracted fields including addresses, telephone numbers, household structures and extended profiling data. The information was collected arsenic portion of Exactis' work arsenic a "compiler and aggregator of premium concern & user data" which they past merchantability for profiling and selling purposes. A tiny subset of the exposed fields were provided to Have I Been Pwned and contained 132 cardinal unsocial email addresses.

Breach date: 1 June 2018
Date added to HIBP: 25 July 2018
Compromised accounts: 131,577,763
Compromised data: Credit presumption information, Dates of birth, Education levels, Email addresses, Ethnicities, Family structure, Financial investments, Genders, Home ownership statuses, Income levels, IP addresses, Marital statuses, Names, Net worths, Occupations, Personal interests, Phone numbers, Physical addresses, Religions, Spoken languages
Permalink


Experian (2015) logo

Experian (2015)

In September 2015, the US based recognition bureau and user information broker Experian suffered a information breach that impacted 15 cardinal customers who had applied for financing from T-Mobile. An alleged information breach was subsequently circulated containing idiosyncratic accusation including names, carnal and email addresses, commencement dates and assorted different idiosyncratic attributes. Multiple Have I Been Pwned subscribers verified portions of the information arsenic being accurate, but the existent root of it was inconclusive therefor this breach has been flagged arsenic "unverified".

Breach date: 16 September 2015
Date added to HIBP: 6 September 2016
Compromised accounts: 7,196,890
Compromised data: Credit presumption information, Dates of birth, Email addresses, Ethnicities, Family structure, Genders, Home ownership statuses, Income levels, IP addresses, Names, Phone numbers, Physical addresses, Purchasing habits
Permalink


Experian (South Africa) logo

Experian (South Africa)

In August 2020, Experian South Africa suffered a information breach which exposed the idiosyncratic accusation of tens of millions of individuals. Only 1.3M of the records contained email addresses, whilst astir contained authorities issued individuality numbers, names, addresses, occupations and employers, amongst different idiosyncratic information.

Breach date: 19 August 2020
Date added to HIBP: 1 September 2020
Compromised accounts: 1,284,637
Compromised data: Email addresses, Employers, Government issued IDs, Names, Occupations, Phone numbers
Permalink


Exploit.In logo

Exploit.In

In precocious 2016, a immense database of email code and password pairs appeared successful a "combo list" referred to arsenic "Exploit.In". The database contained 593 cardinal unsocial email addresses, galore with aggregate antithetic passwords hacked from assorted online systems. The database was broadly circulated and utilized for "credential stuffing", that is attackers employment it successful an effort to place different online systems wherever the relationship proprietor had reused their password. For elaborate inheritance connected this incident, work Password reuse, credential stuffing and different cardinal records successful Have I Been Pwned.

Breach date: 13 October 2016
Date added to HIBP: 6 May 2017
Compromised accounts: 593,427,119
Compromised data: Email addresses, Passwords
Permalink


Exposed VINs logo

Exposed VINs

In June 2017, an unsecured database with much than 10 cardinal VINs (vehicle recognition numbers) was discovered by researchers. Believed to beryllium sourced from US car dealerships, the information included a raft of idiosyncratic accusation and conveyance information on with 397k unsocial email addresses.

Breach date: 5 June 2017
Date added to HIBP: 9 June 2017
Compromised accounts: 396,650
Compromised data: Dates of birth, Email addresses, Family structure, Genders, Names, Phone numbers, Physical addresses, Vehicle details
Permalink


EyeEm logo

EyeEm

In February 2018, photography website EyeEm suffered a information breach. The breach was identified among a postulation of different ample incidents and exposed astir 20M unsocial email addresses, names, usernames, bios and password hashes. The information was provided to HIBP by a root who asked for it to beryllium attributed to "Kuroi'sh oregon Gabriel Kimiaie-Asadi Bildstein".

Breach date: 28 February 2018
Date added to HIBP: 16 February 2019
Compromised accounts: 19,611,022
Compromised data: Bios, Email addresses, Names, Passwords, Usernames
Permalink


Facebook logo

Facebook

In April 2021, a ample information acceptable of implicit 500 cardinal Facebook users was made freely disposable for download. Encompassing astir 20% of Facebook's subscribers, the information was allegedly obtained by exploiting a vulnerability Facebook advises they rectified successful August 2019. The superior worth of the information is the relation of telephone numbers to identities; whilst each grounds included phone, lone 2.5 cardinal contained an email address. Most records contained names and genders with galore besides including dates of birth, location, narration presumption and employer.

Breach date: 1 August 2019
Date added to HIBP: 4 April 2021
Compromised accounts: 509,458,528
Compromised data: Dates of birth, Email addresses, Employers, Genders, Geographic locations, Names, Phone numbers, Relationship statuses
Permalink


Facepunch logo

Facepunch

In June 2016, the crippled improvement workplace Facepunch suffered a information breach that exposed 343k users. The breached information included usernames, email and IP addresses, dates of commencement and salted MD5 password hashes. Facepunch advised they were alert of the incidental and had notified radical astatine the time. The information was provided to HIBP by whitehat information researcher and information expert Adam Davies.

Breach date: 3 June 2016
Date added to HIBP: 17 October 2018
Compromised accounts: 342,913
Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames
Permalink


FaceUP logo

FaceUP

In 2013, the Danish societal media tract FaceUP suffered a information breach. The incidental exposed 87k unsocial email addresses alongside genders, dates of birth, names, telephone numbers and passwords stored arsenic unsalted MD5 hashes. When notified of the incident, FaceUP advised they had identified a SQL injection vulnerability astatine the clip and forced password resets connected impacted customers.

Breach date: 1 January 2013
Date added to HIBP: 13 January 2019
Compromised accounts: 87,633
Compromised data: Dates of birth, Email addresses, Genders, Names, Passwords, Phone numbers, Usernames
Permalink


Factual logo

Factual

In March 2017, a record containing 8M rows of information allegedly sourced from information aggregator Factual was compiled and aboriginal exchanged connected the premise it was a "breach". The information contained 2.5M unsocial email addresses alongside concern names, addresses and telephone numbers. After consultation with Factual, they advised the information was "publicly disposable accusation astir businesses and different points of involvement that Factual makes disposable connected its website and to customers".

Breach date: 22 March 2017
Date added to HIBP: 24 December 2019
Compromised accounts: 2,461,696
Compromised data: Email addresses, Employers, Phone numbers, Physical addresses
Permalink


Fashion Nexus logo

Fashion Nexus

In July 2018, UK-based ecommerce institution Fashion Nexus suffered a information breach which exposed 1.4 cardinal records. Multiple websites developed by sister institution White Room Solutions were impacted successful the breach amongst which were sites including Jaded London and AX Paris. The assorted sites exposed successful the incidental included a scope of antithetic information types including names, telephone numbers, addresses and passwords stored arsenic a premix of salted MD5 and SHA-1 arsenic good arsenic unsalted MD5 passwords. When asked by newsman Graham Cluley if a nationalist connection connected the incidental was available, a one-word effect of "No" was received.

Breach date: 9 July 2018
Date added to HIBP: 31 July 2018
Compromised accounts: 1,279,263
Compromised data: Browser idiosyncratic cause details, Dates of birth, Email addresses, Genders, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Purchases
Permalink


FashionFantasyGame logo

FashionFantasyGame

In precocious 2016, the manner gaming website Fashion Fantasy Game suffered a information breach. The incidental exposed 2.3 cardinal unsocial idiosyncratic accounts and corresponding MD5 password hashes with nary salt. The information was contributed to Have I Been Pwned courtesy of [email protected]

Breach date: 1 December 2016
Date added to HIBP: 20 April 2017
Compromised accounts: 2,357,872
Compromised data: Email addresses, Passwords
Permalink


Filmai.in logo

Filmai.in

In astir 2019 oregon 2020, the Lithuanian movie streaming work Filmai.in suffered a information breach exposing 645k email addresses, usernames and plain substance passwords.

Breach date: 1 January 2020
Date added to HIBP: 23 February 2021
Compromised accounts: 645,786
Compromised data: Email addresses, Passwords, Usernames
Permalink


Final Fantasy Shrine logo

Final Fantasy Shrine

In September 2015, the Final Fantasy treatment forum known arsenic FFShrine was breached and the information dumped publicly. Approximately 620k records were released containing email addresses, IP addresses and salted hashes of passwords.

Breach date: 18 September 2015
Date added to HIBP: 31 October 2015
Compromised accounts: 620,677
Compromised data: Email addresses, Passwords, Usernames, Website activity
Permalink


Flash Flash Revolution (2016 breach) logo

Flash Flash Revolution (2016 breach)

In February 2016, the music-based bushed crippled known arsenic Flash Flash Revolution was hacked and 1.8M accounts were exposed. Along with email and IP addresses, the vBulletin forum besides exposed salted MD5 password hashes.

Breach date: 1 February 2016
Date added to HIBP: 6 September 2016
Compromised accounts: 1,771,845
Compromised data: Email addresses, Passwords, Usernames
Permalink


Flash Flash Revolution (2019 breach) logo

Flash Flash Revolution (2019 breach)

In July 2019, the music-based bushed crippled Flash Flash Revolution suffered a information breach. The 2019 breach imapcted astir 1.9 cardinal members and is in summation to the 2016 information breach of the aforesaid service. Email and IP addesses, usernames, dates of commencement and salted MD5 hashes were each exposed successful the breach. The information was provided with enactment from dehashed.com.

Breach date: 16 July 2019
Date added to HIBP: 21 July 2019
Compromised accounts: 1,858,124
Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames
Permalink


Flashback logo


Fling logo

Fling

In 2011, the self-proclaimed "World's Best Adult Social Network" website known arsenic Fling was hacked and much than 40 cardinal accounts obtained by the attacker. The breached information included highly delicate idiosyncratic attributes specified arsenic intersexual predisposition and intersexual interests arsenic good arsenic email addresses and passwords stored successful plain text.

Breach date: 10 March 2011
Date added to HIBP: 28 May 2016
Compromised accounts: 40,767,652
Compromised data: Dates of birth, Email addresses, Genders, Geographic locations, IP addresses, Passwords, Phone numbers, Sexual fetishes, Sexual orientations, Usernames, Website activity
Permalink


Florida Virtual School logo

Florida Virtual School

In March 2018, the Florida Virtual School (FLVS) posted a information breach notification to their website. The schoolhouse had identified a information breach which had occurred sometime betwixt 6 May 2016 and 12 Feb 2018 and an XML record containing 368k pupil records was subsequently recovered circulating. Each grounds contained pupil name, day of birth, password, grade, email and genitor email resulting successful a full of 543k unsocial email addresses. Due to the prevalence of email addresses belonging to individuals who are inactive legally children, the information breach has been flagged arsenic "sensitive".

Breach date: 12 February 2018
Date added to HIBP: 18 March 2018
Compromised accounts: 542,902
Compromised data: Dates of birth, Email addresses, Names, Passwords, School grades (class levels), Usernames
Permalink


Foodora logo

Foodora

In April 2016, the online nutrient transportation work Foodora suffered a information breach which was past extensively redistributed online. The breach included the idiosyncratic accusation of hundreds of thousands of customers from aggregate countries including their names, transportation addresses, telephone numbers and passwords stored arsenic either a salted MD5 oregon a bcrypt hash.

Breach date: 22 April 2016
Date added to HIBP: 16 June 2020
Compromised accounts: 582,578
Compromised data: Email addresses, Names, Passwords, Phone numbers, Physical addresses
Permalink


Forbes logo

Forbes

In February 2014, the Forbes website succumbed to an onslaught that leaked implicit 1 cardinal idiosyncratic accounts. The onslaught was attributed to the Syrian Electronic Army, allegedly arsenic retribution for a perceived "Hate of Syria". The onslaught not lone leaked idiosyncratic credentials, but besides resulted successful the posting of fake quality stories to forbes.com.

Breach date: 15 February 2014
Date added to HIBP: 15 February 2014
Compromised accounts: 1,057,819
Compromised data: Email addresses, Passwords, User website URLs, Usernames
Permalink


ForumCommunity logo

ForumCommunity

In astir mid-2016, the Italian-based work for creating forums known arsenic ForumCommunity suffered a information breach. The incidental impacted implicit 776k unsocial email addresses on with usernames and unsalted MD5 password hashes. No effect was received from ForumCommunity erstwhile contacted.

Breach date: 1 June 2016
Date added to HIBP: 5 December 2018
Compromised accounts: 776,648
Compromised data: Email addresses, Passwords, Usernames
Permalink


Fotolog logo

Fotolog

In December 2018, the photograph sharing societal web Fotolog suffered a information breach that exposed 16.7 cardinal unsocial email addresses. The information besides included usernames and unsalted SHA-256 password hashes. The tract was dissolved the pursuing twelvemonth and repurposed arsenic a quality website based successful Brcko, Bosnia and Herzegovina.

Breach date: 1 December 2018
Date added to HIBP: 15 June 2021
Compromised accounts: 16,717,854
Compromised data: Email addresses, Passwords, Usernames
Permalink


Foxy Bingo logo

Foxy Bingo

In April 2007, the online gambling tract Foxy Bingo was hacked and 252,000 accounts were obtained by the hackers. The breached records were subsequently sold and traded and included idiosyncratic accusation information specified arsenic plain substance passwords, commencement dates and location addresses.

Breach date: 4 April 2008
Date added to HIBP: 22 November 2015
Compromised accounts: 252,216
Compromised data: Account balances, Browser idiosyncratic cause details, Dates of birth, Email addresses, Genders, Names, Passwords, Phone numbers, Physical addresses, Usernames, Website activity
Permalink


Freedom Hosting II logo

Freedom Hosting II

In January 2017, the escaped hidden work big Freedom Hosting II suffered a information breach. The onslaught allegedly took down 20% of acheronian web sites moving down Tor hidden services with the attacker claiming that of the 10,613 impacted sites, much than 50% of the contented was kid pornography. The hack led to the vulnerability of MySQL databases for the sites which included a immense magnitude of accusation connected the hidden services Freedom Hosting II was managing. The impacted information classes acold exceeds those listed for the breach and disagree betwixt the thousands of impacted sites.

Breach date: 31 January 2017
Date added to HIBP: 5 February 2017
Compromised accounts: 380,830
Compromised data: Email addresses, Passwords, Usernames
Permalink


FreshMenu logo

FreshMenu

In July 2016, the India-based nutrient transportation work FreshMenu suffered a information breach. The incidental exposed the idiosyncratic information of implicit 110k customers and included their names, email addresses, telephone numbers, location addresses and bid histories. When advised of the incident, FreshMenu acknowledged being already alert of the breach but stated they had decided not to notify impacted customers.

Breach date: 1 July 2016
Date added to HIBP: 10 September 2018
Compromised accounts: 110,355
Compromised data: Device information, Email addresses, Names, Phone numbers, Physical addresses, Purchases
Permalink


Fridae logo

Fridae

In May 2014, implicit 25,000 idiosyncratic accounts were breached from the Asian lesbian, gay, bisexual and transgender website known arsenic "Fridae". The onslaught which was announced connected Twitter appears to person been orchestrated by Deletesec who assertion that "Digital weapons shall annihilate each secrecy wrong governments and corporations". The exposed information included password stored successful plain text.

Breach date: 2 May 2014
Date added to HIBP: 6 May 2014
Compromised accounts: 35,368
Compromised data: Email addresses, Passwords, Usernames, Website activity
Permalink


Funimation logo

Funimation

In July 2016, the anime tract Funimation suffered a information breach that impacted 2.5 cardinal accounts. The information contained usernames, email addresses, dates of commencement and salted SHA1 hashes of passwords.

Breach date: 1 July 2016
Date added to HIBP: 20 February 2017
Compromised accounts: 2,491,103
Compromised data: Dates of birth, Email addresses, Passwords, Usernames
Permalink


Funny Games logo

Funny Games

In April 2018, the online amusement tract Funny Games suffered a information breach that disclosed 764k records including usernames, email and IP addresses and salted MD5 password hashes. The incidental was disclosed to Funny Games successful July who acknowledged the breach and identified it had been caused by bequest codification nary longer successful use. The grounds number successful the breach represent astir fractional of the idiosyncratic base.

Breach date: 28 April 2018
Date added to HIBP: 24 July 2018
Compromised accounts: 764,357
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


Fur Affinity logo

Fur Affinity

In May 2016, the Fur Affinity website for radical with an involvement successful anthropomorphic carnal characters (also known arsenic "furries") was hacked. The onslaught exposed 1.2M email addresses (many accounts had a antithetic "first" and "last" email against them) and hashed passwords.

Breach date: 17 May 2016
Date added to HIBP: 27 May 2016
Compromised accounts: 1,270,564
Compromised data: Email addresses, Passwords, Usernames
Permalink


Gaadi logo

Gaadi

In May 2015, the Indian motoring website known arsenic Gaadi had 4.3 cardinal records exposed successful a information breach. The information contained usernames, email and IP addresses, genders, the metropolis of users arsenic good arsenic passwords stored successful some plain substance and arsenic MD5 hashes. The tract was antecedently reported arsenic compromised connected the Vigilante.pw breached database directory.

Breach date: 14 May 2015
Date added to HIBP: 1 July 2018
Compromised accounts: 4,261,179
Compromised data: Email addresses, Genders, Geographic locations, IP addresses, Names, Passwords, Phone numbers, Usernames
Permalink


Gab logo

Gab

In February 2021, the alt-tech societal web work Gab suffered a information breach. The incidental exposed astir 70GB of information including 4M idiosyncratic accounts, a tiny fig of backstage chat logs and a database of nationalist groups and nationalist posts made to the service. Only a tiny fig of accounts included email addresses and / oregon passwords stored arsenic bcrypt hashes with a full of 66.5k unsocial email addresses being exposed crossed the corpus of data.

Breach date: 26 February 2021
Date added to HIBP: 3 March 2021
Compromised accounts: 66,521
Compromised data: Avatars, Email addresses, Names, Passwords, Private messages, Usernames
Permalink


Gamerzplanet logo

Gamerzplanet

In astir October 2015, the online gaming forum known arsenic Gamerzplanet was hacked and much than 1.2M accounts were exposed. The vBulletin forum included IP addresses and passwords stored arsenic salted hashes utilizing a anemic implementation enabling galore to beryllium rapidly cracked.

Breach date: 23 October 2015
Date added to HIBP: 5 February 2016
Compromised accounts: 1,217,166
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


GameSalad logo

GameSalad

In February 2019, the acquisition and crippled instauration website Game Salad suffered a information breach. The incidental impacted 1.5M accounts and exposed email addresses, usernames, IP addresses and passwords stored arsenic SHA-256 hashes. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".

Breach date: 24 February 2019
Date added to HIBP: 21 July 2019
Compromised accounts: 1,506,242
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


GameTuts logo

GameTuts

Likely successful aboriginal 2015, the video crippled website GameTuts suffered a information breach and implicit 2 cardinal idiosyncratic accounts were exposed. The tract aboriginal shut down successful July 2016 but was identified arsenic having been hosted connected a vBulletin forum. The exposed information included usernames, email and IP addresses and salted MD5 hashes.

Breach date: 1 March 2015
Date added to HIBP: 23 September 2016
Compromised accounts: 2,064,274
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


Gamigo logo

Gamigo

In March 2012, the German online crippled steadfast Gamigo was hacked and much than 8 cardinal accounts publically leaked. The breach included email addresses and passwords stored arsenic anemic MD5 hashes with nary salt.

Breach date: 1 March 2012
Date added to HIBP: 18 January 2016
Compromised accounts: 8,243,604
Compromised data: Email addresses, Passwords
Permalink


GateHub logo

GateHub

In October 2019, 1.4M accounts from the cryptocurrency wallet work GateHub were posted to a fashionable hacking forum. GateHub had previously acknowledged a information breach successful June, albeit with a smaller fig of impacted accounts. Data from the breach included email addresses, mnemonic phrases, encrypted maestro keys, encrypted betterment keys and passwords stored arsenic bcrypt hashes.

Breach date: 4 June 2019
Date added to HIBP: 20 November 2019
Compromised accounts: 1,408,078
Compromised data: Email addresses, Encrypted keys, Mnemonic phrases, Passwords
Permalink


Gawker logo

Gawker

In December 2010, Gawker was attacked by the hacker corporate "Gnosis" successful retaliation for what was reported to beryllium a feud betwixt Gawker and 4Chan. Information astir Gawkers 1.3M users was published on with the information from Gawker's different web presences including Gizmodo and Lifehacker. Due to the prevalence of password reuse, galore victims of the breach then had their Twitter accounts compromised to nonstop Acai berry spam.

Breach date: 11 December 2010
Date added to HIBP: 4 December 2013
Compromised accounts: 1,247,574
Compromised data: Email addresses, Passwords, Usernames
Permalink


Ge.tt logo

Ge.tt

In May 2017, the record sharing level Ge.tt suffered a information breach. The information was subsequently enactment up for merchantability connected a acheronian web marketplace successful February 2019 alongside a raft of different breaches. The Ge.tt breach included names, societal media illustration identifiers, SHA256 password hashes and astir 2.5M unsocial email addresses. The information was provided to HIBP by a root who requested it beryllium attributed to BreachDirectory.

Breach date: 4 May 2017
Date added to HIBP: 16 February 2021
Compromised accounts: 2,481,121
Compromised data: Email addresses, Names, Passwords, Social media profiles
Permalink


GeekedIn logo

GeekedIn

In August 2016, the exertion recruitment tract GeekedIn near a MongoDB database exposed and implicit 8M records were extracted by an chartless 3rd party. The breached information was primitively scraped from GitHub successful usurpation of their presumption of usage and contained accusation exposed successful nationalist profiles, including implicit 1 cardinal members' email addresses. Full details connected the incidental (including however impacted members tin spot their leaked data) are covered successful the blog station connected 8 cardinal GitHub profiles were leaked from GeekedIn's MongoDB - here's however to spot yours.

Breach date: 15 August 2016
Date added to HIBP: 17 November 2016
Compromised accounts: 1,073,164
Compromised data: Email addresses, Geographic locations, Names, Professional skills, Usernames, Years of nonrecreational experience
Permalink


GeniusU logo

GeniusU

In November 2020, a postulation of information breaches were made nationalist including the "Entrepreneur Success Platform", GeniusU. Dating backmost to the erstwhile month, the information included 1.3M names, email and IP addresses, genders, links to societal media profiles and passwords stored arsenic bcrypt hashes. The information was provided to HIBP by dehashed.com.

Breach date: 2 October 2020
Date added to HIBP: 8 January 2021
Compromised accounts: 1,301,460
Compromised data: Email addresses, Genders, IP addresses, Names, Passwords, Social media profiles
Permalink


GFAN logo

GFAN

In October 2016, information surfaced that was allegedly obtained from the Chinese website known arsenic GFAN and contained 22.5M accounts. Whilst determination is grounds that the information is legitimate, owed to the trouble of emphatically verifying the Chinese breach it has been flagged arsenic "unverified". The information successful the breach contains email and IP addresses, idiosyncratic names and salted and hashed passwords. Read much astir Chinese information breaches successful Have I Been Pwned.

Breach date: 10 October 2016
Date added to HIBP: 10 October 2016
Compromised accounts: 22,526,334
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


Glofox logo

Glofox

In March 2020, the Irish gym absorption bundle institution Glofox suffered a information breach which exposed 2.3M rank records. The information included email addresses, names, telephone numbers, genders, dates of commencement and passwords stored arsenic unsalted MD5 hashes.

Breach date: 27 March 2020
Date added to HIBP: 10 January 2021
Compromised accounts: 2,330,735
Compromised data: Dates of birth, Email addresses, Genders, Names, Passwords, Phone numbers
Permalink


Go Games logo

Go Games

In astir October 2015, the manga website Go Games suffered a information breach. The exposed information included 3.4M lawsuit records including email and IP addresses, usernames and passwords stored arsenic salted MD5 hashes. Go Games did not respond erstwhile contacted astir the incident. The information was provided to HIBP by dehashed.com.

Breach date: 24 October 2015
Date added to HIBP: 11 January 2020
Compromised accounts: 3,430,083
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


GoldSilver logo

GoldSilver

In October 2018, the bullion acquisition and trader services tract GoldSilver suffered a information breach that exposed 243k unsocial email addresses spanning customers and mailing database subscribers. An extended magnitude of idiosyncratic accusation connected customers was obtained including names, addresses, telephone numbers, purchases and passwords and answers to information questions stored arsenic MD5 hashes. In a tiny fig of cases, passport, societal information numbers and partial recognition paper information was besides exposed. The information breach and root codification belonging to GoldSilver was publically posted connected a acheronian web work wherever it remained months later. When notified astir the incident, GoldSilver advised that "all affected customers person been straight notified".

