Here's an overview of the assorted breaches that person been consolidated into this Have I Been Pwned. These are accessible programmatically via the HIBP API and besides via the RSS feed.
000webhost
In astir March 2015, the escaped web hosting supplier 000webhost suffered a large information breach that exposed astir 15 cardinal lawsuit records. The information was sold and traded earlier 000webhost was alerted successful October. The breach included names, email addresses and plain substance passwords.
Breach date: 1 March 2015
Date added to HIBP: 26 October 2015
Compromised accounts: 14,936,670
Compromised data: Email addresses, IP addresses, Names, Passwords
Permalink
123RF
In March 2020, the banal photograph tract 123RF suffered a information breach which impacted implicit 8 cardinal subscribers and was subsequently sold online. The breach included email, IP and carnal addresses, names, telephone numbers and passwords stored arsenic MD5 hashes. The information was provided to HIBP by dehashed.com.
Breach date: 22 March 2020
Date added to HIBP: 15 November 2020
Compromised accounts: 8,661,578
Compromised data: Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Usernames
Permalink
126
In astir 2012, it's alleged that the Chinese email work known arsenic 126 suffered a information breach that impacted 6.4 cardinal subscribers. Whilst determination is grounds that the information is legitimate, owed to the trouble of emphatically verifying the Chinese breach it has been flagged arsenic "unverified". The information successful the breach contains email addresses and plain substance passwords. Read much astir Chinese information breaches successful Have I Been Pwned.
Breach date: 1 January 2012
Date added to HIBP: 8 October 2016
Compromised accounts: 6,414,191
Compromised data: Email addresses, Passwords
Permalink
17
In April 2016, lawsuit information obtained from the streaming app known arsenic "17" appeared listed for merchantability connected a Tor hidden work marketplace. The information contained implicit 4 cardinal unsocial email addresses on with IP addresses, usernames and passwords stored arsenic unsalted MD5 hashes.
Breach date: 19 April 2016
Date added to HIBP: 8 July 2016
Compromised accounts: 4,009,640
Compromised data: Device information, Email addresses, IP addresses, Passwords, Usernames
Permalink
2,844 Separate Data Breaches
In February 2018, a monolithic postulation of astir 3,000 alleged information breaches was recovered online. Whilst immoderate of the information had antecedently been seen successful Have I Been Pwned, 2,844 of the files consisting of much than 80 cardinal unsocial email addresses had not antecedently been seen. Each record contained some an email code and plain substance password and were consequently loaded arsenic a azygous "unverified" information breach.
Breach date: 19 February 2018
Date added to HIBP: 26 February 2018
Compromised accounts: 80,115,532
Compromised data: Email addresses, Passwords
Permalink
2fast4u
In December 2017, the Belgian motorcycle forum 2fast4u discovered a information breach of their system. The breach of the vBulletin connection committee impacted implicit 17k idiosyncratic users and exposed email addresses, usersnames and salted MD5 passwords.
Breach date: 20 December 2017
Date added to HIBP: 7 January 2018
Compromised accounts: 17,706
Compromised data: Email addresses, Passwords, Usernames
Permalink
500px
In mid-2018, the online photography assemblage 500px suffered a information breach. The incidental exposed astir 15 cardinal unsocial email addresses alongside names, usernames, genders, dates of commencement and either an MD5 oregon bcrypt password hash. In 2019, the information appeared listed for merchantability connected a acheronian web marketplace (along with respective different ample breaches) and subsequently began circulating much broadly. The information was provided to HIBP by a root who requested it to beryllium attributed to "[email protected]".
Breach date: 5 July 2018
Date added to HIBP: 25 March 2019
Compromised accounts: 14,867,999
Compromised data: Dates of birth, Email addresses, Genders, Geographic locations, Names, Passwords, Usernames
Permalink
7k7k
In astir 2011, it's alleged that the Chinese gaming tract known arsenic 7k7k suffered a information breach that impacted 9.1 cardinal subscribers. Whilst determination is grounds that the information is legitimate, owed to the trouble of emphatically verifying the Chinese breach it has been flagged arsenic "unverified". The information successful the breach contains usernames, email addresses and plain substance passwords. Read much astir Chinese information breaches successful Have I Been Pwned.
Breach date: 1 January 2011
Date added to HIBP: 26 September 2017
Compromised accounts: 9,121,434
Compromised data: Email addresses, Passwords, Usernames
Permalink
8fit
In July 2018, the wellness and fittingness work 8fit suffered a information breach. The information subsequently appeared for merchantability connected a acheronian web marketplace successful February 2019 and included implicit 15M unsocial email addresses alongside names, genders, IP addresses and passwords stored arsenic bcrypt hashes. The information was provided to HIBP by dehashed.com.
Breach date: 1 July 2018
Date added to HIBP: 21 March 2019
Compromised accounts: 15,025,407
Compromised data: Email addresses, Genders, Geographic locations, IP addresses, Names, Passwords
Permalink
8tracks
In June 2017, the online playlists work known arsenic 8Tracks suffered a information breach which impacted 18 cardinal accounts. In their disclosure, 8Tracks advised that "the vector for the onslaught was an employee’s GitHub account, which was not secured utilizing two-factor authentication". Salted SHA-1 password hashes for users who didn't motion up with either Google oregon Facebook authentication were besides included. The information was provided to HIBP by whitehat information researcher and information expert Adam Davies and contained astir 8 cardinal unsocial email addresses. The implicit acceptable of 18M records was aboriginal provided by [email protected] and updated successful HIBP accordingly.
Breach date: 27 June 2017
Date added to HIBP: 16 February 2018
Compromised accounts: 17,979,961
Compromised data: Email addresses, Passwords
Permalink
Abandonia (2015)
In November 2015, the gaming website dedicated to classical DOS games Abandonia suffered a information breach resulting successful the vulnerability of 776k unsocial idiosyncratic records. The information contained email and IP addresses, usernames and salted MD5 hashes of passwords.
Breach date: 1 November 2015
Date added to HIBP: 5 June 2017
Compromised accounts: 776,125
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
Abandonia (2022)
In November 2022, the gaming website dedicated to classical DOS games Abandonia suffered a information breach resulting successful the vulnerability of 920k unsocial idiosyncratic records. This breach was successful summation to different 1 7 years earlier successful 2015. The information contained email and IP addresses, usernames and salted MD5 hashes of passwords.
Breach date: 15 November 2022
Date added to HIBP: 7 December 2022
Compromised accounts: 919,790
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
AbuseWith.Us
In 2016, the tract dedicated to helping radical hack email and online gaming accounts known arsenic Abusewith.us suffered aggregate information breaches. The tract allegedly had an head successful communal with the nefarious LeakedSource site, some of which person since been unopen down. The exposed information included much than 1.3 cardinal unsocial email addresses, often accompanied by usernames, IP addresses and plain substance oregon hashed passwords retrieved from assorted sources and intended to beryllium utilized to compromise the victims' accounts.
Breach date: 1 July 2016
Date added to HIBP: 9 October 2017
Compromised accounts: 1,372,550
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
Acne.org
In November 2014, the acne website acne.org suffered a information breach that exposed implicit 430k forum members' accounts. The information was being actively traded connected underground forums and included email addresses, commencement dates and passwords.
Breach date: 25 November 2014
Date added to HIBP: 6 March 2016
Compromised accounts: 432,943
Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames
Permalink
Adapt
In November 2018, security researcher Bob Diachenko identified an unprotected database hosted by information aggregator "Adapt". A supplier of "Fresh Quality Contacts", the work exposed implicit 9.3M unsocial records of individuals and leader accusation including their names, employers, occupation titles, interaction accusation and information relating to the leader including organisation description, size and revenue. No effect was received from Adapt erstwhile contacted.
Breach date: 5 November 2018
Date added to HIBP: 22 November 2018
Compromised accounts: 9,363,740
Compromised data: Email addresses, Employers, Job titles, Names, Phone numbers, Physical addresses, Social media profiles
Permalink
Adecco
In March 2021, news broke of a monolithic information breach impacting millions of Adecco customers successful South America which was subsequently sold connected a fashionable hacking forum. The breach exposed implicit 4M unsocial email addresses arsenic good arsenic genders, dates of birth, marital statuses, telephone numbers and passwords stored arsenic bcrypt hashes.
Breach date: 3 January 2021
Date added to HIBP: 31 May 2022
Compromised accounts: 4,284,538
Compromised data: Email addresses, Genders, Geographic locations, Marital statuses, Names, Passwords, Phone numbers
Permalink
Aditya Birla Fashion and Retail
In December 2021, Indian retailer Aditya Birla Fashion and Retail Ltd was breached and ransomed. The ransom request was allegedly rejected and information containing 5.4M unsocial email addresses was subsequently dumped publically connected a fashionable hacking forum the adjacent month. The information contained extended idiosyncratic lawsuit accusation including names, telephone numbers, carnal addresses, DoBs, bid histories and passwords stored arsenic MD5 hashes. Employee information was besides dumped publically and included wage grades, marital statuses and religions. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".
Breach date: 1 December 2021
Date added to HIBP: 15 January 2022
Compromised accounts: 5,470,063
Compromised data: Email addresses, Genders, Income levels, Job titles, Marital statuses, Names, Passwords, Phone numbers, Physical addresses, Purchases, Religions, Salutations
Permalink
Adobe
In October 2013, 153 cardinal Adobe accounts were breached with each containing an interior ID, username, email, encrypted password and a password hint successful plain text. The password cryptography was poorly done and galore were rapidly resolved backmost to plain text. The unencrypted hints besides disclosed overmuch astir the passwords adding further to the hazard that hundreds of millions of Adobe customers already faced.