Breach date: 21 October 2018
Date added to HIBP: 27 December 2018
Compromised accounts: 242,715
Compromised data: Bank relationship numbers, Email addresses, IP addresses, Names, Partial recognition paper data, Passport numbers, Phone numbers, Physical addresses, Purchases, Security questions and answers, Social information numbers
Permalink


gPotato logo

gPotato

In July 2007, the multiplayer crippled portal known arsenic gPotato (link to archive of the tract astatine that time) suffered a information breach and implicit 2 cardinal idiosyncratic accounts were exposed. The tract aboriginal merged into the Webzen portal wherever the archetypal accounts inactive beryllium today. The exposed information included usernames, email and IP addresses, MD5 hashes and idiosyncratic attributes specified arsenic gender, commencement date, carnal code and information questions and answers stored successful plain text.

Breach date: 12 July 2007
Date added to HIBP: 24 September 2016
Compromised accounts: 2,136,520
Compromised data: Dates of birth, Email addresses, Genders, IP addresses, Names, Passwords, Physical addresses, Security questions and answers, Usernames, Website activity
Permalink


GPS Underground logo


GTAGaming logo

GTAGaming

In August 2016, the Grand Theft Auto forum GTAGaming was hacked and astir 200k idiosyncratic accounts were leaked. The vBulletin based forum included usernames, email addresses and password hashes.

Breach date: 1 August 2016
Date added to HIBP: 23 August 2016
Compromised accounts: 197,184
Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames, Website activity
Permalink


Guns and Robots logo

Guns and Robots

In astir April 2016, the gaming website Guns and Robots suffered a information breach resulting successful the vulnerability of 143k unsocial records. The information contained email and IP addresses, usernames and SHA-1 password hashes. The tract was antecedently reported arsenic compromised connected the Vigilante.pw breached database directory.

Breach date: 1 April 2016
Date added to HIBP: 14 February 2018
Compromised accounts: 143,569
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


Guntrader logo

Guntrader

In July 2021, the United Kingdom based website Guntrader suffered a information breach that exposed 112k unsocial email addresses. Extensive idiosyncratic accusation was besides exposed including names, telephone numbers, geolocation data, IP addresses and assorted carnal code attributes (cities for each users, implicit addresses for some). Passwords stored arsenic bcrypt hashes were besides exposed.

Breach date: 17 July 2021
Date added to HIBP: 21 July 2021
Compromised accounts: 112,031
Compromised data: Browser idiosyncratic cause details, Email addresses, Geographic locations, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Salutations
Permalink


hackforums.net logo

hackforums.net

In June 2011, the hacktivist radical known arsenic "LulzSec" leaked one last ample information breach they titled "50 days of lulz". The compromised information came from sources specified arsenic AT&T, Battlefield Heroes and the hackforums.net website. The leaked Hack Forums information included credentials and idiosyncratic accusation of astir 200,000 registered forum users.

Breach date: 25 June 2011
Date added to HIBP: 11 May 2014
Compromised accounts: 191,540
Compromised data: Dates of birth, Email addresses, Instant messenger identities, IP addresses, Passwords, Social connections, Spoken languages, Time zones, User website URLs, Usernames, Website activity
Permalink


Hacking Team logo

Hacking Team

In July 2015, the Italian information steadfast Hacking Team suffered a large information breach that resulted successful implicit 400GB of their information being posted online via a torrent. The information searchable connected "Have I Been Pwned?" is from 189GB worthy of PST message folders successful the dump. The contents of the PST files is searchable connected Wikileaks.

Breach date: 6 July 2015
Date added to HIBP: 12 July 2015
Compromised accounts: 32,310
Compromised data: Email addresses, Email messages
Permalink


HauteLook logo

HauteLook

In mid-2018, the manner buying tract HauteLook was among a raft of sites that were breached and their information past sold successful early-2019. The information included implicit 28 cardinal unsocial email addresses alongside names, genders, dates of commencement and passwords stored arsenic bcrypt hashes. The information was provided to HIBP by dehashed.com.

Breach date: 7 August 2018
Date added to HIBP: 21 March 2019
Compromised accounts: 28,510,459
Compromised data: Dates of birth, Email addresses, Genders, Geographic locations, Names, Passwords
Permalink


Havenly logo

Havenly

In June 2020, the interior plan website Havenly suffered a information breach which impacted astir 1.4 cardinal members of the service. The exposed information included email addresses, names, telephone numbers, geographic locations and passwords stored arsenic SHA-1 hashes, each of which was subsequently shared extensively passim online hacking communities. The information was provided to HIBP by dehashed.com.

Breach date: 25 June 2020
Date added to HIBP: 1 August 2020
Compromised accounts: 1,369,180
Compromised data: Email addresses, Geographic locations, Names, Passwords, Phone numbers
Permalink


Health Now Networks logo

Health Now Networks

In March 2017, the telemarketing work Health Now Networks near a database containing hundreds of thousands of aesculapian records exposed. There were implicit 900,000 records successful full containing important volumes of idiosyncratic accusation including names, dates of birth, assorted aesculapian conditions and relation notes connected the individuals' health. The information included implicit 320k unsocial email addresses.

Breach date: 25 March 2017
Date added to HIBP: 7 April 2017
Compromised accounts: 321,920
Compromised data: Dates of birth, Email addresses, Genders, Health security information, IP addresses, Names, Personal wellness data, Phone numbers, Physical addresses, Security questions and answers, Social connections
Permalink


Hemmakväll logo

Hemmakväll

In July 2015, the Swedish video store concatenation Hemmakväll was hacked and astir 50k records dumped publicly. The disclosed information included assorted attributes of their customers including email and carnal addresses, names and telephone numbers. Passwords were besides leaked, stored with a anemic MD5 hashing algorithm.

Breach date: 8 July 2015
Date added to HIBP: 9 July 2015
Compromised accounts: 47,297
Compromised data: Email addresses, Names, Passwords, Phone numbers, Physical addresses
Permalink


hemmelig.com logo

hemmelig.com

In December 2011, Norway's largest online enactment store hemmelig.com was hacked by a corporate calling themselves "Team Appunity". The onslaught exposed implicit 28,000 usernames and email addresses on with nicknames, gender, twelvemonth of commencement and unsalted MD5 password hashes.

Breach date: 21 December 2011
Date added to HIBP: 25 March 2014
Compromised accounts: 28,641
Compromised data: Email addresses, Genders, Nicknames, Partial dates of birth, Passwords, Usernames
Permalink


Heroes of Gaia logo

Heroes of Gaia

In aboriginal 2013, the online phantasy multiplayer crippled Heroes of Gaia suffered a information breach. The newest records successful the information acceptable bespeak a breach day of 4 January 2013 and see usernames, IP and email addresses but nary passwords.

Breach date: 4 January 2013
Date added to HIBP: 7 November 2016
Compromised accounts: 179,967
Compromised data: Browser idiosyncratic cause details, Email addresses, IP addresses, Usernames, Website activity
Permalink


Heroes of Newerth logo

Heroes of Newerth

In December 2012, the multiplayer online conflict arena crippled known arsenic Heroes of Newerth was hacked and implicit 8 cardinal accounts extracted from the system. The compromised information included usernames, email addresses and passwords.

Breach date: 17 December 2012
Date added to HIBP: 24 January 2016
Compromised accounts: 8,089,103
Compromised data: Email addresses, Passwords, Usernames
Permalink


HiAPK logo

HiAPK

In astir 2014, it's alleged that the Chinese Android store known arsenic HIAPK suffered a information breach that impacted 13.8 cardinal unsocial subscribers. Whilst determination is grounds that the information is legitimate, owed to the trouble of emphatically verifying the Chinese breach it has been flagged arsenic "unverified". The information successful the breach contains usernames, email addresses and salted MD5 password hashes and was provided to HIBP by achromatic chapeau information researcher and information expert Adam Davies. Read much astir Chinese information breaches successful Have I Been Pwned.

Breach date: 1 January 2014
Date added to HIBP: 1 April 2018
Compromised accounts: 13,873,674
Compromised data: Email addresses, Passwords, Usernames
Permalink


HLTV logo

HLTV

In June 2016, the "home of competitory Counter Strike" website HLTV was hacked and 611k accounts were exposed. The onslaught led to the vulnerability of names, usernames, email addresses and bcrypt hashes of passwords.

Breach date: 19 June 2016
Date added to HIBP: 22 March 2017
Compromised accounts: 611,070
Compromised data: Email addresses, Names, Passwords, Usernames, Website activity
Permalink


Home Chef logo

Home Chef

In aboriginal 2020, the nutrient transportation work Home Chef suffered a information breach which was subsequently sold online. The breach exposed the idiosyncratic accusation of astir 9 cardinal customers including names, IP addresses, station codes, the past 4 digits of recognition paper numbers and passwords stored arsenic bcrypt hashes. The information was provided to HIBP by dehashed.com.

Breach date: 10 February 2020
Date added to HIBP: 13 November 2020
Compromised accounts: 8,815,692
Compromised data: Email addresses, Geographic locations, IP addresses, Names, Partial recognition paper data, Passwords, Phone numbers
Permalink


HongFire logo

HongFire

In March 2015, the anime and manga forum HongFire suffered a information breach. The hack of their vBulletin forum led to the vulnerability of 1 cardinal accounts on with email and IP addresses, usernames, dates of commencement and salted MD5 passwords.

Breach date: 1 March 2015
Date added to HIBP: 5 February 2017
Compromised accounts: 999,991
Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames
Permalink


Hookers.nl logo

Hookers.nl

In October 2019, the Dutch prostitution forum Hookers.nl suffered a information breach which exposed the idiosyncratic accusation of enactment workers and their customers. The IP and email addresses, usernames and either bcrypt oregon salted MD5 password hashes of 291k members were accessed via an unpatched vulnerability successful the vBulletin forum software.

Breach date: 10 October 2019
Date added to HIBP: 23 October 2019
Compromised accounts: 290,955
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


HoundDawgs logo

HoundDawgs

In December 2017, the Danish torrent tracker known arsenic HoundDawgs suffered a information breach. More than 55GB of information was dumped publically and whilst there was initially contention arsenic to the severity of the incident, the information did so incorporate much than 45k unsocial email addresses implicit extended logs of torrenting activity, IP addresses and SHA1 passwords.

Breach date: 30 December 2017
Date added to HIBP: 3 January 2018
Compromised accounts: 45,701
Compromised data: Email addresses, IP addresses, Passwords, Website activity
Permalink


Houzz logo

Houzz

In mid-2018, the lodging plan website Houzz suffered a information breach. The institution learned of the incidental aboriginal that twelvemonth past disclosed it to impacted members successful February 2019. Almost 49 cardinal unsocial email addresses were successful the breach alongside names, IP addresses, geographic locations and either salted hashes of passwords oregon links to societal media profiles utilized to authenticate to the service. The information was provided to HIBP by dehashed.com.

Breach date: 23 May 2018
Date added to HIBP: 12 March 2019
Compromised accounts: 48,881,308
Compromised data: Email addresses, Geographic locations, IP addresses, Names, Passwords, Social media profiles, Usernames
Permalink


HTC Mania logo

HTC Mania

In January 2020, the Spanish mobile telephone forum HTC Mania suffered a information breach of the vBulletin based site. The incidental exposed 1.5M subordinate email addresses, usernames, IP addresses, dates of commencement and salted MD5 password hashes and password histories. Data from the breach was subsequently redistributed connected fashionable hacking websites.

Breach date: 4 January 2020
Date added to HIBP: 6 April 2020
Compromised accounts: 1,488,089
Compromised data: Dates of birth, Email addresses, Historical passwords, IP addresses, Passwords, Usernames
Permalink


HTH Studios logo

HTH Studios

In August 2018, the big furry interactive crippled creator HTH Studios suffered a information breach impacting aggregate repositories of lawsuit data. Several months later, the information surfaced connected a fashionable hacking forum and included 411k unsocial email addresses on with carnal and IP addresses, names, orders, salted SHA-1 and salted MD5 hashes. HTH Studios is alert of the incident.

Breach date: 24 August 2018
Date added to HIBP: 20 November 2018
Compromised accounts: 411,755
Compromised data: Browser idiosyncratic cause details, Dates of birth, Email addresses, IP addresses, Names, Phone numbers, Physical addresses, Purchases, Usernames
Permalink


Hub4Tech logo

Hub4Tech

On an chartless day successful astir 2017, the Indian grooming and appraisal work known arsenic Hub4Tech suffered a information breach via a SQL injection attack. The incidental exposed astir 37k unsocial email addresses and passwords stored arsenic unsalted MD5 hashes. No effect was received from Hub4Tech erstwhile contacted astir the incident.

Breach date: 1 January 2017
Date added to HIBP: 9 December 2018
Compromised accounts: 36,916
Compromised data: Email addresses, Passwords
Permalink


Hurb logo

Hurb

In astir March 2019, the online Brazilian question bureau Hurb (formerly Hotel Urbano) suffered a information breach. The information subsequently appeared online for download the pursuing twelvemonth and included implicit 20 cardinal lawsuit records with email and IP addresses, names, dates of birth, telephone numbers and passwords stored arsenic unsalted MD5 hashes. The information was provided to HIBP by dehashed.com.

Breach date: 14 March 2019
Date added to HIBP: 27 July 2020
Compromised accounts: 20,727,771
Compromised data: Dates of birth, Email addresses, IP addresses, Names, Passwords, Phone numbers, Social media profiles
Permalink


i-Dressup logo

i-Dressup

In June 2016, the teen societal tract known arsenic i-Dressup was hacked and implicit 2 cardinal idiosyncratic accounts were exposed. At the clip the hack was reported, the i-Dressup operators were not contactable and the underlying SQL injection flaw remained open, allegedly exposing a full of 5.5 cardinal accounts. The breach included email addresses and passwords stored successful plain text.

Breach date: 15 July 2016
Date added to HIBP: 26 September 2016
Compromised accounts: 2,191,565
Compromised data: Email addresses, Passwords
Permalink


IIMJobs logo

IIMJobs

In December 2018, the Indian occupation portal IIMJobs suffered a information breach that exposed 4.1 cardinal unsocial email addresses. The information besides included names, telephone numbers, geographic locations, dates of birth, occupation titles, occupation applications and screen letters positive passwords stored arsenic unsalted MD5 hashes. The information was provided to HIBP by dehashed.com.

Breach date: 31 December 2018
Date added to HIBP: 21 May 2021
Compromised accounts: 4,216,063
Compromised data: Dates of birth, Email addresses, Geographic locations, IP addresses, Job applications, Job titles, Names, Passwords, Phone numbers
Permalink


ILikeCheats logo

ILikeCheats

In October 2014, the crippled cheats website known arsenic ILikeCheats suffered a information breach that exposed 189k accounts. The vBulletin based forum leaked usernames, IP and email addresses and anemic MD5 hashes of passwords. The information was provided with enactment from dehashed.com.

Breach date: 18 October 2014
Date added to HIBP: 22 April 2018
Compromised accounts: 188,847
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


Imavex logo

Imavex

In August 2021, the website improvement institution Imavex suffered a information breach that exposed 878 1000 unsocial email addresses. The information included idiosyncratic records containing names, usernames and password worldly with immoderate records besides containing genders and partial recognition paper data, including the past 4 digits of the paper and expiry date. Hundreds of thousands of signifier submissions and orders via Imavex customers were besides exposed and contained further idiosyncratic accusation of submitters and the contents of the form.

Breach date: 20 August 2021
Date added to HIBP: 26 August 2021
Compromised accounts: 878,209
Compromised data: Email addresses, Genders, Names, Partial recognition paper data, Passwords, Phone numbers, Physical addresses, Purchases, Usernames
Permalink


iMesh logo

iMesh

In September 2013, the media and record sharing lawsuit known arsenic iMesh was hacked and astir 50M accounts were exposed. The information was aboriginal enactment up for merchantability connected a acheronian marketplace website successful mid-2016 and included email and IP addresses, usernames and salted MD5 hashes.

Breach date: 22 September 2013
Date added to HIBP: 2 July 2016
Compromised accounts: 49,467,477
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


imgur logo

imgur

In September 2013, the online representation sharing assemblage imgur suffered a information breach. A enactment of the information containing 1.7 cardinal email addresses and passwords surfaced much than 4 years aboriginal successful November 2017. Although imgur stored passwords arsenic SHA-256 hashes, the information successful the breach contained plain substance passwords suggesting that galore of the archetypal hashes had been cracked. imgur advises that they rolled implicit to bcrypt hashes successful 2016.

Breach date: 1 September 2013
Date added to HIBP: 25 November 2017
Compromised accounts: 1,749,806
Compromised data: Email addresses, Passwords
Permalink


IndiaMART logo

IndiaMART

In August 2021, 38 cardinal records from Indian e-commerce institution IndiaMART were recovered being traded connected a fashionable hacking forum. Dated respective months earlier, the information included implicit 20 cardinal unsocial email addresses alongside names, telephone numbers and carnal addresses. It's unclear whether IndiaMART intentionally exposed the information attributes arsenic portion of the intended plan of the level oregon whether the information was obtained by exploiting a vulnerability successful the service.

Breach date: 23 May 2021
Date added to HIBP: 27 August 2021
Compromised accounts: 20,154,583
Compromised data: Email addresses, Names, Phone numbers, Physical addresses
Permalink


Indian Railways logo


Insanelyi logo

Insanelyi

In July 2014, the iOS forum Insanelyi was hacked by an attacker known arsenic Kim Jong-Cracks. A fashionable root of accusation for users of jailbroken iOS devices moving Cydia, the Insanelyi breach disclosed implicit 104k users' emails addresses, idiosyncratic names and weakly hashed passwords (salted MD5).

Breach date: 22 July 2014
Date added to HIBP: 22 July 2014
Compromised accounts: 104,097
Compromised data: Email addresses, Passwords, Usernames, Website activity
Permalink


Intelimost logo


InterPals logo

InterPals

In precocious 2015, the online penpal tract InterPals had their website hacked and 3.4 cardinal accounts exposed. The compromised information included email addresses, geographical locations, birthdates and salted hashes of passwords.

Breach date: 4 November 2015
Date added to HIBP: 30 August 2016
Compromised accounts: 3,439,414
Compromised data: Dates of birth, Email addresses, Geographic locations, Names, Passwords, Usernames
Permalink


iPmart logo

iPmart

During 2015, the iPmart forum (now known arsenic Mobi NUKE) was hacked and implicit 2 cardinal forum members' details were exposed. The vBulletin forum included IP addresses, commencement dates and passwords stored arsenic salted hashes utilizing a anemic implementation enabling galore to beryllium rapidly cracked. A further 368k accounts were added to "Have I Been Pwned" successful March 2016 bringing the full to implicit 2.4M.

Breach date: 1 July 2015
Date added to HIBP: 23 February 2016
Compromised accounts: 2,460,787
Compromised data: Dates of birth, Email addresses, Passwords, Usernames
Permalink


ixigo logo

ixigo

In January 2019, the question and edifice booking tract ixigo suffered a information breach. The information appeared for merchantability connected a acheronian web marketplace the pursuing period and included implicit 17M unsocial email addresses alongside names, genders, telephone numbers, connections to Facebook profiles and passwords stored arsenic MD5 hashes. The information was provided to HIBP by a root who requested it to beryllium attributed to "[email protected]".

Breach date: 3 January 2019
Date added to HIBP: 17 March 2019
Compromised accounts: 17,204,697
Compromised data: Auth tokens, Device information, Email addresses, Genders, Names, Passwords, Phone numbers, Salutations, Social media profiles, Usernames
Permalink


James logo

James

In June 2020, 14 antecedently undisclosed information breaches appeared for sale including the Brazilian transportation service, "James". The breach occurred successful March 2020 and exposed 1.5M unsocial email addresses, lawsuit locations expressed successful longitude and latitude and passwords stored arsenic bcrypt hashes. The information was provided to HIBP by dehashed.com.

Breach date: 25 March 2020
Date added to HIBP: 5 November 2020
Compromised accounts: 1,541,284
Compromised data: Email addresses, Geographic locations, Passwords
Permalink


JD logo

JD

In 2013 (exact day unknown), the Chinese e-commerce work JD suffered a information breach that exposed 13GB of information containing 77 cardinal unsocial email addresses. The information besides included usernames, telephone numbers and passwords stored arsenic SHA-1 hashes. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".

Breach date: 1 January 2013
Date added to HIBP: 2 June 2021
Compromised accounts: 77,449,341
Compromised data: Email addresses, Passwords, Phone numbers, Usernames
Permalink


Jefit logo

Jefit

In August 2020, the workout tracking app Jefit suffered a information breach. The information was subsequently sold wrong the hacking assemblage and included implicit 9 cardinal email and IP addresses, usernames and passwords stored arsenic either vBulletin oregon argon2 hashes. Several cardinal cracked passwords aboriginal appeared successful wide circulation.

Breach date: 11 August 2020
Date added to HIBP: 27 April 2021
Compromised accounts: 9,052,457
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


Jobandtalent logo


JobStreet logo

JobStreet

In October 2017, the Malaysian website lowyat.net ran a communicative connected a monolithic acceptable of breached information affecting millions of Malaysians aft idiosyncratic posted it for merchantability connected their forums. The information spanned aggregate abstracted breaches including the JobStreet jobs website which contained astir 4 cardinal unsocial email addresses. The dates successful the breach bespeak the incidental occurred successful March 2012. The information aboriginal appeared freely downloadable connected a Tor hidden work and contained extended accusation connected occupation seekers including names, genders, commencement dates, telephone numbers, carnal addresses and passwords.

Breach date: 7 March 2012
Date added to HIBP: 30 October 2017
Compromised accounts: 3,883,455
Compromised data: Dates of birth, Email addresses, Genders, Geographic locations, Government issued IDs, Marital statuses, Names, Nationalities, Passwords, Phone numbers, Physical addresses, Usernames
Permalink


JoomlArt logo

JoomlArt

In January 2018, the Joomla template website JoomlArt inadvertently exposed much than 22k unsocial lawsuit records successful a Jira ticket. The exposed information was from iJoomla and JomSocial, some services that JoomlArt acquired the erstwhile year. The information included usernames, email addresses, purchases and passwords stored arsenic MD5 hashes. When contacted, JoomlArt advised they were alert of the incidental and had antecedently notified impacted parties.

Breach date: 30 January 2018
Date added to HIBP: 1 November 2018
Compromised accounts: 22,477
Compromised data: Email addresses, Names, Passwords, Payment histories, Usernames
Permalink


Justdate.com logo

Justdate.com

An alleged breach of the dating website Justdate.com began circulating successful astir September 2016. Comprised of implicit 24 cardinal records, the information contained assorted idiosyncratic attributes specified arsenic email addresses, dates of commencement and carnal locations. However, upon verification with HIBP subscribers, lone a fraction of the information was recovered to beryllium close and nary relationship owners recalled utilizing the Justdate.com service. This breach has consequently been flagged arsenic fabricated; it's highly improbable the information was sourced from Justdate.com.

Breach date: 29 September 2016
Date added to HIBP: 7 February 2017
Compromised accounts: 24,451,312
Compromised data: Dates of birth, Email addresses, Geographic locations, Names
Permalink


Kayo.moe Credential Stuffing List logo

Kayo.moe Credential Stuffing List

In September 2018, a postulation of astir 42 cardinal email code and plain substance password pairs was uploaded to the anonymous record sharing work kayo.moe. The relation of the work contacted HIBP to study the information which, upon further investigation, turned retired to beryllium a ample credential stuffing list. For much information, work astir The 42M Record kayo.moe Credential Stuffing Data.

Breach date: 11 September 2018
Date added to HIBP: 13 September 2018
Compromised accounts: 41,826,763
Compromised data: Email addresses, Passwords
Permalink


Kickstarter logo

Kickstarter

In February 2014, the crowdfunding level Kickstarter announced they'd suffered a information breach. The breach contained astir 5.2 cardinal unsocial email addresses, usernames and salted SHA1 hashes of passwords.

Breach date: 16 February 2014
Date added to HIBP: 6 October 2017
Compromised accounts: 5,176,463
Compromised data: Email addresses, Passwords
Permalink


Kimsufi logo

Kimsufi

In mid-2015, the forum for the providers of affordable dedicated servers known arsenic Kimsufi suffered a information breach. The vBulletin forum contained implicit fractional a cardinal accounts including usernames, email and IP addresses and passwords stored arsenic salted MD5 hashes.

Breach date: 1 May 2015
Date added to HIBP: 27 December 2016
Compromised accounts: 504,565
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


KiwiFarms logo

KiwiFarms

In September 2019, the forum for discussing "lolcows" (people who tin beryllium milked for laughs) Kiwi Farms suffered a information breach. The disclosure announcement advised that email and IP addresses, dates of commencement and contented created by members were each exposed successful the incident.

Breach date: 10 September 2019
Date added to HIBP: 17 September 2019
Compromised accounts: 4,606
Compromised data: Avatars, Dates of birth, Email addresses, IP addresses, Website activity
Permalink


KM.RU logo

KM.RU

In February 2016, the Russian portal and email work KM.RU was the people of an onslaught which was consequently detailed connected Reddit. Allegedly protesting "the overseas argumentation of Russia successful regards to Ukraine", KM.RU was 1 of respective Russian sites successful the breach and impacted astir 1.5M accounts including delicate idiosyncratic information.