Breach date: 4 October 2013
Date added to HIBP: 4 December 2013
Compromised accounts: 152,445,165
Compromised data: Email addresses, Password hints, Passwords, Usernames
Permalink
Adult FriendFinder (2015)
In May 2015, the big hookup tract Adult FriendFinder was hacked and astir 4 cardinal records dumped publicly. The information dump included highly delicate idiosyncratic accusation astir individuals and their narration statuses and intersexual preferences combined with personally identifiable information.
Breach date: 21 May 2015
Date added to HIBP: 22 May 2015
Compromised accounts: 3,867,997
Compromised data: Dates of birth, Email addresses, Genders, Geographic locations, IP addresses, Races, Relationship statuses, Sexual orientations, Spoken languages, Usernames
Permalink
Adult FriendFinder (2016)
In October 2016, the big amusement institution Friend Finder Networks suffered a monolithic information breach. The incidental impacted aggregate abstracted online assets owned by the company, the largest of which was the Adult FriendFinder website alleged to beryllium "the world's largest enactment & swinger community". Exposed information included usernames, passwords stored arsenic SHA-1 hashes and 170 cardinal unsocial email addresses. This incidental is abstracted to the 2015 information breach Adult FriendFinder besides suffered. The information was provided to HIBP by dehashed.com.
Breach date: 16 October 2016
Date added to HIBP: 6 February 2020
Compromised accounts: 169,746,810
Compromised data: Email addresses, Passwords, Spoken languages, Usernames
Permalink
Adult-FanFiction.Org
In May 2018, the website for sharing adult-orientated works of fabrication known arsenic Adult-FanFiction.Org had 186k records exposed successful a information breach. The information contained names, email addresses, dates of commencement and passwords stored arsenic both MD5 hashes and plain text. AFF did not respond erstwhile contacted astir the breach and the tract was antecedently reported arsenic compromised connected the Vigilante.pw breached database directory.
Breach date: 30 May 2018
Date added to HIBP: 6 August 2018
Compromised accounts: 186,082
Compromised data: Dates of birth, Email addresses, Names, Passwords
Permalink
AerServ
In April 2018, the advertisement absorption level known arsenic AerServ suffered a information breach. Acquired by InMobi earlier successful the year, the AerServ breach impacted implicit 66k unsocial email addresses and besides included interaction accusation and passwords stored arsenic salted SHA-512 hashes. The information was publically posted to Twitter aboriginal successful 2018 aft which InMobi was notified and advised they were alert of the incident.
Breach date: 1 April 2018
Date added to HIBP: 6 December 2018
Compromised accounts: 66,308
Compromised data: Email addresses, Employers, Job titles, Names, Passwords, Phone numbers, Physical addresses
Permalink
AgusiQ-Torrents.pl
In September 2019, Polish torrent tract AgusiQ-Torrents.pl suffered a information breach. The incidental exposed 90k subordinate records including email and IP addresses, usernames and passwords stored arsenic MD5 hashes.
Breach date: 24 September 2019
Date added to HIBP: 4 December 2019
Compromised accounts: 90,478
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
AhaShare.com
In May 2013, the torrent tract AhaShare.com suffered a breach which resulted successful much than 180k idiosyncratic accounts being published publicly. The breach included a raft of idiosyncratic accusation connected registered users positive contempt assertions of not distributing personally identifiable information, the tract besides leaked the IP addresses utilized by the registered identities.
Breach date: 30 May 2013
Date added to HIBP: 6 November 2014
Compromised accounts: 180,468
Compromised data: Email addresses, Genders, Geographic locations, IP addresses, Partial dates of birth, Passwords, Usernames, Website activity
Permalink
ai.type
In December 2017, the virtual keyboard exertion ai.type was recovered to person near a immense magnitude of information publically facing successful an unsecured MongoDB instance. Discovered by researchers astatine The Kromtech Security Center, the 577GB information acceptable included extended idiosyncratic accusation including implicit 20 cardinal unsocial email addresses, societal media profiles and code publication contacts. The email addresses unsocial were provided to HIBP to alteration impacted users to measure their exposure.