Breach date: 29 February 2016
Date added to HIBP: 3 March 2016
Compromised accounts: 1,476,783
Compromised data: Dates of birth, Email addresses, Genders, Geographic locations, Recovery email addresses, Security questions and answers, Usernames
Permalink


KnownCircle logo

KnownCircle

In astir April 2016, the "marketing automation for agents and nonrecreational work providers" institution KnownCircle had a ample measurement of information obtained by an outer party. The information belonging to the present defunct work appeared successful JSON format and contained gigabytes of information related to the existent property and security sectors. The idiosyncratic information successful the breach appears to person chiefly been utilized for selling purposes, including logs of emails sent and tracking of acquisition cards. A tiny fig of passwords for KnownCircle unit were besides contiguous and were stored arsenic bcrypt hashes.

Breach date: 12 April 2016
Date added to HIBP: 17 November 2018
Compromised accounts: 1,957,600
Compromised data: Email addresses, Email messages, Genders, Names, Passwords, Phone numbers, Physical addresses
Permalink


Knuddels logo

Knuddels

In September 2018, the German societal media website Knuddels suffered a information breach. The incidental exposed 808k unsocial email addresses alongside usernames, existent names, the metropolis of the idiosyncratic and their password successful plain text. Knuddels was subsequently fined €20k for the breach.

Breach date: 5 September 2018
Date added to HIBP: 8 April 2019
Compromised accounts: 808,330
Compromised data: Email addresses, Geographic locations, Names, Passwords, Usernames
Permalink


Kreditplus logo

Kreditplus

In June 2020, the Indonesian recognition work Kreditplus suffered a information breach which exposed 896k records containing 769k unsocial email addresses. The breach exposed extended idiosyncratic accusation including names, household makeup, accusation connected spouses, income and expenses, religions and employment information. The information was provided to HIBP by breachbase.pw.

Breach date: 23 June 2020
Date added to HIBP: 3 August 2020
Compromised accounts: 768,890
Compromised data: Dates of birth, Email addresses, Employers, Family structure, Genders, Income levels, Living costs, Marital statuses, Mothers maiden names, Names, Phone numbers, Physical addresses, Places of birth, Religions, Spouses names
Permalink


Lanwar logo

Lanwar

In July 2018, unit of the Lanwar gaming site discovered a information breach they judge dates backmost to sometime implicit the erstwhile respective months. The information contained 45k names, email addresses, usernames and plain substance passwords. A Lanwar unit subordinate self-submitted the breach to HIBP and has besides contacted the applicable authorities astir the incidental aft identifying a phishing effort to extort Bitcoin from a user.

Breach date: 28 July 2018
Date added to HIBP: 8 August 2018
Compromised accounts: 45,120
Compromised data: Email addresses, Names, Passwords, Physical addresses, Usernames
Permalink


Last.fm logo

Last.fm

In March 2012, the euphony website Last.fm was hacked and 43 cardinal idiosyncratic accounts were exposed. Whilst Last.fm knew of an incidental backmost successful 2012, the standard of the hack was not known until the information was released publically successful September 2016. The breach included 37 cardinal unsocial email addresses, usernames and passwords stored arsenic unsalted MD5 hashes.

Breach date: 22 March 2012
Date added to HIBP: 20 September 2016
Compromised accounts: 37,217,682
Compromised data: Email addresses, Passwords, Usernames, Website activity
Permalink


Lazada RedMart logo

Lazada RedMart

In October 2020, news broke of Lazada RedMart information breach containing records arsenic caller arsenic July 2020 and being sold via an online marketplace. In all, the information contained 1.1 cardinal lawsuit email addresses alongside names, telephone numbers, carnal addresses, partial recognition paper numbers and passwords stored arsenic SHA-1 hashes.

Breach date: 30 July 2020
Date added to HIBP: 10 November 2020
Compromised accounts: 1,107,789
Compromised data: Email addresses, Names, Partial recognition paper data, Passwords, Phone numbers, Physical addresses
Permalink


Lead Hunter logo

Lead Hunter

In March 2020, a monolithic trove of idiosyncratic accusation referred to arsenic "Lead Hunter" was provided to HIBP aft being recovered near exposed connected a publically facing Elasticsearch server. The information contained 69 cardinal unsocial email addresses crossed 110 cardinal rows of information accompanied by further idiosyncratic accusation including names, telephone numbers, genders and carnal addresses. At the clip of publishing, the breach could not beryllium attributed to those liable for obtaining and exposing it. The information was provided to HIBP by dehashed.com.

Breach date: 4 March 2020
Date added to HIBP: 3 June 2020
Compromised accounts: 68,693,853
Compromised data: Email addresses, Genders, IP addresses, Names, Phone numbers, Physical addresses
Permalink


League of Legends logo

League of Legends

In June 2012, the multiplayer online crippled League of Legends suffered a information breach. At the time, the work had much than 32 cardinal registered accounts and the breach affected assorted idiosyncratic information attributes including "encrypted" passwords. In 2018, a 339k grounds subset of the information emerged with email addresses, usernames and plain substance passwords, apt cracked from the archetypal cryptographically protected ones.

Breach date: 11 June 2012
Date added to HIBP: 28 July 2018
Compromised accounts: 339,487
Compromised data: Email addresses, Passwords, Usernames
Permalink


Ledger logo


Leet logo

Leet

In August 2016, the work for creating and moving Pocket Minecraft variation servers known arsenic Leet was reported arsenic having suffered a information breach that impacted 6 cardinal subscribers. The incidental reported by Softpedia had allegedly taken spot earlier successful the year, though the information acceptable sent to HIBP was dated arsenic precocious arsenic aboriginal September but contained lone 2 cardinal subscribers. The information included usernames, email and IP addresses and SHA512 hashes. A further 3 cardinal accounts were obtained and added to HIBP respective days aft the archetypal information was loaded bringing the full to implicit 5 million.

Breach date: 10 September 2016
Date added to HIBP: 30 September 2016
Compromised accounts: 5,081,689
Compromised data: Email addresses, IP addresses, Passwords, Usernames, Website activity
Permalink


Lifebear logo

Lifebear

In aboriginal 2019, the Japanese docket app Lifebear appeared for merchantability connected a acheronian web marketplace amongst a raft of different hacked websites. The breach exposed astir 3.7M unsocial email addresses, usernames and passwords stored arsenic salted MD5 hashes. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".

Breach date: 28 February 2019
Date added to HIBP: 25 May 2020
Compromised accounts: 3,670,561
Compromised data: Email addresses, Passwords, Usernames
Permalink


Lifeboat logo

Lifeboat

In January 2016, the Minecraft assemblage known arsenic Lifeboat was hacked and much than 7 cardinal accounts leaked. Lifeboat knew of the incidental for 3 months earlier the breach was made nationalist but elected not to counsel customers. The leaked information included usernames, email addresses and passwords stored arsenic consecutive MD5 hashes.

Breach date: 1 January 2016
Date added to HIBP: 25 April 2016
Compromised accounts: 7,089,395
Compromised data: Email addresses, Passwords, Usernames
Permalink


Light's Hope logo

Light's Hope

In June 2018, the World of Warcraft work Light's Hope suffered a information breach which they subsequently self-submitted to HIBP. Over 30K unsocial users were impacted and their exposed information included email addresses, dates of birth, backstage messages and passwords stored arsenic bcrypt hashes.

Breach date: 25 June 2018
Date added to HIBP: 4 July 2018
Compromised accounts: 30,484
Compromised data: Dates of birth, Email addresses, Geographic locations, IP addresses, Passwords, Private messages, Usernames
Permalink


Liker logo

Liker

In March 2021, the self-proclaimed "kinder, smarter societal network" Liker suffered a information breach, allegedly successful retaliation for the Gab information breach and scraping of information from Parler. The tract remained offline aft the breach which exposed 465k email addresses successful summation to names, dates of birth, acquisition levels, backstage messages, information questions and answers successful plain text, passwords stored arsenic bcrypt hashes and different idiosyncratic information attributes. Liker did not respond erstwhile contacted astir the breach.

Breach date: 8 March 2021
Date added to HIBP: 13 March 2021
Compromised accounts: 465,141
Compromised data: Auth tokens, Dates of birth, Education levels, Email addresses, Geographic locations, IP addresses, Names, Passwords, Phone numbers, Private messages, Security questions and answers, Social media profiles, Usernames
Permalink


LinkedIn logo

LinkedIn

In May 2016, LinkedIn had 164 cardinal email addresses and passwords exposed. Originally hacked successful 2012, the information remained retired of show until being offered for merchantability connected a acheronian marketplace tract 4 years later. The passwords successful the breach were stored arsenic SHA1 hashes without salt, the immense bulk of which were rapidly cracked successful the days pursuing the merchandise of the data.

Breach date: 5 May 2012
Date added to HIBP: 21 May 2016
Compromised accounts: 164,611,595
Compromised data: Email addresses, Passwords
Permalink


Linux Forums logo

Linux Forums

In May 2018, the Linux Forums website suffered a information breach which resulted successful the disclosure of 276k unsocial email addresses. Running connected an aged mentation of vBulletin, the breach besides disclosed usernames, IP addresses and salted MD5 password hashes. Linux Forums did not respond to aggregate attempts to interaction them astir the breach.

Breach date: 1 May 2018
Date added to HIBP: 7 June 2018
Compromised accounts: 275,785
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


Linux Mint logo

Linux Mint

In February 2016, the website for the Linux distro known arsenic Linux Mint was hacked and the ISO infected with a backdoor. The tract besides ran a phpBB forum which was subsequently enactment up for merchantability implicit with astir 145k email addresses, passwords and different idiosyncratic subscriber information.

Breach date: 21 February 2016
Date added to HIBP: 22 February 2016
Compromised accounts: 144,989
Compromised data: Avatars, Dates of birth, Email addresses, Geographic locations, IP addresses, Passwords, Time zones, Website activity
Permalink


Little Monsters logo


LiveAuctioneers logo

LiveAuctioneers

In June 2020, the online antiques marketplace LiveAuctioneers suffered a information breach which was subsequently sold online past extensively redistributed successful the hacking community. The information contained 3.4 cardinal records including names, email and IP addresses, carnal addresses, phones numbers and passwords stored arsenic unsalted MD5 hashes. The information was provided to HIBP by breachbase.pw.

Breach date: 19 June 2020
Date added to HIBP: 22 August 2020
Compromised accounts: 3,385,862
Compromised data: Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Usernames
Permalink


LiveJournal logo

LiveJournal

In mid-2019, news broke of an alleged LiveJournal information breach. This followed multiple reports of credential maltreatment against Dreamwidth opening successful 2018, a fork of LiveJournal with a important crossover successful idiosyncratic base. The breach allegedly dates backmost to 2017 and contains 26M unsocial usernames and email addresses (both of which person been confirmed to beryllium connected LiveJournal) alongside plain substance passwords. An archive of the information was subsequently shared connected a fashionable hacking forum successful May 2020 and redistributed broadly. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".

Breach date: 1 January 2017
Date added to HIBP: 26 May 2020
Compromised accounts: 26,372,781
Compromised data: Email addresses, Passwords, Usernames
Permalink


Livpure logo

Livpure

In August 2020, the Indian retailer Livpure suffered a information breach which exposed implicit 1 cardinal lawsuit purchases with 270 1000 unsocial email addresses. The information besides included names, telephone numbers, carnal addresses and details of purchased items. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".

Breach date: 29 August 2020
Date added to HIBP: 22 May 2021
Compromised accounts: 269,552
Compromised data: Email addresses, Names, Phone numbers, Physical addresses, Purchases, Salutations
Permalink


Lizard Squad logo

Lizard Squad

In January 2015, the hacker corporate known arsenic "Lizard Squad" created a DDoS work by the sanction of "Lizard Stresser" which could beryllium procured to equine attacks against online targets. Shortly thereafter, the work suffered a information breach which resulted successful the nationalist disclosure of implicit 13k idiosyncratic accounts including passwords stored successful plain text.

Breach date: 16 January 2015
Date added to HIBP: 18 January 2015
Compromised accounts: 13,451
Compromised data: Email addresses, Passwords, Usernames
Permalink


Lookbook logo

Lookbook

In August 2012, the manner tract Lookbook suffered a information breach. The information aboriginal appeared listed for merchantability successful June 2016 and included 1.1 cardinal usernames, email and IP addresses, commencement dates and plain substance passwords.

Breach date: 24 August 2012
Date added to HIBP: 8 November 2016
Compromised accounts: 1,074,948
Compromised data: Dates of birth, Email addresses, IP addresses, Names, Passwords, Usernames, Website activity
Permalink


Lord of the Rings Online logo

Lord of the Rings Online

In August 2013, the interactive video crippled Lord of the Rings Online suffered a information breach that exposed implicit 1.1M players' accounts. The information was being actively traded connected underground forums and included email addresses, commencement dates and password hashes.

Breach date: 1 August 2013
Date added to HIBP: 12 March 2016
Compromised accounts: 1,141,278
Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames, Website activity
Permalink


Lounge Board logo

Lounge Board

At immoderate constituent successful 2013, 45k accounts were breached from the Lounge Board "General Discussion Forum" and past dumped publicly. Lounge Board was a MyBB forum launched successful 2012 and discontinued successful mid 2013 (the past enactment successful the logs was from August 2013).

Breach date: 1 August 2013
Date added to HIBP: 6 July 2014
Compromised accounts: 45,018
Compromised data: Email addresses, IP addresses, Names, Passwords, Private messages, Usernames, Website activity
Permalink


Lumin PDF logo

Lumin PDF

In April 2019, the PDF absorption work Lumin PDF suffered a information breach. The breach wasn't publically disclosed until September erstwhile 15.5M records of idiosyncratic information appeared for download connected a fashionable hacking forum. The information had been near publically exposed successful a MongoDB lawsuit aft which Lumin PDF was allegedly been "contacted aggregate times, but ignored each the queries". The exposed information included names, email addresses, genders, spoken connection and either a bcrypt password hash oregon Google auth token. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".

Breach date: 1 April 2019
Date added to HIBP: 18 September 2019
Compromised accounts: 15,453,048
Compromised data: Auth tokens, Email addresses, Genders, Names, Passwords, Spoken languages, Usernames
Permalink


Lyrics Mania logo

Lyrics Mania

In December 2017, the opus lyrics website known arsenic Lyrics Mania suffered a information breach. The information successful the breach included 109k usernames, email addresses and plain substance passwords. Numerous attempts were made to interaction Lyrics Mania astir the incident, nevertheless nary responses were received.

Breach date: 21 December 2017
Date added to HIBP: 15 January 2018
Compromised accounts: 109,202
Compromised data: Email addresses, Passwords, Usernames
Permalink


Mac Forums logo

Mac Forums

In July 2016, the self-proclaimed "Ultimate Source For Your Mac" website Mac Forums suffered a information breach. The vBulletin-based strategy exposed implicit 326k usernames, email and IP addresses, dates of commencement and passwords stored arsenic salted MD5 hashes. The information was aboriginal discovered being traded connected a fashionable hacking forum. Mac Forums did not respond erstwhile contacted astir the incidental via their interaction america form.

Breach date: 3 July 2016
Date added to HIBP: 29 October 2018
Compromised accounts: 326,714
Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames
Permalink


Mac-Torrents logo

Mac-Torrents

In October 2015, the torrent tract Mac-Torrents was hacked and astir 94k usernames, email addresses and passwords were leaked. The passwords were hashed with MD5 and nary salt.

Breach date: 31 October 2015
Date added to HIBP: 31 October 2015
Compromised accounts: 93,992
Compromised data: Email addresses, Passwords, Usernames
Permalink


mail.ru Dump logo

mail.ru Dump

In September 2014, respective ample dumps of idiosyncratic accounts appeared connected the Russian Bitcoin Security Forum including 1 with astir 5M email addresses and passwords, predominantly connected the mail.ru domain. Whilst unlikely to beryllium the effect of a nonstop onslaught against mail.ru, the credentials were confirmed by galore arsenic morganatic for different services they had subscribed to. Further information allegedly valid for mail.ru and containing email addresses and plain substance passwords was added successful January 2018 bringing to full to much than 16M records. The incidental was besides past flagged arsenic "unverified", a conception that was introduced aft the archetypal information load successful 2014.

Breach date: 10 September 2014
Date added to HIBP: 12 September 2014
Compromised accounts: 16,630,988
Compromised data: Email addresses, Passwords
Permalink


MajorGeeks logo

MajorGeeks

In November 2015, astir 270k accounts from the MajorGeeks enactment forum were breached. The accounts were being actively sold and traded online and included email addresses, salted password hashes and IP addresses.

Breach date: 15 November 2015
Date added to HIBP: 3 March 2016
Compromised accounts: 269,548
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


MALL.cz logo

MALL.cz

In July 2017, the Czech Republic e-commerce tract MALL.cz suffered a information breach aft which 735k unsocial accounts including email addresses, names, telephone numbers and passwords were aboriginal posted online. Whilst passwords were stored arsenic hashes, a fig of antithetic algorithms of varying spot were utilized implicit time. All passwords included successful the publically distributed information were successful plain substance and were apt conscionable those that had been successfully cracked (members with beardown passwords don't look to beryllium included). According to MALL.cz, the breach lone impacted accounts created earlier 2015.

Breach date: 27 July 2017
Date added to HIBP: 4 September 2017
Compromised accounts: 735,405
Compromised data: Email addresses, Names, Passwords, Phone numbers
Permalink


Malwarebytes logo

Malwarebytes

In November 2014, the Malwarebytes forum was hacked and 111k subordinate records were exposed. The IP.Board forum included email and IP addresses, commencement dates and passwords stored arsenic salted hashes utilizing a anemic implementation enabling galore to beryllium rapidly cracked.

Breach date: 15 November 2014
Date added to HIBP: 9 March 2016
Compromised accounts: 111,623
Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames, Website activity
Permalink


Manga Traders logo

Manga Traders

In June 2014, the Manga trading website Mangatraders.com had the usernames and passwords of implicit 900k users leaked connected the internet (approximately 855k of the emails were unique). The passwords were weakly hashed with a azygous iteration of MD5 leaving them susceptible to being easy cracked.

Breach date: 9 June 2014
Date added to HIBP: 10 June 2014
Compromised accounts: 855,249
Compromised data: Email addresses, Passwords
Permalink


MangaDex logo

MangaDex

In March 2021, the manga instrumentality tract MangaDex suffered a information breach that resulted successful the vulnerability of astir 3 cardinal subscribers. The information included email and IP addresses, usernames and passwords stored arsenic bcrypt hashes. The information was subsequently circulated wrong hacking groups.

Breach date: 22 March 2021
Date added to HIBP: 25 April 2021
Compromised accounts: 2,987,329
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


MangaFox.me logo

MangaFox.me

In astir July 2016, the manga website known arsenic mangafox.me suffered a information breach. The vBulletin based forum exposed 1.3 cardinal accounts including usernames, email and IP addresses, dates of commencement and salted MD5 password hashes.

Breach date: 1 June 2016
Date added to HIBP: 17 March 2018
Compromised accounts: 1,311,610
Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames
Permalink


Mappery logo

Mappery

In December 2018, the mapping website Mappery suffered a information breach that exposed implicit 205k unsocial email addresses. The incidental besides exposed usernames, the geographic determination of the idiosyncratic and passwords stored arsenic unsalted SHA-1 hashes. No effect was received from Mappery erstwhile contacted astir the incident.

Breach date: 11 December 2018
Date added to HIBP: 18 December 2018
Compromised accounts: 205,242
Compromised data: Email addresses, Geographic locations, Passwords, Usernames
Permalink


Mashable logo

Mashable

In astir mid-2020, Mashable suffered a information breach that subsequently turned up publically successful November 2020. The information included 1.4 cardinal unsocial email addresses on with names, genders, expired auth tokens, carnal locations, links to societal media profiles and days and months of birth. The information was provided to HIBP by dehashed.com.

Breach date: 1 June 2020
Date added to HIBP: 10 November 2020
Compromised accounts: 1,414,677
Compromised data: Auth tokens, Email addresses, Genders, Geographic locations, IP addresses, Names, Partial dates of birth, Social media profiles
Permalink


Master Deeds logo

Master Deeds

In March 2017, a 27GB database backup record named "Master Deeds" was sent to HIBP by a protagonist of the project. Upon elaborate investigation aboriginal that year, the record was recovered to incorporate the idiosyncratic information of tens of millions of surviving and deceased South African residents. The information included extended idiosyncratic attributes specified arsenic names, addresses, ethnicities, genders, commencement dates, authorities issued idiosyncratic recognition numbers and 2.2 cardinal email addresses. At the clip of publishing, it's alleged the information was sourced from Dracore Data Sciences (Dracore is yet to publically corroborate oregon contradict the information was sourced from their systems). On 18 October 2017, the record was recovered to person been published to a publically accessible web server wherever it was located astatine the basal of an IP code with directory listing enabled. The record was dated 8 April 2015.

Breach date: 14 March 2017
Date added to HIBP: 18 October 2017
Compromised accounts: 2,257,930
Compromised data: Dates of birth, Deceased statuses, Email addresses, Employers, Ethnicities, Genders, Government issued IDs, Home ownership statuses, Job titles, Names, Nationalities, Phone numbers, Physical addresses
Permalink


Mastercard Priceless Specials logo

Mastercard Priceless Specials

In August 2019, the German Mastercard bonus programme "Priceless Specials" suffered a information breach. Personal information connected astir 90k programme members was subsequently extensively circulated online and included names, email and IP addresses, telephone numbers and partial recognition paper data. Following the incident, the programme was subsequently suspended.

Breach date: 20 August 2019
Date added to HIBP: 1 September 2019
Compromised accounts: 89,388
Compromised data: Email addresses, IP addresses, Names, Partial recognition paper data, Phone numbers, Salutations
Permalink


Mate1.com logo

Mate1.com

In February 2016, the dating tract mate1.com suffered a immense information breach resulting successful the disclosure of implicit 27 cardinal subscribers' information. The information included profoundly idiosyncratic accusation astir their backstage lives including cause and intoxicant habits, incomes levels and intersexual fetishes arsenic good arsenic passwords stored successful plain text.

Breach date: 29 February 2016
Date added to HIBP: 14 April 2016
Compromised accounts: 27,393,015
Compromised data: Astrological signs, Dates of birth, Drinking habits, Drug habits, Education levels, Email addresses, Ethnicities, Fitness levels, Genders, Geographic locations, Income levels, Job titles, Names, Parenting plans, Passwords, Personal descriptions, Physical attributes, Political views, Relationship statuses, Religions, Sexual fetishes, Travel habits, Usernames, Website activity, Work habits
Permalink


Mathway logo

Mathway

In January 2020, the mathematics solving website Mathway suffered a information breach that exposed implicit 25M records. The information was subsequently sold connected a acheronian web marketplace and included names, Google and Facebook IDs, email addresses and salted password hashes.

Breach date: 13 January 2020
Date added to HIBP: 5 June 2020
Compromised accounts: 25,692,862
Compromised data: Device information, Email addresses, Names, Passwords, Social media profiles
Permalink


MCBans logo

MCBans

In October 2016, the Minecraft banning work known arsenic MCBans suffered a information breach resulting successful the vulnerability of 120k unsocial idiosyncratic records. The information contained email and IP addresses, usernames and password hashes of chartless format. The tract was antecedently reported arsenic compromised connected the Vigilante.pw breached database directory.

Breach date: 27 October 2016
Date added to HIBP: 23 July 2017
Compromised accounts: 119,948
Compromised data: Email addresses, IP addresses, Passwords, Usernames, Website activity
Permalink


MDPI logo

MDPI

In August 2016, the Swiss scholarly unfastened entree steadfast known arsenic MDPI had 17.5GB of information obtained from an unprotected Mongo DB instance. The information contained email exchanges betwixt MDPI and their authors and reviewers which included 845k unsocial email addresses. MDPI person confirmed that the strategy has since been protected and that nary information of a delicate quality was impacted. As such, they concluded that notification to their subscribers was not indispensable owed to the information that each their authors and reviewers are disposable online connected their website.

Breach date: 30 August 2016
Date added to HIBP: 25 March 2018
Compromised accounts: 845,012
Compromised data: Email addresses, Email messages, IP addresses, Names
Permalink


MeetMindful logo

MeetMindful

In aboriginal 2020, the online dating work MeetMindful suffered a information breach that exposed 1.4 cardinal unsocial lawsuit email addresses. Included successful the information was an extended array of idiosyncratic accusation utilized to find romanticist matches including carnal attributes, usage of alcohol, drugs and cigarettes, marital statuses, birthdates, genders and the sex being sought. Additional idiosyncratic accusation specified arsenic names, geographical locations and IP addresses were besides exposed, on with passwords stored arsenic bcrypt hashes.

Breach date: 26 January 2020
Date added to HIBP: 31 January 2021
Compromised accounts: 1,422,717
Compromised data: Dates of birth, Drinking habits, Drug habits, Email addresses, Genders, Geographic locations, IP addresses, Marital statuses, Names, Passwords, Physical attributes, Religions, Sexual orientations, Smoking habits, Social media profiles, Usernames
Permalink


MGM Resorts logo

MGM Resorts

In July 2019, MGM Resorts discovered a information breach of 1 of their unreality services. The breach included 10.6M impermanent records with 3.1M unsocial email addresses stemming backmost to 2017. The exposed information included email and carnal addresses, names, telephone numbers and dates of commencement and was subsequently shared connected a fashionable hacking forum successful February 2020 wherever it was extensively redistributed. The information was provided to HIBP by Under The Breach.

Breach date: 25 July 2019
Date added to HIBP: 20 February 2020
Compromised accounts: 3,081,321
Compromised data: Dates of birth, Email addresses, Names, Phone numbers, Physical addresses
Permalink


MindJolt logo

MindJolt

In March 2019, the online gaming website MindJolt suffered a information breach that exposed 28M unsocial email addresses. Also impacted were names and dates of birth, but nary passwords. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".

Breach date: 18 March 2019
Date added to HIBP: 13 July 2019
Compromised accounts: 28,364,826
Compromised data: Dates of birth, Email addresses, Names
Permalink


Minecraft Pocket Edition Forum logo

Minecraft Pocket Edition Forum

In May 2015, the Minecraft Pocket Edition forum was hacked and implicit 16k accounts were dumped public. Allegedly hacked by @rmsg0d, the forum information included galore idiosyncratic pieces of information for each user. The forum has subsequently been decommissioned.

Breach date: 24 May 2015
Date added to HIBP: 30 June 2015
Compromised accounts: 16,034
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


Minecraft World Map logo

Minecraft World Map

In astir January 2016, the Minecraft World Map tract designed for sharing maps created for the crippled was hacked and implicit 71k idiosyncratic accounts were exposed. The information included usernames, email and IP addresses on with salted and hashed passwords.

Breach date: 15 January 2016
Date added to HIBP: 29 August 2016
Compromised accounts: 71,081
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


Minefield logo

Minefield

In June 2015, the French Minecraft server known arsenic Minefield was hacked and 188k subordinate records were exposed. The IP.Board forum included email and IP addresses, commencement dates and passwords stored arsenic salted hashes utilizing a anemic implementation enabling galore to beryllium rapidly cracked.

Breach date: 28 June 2015
Date added to HIBP: 9 March 2016
Compromised accounts: 188,343
Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames, Website activity
Permalink


Minehut logo

Minehut

In May 2019, the Minecraft server website Minehut suffered a information breach. The institution advised a database backup had been obtained aft which they subsequently notified each impacted users. 397k email addresses from the incidental were provided to HIBP. A information acceptable with some email addresses and bcrypt password hashes was besides aboriginal provided to HIBP.

Breach date: 17 May 2019
Date added to HIBP: 17 September 2019
Compromised accounts: 396,533
Compromised data: Email addresses, Passwords
Permalink


Minted logo

Minted

In May 2020, the online marketplace for autarkic artists Minted suffered a information breach that exposed 4.4M unsocial lawsuit records subsequently sold connected a acheronian web marketplace. Exposed information besides included names, carnal addresses, telephone numbers and passwords stored arsenic bcrypt hashes. The information was provided to HIBP by dehashed.com.

Breach date: 6 May 2020
Date added to HIBP: 3 November 2020
Compromised accounts: 4,418,182
Compromised data: Email addresses, Names, Passwords, Phone numbers, Physical addresses
Permalink


MMG Fusion logo

MMG Fusion

In December 2020, the dental signifier absorption work MMG Fusion was the unfortunate of a information breach which exposed 2.6M unsocial email addresses. The information besides included diligent appointments, names, telephone numbers, dates of birth, genders and carnal addresses. A tiny fig of records besides included passwords stored arsenic bcrypt hashes.

Breach date: 20 December 2020
Date added to HIBP: 7 August 2021
Compromised accounts: 2,660,295
Compromised data: Appointments, Dates of birth, Email addresses, Genders, Marital statuses, Names, Passwords, Phone numbers, Physical addresses
Permalink


MobiFriends logo

MobiFriends

In January 2020, the Barcelona-based dating app MobiFriends suffered a information breach that exposed 3.5 cardinal unsocial email addresses. The information besides included usernames, genders, dates of commencement and MD5 password hashes. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".

Breach date: 6 January 2020
Date added to HIBP: 23 May 2021
Compromised accounts: 3,512,952
Compromised data: Dates of birth, Email addresses, Genders, Passwords, Usernames
Permalink


MoDaCo logo

MoDaCo

In astir January 2016, the UK based Android assemblage known arsenic MoDaCo suffered a information breach which exposed 880k subscriber identities. The information included email and IP addresses, usernames and passwords stored arsenic salted MD5 hashes.

Breach date: 1 January 2016
Date added to HIBP: 20 September 2016
Compromised accounts: 879,703
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


Modern Business Solutions logo

Modern Business Solutions

In October 2016, a ample Mongo DB record containing tens of millions of accounts was shared publically connected Twitter (the record has since been removed). The database contained implicit 58M unsocial email addresses on with IP addresses, names, location addresses, genders, occupation titles, dates of commencement and telephone numbers. The information was subsequently attributed to "Modern Business Solutions", a institution that provides information retention and database hosting solutions. They've yet to admit the incidental oregon explicate however they came to beryllium successful possession of the data.

Breach date: 8 October 2016
Date added to HIBP: 12 October 2016
Compromised accounts: 58,843,488
Compromised data: Dates of birth, Email addresses, Genders, IP addresses, Job titles, Names, Phone numbers, Physical addresses
Permalink


Money Bookers logo

Money Bookers

Sometime successful 2009, the e-wallet work known arsenic Money Bookers suffered a information breach which exposed astir 4.5M customers. Now called Skrill, the breach was not discovered until October 2015 and included names, email addresses, location addresses and IP addresses.

Breach date: 1 January 2009
Date added to HIBP: 30 November 2015
Compromised accounts: 4,483,605
Compromised data: Dates of birth, Email addresses, IP addresses, Names, Phone numbers, Physical addresses
Permalink


Moneycontrol logo

Moneycontrol

In April 2021, hackers posted information for merchantability originating from the online Indian fiscal platform, Moneycontrol. The information included 763 1000 unsocial email addresses (allegedly a subset of a larger 40 cardinal relationship breach), alongside geographic locations, telephone numbers, genders, dates of commencement and plain substance passwords. The day of the archetypal breach is unclear, though the breached information indicates the record was created successful September 2017 and Moneycontrol has stated that the breach is "an aged information set".

Breach date: 7 September 2017
Date added to HIBP: 22 May 2021
Compromised accounts: 762,874
Compromised data: Email addresses, Genders, Geographic locations, Passwords, Phone numbers
Permalink


Morele.net logo

Morele.net

In October 2018, the Polish e-commerce website Morele.net suffered a information breach. The incidental exposed astir 2.5 cardinal unsocial email addresses alongside telephone numbers, names and passwords stored arsenic md5crypt hashes.

Breach date: 10 October 2018
Date added to HIBP: 20 April 2019
Compromised accounts: 2,467,304
Compromised data: Email addresses, Names, Passwords, Phone numbers
Permalink


Mortal Online logo

Mortal Online

In June 2018, the massively multiplayer online role-playing crippled (MMORPG) Mortal Online suffered a information breach. A record containing 570k email addresses and cracked passwords was subsequently distributed online. A larger much implicit record containing 607k email addresses with archetypal unsalted MD5 password hashes on with names, usernames and carnal addresses was aboriginal provided and the archetypal breach successful HIBP was updated accordingly. The information was provided to HIBP by whitehat information researcher and information expert Adam Davies.

Breach date: 17 June 2018
Date added to HIBP: 31 August 2018
Compromised accounts: 606,637
Compromised data: Email addresses, Names, Passwords, Physical addresses, Usernames
Permalink


MPGH logo

MPGH

In October 2015, the multiplayer crippled hacking website MPGH was hacked and 3.1 cardinal idiosyncratic accounts disclosed. The vBulletin forum breach contained usernames, email addresses, IP addresses and salted hashes of passwords.

Breach date: 22 October 2015
Date added to HIBP: 26 October 2015
Compromised accounts: 3,122,898
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


MrExcel logo

MrExcel

In December 2016, the forum for the Microsoft Excel tips and solutions tract Mr Excel suffered a information breach. The hack of the vBulletin forum led to the vulnerability of implicit 366k accounts on with email and IP addresses, dates of commencement and salted passwords hashed with MD5. The proprietor of the MrExcel forum subsequently self-submitted the information to HIBP.

Breach date: 5 December 2016
Date added to HIBP: 22 January 2017
Compromised accounts: 366,140
Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Social connections, Usernames, Website activity
Permalink


mSpy logo

mSpy

In May 2015, the "monitoring" bundle known arsenic mSpy suffered a major information breach. The bundle (allegedly often utilized to spy connected unsuspecting victims), stored extended idiosyncratic accusation wrong their online work which aft being breached, was made freely disposable connected the internet.

Breach date: 14 May 2015
Date added to HIBP: 28 May 2015
Compromised accounts: 699,793
Compromised data: Device usage tracking data
Permalink


Muslim Directory logo

Muslim Directory

In February 2014, the UK usher to services and concern known arsenic the Muslim Directory was attacked by the hacker known arsenic @th3inf1d3l. The information was consequently dumped publically and included the web accounts of tens of thousands of users which contained information including their names, location address, property group, email, website enactment and password successful plain text.

Breach date: 17 February 2014
Date added to HIBP: 23 February 2014
Compromised accounts: 37,784
Compromised data: Age groups, Email addresses, Employers, Names, Passwords, Phone numbers, Physical addresses, Website activity
Permalink


Muslim Match logo

Muslim Match

In June 2016, the Muslim Match dating website had 150k email addresses exposed. The information included backstage chats and messages betwixt narration seekers and galore different idiosyncratic attributes including passwords hashed with MD5.

Breach date: 24 June 2016
Date added to HIBP: 29 June 2016
Compromised accounts: 149,830
Compromised data: Chat logs, Email addresses, Geographic locations, IP addresses, Passwords, Private messages, User statuses, Usernames
Permalink


MyFHA logo

MyFHA

In astir February 2015, the location financing website MyFHA suffered a information breach which disclosed the idiosyncratic accusation of astir 1 cardinal people. The information included extended idiosyncratic accusation relating to location financing including idiosyncratic interaction info, recognition statuses, household incomes, indebtedness amounts and notes connected idiosyncratic circumstances, often referring to ineligible issues, divorces and wellness conditions. Multiple parties contacted HIBP with the information aft which MyFHA was alerted successful mid-July and acknowledged the legitimacy of the breach past took the tract offline.

Breach date: 18 February 2015
Date added to HIBP: 9 August 2018
Compromised accounts: 972,629
Compromised data: Credit presumption information, Email addresses, Home indebtedness information, Income levels, IP addresses, Names, Passwords, Personal descriptions, Physical addresses
Permalink


MyFitnessPal logo

MyFitnessPal

In February 2018, the fare and workout work MyFitnessPal suffered a information breach. The incidental exposed 144 cardinal unsocial email addresses alongside usernames, IP addresses and passwords stored arsenic SHA-1 and bcrypt hashes (the erstwhile for earlier accounts, the second for newer accounts). In 2019, the information appeared listed for merchantability connected a acheronian web marketplace (along with respective different ample breaches) and subsequently began circulating much broadly. The information was provided to HIBP by a root who requested it to beryllium attributed to "Benjamin[email protected]".

Breach date: 1 February 2018
Date added to HIBP: 21 February 2019
Compromised accounts: 143,606,147
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


MyHeritage logo

MyHeritage

In October 2017, the genealogy website MyHeritage suffered a information breach. The incidental was reported 7 months aboriginal aft a information researcher discovered the information and contacted MyHeritage. In total, much than 92M lawsuit records were exposed and included email addresses and salted SHA-1 password hashes. In 2019, the information appeared listed for merchantability connected a acheronian web marketplace (along with respective different ample breaches) and subsequently began circulating much broadly. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".

Breach date: 26 October 2017
Date added to HIBP: 20 February 2019
Compromised accounts: 91,991,358
Compromised data: Email addresses, Passwords
Permalink


myRepoSpace logo

myRepoSpace

In July 2015, the Cydia repository known arsenic myRepoSpace was hacked and user information leaked publicly. Cydia is designed to facilitate the installation of apps connected jailbroken iOS devices. The repository work was allegedly hacked by @its_not_herpes and 0x8badfl00d successful retaliation for the work refusing to region pirated tweaks.

Breach date: 6 July 2015
Date added to HIBP: 8 July 2015
Compromised accounts: 252,751
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


MySpace logo


MyVidster logo

MyVidster

In August 2015, the societal video sharing and bookmarking tract MyVidster was hacked and astir 20,000 accounts were dumped online. The dump included usernames, email addresses and hashed passwords.

Breach date: 15 August 2015
Date added to HIBP: 10 October 2015
Compromised accounts: 19,863
Compromised data: Email addresses, Passwords, Usernames
Permalink


Nameless Malware logo


NapsGear logo

NapsGear

In October 2015, the anabolic steroids retailer NapsGear suffered a information breach. An extended magnitude of idiosyncratic accusation connected 287k customers was exposed including email addresses, names, addresses, telephone numbers, acquisition histories and salted MD5 password hashes.

Breach date: 21 October 2015
Date added to HIBP: 10 September 2018
Compromised accounts: 287,071
Compromised data: Dates of birth, Email addresses, Genders, Names, Passwords, Phone numbers, Physical addresses, Purchases
Permalink


Naughty America logo

Naughty America

In March 2016, the big website Naughty America was hacked and the information consequently sold online. The breach included information from galore systems with assorted idiosyncratic individuality attributes, the largest of which had passwords stored arsenic easy crackable MD5 hashes. There were 1.4 cardinal unsocial email addresses successful the breach.

Breach date: 14 March 2016
Date added to HIBP: 24 April 2016
Compromised accounts: 1,398,630
Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames, Website activity
Permalink


NemoWeb logo

NemoWeb

In September 2016, astir 21GB of information from the French website utilized for "standardised and decentralized means of speech for publishing newsgroup articles" NemoWeb was leaked from what appears to person been an unprotected Mongo DB. The information consisted of a ample measurement of emails sent to the work and included astir 3.5M unsocial addresses, albeit galore of them auto-generated. Multiple attempts were made to interaction the operators of NemoWeb but nary effect was received.

Breach date: 4 September 2016
Date added to HIBP: 19 September 2018
Compromised accounts: 3,472,916
Compromised data: Email addresses, Names
Permalink


Neopets logo

Neopets

In May 2016, a acceptable of breached information originating from the virtual favored website "Neopets" was recovered being traded online. Allegedly hacked "several years earlier", the information contains delicate idiosyncratic accusation including birthdates, genders and names arsenic good arsenic astir 27 cardinal unsocial email addresses. Passwords were stored successful plain substance and IP addresses were besides contiguous successful the breach.

Breach date: 5 May 2013
Date added to HIBP: 7 July 2016
Compromised accounts: 26,892,897
Compromised data: Dates of birth, Email addresses, Genders, Geographic locations, IP addresses, Names, Passwords, Usernames
Permalink


NetEase logo


Neteller logo

Neteller

In May 2010, the e-wallet work known arsenic Neteller suffered a information breach which exposed implicit 3.6M customers. The breach was not discovered until October 2015 and included names, email addresses, location addresses and relationship balances.

Breach date: 17 May 2010
Date added to HIBP: 30 November 2015
Compromised accounts: 3,619,948
Compromised data: Account balances, Dates of birth, Email addresses, Genders, IP addresses, Names, Phone numbers, Physical addresses, Security questions and answers, Website activity
Permalink


NetGalley logo

NetGalley

In December 2020, the publication promotion tract NetGalley suffered a information breach. The incidental exposed 1.4 cardinal unsocial email addresses alongside names, usernames, carnal and IP addresses, telephone numbers, dates of commencement and passwords stored arsenic salted SHA-1 hashes. The information was provided to HIBP by a root who requested it beryllium attributed to [email protected]

Breach date: 21 December 2020
Date added to HIBP: 23 February 2021
Compromised accounts: 1,436,435
Compromised data: Dates of birth, Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Usernames
Permalink


Netlog logo

Netlog

In July 2018, the Belgian societal networking tract Netlog identified a information breach of their systems dating backmost to November 2012 (PDF). Although the work was discontinued successful 2015, the information breach inactive impacted 49 cardinal subscribers for whom email addresses and plain substance passwords were exposed. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".

Breach date: 1 November 2012
Date added to HIBP: 15 July 2019
Compromised accounts: 49,038,354
Compromised data: Email addresses, Passwords
Permalink


NetProspex logo

NetProspex

In 2016, a database of implicit 33 cardinal individuals successful firm America sourced from Dun & Bradstreet's NetProspex work was leaked online. D&B judge the targeted selling information was mislaid by a lawsuit who purchased it from them. It contained extended idiosyncratic and firm accusation including names, email addresses, occupation titles and wide accusation astir the employer.

Breach date: 1 September 2016
Date added to HIBP: 15 March 2017
Compromised accounts: 33,698,126
Compromised data: Email addresses, Employers, Job titles, Names, Phone numbers, Physical addresses
Permalink


Netshoes logo


NextGenUpdate logo

NextGenUpdate

Early successful 2014, the video crippled website NextGenUpdate reportedly suffered a information breach that disclosed astir 1.2 cardinal accounts. Amongst the information breach was usernames, email addresses, IP addresses and salted and hashed passwords.

Breach date: 22 April 2014
Date added to HIBP: 5 June 2015
Compromised accounts: 1,194,597
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


Nexus Mods logo

Nexus Mods

In December 2015, the crippled modding tract Nexus Mods released a connection notifying users that they had been hacked. They subsequently dated the hack arsenic having occurred successful July 2013 though determination is grounds to suggest the information was being traded months successful beforehand of that. The breach contained usernames, email addresses and passwords stored arsenic a salted hashes.

Breach date: 22 July 2013
Date added to HIBP: 17 January 2016
Compromised accounts: 5,915,013
Compromised data: Email addresses, Passwords, Usernames
Permalink


Nihonomaru logo

Nihonomaru

In precocious 2015, the anime assemblage known arsenic Nihonomaru had their vBulletin forum hacked and 1.7 cardinal accounts exposed. The compromised information included email and IP addresses, usernames and salted hashes of passwords.

Breach date: 1 December 2015
Date added to HIBP: 30 August 2016
Compromised accounts: 1,697,282
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


Nitro logo


Nival logo

Nival

In February 2016, the Russian gaming institution Nival was the people of an onslaught which was consequently detailed connected Reddit. Allegedly protesting "the overseas argumentation of Russia successful regards to Ukraine", Nival was 1 of respective Russian sites successful the breach and impacted implicit 1.5M accounts including delicate idiosyncratic information.

Breach date: 29 February 2016
Date added to HIBP: 3 March 2016
Compromised accounts: 1,535,473
Compromised data: Avatars, Dates of birth, Email addresses, Genders, Names, Spoken languages, Usernames, Website activity
Permalink


Non Nude Girls logo

Non Nude Girls

In May 2013, the non-consensual voyeurism tract "Non Nude Girls" suffered a information breach. The hack of the vBulletin forum led to the vulnerability of implicit 75k accounts on with email and IP addresses, names and plain substance passwords.

Breach date: 21 May 2013
Date added to HIBP: 25 January 2017
Compromised accounts: 75,383
Compromised data: Email addresses, IP addresses, Names, Passwords, Usernames, Website activity
Permalink


Nulled.ch logo

Nulled.ch

In May 2020, the hacking forum Nulled.ch was breached and the information published to a rival hacking forum. Over 43k records were compromised and included IP and email addresses, usernames and passwords stored arsenic salted MD5 hashes alongside the backstage connection past of the website's admin. The information was provided to HIBP by a root who requested it beryllium attributed to "Split10".

Breach date: 20 May 2020
Date added to HIBP: 24 May 2020
Compromised accounts: 43,491
Compromised data: Email addresses, IP addresses, Passwords, Private messages, Usernames
Permalink


Nulled.cr logo

Nulled.cr

In May 2016, the cracking assemblage forum known arsenic Nulled.cr was hacked and 599k idiosyncratic accounts were leaked publicly. The compromised information included email and IP addresses, anemic salted MD5 password hashes and hundreds of thousands of backstage messages betwixt members.

Breach date: 6 May 2016
Date added to HIBP: 9 May 2016
Compromised accounts: 599,080
Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Private messages, Usernames, Website activity
Permalink


NurseryCam logo

NurseryCam

In February 2021, a bid of egregiously atrocious information flaws were identified successful the NurseryCam system designed for parents to remotely show their children whilst attending nursery. The flaws led to the vulnerability of implicit 10k genitor records earlier the work was unopen down. The email addresses unsocial were provided to Have I Been Pwned to guarantee parents were decently notified of the incident.

Breach date: 12 February 2021
Date added to HIBP: 23 February 2021
Compromised accounts: 10,585
Compromised data: Email addresses
Permalink


OGUsers (2019 breach) logo

OGUsers (2019 breach)

In May 2019, the relationship hijacking and SIM swapping forum OGusers suffered a information breach. The breach exposed a database backup from December 2018 which was published connected a rival hacking forum. There were 161k unsocial email addresses dispersed crossed 113k forum users and different tables successful the database. The exposed information besides included usernames, IP addresses, backstage messages and passwords stored arsenic salted MD5 hashes.

Breach date: 26 December 2018
Date added to HIBP: 19 May 2019
Compromised accounts: 161,143
Compromised data: Email addresses, IP addresses, Passwords, Private messages, Usernames
Permalink


OGUsers (2020 breach) logo

OGUsers (2020 breach)

In April 2020, the relationship hijacking and SIM swapping forum OGUsers suffered their 2nd information breach successful little than a year. As with the erstwhile breach, the exposed information included email and IP addresses, usernames, backstage messages and passwords stored arsenic salted MD5 hashes. A full of 263k email addresses crossed idiosyncratic accounts and different tables were posted to a rival hacking forum.

Breach date: 2 April 2020
Date added to HIBP: 4 April 2020
Compromised accounts: 263,189
Compromised data: Email addresses, IP addresses, Passwords, Private messages, Usernames
Permalink


Onliner Spambot logo

Onliner Spambot

In August 2017, a spambot by the sanction of Onliner Spambot was identified by information researcher Benkow moʞuƎq. The malicious bundle contained a server-based constituent located connected an IP code successful the Netherlands which exposed a ample fig of files containing idiosyncratic information. In total, determination were 711 cardinal unsocial email addresses, galore of which were besides accompanied by corresponding passwords. A afloat write-up connected what information was recovered is successful the blog station titled Inside the Massive 711 Million Record Onliner Spambot Dump.

Breach date: 28 August 2017
Date added to HIBP: 29 August 2017
Compromised accounts: 711,477,622
Compromised data: Email addresses, Passwords
Permalink


Onverse logo

Onverse

In January 2016, the online virtual satellite known arsenic Onverse was hacked and 800k accounts were exposed. Along with email and IP addresses, the tract besides exposed salted MD5 password hashes.

Breach date: 1 January 2016
Date added to HIBP: 6 September 2016
Compromised accounts: 800,157
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


GO logo

Open CS:GO

In December 2017, the website for purchasing Counter-Strike skins known arsenic Open CS:GO (Counter-Strike: Global Offensive) suffered a information breach (address since redirects to dropgun.com). The 10GB record contained an extended magnitude of idiosyncratic accusation including email and IP addresses, telephone numbers, carnal addresses and acquisition histories. Numerous attempts were made to interaction Open CS:GO astir the incident, nevertheless nary responses were received.

Breach date: 28 November 2017
Date added to HIBP: 15 January 2018
Compromised accounts: 512,311
Compromised data: Avatars, Email addresses, IP addresses, Phone numbers, Physical addresses, Purchases, Social media profiles, Usernames
Permalink


OrderSnapp logo

OrderSnapp

In June 2020, the edifice solutions supplier OrderSnapp suffered a information breach which exposed 1.3M unsocial email addresses. Impacted information besides included names, telephone numbers, dates of commencement and passwords stored arsenic bcrypt hashes. The information was provided to HIBP by dehashed.com.

Breach date: 29 June 2020
Date added to HIBP: 8 August 2021
Compromised accounts: 1,304,447
Compromised data: Dates of birth, Email addresses, Names, Passwords, Phone numbers
Permalink


Ordine Avvocati di Roma logo

Ordine Avvocati di Roma

In May 2019, the Lawyers Order of Rome suffered a information breach by a radical claiming to beryllium Anonymous Italy. Data connected tens of thousands of Roman lawyers was taken from the breached strategy and redistributed online. The information included interaction information, email addresses and email messages themselves encompassing tens of thousands of unsocial email addresses. A full of 42k unsocial addresses appeared successful the breach.

Breach date: 7 May 2019
Date added to HIBP: 26 May 2019
Compromised accounts: 41,960
Compromised data: Email addresses, Email messages, Geographic locations, Passwords, Phone numbers
Permalink


OVH logo

OVH

In mid-2015, the forum for the hosting supplier known arsenic OVH suffered a information breach. The vBulletin forum contained 453k accounts including usernames, email and IP addresses and passwords stored arsenic salted MD5 hashes.

Breach date: 1 May 2015
Date added to HIBP: 27 December 2016
Compromised accounts: 452,899
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


OwnedCore logo

OwnedCore

In astir August 2013, the World of Warcraft exploits forum known arsenic OwnedCore was hacked and much than 880k accounts were exposed. The vBulletin forum included IP addresses and passwords stored arsenic salted hashes utilizing a anemic implementation enabling galore to beryllium rapidly cracked.

Breach date: 1 August 2013
Date added to HIBP: 6 February 2016
Compromised accounts: 880,331
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


Oxfam logo

Oxfam

In January 2021, Oxfam Australia was the unfortunate of a information breach which exposed 1.8M unsocial email addresses of supporters of the charity. The information was enactment up for merchantability connected a fashionable hacking forum and besides included names, telephone numbers, addresses, genders and dates of birth. A tiny fig of radical besides had partial recognition paper information exposed (the archetypal 6 and past 3 digits of the card, positive paper benignant and expiry) and successful immoderate cases the slope name, relationship fig and BSB were besides exposed. The information was subsequently made freely disposable connected the hacking forum aboriginal the pursuing month.

Breach date: 20 January 2021
Date added to HIBP: 2 March 2021
Compromised accounts: 1,834,006
Compromised data: Bank relationship numbers, Dates of birth, Email addresses, Genders, Names, Partial recognition paper data, Payment histories, Phone numbers, Physical addresses
Permalink


Paddy Power logo

Paddy Power

In October 2010, the Irish bookmaker Paddy Power suffered a information breach that exposed 750,000 lawsuit records with astir 600,000 unsocial email addresses. The breach was not disclosed until July 2014 and contained extended idiosyncratic accusation including names, addresses, telephone numbers and plain substance information questions and answers.

Breach date: 25 October 2010
Date added to HIBP: 11 October 2015
Compromised accounts: 590,954
Compromised data: Account balances, Dates of birth, Email addresses, IP addresses, Names, Phone numbers, Physical addresses, Security questions and answers, Usernames, Website activity
Permalink


ParkMobile logo

ParkMobile

In March 2021, the mobile parking app work ParkMobile suffered a information breach which exposed 21 cardinal customers' idiosyncratic data. The impacted information included email addresses, names, telephone numbers, conveyance licence plates and passwords stored arsenic bcrypt hashes. The pursuing month, the information appeared connected a nationalist hacking forum wherever it was extensively redistributed.

Breach date: 21 March 2021
Date added to HIBP: 30 April 2021
Compromised accounts: 20,949,825
Compromised data: Email addresses, Licence plates, Names, Passwords, Phone numbers
Permalink


Patreon logo

Patreon

In October 2015, the crowdfunding tract Patreon was hacked and implicit 16GB of information was released publicly. The dump included astir 14GB of database records with much than 2.3M unsocial email addresses, millions of idiosyncratic messages and passwords stored arsenic bcrypt hashes.

Breach date: 1 October 2015
Date added to HIBP: 2 October 2015
Compromised accounts: 2,330,382
Compromised data: Email addresses, Passwords, Payment histories, Physical addresses, Private messages, Website activity
Permalink


PayAsUGym logo

PayAsUGym

In December 2016, an attacker breached PayAsUGym's website exposing implicit 400k customers' idiosyncratic data. The information was consequently leaked publically and broadly distributed via Twitter. The leaked information contained idiosyncratic accusation including email addresses and passwords hashed utilizing MD5 without a salt.

Breach date: 15 December 2016
Date added to HIBP: 17 December 2016
Compromised accounts: 400,260
Compromised data: Browser idiosyncratic cause details, Email addresses, IP addresses, Names, Partial recognition paper data, Passwords, Phone numbers, Website activity
Permalink


Peatix logo

Peatix

In January 2019, the lawsuit organising level Peatix suffered a information breach. The incidental exposed 4.2M email addresses, names and salted password hashes. The information was provided to HIBP by dehashed.com.

Breach date: 20 January 2019
Date added to HIBP: 6 December 2020
Compromised accounts: 4,227,907
Compromised data: Email addresses, Names, Passwords
Permalink


Pemiblanc logo

Pemiblanc

In April 2018, a credential stuffing database containing 111 cardinal email addresses and passwords known arsenic Pemiblanc was discovered connected a French server. The database contained email addresses and passwords collated from antithetic information breaches and utilized to equine relationship takeover attacks against different services. Read much astir the incident.

Breach date: 2 April 2018
Date added to HIBP: 9 July 2018
Compromised accounts: 110,964,206
Compromised data: Email addresses, Passwords
Permalink


People's Energy logo

People's Energy

In December 2020, the UK powerfulness institution People's Energy suffered a information breach. The breach exposed astir 7GB of files containing 359k unsocial email addresses on with names, phones numbers, carnal addresses and dates of birth. The incidental besides included People's Energy unit email addresses and bcrypt password hashes (no lawsuit passwords were exposed). The information was provided to HIBP by a root who requested it beryllium attributed to [email protected]

Breach date: 16 December 2020
Date added to HIBP: 23 February 2021
Compromised accounts: 358,822
Compromised data: Dates of birth, Email addresses, Names, Passwords, Phone numbers, Physical addresses
Permalink


PetFlow logo


Phone House España logo

Phone House España

In April 2021, the Spanish retailer Phone House allegedly suffered a ransomware onslaught that besides exposed important volumes of lawsuit data. Attributed to the Babuk ransomware, a postulation of information alleged to beryllium a subset of a larger corpus was posted to a acheronian web tract and contained 5.2M email addresses on with names, nationalities, genders, dates of birth, telephone numbers and carnal addresses. Phone House has been threatened with further releases if a ransom is not paid.

Breach date: 8 April 2021
Date added to HIBP: 22 April 2021
Compromised accounts: 5,223,350
Compromised data: Dates of birth, Email addresses, Genders, Names, Nationalities, Phone numbers, Physical addresses
Permalink


PHP Freaks logo

PHP Freaks

In October 2015, the PHP treatment committee PHP Freaks was hacked and 173k idiosyncratic accounts were publically leaked. The breach included aggregate idiosyncratic information attributes arsenic good arsenic salted and hashed passwords.

Breach date: 27 October 2015
Date added to HIBP: 30 October 2015
Compromised accounts: 173,891
Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames, Website activity
Permalink


Pixel Federation logo

Pixel Federation

In December 2013, a breach of the web-based crippled assemblage based successful Slovakia exposed implicit 38,000 accounts which were promptly posted online. The breach included email addresses and unsalted MD5 hashed passwords, galore of which were easy converted backmost to plain text.

Breach date: 4 December 2013
Date added to HIBP: 6 December 2013
Compromised accounts: 38,108
Compromised data: Email addresses, Passwords
Permalink


Pixlr logo

Pixlr

In October 2020, the online photograph editing exertion Pixlr suffered a information breach exposing 1.9 cardinal subscribers. Impacted information included names, email addresses, societal media profiles, the state signed up from and passwords stored arsenic SHA-512 hashes. The information was provided to HIBP by dehashed.com.

Breach date: 7 October 2020
Date added to HIBP: 1 February 2021
Compromised accounts: 1,906,808
Compromised data: Email addresses, Geographic locations, Names, Passwords, Social media profiles
Permalink


piZap logo

piZap

In astir December 2017, the online photograph editing tract piZap suffered a information breach. The information was aboriginal placed up for merchantability connected a acheronian web marketplace on with a postulation of different information breaches successful February 2019. A full of 42 cardinal unsocial email addresses were included successful the breach alongside names, genders and links to Facebook profiles erstwhile the societal media level was utilized to authenticate to piZap. When accounts were created straight connected piZap without utilizing Facebook for authentication, passwords stored arsenic SHA-1 hashes were besides exposed. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".

Breach date: 7 December 2017
Date added to HIBP: 16 July 2019
Compromised accounts: 41,817,893
Compromised data: Email addresses, Genders, Geographic locations, Names, Passwords, Social media profiles, Usernames, Website activity
Permalink


Planet Calypso logo

Planet Calypso

In astir July 2019, the forums for the Planet Calypso crippled suffered a information breach. The breach of the vBulletin based forum exposed email and IP addresses, usernames and passwords stored arsenic salted MD5 hashes.

Breach date: 1 July 2019
Date added to HIBP: 12 January 2020
Compromised accounts: 62,261
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


Plex logo

Plex

In July 2015, the treatment forum for Plex media centre was hacked and implicit 327k accounts exposed. The IP.Board forum included IP addresses and passwords stored arsenic salted hashes utilizing a anemic implementation enabling galore to beryllium rapidly cracked.

Breach date: 2 July 2015
Date added to HIBP: 8 February 2016
Compromised accounts: 327,314
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


Pluto TV logo

Pluto TV

In October 2018, the net tv work Pluto TV suffered a information breach which was past shared extensively successful hacking communities. Pluto TV "decided not to proactively pass users of the breach" which contained 3.2M unsocial email and IP addresses, names, usernames, genders, dates of commencement and passwords stored arsenic bcrypt hashes. The information was provided to HIBP by dehashed.com.

Breach date: 12 October 2018
Date added to HIBP: 5 December 2020
Compromised accounts: 3,225,080
Compromised data: Dates of birth, Device information, Email addresses, Genders, IP addresses, Names, Passwords, Social media profiles, Usernames
Permalink


Pokébip logo

Pokébip

In July 2015, the French Pokémon tract Pokébip suffered a information breach which exposed 657k subscriber identities. The information included email and IP addresses, usernames and passwords stored arsenic unsalted MD5 hashes.

Breach date: 28 July 2015
Date added to HIBP: 9 September 2016
Compromised accounts: 657,001
Compromised data: Email addresses, IP addresses, Passwords, Time zones, Usernames, Website activity
Permalink


Pokémon Creed logo

Pokémon Creed

In August 2014, the Pokémon RPG website Pokémon Creed was hacked aft a quality with rival site, Pokémon Dusk. In a post connected Facebook, "Cruz Dusk" announced the hack past pasted the dumped MySQL database connected pkmndusk.in. The breached information included implicit 116k usernames, email addresses and plain substance passwords.

Breach date: 8 August 2014
Date added to HIBP: 10 August 2014
Compromised accounts: 116,465
Compromised data: Email addresses, Genders, IP addresses, Passwords, Usernames, Website activity
Permalink


Pokémon Negro logo

Pokémon Negro

In astir October 2016, the Spanish Pokémon tract Pokémon Negro suffered a information breach. The onslaught resulted successful the disclosure of 830k accounts including email and IP addresses on with plain substance passwords. Pokémon Negro did not respond erstwhile contacted astir the breach.

Breach date: 1 October 2016
Date added to HIBP: 3 January 2017
Compromised accounts: 830,155
Compromised data: Email addresses, IP addresses, Passwords
Permalink


PoliceOne logo

PoliceOne

In February 2017, the instrumentality enforcement website PoliceOne confirmed they'd suffered a information breach. The breach contained implicit 700k accounts which appeared for merchantability by a information broker and included email and IP addresses, usernames and salted MD5 password hashes. The record the information was contained successful indicated the archetypal breach dated backmost to July 2014.

Breach date: 1 July 2014
Date added to HIBP: 15 November 2017
Compromised accounts: 709,926
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


Poshmark logo

Poshmark

In mid-2018, societal commerce marketplace Poshmark suffered a information breach that exposed 36M idiosyncratic accounts. The compromised information included email addresses, names, usernames, genders, locations and passwords stored arsenic bcrypt hashes. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".

Breach date: 16 May 2018
Date added to HIBP: 2 September 2019
Compromised accounts: 36,395,491
Compromised data: Email addresses, Genders, Geographic locations, Names, Passwords, Usernames
Permalink


Powerbot logo

Powerbot

In astir September 2014, the RuneScape bot website Powerbot suffered a information breach resulting successful the vulnerability of implicit fractional a cardinal unsocial idiosyncratic records. The information contained email and IP addresses, usernames and salted MD5 hashes of passwords. The tract was antecedently reported arsenic compromised connected the Vigilante.pw breached database directory.

Breach date: 1 September 2014
Date added to HIBP: 1 July 2017
Compromised accounts: 503,501
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


ProctorU logo

ProctorU

In June 2020, the online exam work ProctorU suffered a information breach which was subsequently shared extensively crossed online hacking communities. The breach contained 444k idiosyncratic records including names, email and carnal addresses, phones numbers and passwords stored arsenic bcrypt hashes. The information was provided to HIBP by breachbase.pw.

Breach date: 26 June 2020
Date added to HIBP: 6 August 2020
Compromised accounts: 444,453
Compromised data: Email addresses, Names, Passwords, Phone numbers, Physical addresses, Usernames
Permalink


Programming Forums logo

Programming Forums

In astir precocious 2015, the programming forum astatine programmingforums.org suffered a information breach resulting successful the vulnerability of 707k unsocial idiosyncratic records. The information contained email and IP addresses, usernames and salted MD5 hashes of passwords. The tract was antecedently reported arsenic compromised connected the Vigilante.pw breached database directory.

Breach date: 1 December 2015
Date added to HIBP: 1 July 2017
Compromised accounts: 707,432
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


Promo logo

Promo

In July 2020, the self-proclaimed "World's #1 Marketing Video Maker" Promo suffered a information breach which was past shared extensively connected a hacking forum. The incidental exposed 22 cardinal records containing astir 15 cardinal unsocial email addresses alongside IP addresses, genders, names and salted SHA-256 password hashes. The information was provided to HIBP by dehashed.com.

Breach date: 22 June 2020
Date added to HIBP: 26 July 2020
Compromised accounts: 14,610,585
Compromised data: Email addresses, Genders, IP addresses, Names, Passwords
Permalink


Promofarma logo


PropTiger logo

PropTiger

In January 2018, the Indian spot website PropTiger suffered a information breach which resulted successful a 3.46GB database record being exposed and subsequently shared extensively connected a fashionable hacking forum 2 years later. The exposed information contained some idiosyncratic records and login histories with implicit 2M unsocial lawsuit email addresses. Exposed information besides included further idiosyncratic attributes specified arsenic names, dates of birth, genders, IP addresses and passwords stored arsenic MD5 hashes. PropTiger advised they judge the usability of the information is "limited" owed to however definite information attributes were generated and stored. The information was provided to HIBP by dehashed.com.

Breach date: 30 January 2018
Date added to HIBP: 24 March 2020
Compromised accounts: 2,156,921
Compromised data: Dates of birth, Device information, Email addresses, Genders, IP addresses, Names, Passwords
Permalink


PS3Hax logo

PS3Hax

In astir July 2015, the Sony Playstation hacks and mods forum known arsenic PS3Hax was hacked and much than 447k accounts were exposed. The vBulletin forum included IP addresses and passwords stored arsenic salted hashes utilizing a anemic implementation enabling galore to beryllium rapidly cracked.

Breach date: 1 July 2015
Date added to HIBP: 7 February 2016
Compromised accounts: 447,410
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


PSP ISO logo

PSP ISO

In astir September 2015, the PlayStation PSP forum known arsenic PSP ISO was hacked and astir 1.3 cardinal accounts were exposed. Along with email and IP addresses, the vBulletin forum besides exposed salted MD5 password hashes.

Breach date: 25 September 2015
Date added to HIBP: 29 January 2017
Compromised accounts: 1,274,070
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


PSX-Scene logo

PSX-Scene

In astir February 2015, the Sony Playstation forum known arsenic PSX-Scene was hacked and much than 340k accounts were exposed. The vBulletin forum included IP addresses and passwords stored arsenic salted hashes utilizing a anemic implementation enabling galore to beryllium rapidly cracked.

Breach date: 1 February 2015
Date added to HIBP: 7 February 2016
Compromised accounts: 341,118
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


Qatar National Bank logo

Qatar National Bank

In July 2015, the Qatar National Bank suffered a information breach which exposed 15k documents totalling 1.4GB and detailing much than 100k accounts with passwords and PINs. The incidental was made nationalist immoderate 9 months aboriginal successful April 2016 erstwhile the documents appeared publically connected a record sharing site. Analysis of the breached information suggests the onslaught began by exploiting a SQL injection flaw successful the bank's website.

Breach date: 1 July 2015
Date added to HIBP: 1 May 2016
Compromised accounts: 88,678
Compromised data: Bank relationship numbers, Customer feedback, Dates of birth, Financial transactions, Genders, Geographic locations, Government issued IDs, IP addresses, Marital statuses, Names, Passwords, Phone numbers, Physical addresses, PINs, Security questions and answers, Spoken languages
Permalink


QIP logo

QIP

In mid-2011, the Russian instant messaging work known arsenic QIP (Quiet Internet Pager) suffered a information breach. The onslaught resulted successful the disclosure of implicit 26 cardinal unsocial accounts including email addresses and passwords with the information yet appearing successful nationalist years later.

Breach date: 1 June 2011
Date added to HIBP: 8 January 2017
Compromised accounts: 26,183,992
Compromised data: Email addresses, Passwords, Usernames, Website activity
Permalink


Quantum Booter logo

Quantum Booter

In March 2014, the booter service Quantum Booter (also referred to arsenic Quantum Stresser) suffered a breach which pb to the disclosure of their interior database. The leaked information included backstage discussions relating to malicious enactment Quantum Booter users were performing against online adversaries, including the IP addresses of those utilizing the work to equine DDoS attacks.

Breach date: 18 March 2014
Date added to HIBP: 4 April 2015
Compromised accounts: 48,592
Compromised data: Email addresses, IP addresses, Passwords, Private messages, Usernames, Website activity
Permalink


Quidd logo

Quidd

In 2019, online marketplace for trading stickers, cards, toys, and different collectibles Quidd suffered a information breach. The breach exposed astir 4 cardinal users' email addresses, usernames and passwords stored arsenic bcrypt hashes. The information was subsequently sold past redistributed extensively via hacking forums.

Breach date: 1 July 2019
Date added to HIBP: 24 June 2020
Compromised accounts: 3,805,863
Compromised data: Email addresses, Passwords, Usernames
Permalink


QuinStreet logo

QuinStreet

In astir precocious 2015, the shaper of "performance selling products" QuinStreet had a fig of their online assets compromised. The onslaught impacted 28 abstracted sites, predominantly exertion forums specified arsenic flashkit.com, codeguru.com and webdeveloper.com (view a afloat database of sites). QuinStreet advised that impacted users person been notified and passwords reset. The information contained details connected implicit 4.9 cardinal radical and included email addresses, dates of commencement and salted MD5 hashes.

Breach date: 14 December 2015
Date added to HIBP: 17 December 2016
Compromised accounts: 4,907,802
Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames, Website activity
Permalink


R2 (2017 forum breach) logo

R2 (2017 forum breach)

In aboriginal 2017, the forum for the gaming website R2 Games was hacked. R2 had antecedently appeared connected HIBP successful 2015 aft a anterior incident. This 1 exposed implicit 1 cardinal unsocial idiosyncratic accounts and corresponding MD5 password hashes with nary salt.

Breach date: 1 January 2017
Date added to HIBP: 25 April 2017
Compromised accounts: 1,023,466
Compromised data: Email addresses, Passwords, Usernames, Website activity
Permalink


R2Games logo

R2Games

In precocious 2015, the gaming website R2Games was hacked and much than 2.1M idiosyncratic records disclosed. The vBulletin forum included IP addresses and passwords stored arsenic salted hashes utilizing a anemic implementation enabling galore to beryllium rapidly cracked. A further 11M accounts were added to "Have I Been Pwned" successful March 2016 and different 9M successful July 2016 bringing the full to implicit 22M.

Breach date: 1 November 2015
Date added to HIBP: 9 February 2016
Compromised accounts: 22,281,337
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


Rambler logo

Rambler

In precocious 2016, a information dump of astir 100M accounts from Rambler, sometimes referred to arsenic "The Russian Yahoo", was discovered being traded online. The information acceptable provided to Have I Been Pwned included 91M unsocial usernames (which besides signifier portion of Rambler email addresses) and plain substance passwords. According to Rambler, the information dates backmost to March 2014.

Breach date: 1 March 2014
Date added to HIBP: 1 November 2016
Compromised accounts: 91,436,280
Compromised data: Email addresses, Passwords, Usernames
Permalink


RankWatch logo

RankWatch

In astir November 2016, the hunt motor optimisation absorption institution RankWatch exposed a Mongo DB with nary password publically whereupon their information was exfiltrated and posted to an online forum. The information contained 7.4 cardinal unsocial email addresses on with names, employers, telephone numbers and occupation titles successful a array called "us_emails". When contacted and advised of the incident, RankWatch would not uncover the intent of the data, wherever it had been acquired from and whether the information owners had consented to its collection. The forum which primitively posted the information explained it arsenic being "in the aforesaid vein arsenic the modbsolutions leak", a ample database of firm information allegedly utilized for spam purposes.

Breach date: 19 November 2016
Date added to HIBP: 3 November 2017
Compromised accounts: 7,445,067
Compromised data: Email addresses, Employers, Job titles, Names, Phone numbers
Permalink


Raychat logo


Rbx.Rocks logo

Rbx.Rocks

In August 2018, the Roblox trading tract Rbx.Rocks suffered a information breach. Almost 25k records were sent to HIBP successful November and included names, email addresses and passwords stored arsenic bcrypt hashes. In July 2019, a further 125k records emerged bringing the full size of the incidental to 150k. The website has since gone offline with a connection stating that "Rbx.Rocks v2.0 is presently nether construction".

Breach date: 6 August 2018
Date added to HIBP: 7 November 2018
Compromised accounts: 149,958
Compromised data: Email addresses, Names, Passwords
Permalink


Real Estate Mogul logo

Real Estate Mogul

In September 2016, the existent property concern tract Real Estate Mogul had a Mongo DB lawsuit compromised and 5GB of information downloaded by an unauthorised party. The information contained existent property listings including addresses and the names, telephone numbers and 308k unsocial email addresses of the sellers. Real Estate Mogul was advised of the incidental successful September 2018 and stated that they "found nary lawsuit of idiosyncratic relationship credentials similar usernames and passwords nor billing accusation wrong this file".

Breach date: 6 September 2016
Date added to HIBP: 24 September 2018
Compromised accounts: 307,768
Compromised data: Email addresses, Names, Phone numbers, Physical addresses
Permalink


Regpack logo

Regpack

In July 2016, a tweet was posted with a nexus to an alleged information breach of BlueSnap, a planetary outgo gateway and merchant relationship provider. The information contained 324k outgo records crossed 105k unsocial email addresses and included idiosyncratic attributes specified arsenic name, location code and telephone number. The information was verified with aggregate Have I Been Pwned subscribers who confirmed it besides contained valid transactions, partial recognition paper numbers, expiry dates and CVVs. A downstream user of BlueSnap services known arsenic Regpack was subsequently identified arsenic the root of the information aft they identified quality mistake had near the transactions exposed connected a publically facing server. A afloat probe of the information and connection by Regpack is elaborate successful the station titled Someone conscionable mislaid 324k outgo records, implicit with CVVs.

Breach date: 20 May 2016
Date added to HIBP: 13 September 2016
Compromised accounts: 104,977
Compromised data: Browser idiosyncratic cause details, Credit paper CVV, Email addresses, IP addresses, Names, Partial recognition paper data, Phone numbers, Physical addresses, Purchases
Permalink


Reincubate logo

Reincubate

In October 2020, the app information institution Reincubate suffered a information breach which exposed a backup from November 2017 (the newest grounds successful the information appeared respective months earlier). The information included implicit 616k unsocial email addresses, names and passwords stored arsenic PBKDF2 hashes.

Breach date: 11 May 2017
Date added to HIBP: 29 October 2020
Compromised accounts: 616,146
Compromised data: Email addresses, Names, Passwords
Permalink


Retina-X logo


ReverbNation logo


River City Media Spam List logo

River City Media Spam List

In January 2017, a monolithic trove of information from River City Media was recovered exposed online. The information was recovered to incorporate astir 1.4 cardinal records including email and IP addresses, names and carnal addresses, each of which was utilized arsenic portion of an tremendous spam operation. Once de-duplicated, determination were 393 cardinal unsocial email addresses wrong the exposed data.

Breach date: 1 January 2017
Date added to HIBP: 8 March 2017
Compromised accounts: 393,430,309
Compromised data: Email addresses, IP addresses, Names, Physical addresses
Permalink


Roll20 logo

Roll20

In December 2018, the tabletop role-playing games website Roll20 suffered a information breach. Almost 4 cardinal customers were impacted by the breach and had email and IP addresses, names, bcrypt hashes of passwords and the past 4 digits of recognition cards exposed. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".

Breach date: 26 December 2018
Date added to HIBP: 19 July 2019
Compromised accounts: 3,994,436
Compromised data: Email addresses, IP addresses, Names, Partial recognition paper data, Passwords
Permalink


Romwe logo

Romwe

In mid-2018, the Hong Kong-based retailer Romwe suffered a information breach which exposed astir 20 cardinal customers. The information was subsequently sold online and includes names, telephone numbers, email and IP addresses, lawsuit geographic locations and passwords stored arsenic salted SHA-1 hashes. The information was provided to HIBP by dehashed.com.

Breach date: 1 June 2018
Date added to HIBP: 18 January 2021
Compromised accounts: 19,531,820
Compromised data: Geographic locations, IP addresses, Names, Passwords, Phone numbers, Physical addresses
Permalink


Rosebutt Board logo

Rosebutt Board

Some clip anterior to May 2016, the forum known arsenic "Rosebutt Board" was hacked and 107k accounts were exposed. The self-described "top 1 committee for anal fisting, prolapse, immense insertions and rosebutt fans" had email and IP addresses, usernames and weakly stored salted MD5 password hashes hacked from the IP.Board based forum.

Breach date: 9 May 2016
Date added to HIBP: 10 May 2016
Compromised accounts: 107,303
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


Russian America logo

Russian America

In astir 2017, the website for Russian speakers successful America known arsenic Russian America suffered a information breach. The incidental exposed 183k unsocial records including names, email addresses, telephone numbers and passwords stored successful some plain substance and arsenic MD5 hashes. Russian America was contacted astir the breach but did not respond.

Breach date: 1 January 2017
Date added to HIBP: 13 September 2018
Compromised accounts: 182,717
Compromised data: Email addresses, Names, Passwords, Phone numbers
Permalink


SaverSpy logo


SC Daily Phone Spam List logo

SC Daily Phone Spam List

In aboriginal 2015, a spam database known arsenic SC Daily Phone emerged containing astir 33M identities. The information includes idiosyncratic attributes specified arsenic names, carnal and IP addresses, genders, commencement dates and telephone numbers. Read much astir spam lists successful HIBP.

Breach date: 14 April 2015
Date added to HIBP: 24 November 2016
Compromised accounts: 32,939,105
Compromised data: Dates of birth, Email addresses, Genders, IP addresses, Names, Physical addresses
Permalink


Scentbird logo

Scentbird

In June 2020, the online fragrance work Scentbird suffered a information breach that exposed the idiosyncratic accusation of implicit 5.8 cardinal customers. Personal accusation including names, email addresses, genders, dates of birth, passwords stored arsenic bcrypt hashes and indicators of password spot were each exposed. The information was provided to HIBP by breachbase.pw.

Breach date: 22 June 2020
Date added to HIBP: 30 July 2020
Compromised accounts: 5,814,988
Compromised data: Dates of birth, Email addresses, Genders, Names, Password strengths, Passwords
Permalink


Seedpeer logo

Seedpeer

In July 2015, the torrent tract Seedpeer was hacked and 282k subordinate records were exposed. The information included usernames, email addresses and passwords stored arsenic anemic MD5 hashes.

Breach date: 12 July 2015
Date added to HIBP: 9 March 2016
Compromised accounts: 281,924
Compromised data: Email addresses, Passwords, Usernames
Permalink


Sephora logo

Sephora

In astir January 2017, the quality store Sephora suffered a information breach. Impacting customers successful South East Asia, Australia and New Zealand, 780k unsocial email addresses were included successful the breach alongside names, genders, dates of birth, ethnicities and different idiosyncratic information. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".

Breach date: 9 January 2017
Date added to HIBP: 6 October 2019
Compromised accounts: 780,073
Compromised data: Dates of birth, Email addresses, Ethnicities, Genders, Names, Physical attributes
Permalink


ServerPact logo

ServerPact

In mid-2015, the Dutch Minecraft tract ServerPact was hacked and 73k accounts were exposed. Along with commencement dates, email and IP addresses, the tract besides exposed SHA1 password hashes with the username arsenic the salt.

Breach date: 1 January 2016
Date added to HIBP: 6 September 2016
Compromised accounts: 73,587
Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames
Permalink


ShareThis logo

ShareThis

In July 2018, the societal bookmarking and sharing work ShareThis suffered a information breach. The incidental exposed 41 cardinal unsocial email addresses alongside names and successful immoderate cases, dates of commencement and password hashes. In 2019, the information appeared listed for merchantability connected a acheronian web marketplace (along with respective different ample breaches) and subsequently began circulating much broadly. The information was provided to HIBP by dehashed.com.

Breach date: 9 July 2018
Date added to HIBP: 3 March 2019
Compromised accounts: 40,960,499
Compromised data: Dates of birth, Email addresses, Names, Passwords
Permalink


SHEIN logo

SHEIN

In June 2018, online manner retailer SHEIN suffered a information breach. The institution discovered the breach 2 months aboriginal successful August past disclosed the incidental different period aft that. A full of 39 cardinal unsocial email addresses were recovered successful the breach alongside MD5 password hashes. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".

Breach date: 1 June 2018
Date added to HIBP: 17 July 2019
Compromised accounts: 39,086,762
Compromised data: Email addresses, Passwords
Permalink


ShopBack logo

ShopBack

In September 2020, the cashback reward programme ShopBack suffered a information breach. The incidental exposed implicit 20 cardinal unsocial email addresses on with names, telephone numbers, state of residence and passwords stored arsenic salted SHA-1 hashes. The information was provided to HIBP by dehashed.com.

Breach date: 17 September 2020
Date added to HIBP: 25 April 2021
Compromised accounts: 20,529,819
Compromised data: Email addresses, Geographic locations, Names, Passwords, Phone numbers
Permalink


Short Édition logo

Short Édition

In June 2021, the French publishing location of abbreviated lit Short Édition suffered a information breach that exposed 505k records. Impacted information included email and carnal addresses, names, usernames, telephone numbers, dates of birth, genders and passwords stored arsenic either salted SHA-1 oregon salted SHA-512 hashes. Short Édition self-submitted the impacted information to HIBP.

Breach date: 26 June 2021
Date added to HIBP: 19 July 2021
Compromised accounts: 505,466
Compromised data: Dates of birth, Email addresses, Genders, Names, Passwords, Phone numbers, Physical addresses, Social media profiles, Usernames
Permalink


Shotbow logo

Shotbow

In May 2016, the multiplayer server for Minecraft work Shotbow announced they'd suffered a information breach. The incidental resulted successful the vulnerability of implicit 1 cardinal unsocial email addresses, usernames and salted SHA-256 password hashes.

Breach date: 9 May 2016
Date added to HIBP: 29 October 2017
Compromised accounts: 1,052,753
Compromised data: Email addresses, Passwords, Usernames
Permalink


SkTorrent logo

SkTorrent

In February 2016, the Slovak torrent tracking tract SkTorrent was hacked and implicit 117k records leaked online. The information dump included usernames, email addresses and passwords stored successful plain text.

Breach date: 19 February 2016
Date added to HIBP: 23 February 2016
Compromised accounts: 117,070
Compromised data: Email addresses, Passwords, Usernames
Permalink


Slickwraps logo

Slickwraps

In February 2020, the online store for user electronics wraps Slickwraps suffered a information breach. The incidental resulted successful the vulnerability of 858k unsocial email addresses crossed lawsuit records and newsletter subscribers. Additional impacted information included names, carnal addresses, telephone numbers and acquisition histories.

Breach date: 16 February 2020
Date added to HIBP: 22 February 2020
Compromised accounts: 857,611
Compromised data: Email addresses, Names, Phone numbers, Physical addresses, Purchases
Permalink


Smogon logo

Smogon

In April 2018, the Pokémon website known arsenic Smogon announced they'd suffered a information breach. The breach dated backmost to September 2017 and affected their XenForo based forum. The exposed information included usernames, email addresses, genders and some bcrypt and MD5 password hashes.

Breach date: 10 September 2017
Date added to HIBP: 11 April 2018
Compromised accounts: 386,489
Compromised data: Email addresses, Genders, Geographic locations, Passwords, Usernames, Website activity
Permalink


Snail logo

Snail

In March 2015, the gaming website Snail suffered a information breach that impacted 1.4 cardinal subscribers. The impacted information included usernames, IP and email addresses and passwords stored arsenic unsalted MD5 hashes. The information was provided to HIBP by dehashed.com.

Breach date: 14 March 2015
Date added to HIBP: 27 July 2019
Compromised accounts: 1,410,899
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


Snapchat logo

Snapchat

In January 2014 conscionable 1 week aft Gibson Security elaborate vulnerabilities successful the service, Snapchat had 4.6 cardinal usernames and telephone fig exposed. The onslaught progressive brute unit enumeration of a ample fig of telephone numbers against the Snapchat API successful what appears to beryllium a effect to Snapchat's assertion that specified an onslaught was "theoretical". Consequently, the breach enabled idiosyncratic usernames (which are often utilized crossed different services) to beryllium resolved to telephone numbers which users usually privation to support private.

Breach date: 1 January 2014
Date added to HIBP: 2 January 2014
Compromised accounts: 4,609,615
Compromised data: Geographic locations, Phone numbers, Usernames
Permalink


Social Engineered logo

Social Engineered

In June 2019, the "Art of Human Hacking" tract Social Engineered suffered a information breach. The breach of the MyBB forum was published connected a rival hacking forum and included 89k unsocial email addresses dispersed crossed 55k forum users and different tables successful the database. The exposed information besides included usernames, IP addresses, backstage messages and passwords stored arsenic salted MD5 hashes.

Breach date: 13 June 2019
Date added to HIBP: 23 June 2019
Compromised accounts: 89,392
Compromised data: Email addresses, IP addresses, Passwords, Private messages, Usernames
Permalink


Società Italiana degli Autori ed Editori logo

Società Italiana degli Autori ed Editori

In November 2018, the Società Italiana degli Autori ed Editori (Italian Society of Authors and Publishers, oregon SIAE) was hacked, defaced and astir 4GB of information leaked publically via Twitter. The information included implicit 14k registered users' names, email addresses and passwords.

Breach date: 3 November 2018
Date added to HIBP: 7 November 2018
Compromised accounts: 14,609
Compromised data: Email addresses, IP addresses, Names, Passwords, Phone numbers
Permalink


Sonicbids logo

Sonicbids

In December 2019, the booking website Sonicbids suffered a information breach which they attributed to "a information privateness lawsuit involving our third-party unreality hosting services". The breach contained 752k idiosyncratic records including names and usernames, email addresses and passwords stored arsenic PBKDF2 hashes. The information was provided to HIBP by breachbase.pw.

Breach date: 30 December 2019
Date added to HIBP: 18 August 2020
Compromised accounts: 751,700
Compromised data: Email addresses, Names, Passwords, Usernames
Permalink


Sony logo

Sony

In 2011, Sony suffered breach aft breach aft breach — it was a very atrocious twelvemonth for them. The breaches spanned assorted areas of the concern ranging from the PlayStation web each the mode done to the question representation arm, Sony Pictures. A SQL Injection vulnerability successful sonypictures.com pb to tens of thousands of accounts crossed aggregate systems being exposed implicit with plain substance passwords.

Breach date: 2 June 2011
Date added to HIBP: 4 December 2013
Compromised accounts: 37,103
Compromised data: Dates of birth, Email addresses, Genders, Names, Passwords, Phone numbers, Physical addresses, Usernames
Permalink


Soundwave logo

Soundwave

In astir mid 2015, the euphony tracking app Soundwave suffered a information breach. The breach stemmed from an incidental whereby "production information had been utilized to populate the trial database" and was past inadvertently exposed successful a MongoDB. The information contained 130k records and included email addresses, dates of birth, genders and MD5 hashes of passwords without a salt.

Breach date: 16 July 2015
Date added to HIBP: 17 March 2017
Compromised accounts: 130,705
Compromised data: Dates of birth, Email addresses, Genders, Geographic locations, Names, Passwords, Social connections
Permalink


Special K Data Feed Spam List logo

Special K Data Feed Spam List

In mid to precocious 2015, a spam database known arsenic the Special K Data Feed was discovered containing astir 31M identities. The information includes idiosyncratic attributes specified arsenic names, carnal and IP addresses, genders, commencement dates and telephone numbers. Read much astir spam lists successful HIBP.

Breach date: 7 October 2015
Date added to HIBP: 24 November 2016
Compromised accounts: 30,741,620
Compromised data: Dates of birth, Email addresses, Genders, IP addresses, Names, Physical addresses
Permalink


Spirol logo

Spirol

In February 2014, Connecticut based Spirol Fastening Solutions suffered a information breach that exposed implicit 70,000 lawsuit records. The onslaught was allegedly mounted by exploiting a SQL injection vulnerability which yielded information from Spirol’s CRM strategy ranging from customers’ names, companies, interaction accusation and implicit 55,000 unsocial email addresses.

Breach date: 22 February 2014
Date added to HIBP: 22 February 2014
Compromised accounts: 55,622
Compromised data: Email addresses, Employers, Job titles, Names, Phone numbers, Physical addresses
Permalink


SpyFone logo

SpyFone

In August 2018, the spyware institution SpyFone near terabytes of information publically exposed. Collected surreptitiously whilst the targets were utilizing their devices, the information included photos, audio recordings, substance messages and browsing past which were past exposed via a fig of misconfigurations wrong SpyFone's systems. The information belonged the thousands of SpyFone customers and included 44k unsocial email addresses, galore apt belonging to radical the targeted phones had interaction with.

Breach date: 16 August 2018
Date added to HIBP: 24 August 2018
Compromised accounts: 44,109
Compromised data: Audio recordings, Browsing histories, Device information, Email addresses, Geographic locations, IMEI numbers, IP addresses, Names, Passwords, Photos, SMS messages
Permalink


Staminus logo

Staminus

In March 2016, the DDoS extortion work Staminus was "massively hacked" resulting successful an outage of much than 20 hours and the disclosure of lawsuit credentials (with unsalted MD5 hashes), enactment tickets, recognition paper numbers and different delicate data. 27k unsocial email addresses were recovered successful the information which was subsequently released to the public. Staminus is nary longer successful operation.

Breach date: 11 March 2016
Date added to HIBP: 5 October 2017
Compromised accounts: 26,815
Compromised data: Credit cards, Email addresses, IP addresses, Passwords, Support tickets, Usernames
Permalink


StarNet logo

StarNet

In February 2015, the Moldavian ISP "StarNet" had it's database published online. The dump included astir 140k email addresses, galore with idiosyncratic details including interaction information, usage patterns of the ISP and adjacent passport numbers.

Breach date: 26 February 2015
Date added to HIBP: 11 April 2015
Compromised accounts: 139,395
Compromised data: Customer interactions, Dates of birth, Email addresses, Genders, IP addresses, MAC addresses, Names, Passport numbers, Passwords, Phone numbers
Permalink


StarTribune logo

StarTribune

In October 2019, the Minnesota-based quality work StarTribune suffered a information breach which was subsequently sold connected the acheronian web. The breach exposed implicit 2 cardinal unsocial email addresses alongside names, usernames, carnal addresses, dates of birth, genders and passwords stored arsenic bcrypt hashes. The information was provided to HIBP by dehashed.com.

Breach date: 10 October 2019
Date added to HIBP: 30 October 2020
Compromised accounts: 2,192,857
Compromised data: Dates of birth, Email addresses, Genders, Names, Passwords, Physical addresses, Usernames
Permalink


Ster-Kinekor logo

Ster-Kinekor

In 2016, the South African cinema institution Ster-Kinekor had a information flaw which leaked a ample magnitude of lawsuit information via an enumeration vulnerability successful the API of their aged website. Whilst much than 6 cardinal accounts were leaked by the flaw, the exposed information lone contained 1.6 cardinal unsocial email addresses. The information besides included extended idiosyncratic accusation specified arsenic names, addresses, birthdates, genders and plain substance passwords.

Breach date: 9 March 2017
Date added to HIBP: 13 March 2017
Compromised accounts: 1,619,544
Compromised data: Dates of birth, Email addresses, Genders, Names, Passwords, Phone numbers, Physical addresses, Spoken languages
Permalink


StockX logo

StockX

In July 2019, the manner and sneaker trading level StockX suffered a information breach which was subsequently sold via a acheronian webmarketplace. The exposed information included 6.8 cardinal unsocial email addresses, names, carnal addresses, purchases and passwords stored arsenic salted MD5 hashes. The information was provided to HIBP by dehashed.com.

Breach date: 26 July 2019
Date added to HIBP: 10 August 2019
Compromised accounts: 6,840,339
Compromised data: Email addresses, Names, Passwords, Physical addresses, Purchases, Usernames
Permalink


StoryBird logo

StoryBird

In August 2015, the storytelling work StoryBird suffered a information breach exposing 4 cardinal records with 1 cardinal unsocial email addresses. Impacted information besides included names, usernames and passwords stored arsenic PBKDF2 hashes. The information was provided to HIBP by dehashed.com.

Breach date: 7 August 2015
Date added to HIBP: 2 February 2021
Compromised accounts: 1,047,200
Compromised data: Email addresses, Names, Passwords, Usernames
Permalink


Straffic logo

Straffic

In February 2020, Israeli selling institution Straffic exposed a database with 140GB of idiosyncratic data. The publically accessible Elasticsearch database contained implicit 300M rows with 49M unsocial email addresses. Exposed information besides included names, telephone numbers, carnal addresses and genders. In their breach disclosure message, Straffic stated that "it is intolerable to make a wholly immune system, and these things tin occur".

Breach date: 14 February 2020
Date added to HIBP: 27 February 2020
Compromised accounts: 48,580,249
Compromised data: Email addresses, Genders, Names, Phone numbers, Physical addresses
Permalink


Stratfor logo

Stratfor

In December 2011, "Anonymous" attacked the planetary quality institution known arsenic "Stratfor" and consequently disclosed a veritable treasure trove of information including hundreds of gigabytes of email and tens of thousands of recognition paper details which were promptly utilized by the attackers to marque charitable donations (among different uses). The breach besides included 860,000 idiosyncratic accounts implicit with email address, clip zone, immoderate interior strategy information and MD5 hashed passwords with nary salt.

Breach date: 24 December 2011
Date added to HIBP: 4 December 2013
Compromised accounts: 859,777
Compromised data: Credit cards, Email addresses, Names, Passwords, Phone numbers, Physical addresses, Usernames
Permalink


StreetEasy logo

StreetEasy

In astir June 2016, the existent property website StreetEasy suffered a information breach. In total, 988k unsocial email addresses were included successful the breach alongside names, usernames and SHA-1 hashes of passwords, each of which appeared for merchantability connected a acheronian web marketplace successful February 2019. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".

Breach date: 28 June 2016
Date added to HIBP: 6 October 2019
Compromised accounts: 988,230
Compromised data: Email addresses, Names, Passwords, Usernames
Permalink


Stronghold Kingdoms logo

Stronghold Kingdoms

In July 2018, the monolithic multiplayer online crippled Stronghold Kingdoms suffered a information breach. Almost 5.2 cardinal accounts were impacted by the incidental which exposed emails addresses, usernames and passwords stored arsenic salted SHA-1 hashes. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".

Breach date: 4 July 2018
Date added to HIBP: 21 July 2019
Compromised accounts: 5,187,305
Compromised data: Email addresses, Passwords, Usernames
Permalink


SubaGames logo

SubaGames

In November 2016, the crippled developer Suba Games suffered a information breach which led to the vulnerability of 6.1M unsocial email addresses. Impacted information besides included usernames and passwords, astir of which appeared circulating successful the breached record successful plain substance aft being cracked from salted MD5 hashes. The information was provided to HIBP by dehashed.com.

Breach date: 1 November 2016
Date added to HIBP: 25 August 2021
Compromised accounts: 6,137,666
Compromised data: Email addresses, Passwords, Usernames
Permalink


Sumo Torrent logo

Sumo Torrent

In June 2014, the torrent tract Sumo Torrent was hacked and 285k subordinate records were exposed. The information included IP addresses, email addresses and passwords stored arsenic anemic MD5 hashes.

Breach date: 21 June 2014
Date added to HIBP: 9 March 2016
Compromised accounts: 285,191
Compromised data: Email addresses, IP addresses, Passwords, Usernames, Website activity
Permalink


SuperVPN & GeckoVPN logo

SuperVPN & GeckoVPN

In February 2021, a bid of "free" VPN services were breached including SuperVPN and GeckoVPN, exposing implicit 20M records. The information appeared unneurotic successful a azygous record with a tiny fig of records besides included from FlashVPN, suggesting that each 3 brands whitethorn stock the aforesaid platform. Impacted information besides included email addresses, the state logged successful from and the day and clip each login occurred alongside instrumentality accusation including the marque and model, IMSI fig and serial number. The information was provided to HIBP by a root who requested it beryllium attributed to [email protected]

Breach date: 25 February 2021
Date added to HIBP: 28 February 2021
Compromised accounts: 20,339,937
Compromised data: Device information, Device serial numbers, Email addresses, Geographic locations, IMSI numbers, Login histories
Permalink


SvenskaMagic logo

SvenskaMagic

Sometime successful 2015, the Swedish magic website SvenskaMagic suffered a information breach that exposed implicit 30k records. The compromised information included usernames, email addresses and MD5 password hashes. The information was self-submitted to HIBP by SvenskaMagic.

Breach date: 1 July 2015
Date added to HIBP: 30 August 2018
Compromised accounts: 30,327
Compromised data: Email addresses, Passwords, Usernames
Permalink


SweClockers.com logo

SweClockers.com

In aboriginal 2015, the Swedish tech quality tract SweClockers was hacked and 255k accounts were exposed. The onslaught led to the vulnerability of usernames, email addresses and salted hashes of passwords stored with a operation of MD5 and SHA512.

Breach date: 1 April 2015
Date added to HIBP: 22 March 2017
Compromised accounts: 254,867
Compromised data: Email addresses, Passwords, Usernames
Permalink


Swvl logo

Swvl

In June 2020, the Egyptian autobus relation Swvl suffered a information breach which impacted implicit 4 cardinal members of the service. The exposed information included names, email addresses, telephone numbers, illustration photos, partial recognition paper information (type and past 4 digits) and passwords stored arsenic bcrypt hashes, each of which was subsequently shared extensively passim online hacking communities. The information was provided to HIBP by breachbase.pw.

Breach date: 23 June 2020
Date added to HIBP: 31 July 2020
Compromised accounts: 4,195,918
Compromised data: Email addresses, Names, Partial recognition paper data, Passwords, Phone numbers, Profile photos
Permalink


TaiLieu logo

TaiLieu

In November 2019, the Vietnamese acquisition website TaiLieu allegedly suffered a information breach exposing 7.3M lawsuit records. Impacted information included names and usernames, email addresses, dates of birth, genders and passwords stored arsenic unsalted MD5 hashes. The information was provided to HIBP by dehashed.com aft being shared connected a fashionable hacking forum. TaiLieu did not respond erstwhile contacted astir the incident.

Breach date: 24 November 2019
Date added to HIBP: 3 May 2020
Compromised accounts: 7,327,477
Compromised data: Dates of birth, Email addresses, Genders, Geographic locations, Names, Passwords, Phone numbers, Usernames
Permalink


Tamodo logo

Tamodo

In February 2020, the affiliate selling web Tamodo suffered a information breach which was subsequently shared connected a fashionable hacking forum. The incidental exposed astir 500k accounts including names, email addresses, dates of commencement and passwords stored arsenic bcrypt hashes. Tamodo failed to respond to aggregate attempts to study the breach via published connection channels.

Breach date: 28 February 2020
Date added to HIBP: 24 March 2020
Compromised accounts: 494,945
Compromised data: Dates of birth, Email addresses, Genders, Geographic locations, IP addresses, Names, Passwords
Permalink


Taobao logo

Taobao

In astir 2012, it's alleged that the Chinese buying tract known arsenic Taobao suffered a information breach that impacted implicit 21 cardinal subscribers. Whilst determination is grounds that the information is legitimate, owed to the trouble of emphatically verifying the Chinese breach it has been flagged arsenic "unverified". The information successful the breach contains email addresses and plain substance passwords. Read much astir Chinese information breaches successful Have I Been Pwned.

Breach date: 1 January 2012
Date added to HIBP: 8 October 2016
Compromised accounts: 21,149,008
Compromised data: Email addresses, Passwords
Permalink


Taringa logo


Team SoloMid logo

Team SoloMid

In December 2014, the physics sports organisation known arsenic Team SoloMid was hacked and 442k members accounts were leaked. The accounts included email and IP addresses, usernames and salted hashes of passwords.

Breach date: 22 December 2014
Date added to HIBP: 9 March 2016
Compromised accounts: 442,166
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


Technic logo

Technic

In November 2018, the Minecraft modpack level known arsenic Technic suffered a information breach. Technic promptly disclosed the breach and advised that the impacted information included implicit 265k unsocial users' email and IP addresses, chat logs, backstage messages and passwords stored arsenic bcrypt hashes with a enactment origin of 13. Technic self-submitted the breach to HIBP.

Breach date: 30 November 2018
Date added to HIBP: 4 December 2018
Compromised accounts: 265,410
Compromised data: Chat logs, Email addresses, IP addresses, Passwords, Private messages, Time zones
Permalink


Teespring logo


Telecom Regulatory Authority of India logo

Telecom Regulatory Authority of India

In April 2015, the Telecom Regulatory Authority of India (TRAI) published tens of 1000 of emails sent by Indian citizens supporting nett neutrality arsenic portion of the SaveTheInternet campaign. The published information included lists of emails including the sender's sanction and email code arsenic good arsenic the contents of the email arsenic well, often with signatures including different idiosyncratic data.

Breach date: 27 April 2015
Date added to HIBP: 27 April 2015
Compromised accounts: 107,776
Compromised data: Email addresses, Email messages
Permalink


Teracod logo

Teracod

In May 2015, astir 100k idiosyncratic records were extracted from the Hungarian torrent tract known arsenic Teracod. The information was aboriginal discovered being torrented itself and included email addresses, passwords, backstage messages betwixt members and the peering past of IP addresses utilizing the service.

Breach date: 28 May 2016
Date added to HIBP: 22 August 2016
Compromised accounts: 97,151
Compromised data: Avatars, Email addresses, IP addresses, Passwords, Payment histories, Private messages, Usernames, Website activity
Permalink


Tesco logo


TGBUS logo

TGBUS

In astir 2017, it's alleged that the Chinese gaming tract known arsenic TGBUS suffered a information breach that impacted implicit 10 cardinal unsocial subscribers. Whilst determination is grounds that the information is legitimate, owed to the trouble of emphatically verifying the Chinese breach it has been flagged arsenic "unverified". The information successful the breach contains usernames, email addresses and salted MD5 password hashes and was provided with enactment from dehashed.com. Read much astir Chinese information breaches successful Have I Been Pwned.

Breach date: 1 September 2017
Date added to HIBP: 28 April 2018
Compromised accounts: 10,371,766
Compromised data: Email addresses, Passwords, Usernames
Permalink


The Candid Board logo

The Candid Board

In September 2015, the non-consensual voyeurism tract "The Candid Board" suffered a information breach. The hack of the vBulletin forum led to the vulnerability of implicit 178k accounts on with email and IP addresses, dates of commencement and salted passwords hashed with MD5.

Breach date: 3 September 2015
Date added to HIBP: 22 January 2017
Compromised accounts: 178,201
Compromised data: Dates of birth, Email addresses, Geographic locations, IP addresses, Passwords, Usernames, Website activity
Permalink


The Fappening logo

The Fappening

In December 2015, the forum for discussing bare personage photos known arsenic "The Fappening" (named aft the iCloud leaks of 2014) was compromised and 179k accounts were leaked. Exposed subordinate information included usernames, email addresses and salted hashes of passwords.

Breach date: 1 December 2015
Date added to HIBP: 13 April 2016
Compromised accounts: 179,030
Compromised data: Email addresses, Passwords, Usernames
Permalink


The Fly connected  the Wall logo

The Fly connected the Wall

In December 2017, the banal marketplace quality website The Fly connected the Wall suffered a information breach. The information successful the breach included 84k unsocial email addresses arsenic good arsenic acquisition histories and recognition paper data. Numerous attempts were made to interaction The Fly connected the Wall astir the incident, nevertheless nary responses were received.

Breach date: 31 December 2017
Date added to HIBP: 15 January 2018
Compromised accounts: 84,011
Compromised data: Age groups, Credit cards, Email addresses, Genders, Names, Passwords, Phone numbers, Physical addresses, Purchases, Usernames
Permalink


The Halloween Spot logo

The Halloween Spot

In September 2019, the Halloween costume store The Halloween Spot suffered a information breach. Originally misattributed to fancy formal store Smiffys, the breach contained 13GB of information with implicit 10k unsocial email addresses alongside names, carnal and IP addresses, telephone numbers and bid histories. The Halloween Spot advised customers the breach was traced backmost to "an aged shipping accusation database".

Breach date: 27 September 2019
Date added to HIBP: 16 March 2020
Compromised accounts: 10,653
Compromised data: Email addresses, IP addresses, Names, Phone numbers, Physical addresses, Purchases
Permalink


TheTVDB.com logo

TheTVDB.com

In November 2017, the unfastened tv database known arsenic TheTVDB.com suffered a information breach. The breached information was posted to a hacking forum and included 182k records with usernames, email addresses and MySQL password hashes.

Breach date: 21 November 2017
Date added to HIBP: 29 January 2018
Compromised accounts: 181,871
Compromised data: Email addresses, Passwords, Usernames
Permalink


ThisHabbo Forum logo

ThisHabbo Forum

In 2014, the ThisHabbo forum (a instrumentality tract for Habbo.com, a Finnish societal networking site) appeared among a database of compromised sites which has subsequently been removed from the internet. Whilst the existent day of the exploit is not clear, the breached information includes usernames, email addresses, IP addresses and salted hashes of passwords. A further 584k records were added from a much broad breach record provided successful October 2016.

Breach date: 1 January 2014
Date added to HIBP: 28 March 2015
Compromised accounts: 612,414
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


Tianya logo

Tianya

In December 2011, China's largest online forum known arsenic Tianya was hacked and tens of millions of accounts were obtained by the attacker. The leaked information included names, usernames and email addresses.

Breach date: 26 December 2011
Date added to HIBP: 30 June 2016
Compromised accounts: 29,020,808
Compromised data: Email addresses, Names, Usernames
Permalink


Ticketcounter logo

Ticketcounter

In August 2020, the Dutch ticketing work Ticketcounter inadvertently published a database backup to a publically accessible determination wherever it was past recovered and downloaded successful February 2021. The information contained 1.9M unsocial email addresses which were offered for merchantability connected a hacking forum alongside names, carnal and IP addresses, genders, dates of birth, outgo histories and successful immoderate cases, slope relationship numbers. Ticketcounter was aboriginal held to ransom with the menace of the breached being released publicly. The information was provided to HIBP by a root who requested it beryllium attributed to [email protected]

Breach date: 22 February 2021
Date added to HIBP: 1 March 2021
Compromised accounts: 1,921,722
Compromised data: Bank relationship numbers, Dates of birth, Email addresses, Genders, IP addresses, Names, Payment histories, Phone numbers, Physical addresses
Permalink


Ticketfly logo

Ticketfly

In May 2018, the website for the summons organisation work Ticketfly was defaced by an attacker and was subsequently taken offline. The attacker allegedly requested a ransom to stock details of the vulnerability with Ticketfly but did not person a reply and subsequently posted the breached information online to a publically accessible location. The information included implicit 26 cardinal unsocial email addresses on with names, carnal addresses and telephone numbers. Whilst determination were nary passwords successful the publically leaked data, Ticketfly aboriginal issued an incidental update and stated that "It is possible, however, that hashed values of password credentials could person been accessed".

Breach date: 31 May 2018
Date added to HIBP: 3 June 2018
Compromised accounts: 26,151,608
Compromised data: Email addresses, Names, Phone numbers, Physical addresses
Permalink


Tokopedia logo

Tokopedia

In April 2020, Indonesia's largest online store Tokopedia suffered a information breach. The incidental resulted successful 15M rows of information being posted to a fashionable hacking forum. An further 76M rows were aboriginal provided to HIBP successful July 2020. In total, the information included implicit 71M unsocial email addresses alongside names, genders, commencement dates and passwords stored arsenic SHA2-384 hashes.

Breach date: 17 April 2020
Date added to HIBP: 2 May 2020
Compromised accounts: 71,443,698
Compromised data: Dates of birth, Email addresses, Genders, Names, Passwords
Permalink


ToonDoo logo

ToonDoo

In August 2019, the comic portion instauration website ToonDoo suffered a information breach. The information was subsequently redistributed connected a fashionable hacking forum successful November wherever the idiosyncratic accusation of implicit 6M subscribers was shared. Impacted information included email and IP addresses, usernames, genders, the determination of the idiosyncratic and salted password hashes.

Breach date: 21 August 2019
Date added to HIBP: 11 November 2019
Compromised accounts: 6,002,694
Compromised data: Email addresses, Genders, Geographic locations, IP addresses, Passwords, Usernames
Permalink


Torrent Invites logo

Torrent Invites

In December 2013, the torrent tract Torrent Invites was hacked and implicit 352k accounts were exposed. The vBulletin forum contained usernames, email and IP addresses, commencement dates and salted MD5 hashes of passwords.

Breach date: 12 December 2013
Date added to HIBP: 22 March 2017
Compromised accounts: 352,120
Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames, Website activity
Permalink


Tout logo

Tout

In astir September 2014, the present defunct societal networking work Tout suffered a information breach. The breach subsequently appeared years aboriginal and included 653k unsocial email addresses, names, IP addresses, the determination of the user, their bio and passwords stored arsenic bcrypt hashes. The information was provided to HIBP by a root who requested it to beryllium attributed to "[email protected]".

Breach date: 11 September 2014
Date added to HIBP: 25 January 2020
Compromised accounts: 652,683
Compromised data: Bios, Email addresses, Geographic locations, IP addresses, Names, Passwords, Usernames
Permalink


Travel Oklahoma logo

Travel Oklahoma

In December 2020, the Oklahoma authorities Tourism and Recreation Department suffered a information breach. The incidental exposed 637k email addresses crossed a assortment of tables including property ranges against brochure orders and dates of commencement against contention entries. Genders, names and carnal addresses were besides exposed. The information was provided to HIBP by a root who requested it beryllium attributed to "badhou3a".

Breach date: 17 December 2020
Date added to HIBP: 10 March 2021
Compromised accounts: 637,279
Compromised data: Age groups, Dates of birth, Email addresses, Genders, Names, Physical addresses
Permalink


Trik Spam Botnet logo

Trik Spam Botnet

In June 2018, the bid and power server of a malicious botnet known arsenic the "Trik Spam Botnet" was misconfigured specified that it exposed the email addresses of much than 43 cardinal people. The researchers who discovered the exposed Russian server judge the database of addresses was utilized to administer assorted malware strains via malspam campaigns (emails designed to present malware).

Breach date: 12 June 2018
Date added to HIBP: 14 June 2018
Compromised accounts: 43,432,346
Compromised data: Email addresses
Permalink


Trillian logo

Trillian

In December 2015, the instant messaging exertion Trillian suffered a information breach. The breach became known successful July 2016 and exposed assorted idiosyncratic information attributes including names, email addresses and passwords stored arsenic salted MD5 hashes.

Breach date: 27 December 2015
Date added to HIBP: 15 July 2016
Compromised accounts: 3,827,238
Compromised data: Dates of birth, Email addresses, IP addresses, Names, Passwords, Usernames
Permalink


TruckersMP logo


TrueFire logo

TrueFire

In February 2020, the guitar tuition website TrueFire suffered a information breach which impacted 600k members. The breach exposed extended idiosyncratic accusation including names, email and carnal addresses, relationship balances and unsalted MD5 password hashes. The information was provided to HIBP by dehashed.com.

Breach date: 21 February 2020
Date added to HIBP: 2 August 2020
Compromised accounts: 599,667
Compromised data: Account balances, Dates of birth, Email addresses, Names, Passwords, Phone numbers, Physical addresses, Usernames
Permalink


tumblr logo

tumblr

In aboriginal 2013, tumblr suffered a information breach which resulted successful the vulnerability of implicit 65 cardinal accounts. The information was aboriginal enactment up for merchantability connected a acheronian marketplace website and included email addresses and passwords stored arsenic salted SHA1 hashes.

Breach date: 28 February 2013
Date added to HIBP: 29 May 2016
Compromised accounts: 65,469,298
Compromised data: Email addresses, Passwords
Permalink


Uiggy logo

Uiggy

In June 2016, the Facebook exertion known arsenic Uiggy was hacked and 4.3M accounts were exposed, 2.7M of which had email addresses against them. The leaked accounts besides exposed names, genders and the Facebook ID of the owners.

Breach date: 1 June 2016
Date added to HIBP: 27 June 2016
Compromised accounts: 2,682,650
Compromised data: Email addresses, Genders, Names, Social connections, Website activity
Permalink


Ulmon logo

Ulmon

In January 2020, the question app creator Ulmon suffered a information breach. The work had astir 1.3M records with 777k unsocial email addresses, names, passwords stored arsenic bcrypt hashes and successful immoderate cases, societal media illustration IDs, telephone numbers and bios. The information was subsequently posted to a fashionable hacking forum.

Breach date: 26 January 2020
Date added to HIBP: 8 May 2020
Compromised accounts: 777,769
Compromised data: Bios, Email addresses, Names, Passwords, Phone numbers, Social media profiles
Permalink


UN Internet Governance Forum logo

UN Internet Governance Forum

In February 2014, the Internet Governance Forum (formed by the United Nations for argumentation dialog connected issues of net governance) was attacked by hacker corporate known arsenic Deletesec. Although tasked with "ensuring the information and stableness of the Internet", the IGF’s website was inactive breached and resulted successful the leak of 3,200 email addresses, names, usernames and cryptographically stored passwords.

Breach date: 20 February 2014
Date added to HIBP: 23 February 2014
Compromised accounts: 3,200
Compromised data: Email addresses, Names, Passwords, Usernames
Permalink


Underworld Empire logo

Underworld Empire

In April 2017, the vBulletin forum for the Underworld Empire game suffered a information breach that exposed 429k accounts. The information was past posted to a hacking forum successful mid-February 2018 wherever it was made disposable to download. The root information contained IP and email addresses, usernames and salted MD5 hashes.

Breach date: 25 April 2017
Date added to HIBP: 19 February 2018
Compromised accounts: 428,779
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


Unico Campania logo

Unico Campania

In August 2020, the Neapolitan nationalist transport website Unico Campania was hacked and the information extensively circulated. The breach contained 166k idiosyncratic records with email addresses and plain substance passwords.

Breach date: 19 August 2020
Date added to HIBP: 19 August 2020
Compromised accounts: 166,031
Compromised data: Email addresses, Passwords
Permalink


Universarium logo

Universarium

In astir November 2019, the Russian "Remote preparatory module for IT specialties" Universarium suffered a information breach. The incidental exposed 565k email addresses and passwords successful plain text. Universarium did not respond to aggregate attempts to marque interaction implicit a play of galore weeks. The information was provided to HIBP by dehashed.com.

Breach date: 1 November 2019
Date added to HIBP: 3 January 2020
Compromised accounts: 564,962
Compromised data: Email addresses, Passwords
Permalink


University of California logo

University of California

In December 2020, the University of California suffered a information breach owed to vulnerability successful in a third-party provider, Accellion. The breach exposed extended idiosyncratic information connected some students and unit including 547 1000 unsocial email addresses, names, dates of birth, genders, societal information numbers, ethnicities and different world related information attributes. Further investigation is disposable successful Exploring the Impact of the UC Data Breach. The information was provided to HIBP courtesy of Cyril Gorlla.

Breach date: 24 December 2020
Date added to HIBP: 20 June 2021
Compromised accounts: 547,422
Compromised data: Dates of birth, Education levels, Email addresses, Ethnicities, Genders, Job titles, Names, Phone numbers, Physical addresses, Social information numbers
Permalink


Unreal Engine logo

Unreal Engine

In August 2016, the Unreal Engine Forum suffered a information breach, allegedly owed to a SQL injection vulnerability successful vBulletin. The onslaught resulted successful the vulnerability of 530k accounts including usernames, email addresses and salted MD5 hashes of passwords.

Breach date: 11 August 2016
Date added to HIBP: 7 November 2016
Compromised accounts: 530,147
Compromised data: Email addresses, Passwords, Usernames
Permalink


Unverified Data Source logo

Unverified Data Source

In January 2021, implicit 11M unsocial email addresses were discovered by Night Lion Security alongside an extended magnitude of idiosyncratic accusation including names, carnal and IP addresses, telephone numbers and dates of birth. Some records besides contained societal information numbers, driver's licence details, idiosyncratic fiscal accusation and health-related data, depending connected wherever the accusation was sourced from. Initially attributed to Astoria Company, they subsequently investigated the incidental and confirmed the information did not originate from their services.

Breach date: 26 January 2021
Date added to HIBP: 24 March 2021
Compromised accounts: 11,498,146
Compromised data: Bank relationship numbers, Credit presumption information, Dates of birth, Email addresses, Employers, Health security information, Income levels, IP addresses, Names, Personal wellness data, Phone numbers, Physical addresses, Smoking habits, Social information numbers
Permalink


Utah Gun Exchange logo

Utah Gun Exchange

In July 2020, the Utah Gun Exchange website suffered a information breach which included respective different associated websites. In total, 235k unsocial email addresses were exposed earlier being traded online alongside names, usernames, genders, IP addresses and password hashes. The information was provided to HIBP by breachbase.pw.

Breach date: 17 July 2020
Date added to HIBP: 19 August 2020
Compromised accounts: 235,233
Compromised data: Email addresses, Genders, IP addresses, Passwords, Usernames
Permalink


uTorrent logo

uTorrent

In aboriginal 2016, the forum for the uTorrent BitTorrent lawsuit suffered a information breach which came to airy aboriginal successful the year. The database from the IP.Board based forum contained 395k accounts including usernames, email addresses and MD5 password hashes without a salt.

Breach date: 14 January 2016
Date added to HIBP: 5 November 2016
Compromised accounts: 395,044
Compromised data: Email addresses, Passwords, Usernames
Permalink


uuu9 logo

uuu9

In September 2016, information was allegedly obtained from the Chinese website known arsenic uuu9.com and contained 7.5M accounts. Whilst determination is grounds that the information is legitimate, owed to the trouble of emphatically verifying the Chinese breach it has been flagged arsenic "unverified". The information successful the breach contains email addresses and idiosyncratic names. Read much astir Chinese information breaches successful Have I Been Pwned.

Breach date: 6 September 2016
Date added to HIBP: 27 December 2016
Compromised accounts: 7,485,802
Compromised data: Email addresses, Passwords, Usernames
Permalink


Vakinha logo

Vakinha

In June 2020, the Brazilian money raising work Vakinha suffered a information breach which impacted astir 4.8 cardinal members. The exposed information included email addresses, names, telephone numbers, geographic locations and passwords stored arsenic bcrypt hashes, each of which was subsequently shared extensively passim online hacking communities. The information was provided to HIBP by dehashed.com.

Breach date: 22 June 2020
Date added to HIBP: 1 August 2020
Compromised accounts: 4,775,203
Compromised data: Dates of birth, Email addresses, IP addresses, Names, Passwords, Phone numbers
Permalink


Vastaamo logo

Vastaamo

In October 2020, the Finnish psychotherapy work Vastaamo was the taxable of a ransomware onslaught targeting archetypal the institution itself, followed by their patients directly. The archetypal information incidental dates backmost to a play betwixt precocious 2018 and aboriginal 2019 and exposed information including 30k unsocial email addresses, names, societal information numbers and notes connected individuals' psychotherapy sessions. This breach has been flagged arsenic "sensitive" and is lone searchable by owners of the email addresses and domains exposed successful the incident.

Breach date: 31 March 2019
Date added to HIBP: 17 July 2021
Compromised accounts: 30,433
Compromised data: Email addresses, Names, Personal wellness data, Social information numbers
Permalink


vBulletin logo

vBulletin

In November 2015, the forum bundle shaper vBulletin suffered a superior information breach. The onslaught pb to the merchandise of some forum idiosyncratic and lawsuit accounts totalling astir 519k records. The breach included email addresses, commencement dates, information questions and answers for customers and salted hashes of passwords for some sources.

Breach date: 3 November 2015
Date added to HIBP: 24 January 2016
Compromised accounts: 518,966
Compromised data: Dates of birth, Email addresses, Homepage URLs, Instant messenger identities, IP addresses, Passwords, Security questions and answers, Spoken languages, Website activity
Permalink


Vedantu logo

Vedantu

In mid-2019, the Indian interactive online tutoring level Vedantu suffered a information breach which exposed the idiosyncratic information of 687k users. The JSON formatted database dump exposed extended idiosyncratic accusation including email and IP address, names, telephone numbers, genders and passwords stored arsenic bcrypt hashes. When contacted astir the incident, Vedantu advised that they were alert of the breach and were successful the process of informing their customers.

Breach date: 8 July 2019
Date added to HIBP: 1 November 2019
Compromised accounts: 686,899
Compromised data: Browser idiosyncratic cause details, Email addresses, Genders, IP addresses, Names, Passwords, Phone numbers, Spoken languages, Time zones, Website activity
Permalink


Verifications.io logo

Verifications.io

In February 2019, the email code validation work verifications.io suffered a information breach. Discovered by Bob Diachenko and Vinny Troia, the breach was owed to the information being stored successful a MongoDB lawsuit near publically facing without a password and resulted successful 763 cardinal unsocial email addresses being exposed. Many records wrong the information besides included further idiosyncratic attributes specified arsenic names, telephone numbers, IP addresses, dates of commencement and genders. No passwords were included successful the data. The Verifications.io website went offline during the disclosure process, though an archived transcript remains viewable.

Breach date: 25 February 2019
Date added to HIBP: 9 March 2019
Compromised accounts: 763,117,241
Compromised data: Dates of birth, Email addresses, Employers, Genders, Geographic locations, IP addresses, Job titles, Names, Phone numbers, Physical addresses
Permalink


Verified logo


Vianet logo

Vianet

In April 2020, the Nepalese net work supplier Vianet suffered a information breach. The onslaught connected the ISP led to the vulnerability of 177k lawsuit records including 94k unsocial email addresses. Also exposed were names, telephone numbers and carnal addresses.

Breach date: 8 April 2020
Date added to HIBP: 22 April 2020
Compromised accounts: 94,353
Compromised data: Email addresses, Names, Phone numbers, Physical addresses
Permalink


Victory Phones logo

Victory Phones

In January 2017, the automated telephony services institution Victory Phones near a Mongo DB database publically facing without a password. Subsequently, 213GB of information was downloaded by an unauthorised enactment including names, addresses, telephone numbers and implicit 166k unsocial email addresses.

Breach date: 1 January 2017
Date added to HIBP: 11 October 2017
Compromised accounts: 166,046
Compromised data: Dates of birth, Email addresses, IP addresses, Names, Phone numbers, Physical addresses
Permalink


ViewFines logo

ViewFines

In May 2018, the South African website for viewing postulation fines online known arsenic ViewFines suffered a information breach. Over 934k records containing 778k unsocial email addresses were exposed and included names, telephone numbers, authorities issued IDs and passwords stored successful plain text.

Breach date: 7 May 2018
Date added to HIBP: 24 May 2018
Compromised accounts: 777,649
Compromised data: Email addresses, Government issued IDs, Names, Passwords, Phone numbers
Permalink


VK logo

VK

In astir 2012, the Russian societal media tract known arsenic VK was hacked and astir 100 cardinal accounts were exposed. The information emerged successful June 2016 wherever it was being sold via a acheronian marketplace website and included names, telephone numbers email addresses and plain substance passwords.

Breach date: 1 January 2012
Date added to HIBP: 9 June 2016
Compromised accounts: 93,338,602
Compromised data: Email addresses, Names, Passwords, Phone numbers
Permalink


VNG logo

VNG

In April 2018, news broke of a monolithic information breach impacting the Vietnamese institution known arsenic VNG aft information was discovered being traded connected a fashionable hacking forum wherever it was extensively redistributed. The breach dated backmost to an incidental successful May of 2015 and included of implicit 163 cardinal customers. The information successful the breach contained a wide scope of idiosyncratic attributes including usernames, commencement dates, genders and location addresses on with unsalted MD5 hashes and 25 cardinal unsocial email addresses. The information was provided to HIBP by dehashed.com.

Breach date: 19 May 2015
Date added to HIBP: 28 April 2018
Compromised accounts: 24,853,850
Compromised data: Dates of birth, Email addresses, Genders, IP addresses, Marital statuses, Names, Occupations, Passwords, Phone numbers, Physical addresses, Usernames
Permalink


Vodafone logo

Vodafone

In November 2013, Vodafone successful Iceland suffered an attack attributed to the Turkish hacker corporate "Maxn3y". The information was consequently publically exposed and included idiosyncratic names, email addresses, societal information numbers, SMS message, server logs and passwords from a assortment of antithetic interior sources.

Breach date: 30 November 2013
Date added to HIBP: 30 November 2013
Compromised accounts: 56,021
Compromised data: Credit cards, Email addresses, Government issued IDs, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Purchases, SMS messages, Usernames
Permalink


Void.to logo

Void.to

In June 2019, the hacking website Void.to suffered a information breach. There were 95k unsocial email addresses dispersed crossed 86k forum users and different tables successful the database. A rival hacking website claimed work for breaching the MyBB based forum which disclosed email and IP addresses, usernames, backstage messages and passwords stored arsenic either salted MD5 oregon bcrypt hashes.

Breach date: 13 June 2019
Date added to HIBP: 11 September 2019
Compromised accounts: 95,431
Compromised data: Email addresses, IP addresses, Passwords, Private messages, Usernames
Permalink


VTech logo

VTech

In November 2015, hackers extracted much than 4.8 cardinal parents' and 227k children's accounts from VTech's Learning Lodge website. The Hong Kong institution produces learning products for children including bundle sold via the compromised website. The information breach exposed extended idiosyncratic details including location addresses, information questions and answers and passwords stored arsenic anemic MD5 hashes. Furthermore, children's details including names, ages, genders and associations to their parents' records were besides exposed.

Breach date: 13 November 2015
Date added to HIBP: 25 November 2015
Compromised accounts: 4,833,678
Compromised data: Dates of birth, Email addresses, Family members' names, Genders, IP addresses, Names, Passwords, Physical addresses, Security questions and answers, Usernames, Website activity
Permalink


V-Tight Gel logo

V-Tight Gel

In astir February 2016, information surfaced which was allegedly obtained from V-Tight Gel (vaginal tightening gel). Whilst the information acceptable was titled V-Tight, wrong determination were 50 different (predominantly wellness-related) domain names, astir owned by the aforesaid entity. Multiple HIBP subscribers confirmed that though they couldn't callback providing information specifically to V-Tight, their idiosyncratic accusation including name, telephone and carnal code was accurate. V-Tight Gel did not reply to aggregate requests for comment.

Breach date: 13 February 2016
Date added to HIBP: 17 November 2017
Compromised accounts: 2,013,164
Compromised data: Email addresses, IP addresses, Names, Phone numbers, Physical addresses
Permalink


Wanelo logo

Wanelo

In astir December 2018, the integer promenade Wanelo suffered a information breach. The information was aboriginal placed up for merchantability connected a acheronian web marketplace on with a postulation of different information breaches successful April 2019. A full of 23 cardinal unsocial email addresses were included successful the breach alongside passwords stored arsenic either MD5 oregon bcrypt hashes. After the archetypal HIBP load, further information containing names, shipping addresses and IP addresses were besides provided to HIBP, albeit without nonstop relation to the email addresses and passwords. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".

Breach date: 13 December 2018
Date added to HIBP: 30 September 2019
Compromised accounts: 23,165,793
Compromised data: Email addresses, IP addresses, Names, Passwords, Physical addresses
Permalink


War Inc. logo

War Inc.

In mid-2012, the real-time strategy crippled War Inc. suffered a information breach. The onslaught resulted successful the vulnerability of implicit 1 cardinal accounts including usernames, email addresses and salted MD5 hashes of passwords.

Breach date: 4 July 2012
Date added to HIBP: 7 November 2016
Compromised accounts: 1,020,136
Compromised data: Email addresses, Passwords, Usernames, Website activity
Permalink


Warframe logo

Warframe

In November 2014, the online crippled Warframe was hacked and 819k unsocial email addresses were exposed. Allegedly owed to a SQL injection flaw successful Drupal, the onslaught exposed usernames, email addresses and information successful a "pass" file which adheres to the salted SHA12 password hashing signifier utilized by Drupal 7. Digital Extremes (the developers of Warframe), asserts the salted hashes are of "alias names" alternatively than passwords.

Breach date: 24 November 2014
Date added to HIBP: 21 July 2016
Compromised accounts: 819,478
Compromised data: Email addresses, Usernames, Website activity
Permalink


Warmane logo

Warmane

In astir December 2016, the online work for World of Warcraft backstage servers Warmane suffered a information breach. The incidental exposed implicit 1.1M accounts including usernames, email addresses, dates of commencement and salted MD5 password hashes. The information was subsequently extensively circulated online and was aboriginal provided to HIBP by whitehat information researcher and information expert Adam Davies.

Breach date: 1 December 2016
Date added to HIBP: 8 September 2018
Compromised accounts: 1,116,256
Compromised data: Dates of birth, Email addresses, Passwords, Usernames
Permalink


Wattpad logo

Wattpad

In June 2020, the user-generated stories website Wattpad suffered a immense information breach that exposed astir 270 cardinal records. The information was initially sold past published connected a nationalist hacking forum wherever it was broadly shared. The incidental exposed extended idiosyncratic accusation including names and usernames, email and IP addresses, genders, commencement dates and passwords stored arsenic bcrypt hashes.

Breach date: 29 June 2020
Date added to HIBP: 19 July 2020
Compromised accounts: 268,765,495
Compromised data: Bios, Dates of birth, Email addresses, Genders, Geographic locations, IP addresses, Names, Passwords, Social media profiles, User website URLs, Usernames
Permalink


We Heart It logo

We Heart It

In November 2013, the image-based societal web We Heart It suffered a information breach. The incidental wasn't discovered until October 2017 erstwhile 8.6 cardinal idiosyncratic records were sent to HIBP. The information contained idiosyncratic names, email addresses and password hashes, 80% of which were salted SHA-256 with the remainder being MD5 with nary salt.

Breach date: 3 November 2013
Date added to HIBP: 14 October 2017
Compromised accounts: 8,600,635
Compromised data: Email addresses, Passwords, Usernames
Permalink


WedMeGood logo

WedMeGood

In January 2021, the Indian wedding readying level WedMeGood suffered a information breach that exposed 1.3 cardinal customers. The breach exposed 41.5GB of information including email and carnal addresses, names, genders, telephone numbers and password hashes. The information was provided to HIBP by dehashed.com.

Breach date: 6 January 2021
Date added to HIBP: 13 May 2021
Compromised accounts: 1,306,723
Compromised data: Email addresses, Genders, Names, Passwords, Phone numbers, Physical addresses
Permalink


WeLeakInfo logo

WeLeakInfo

In March 2021, the Stripe relationship of the now-defunct WeLeakInfo work was taken implicit by "pompompurin" aft acquiring an expired domain sanction with an email code utilized to negociate the account. Access to Stripe past exposed astir 12k unsocial email addresses from customers who'd made recognition paper payments successful bid to get breached information hosted by WeLeakInfo. The information was subsequently leaked publically and besides included names, outgo histories, IP addresses, billing addresses, partial recognition paper information and the organisation making the purchase.

Breach date: 8 March 2021
Date added to HIBP: 15 March 2021
Compromised accounts: 11,788
Compromised data: Browser idiosyncratic cause details, Email addresses, Employers, IP addresses, Names, Partial recognition paper data, Physical addresses, Purchases
Permalink


Whitepages logo

Whitepages

In mid-2016, the telephone and code directory work Whitepages was among a raft of sites that were breached and their information past sold successful early-2019. The information included implicit 11 cardinal unsocial email addresses alongside names and passwords stored arsenic either a SHA-1 oregon bcrypt hash. The information was provided to HIBP by a root who requested it to beryllium attributed to "[email protected]".

Breach date: 27 June 2016
Date added to HIBP: 27 March 2019
Compromised accounts: 11,657,763
Compromised data: Email addresses, Names, Passwords
Permalink


WHMCS logo

WHMCS

In May 2012, the web hosting, billing and automation institution WHMCS suffered a information breach that exposed 134k email addresses. The breach included extended accusation astir customers and outgo histories including partial recognition paper numbers.

Breach date: 21 May 2012
Date added to HIBP: 28 June 2016
Compromised accounts: 134,047
Compromised data: Email addresses, Email messages, Employers, IP addresses, Names, Partial recognition paper data, Passwords, Payment histories, Physical addresses, Website activity
Permalink


Wiener Büchereien logo

Wiener Büchereien

In June 2019, the room of Vienna (Wiener Büchereien) suffered a information breach. The compromised information included 224k unsocial email addresses, names, carnal addresses, telephone numbers and dates of birth. The breached information was subsequently posted to Twitter by the alleged perpetrator of the breach.

Breach date: 10 June 2019
Date added to HIBP: 28 June 2019
Compromised accounts: 224,119
Compromised data: Dates of birth, Email addresses, Names, Phone numbers, Physical addresses
Permalink


Wife Lovers logo

Wife Lovers

In October 2018, the tract dedicated to posting bare photos and different erotica of wives Wife Lovers suffered a information breach. The underlying database supported a full of 8 antithetic big websites and contained implicit 1.2M unsocial email addresses. Wife Lovers acknowledged the breach which impacted names, usernames, email and IP addresses and passwords hashed utilizing the anemic DEScrypt algorithm. The breach has been marked arsenic "sensitive" owed to the quality of the site.

Breach date: 7 October 2018
Date added to HIBP: 20 October 2018
Compromised accounts: 1,274,051
Compromised data: Email addresses, IP addresses, Names, Passwords, Usernames
Permalink


WIIU ISO logo

WIIU ISO

In September 2015, the Nintendo Wii U forum known arsenic WIIU ISO was hacked and 458k accounts were exposed. Along with email and IP addresses, the vBulletin forum besides exposed salted MD5 password hashes.

Breach date: 25 September 2015
Date added to HIBP: 6 September 2016
Compromised accounts: 458,155
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


WildStar logo

WildStar

In July 2015, the IP.Board forum for the gaming website WildStar suffered a information breach that exposed implicit 738k forum members' accounts. The information was being actively traded connected underground forums and included email addresses, commencement dates and passwords.

Breach date: 11 July 2015
Date added to HIBP: 6 March 2016
Compromised accounts: 738,556
Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames
Permalink


Win7Vista Forum logo

Win7Vista Forum

In September 2013, the Win7Vista Windows forum (since renamed to the "Beyond Windows 9" forum) was hacked and aboriginal had its interior database dumped. The dump included implicit 200k members’ idiosyncratic accusation and different interior information extracted from the forum.

Breach date: 3 September 2013
Date added to HIBP: 1 June 2014
Compromised accounts: 202,683
Compromised data: Email addresses, Instant messenger identities, IP addresses, Names, Passwords, Private messages, Usernames, Website activity
Permalink


Wishbone (2016) logo

Wishbone (2016)

In August 2016, the mobile app to "compare anything" known arsenic Wishbone suffered a information breach. The information contained 9.4 cardinal records with 2.2 cardinal unsocial email addresses and was allegedly a subset of the implicit information set. The exposed information included genders, birthdates, email addresses and telephone numbers for an assemblage predominantly composed of teenagers and young adults.

Breach date: 7 August 2016
Date added to HIBP: 15 March 2017
Compromised accounts: 2,247,314
Compromised data: Auth tokens, Dates of birth, Email addresses, Genders, Names, Phone numbers, Usernames
Permalink


Wishbone (2020) logo

Wishbone (2020)

In January 2020, the mobile app to "compare anything" Wishbone suffered different information breach which followed their breach from 2016. An extended magnitude of idiosyncratic accusation including astir 10M unsocial email addresses alongside names, telephone numbers geographic locations and different idiosyncratic attributes were leaked online and extensively redistributed. Passwords stored arsenic unsalted MD5 hashes were besides included successful the breach. The information was provided to HIBP by a root who requested it beryllium attributed to "All3in".

Breach date: 27 January 2020
Date added to HIBP: 28 May 2020
Compromised accounts: 9,705,172
Compromised data: Auth tokens, Dates of birth, Email addresses, Genders, Geographic locations, IP addresses, Names, Passwords, Phone numbers, Profile photos, Social media profiles, Usernames
Permalink


WiziShop logo

WiziShop

In July 2020, the French e-commerce level WiziShop suffered a information breach. The breach exposed 18GB worthy of information including names, telephone numbers, dates of birth, carnal and IP addresses, SHA-1 password hashes and astir 3 cardinal unsocial email addresses. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".

Breach date: 14 July 2020
Date added to HIBP: 5 October 2020
Compromised accounts: 2,856,769
Compromised data: Dates of birth, Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses
Permalink


Wongnai logo

Wongnai

In October 2020, 17 antecedently undisclosed information breaches appeared for sale including the Thai restaurant, edifice and attraction uncovering service, Wongnai. The breach exposed astir 4M unsocial lawsuit records from immoderate clip during 2020 on with names, telephone numbers, links to societal media profiles and passwords stored arsenic MD5 hashes. The information was self-submitted to HIBP by Wongnai.

Breach date: 28 October 2020
Date added to HIBP: 4 November 2020
Compromised accounts: 3,924,454
Compromised data: Dates of birth, Email addresses, Geographic locations, IP addresses, Names, Passwords, Phone numbers, Social media profiles
Permalink


WPSandbox logo

WPSandbox

In November 2018, the WordPress sandboxing work that allows radical to make impermanent websites WP Sandbox discovered their work was being utilized to big a phishing tract attempting to cod Microsoft OneDrive accounts. After identifying the malicious site, WP Sandbox took it offline, contacted the 858 radical who provided accusation to it past self-submitted their addresses to HIBP. The phishing leafage requested some email addresses and passwords.

Breach date: 4 November 2018
Date added to HIBP: 6 November 2018
Compromised accounts: 858
Compromised data: Email addresses, Passwords
Permalink


WPT Amateur Poker League logo

WPT Amateur Poker League

In January 2014, the World Poker Tour (WPT) Amateur Poker League website was hacked by the Twitter idiosyncratic @smitt3nz. The onslaught resulted successful the nationalist disclosure of 175,000 accounts including 148,000 email addresses. The plain substance password for each relationship was besides included successful the breach.

Breach date: 4 January 2014
Date added to HIBP: 1 February 2014
Compromised accounts: 148,366
Compromised data: Email addresses, Passwords
Permalink


xat logo

xat

In November 2015, the online chatroom known arsenic "xat" was hacked and 6 cardinal idiosyncratic accounts were exposed. Used arsenic a chat motor connected websites, the leaked information included usernames, email and IP addresses on with hashed passwords.

Breach date: 4 November 2015
Date added to HIBP: 5 August 2016
Compromised accounts: 5,968,783
Compromised data: Email addresses, IP addresses, Passwords, Usernames, Website activity
Permalink


Xbox 360 ISO logo

Xbox 360 ISO

In astir September 2015, the XBOX 360 forum known arsenic XBOX360 ISO was hacked and 1.2 cardinal accounts were exposed. Along with email and IP addresses, the vBulletin forum besides exposed salted MD5 password hashes.

Breach date: 25 September 2015
Date added to HIBP: 29 January 2017
Compromised accounts: 1,296,959
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


Xbox-Scene logo

Xbox-Scene

In astir February 2015, the Xbox forum known arsenic Xbox-Scene was hacked and much than 432k accounts were exposed. The IP.Board forum included IP addresses and passwords stored arsenic salted hashes utilizing a anemic implementation enabling galore to beryllium rapidly cracked.

Breach date: 1 February 2015
Date added to HIBP: 7 February 2016
Compromised accounts: 432,552
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


xHamster logo


Xiaomi logo


XKCD logo

XKCD

In July 2019, the forum for webcomic XKCD suffered a information breach that impacted 562k subscribers. The breached phpBB forum leaked usernames, email and IP addresses and passwords stored successful MD5 phpBB3 format. The information was provided to HIBP by achromatic chapeau information researcher and information expert Adam Davies.

Breach date: 1 July 2019
Date added to HIBP: 1 September 2019
Compromised accounts: 561,991
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


XPG logo

XPG

In astir aboriginal 2016, the gaming website Xpgamesaves (XPG) suffered a information breach resulting successful the vulnerability of 890k unsocial idiosyncratic records. The information contained email and IP addresses, usernames and salted MD5 hashes of passwords. The tract was antecedently reported arsenic compromised connected the Vigilante.pw breached database directory. This information was provided by information researcher and information analyst, Adam Davies.

Breach date: 1 January 2016
Date added to HIBP: 1 July 2017
Compromised accounts: 890,341
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


XSplit logo

XSplit

In November 2013, the makers of gaming unrecorded streaming and signaling bundle XSplit was compromised successful an online attack. The information breach leaked astir 3M names, email addresses, usernames and hashed passwords.

Breach date: 7 November 2013
Date added to HIBP: 8 August 2015
Compromised accounts: 2,983,472
Compromised data: Email addresses, Names, Passwords, Usernames
Permalink


Yahoo logo


Yam logo

Yam

In June 2013, the Taiwanese website Yam.com suffered a information breach which was shared to a fashionable hacking forum successful 2021. The information included 13 cardinal unsocial email addresses alongside names, usernames, telephone numbers, carnal addresses, dates of commencement and unsalted MD5 password hashes.

Breach date: 2 June 2013
Date added to HIBP: 22 May 2021
Compromised accounts: 13,258,797
Compromised data: Dates of birth, Email addresses, Names, Passwords, Phone numbers, Physical addresses, Usernames
Permalink


Yandex Dump logo


Yatra logo

Yatra

In September 2013, the Indian bookings website known arsenic Yatra had 5 cardinal records exposed successful a information breach. The information contained email and carnal addresses, dates of commencement and telephone numbers on with some PINs and passwords stored successful plain text. The tract was antecedently reported arsenic compromised connected the Vigilante.pw breached database directory.

Breach date: 1 September 2013
Date added to HIBP: 4 July 2018
Compromised accounts: 5,033,997
Compromised data: Dates of birth, Email addresses, Names, Passwords, Phone numbers, Physical addresses, PINs
Permalink


yotepresto.com logo

yotepresto.com

In June 2020, the Mexican lending level yotepresto.com suffered a information breach. Over 1.4 cardinal customers were impacted by the breach which disclosed email and IP addresses, usernames and passwords stored arsenic bcrypt hashes. The information was provided to HIBP by dehashed.com.

Breach date: 22 June 2020
Date added to HIBP: 25 June 2021
Compromised accounts: 1,444,629
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink


Youku logo

Youku

In precocious 2016, the online Chinese video work Youku suffered a information breach. The incidental exposed 92 cardinal unsocial idiosyncratic accounts and corresponding MD5 password hashes. The information was contributed to Have I Been Pwned courtesy of [email protected]

Breach date: 1 December 2016
Date added to HIBP: 15 April 2017
Compromised accounts: 91,890,110
Compromised data: Email addresses, Passwords
Permalink


YouNow logo

YouNow

In February 2019, data from the unrecorded broadcasting work YouNow appeared for merchantability connected a acheronian web marketplace. Whilst it's not wide what day the existent breach occurred on, the impacted information included 18M unsocial email addresses, IP addresses, names, usernames and links to societal media profiles. As authentication is performed via societal providers, nary passwords were exposed successful the breach. Many records didn't person associated email addresses frankincense the unsocial fig is little than the reported full fig of accounts. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".

Breach date: 15 February 2019
Date added to HIBP: 18 July 2019
Compromised accounts: 18,241,518
Compromised data: Email addresses, IP addresses, Names, Social media profiles, Usernames
Permalink


YouPorn logo

YouPorn

In February 2012, the big website YouPorn had implicit 1.3M idiosyncratic accounts exposed successful a information breach. The publically released information included some email addresses and plain substance passwords.

Breach date: 21 February 2012
Date added to HIBP: 30 July 2015
Compromised accounts: 1,327,567
Compromised data: Email addresses, Passwords
Permalink


You've Been Scraped logo

You've Been Scraped

In October and November 2018, security researcher Bob Diachenko identified respective unprotected MongoDB instances believed to beryllium hosted by a information aggregator. Containing a full of implicit 66M records, the proprietor of the information couldn't beryllium identified but it is believed to person been scraped from LinkedIn hence the rubric "You've Been Scraped". The exposed records included names, some enactment and idiosyncratic email addresses, occupation titles and links to the individuals' LinkedIn profiles.

Breach date: 5 October 2018
Date added to HIBP: 6 December 2018
Compromised accounts: 66,147,869
Compromised data: Email addresses, Employers, Geographic locations, Job titles, Names, Social media profiles
Permalink


Zhenai.com logo

Zhenai.com

In December 2011, the Chinese dating tract known arsenic Zhenai.com suffered a information breach that impacted 5 cardinal subscribers. Whilst determination is grounds that the information is legitimate, owed to the trouble of emphatically verifying the Chinese breach it has been flagged arsenic "unverified". The information successful the breach contains email addresses and plain substance passwords. Read much astir Chinese information breaches successful Have I Been Pwned.

Breach date: 21 December 2011
Date added to HIBP: 11 July 2019
Compromised accounts: 5,024,908
Compromised data: Email addresses, Passwords
Permalink


Zomato logo

Zomato

In May 2017, the edifice usher website Zomato was hacked resulting successful the vulnerability of astir 17 cardinal accounts. The information was consequently redistributed online and contains email addresses, usernames and salted MD5 hashes of passwords (the password hash was not contiguous connected each accounts). This information was provided to HIBP by whitehat information researcher and information expert Adam Davies.

Breach date: 17 May 2017
Date added to HIBP: 4 September 2017
Compromised accounts: 16,472,873
Compromised data: Email addresses, Passwords, Usernames
Permalink


Zoomcar logo


Zoosk (2011) logo

Zoosk (2011)

In astir 2011, an alleged breach of the dating website Zoosk began circulating. Comprised of astir 53 cardinal records, the information contained email addresses and plain substance passwords. However, during extended verification successful May 2016 no grounds could beryllium recovered that the information was so sourced from the dating service. This breach has consequently been flagged arsenic fabricated; it's highly improbable the information was sourced from Zoosk.

Breach date: 1 January 2011
Date added to HIBP: 8 February 2017
Compromised accounts: 52,578,183
Compromised data: Email addresses, Passwords
Permalink


Zoosk (2020) logo

Zoosk (2020)

In January 2020, the online dating work Zoosk suffered a information breach which was subsequently shared extensively crossed online hacking communities. The breach contained 24 cardinal unsocial email addresses alongside extended idiosyncratic accusation including genders, sexualities, dates of birth, carnal attributes specified arsenic tallness and weight, religions, ethnicities and governmental views. The breach besides allegedly exposed MD5 password hashes, though the information circulating successful hacking circles had this tract nulled out. The breach was provided to HIBP by breachbase.pw.

Breach date: 12 January 2020
Date added to HIBP: 7 August 2020
Compromised accounts: 23,927,853
Compromised data: Dates of birth, Drinking habits, Education levels, Email addresses, Ethnicities, Family structure, Genders, Geographic locations, Income levels, Names, Nicknames, Physical attributes, Political views, Relationship statuses, Religions, Sexual orientations, Smoking habits
Permalink


Zooville logo

Zooville

In September 2019, the zoophilia and bestiality forum Zooville suffered a information breach. The usernames and email addresses of 71k members were accessed via an unpatched vulnerability successful the vBulletin forum bundle past subsequently distributed online. A 2nd information acceptable was aboriginal provided to HIBP which contained a implicit vBulletin database dump including IP addresses, dates of commencement and passwords stored arsenic bcrypt hashes. The tract head advised that pursuing the breach, each information had been deleted from the forum and a caller 1 had been stood up connected the XenForo platform. The information was provided to HIBP by a root who requested it beryllium attributed to "burger vault".

Breach date: 27 September 2019
Date added to HIBP: 19 October 2019
Compromised accounts: 71,407
Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames
Permalink


Zynga logo

Zynga

In September 2019, crippled developer Zynga (the creator of Words with Friends) suffered a information breach. The incidental exposed 173M unsocial email addresses alongside usernames and passwords stored arsenic salted SHA-1 hashes. The information was provided to HIBP by dehashed.com.

Breach date: 1 September 2019
Date added to HIBP: 19 December 2019
Compromised accounts: 172,869,660
Compromised data: Email addresses, Passwords, Phone numbers, Usernames
Permalink


Пара Па logo

Пара Па

In August 2016, the Russian gaming tract known arsenic Пара Па (or parapa.mail.ru) was hacked on with a fig of different forums connected the Russian message provider, mail.ru. The vBulletin forum contained 4.9 cardinal accounts including usernames, email addresses and passwords stored arsenic salted MD5 hashes.

Breach date: 8 August 2016
Date added to HIBP: 28 December 2016
Compromised accounts: 4,946,850
Compromised data: Email addresses, Passwords, Usernames
Permalink


Спрашивай.ру logo

Спрашивай.ру

In May 2015, Спрашивай.ру (a the Russian website for anonymous reviews) was reported to person had 6.7 cardinal idiosyncratic details exposed by a hacker known arsenic "w0rm". Intended to beryllium a tract for expressing anonymous opinions, the leaked information included email addresses, commencement dates and different personally identifiable information astir about 3.5 cardinal unsocial email addresses recovered successful the leak.

Breach date: 11 May 2015
Date added to HIBP: 12 May 2015
Compromised accounts: 3,474,763
Compromised data: Dates of birth, Email addresses, Genders, Geographic locations, IP addresses, Passwords, Spoken languages
Permalink


집꾸미기 logo

집꾸미기

In March 2020, the Korean interior decoration website ???? (Decorating the House) suffered a information breach which impacted astir 1.3 cardinal members. Served via the URL ggumim.co.kr, the exposed information included email addresses, names, usernames and telephone numbers, each of which was subsequently shared extensively passim online hacking communities. The information was provided to HIBP by breachbase.pw.

Breach date: 27 March 2020
Date added to HIBP: 2 August 2020
Compromised accounts: 1,298,651
Compromised data: Email addresses, Names, Phone numbers, Usernames
Permalink

Read Entire Article