Breach date: 5 December 2017
Date added to HIBP: 8 December 2017
Compromised accounts: 20,580,060
Compromised data: Address publication contacts, Apps installed connected devices, Cellular web names, Dates of birth, Device information, Email addresses, Genders, Geographic locations, IMEI numbers, IMSI numbers, IP addresses, Names, Phone numbers, Profile photos, Social media profiles
Permalink
Aimware
In mid-2019, the video crippled cheats website "Aimware" suffered a information breach that exposed hundreds of thousands of subscribers' idiosyncratic information. Data included email and IP addresses, usernames, forum posts, backstage messages, website enactment and passwords stored arsenic salted MD5 hashes. The information was provided to HIBP by a root who requested it beryllium attributed to "clerk/anthrax/soontoberichh".
Breach date: 28 April 2019
Date added to HIBP: 2 May 2022
Compromised accounts: 305,470
Compromised data: Email addresses, IP addresses, Passwords, Private messages, Usernames, Website activity
Permalink
Aipai.com
In September 2016, information allegedly obtained from the Chinese gaming website known arsenic Aipai.com and containing 6.5M accounts was leaked online. Whilst determination is grounds that the information is legitimate, owed to the trouble of emphatically verifying the Chinese breach it has been flagged arsenic "unverified". The information successful the breach contains email addresses and MD5 password hashes. Read much astir Chinese information breaches successful Have I Been Pwned.
Breach date: 27 September 2016
Date added to HIBP: 7 November 2016
Compromised accounts: 6,496,778
Compromised data: Email addresses, Passwords
Permalink
Ajarn
In September 2021, the Thai-based English connection teaching website Ajarn discovered they'd been the unfortunate of a information breach dating backmost to December 2018. The breach was self-submitted to HIBP and included 266k email addresses, names, genders, telephone numbers and different idiosyncratic information. Hashed passwords were besides impacted successful the breach.
Breach date: 13 December 2018
Date added to HIBP: 26 September 2021
Compromised accounts: 266,399
Compromised data: Dates of birth, Education levels, Email addresses, Genders, Geographic locations, Job applications, Marital statuses, Names, Nationalities, Passwords, Phone numbers, Profile photos
Permalink
Ancestry
In November 2015, an Ancestry work known arsenic RootsWeb suffered a information breach. The breach was not discovered until precocious 2017 erstwhile a record containing astir 300k email addresses and plain substance passwords was identified.
Breach date: 7 November 2015
Date added to HIBP: 24 December 2017
Compromised accounts: 297,806
Compromised data: Email addresses, Passwords
Permalink
Android Forums
In October 2011, the Android Forums website was hacked and 745k idiosyncratic accounts were subsequently leaked publicly. The compromised information included email addresses, idiosyncratic commencement dates and passwords stored arsenic a salted MD5 hash.
Breach date: 30 October 2011
Date added to HIBP: 20 December 2015
Compromised accounts: 745,355
Compromised data: Dates of birth, Email addresses, Homepage URLs, Instant messenger identities, IP addresses, Passwords
Permalink
Animal Jam
In October 2020, the online crippled for kids Animal Jam suffered a information breach which was subsequently shared done online hacking communities the pursuing month. The information contained 46 cardinal idiosyncratic accounts with implicit 7 cardinal unsocial email addresses. Impacted information besides included usernames, IP addresses and for immoderate records, dates of commencement (sometimes successful partial form), carnal addresses, genitor names and passwords stored arsenic PBKDF2 hashes.
Breach date: 12 October 2020
Date added to HIBP: 12 November 2020
Compromised accounts: 7,104,998
Compromised data: Dates of birth, Email addresses, Genders, IP addresses, Names, Passwords, Physical addresses, Usernames
Permalink
AnimeGame
In February 2020, the gaming website AnimeGame suffered a information breach. The incidental affected 1.4M subscribers and exposed email addresses, usernames and passwords stored arsenic salted MD5 hashes. The information was subsequently shared connected a fashionable hacking forum and was provided to HIBP by dehashed.com.
Breach date: 27 February 2020
Date added to HIBP: 9 March 2020
Compromised accounts: 1,431,378
Compromised data: Email addresses, Passwords, Usernames
Permalink
Anime-Planet
In astir 2016, the anime website Anime-Planet suffered a information breach that impacted 369k subscribers. The exposed information included usernames, IP and email addresses, dates of commencement and passwords stored arsenic unsalted MD5 hashes and for newer accounts, bcrypt hashes. The information was provided to HIBP by dehashed.com.
Breach date: 1 January 2016
Date added to HIBP: 28 July 2019
Compromised accounts: 368,507
Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames
Permalink
Animoto
In July 2018, the cloud-based video making work Animoto suffered a information breach. The breach exposed 22 cardinal unsocial email addresses alongside names, dates of birth, state of root and salted password hashes. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".
Breach date: 10 July 2018
Date added to HIBP: 18 July 2019
Compromised accounts: 22,437,749
Compromised data: Dates of birth, Email addresses, Geographic locations, Names, Passwords
Permalink
Anti Public Combo List
In December 2016, a immense database of email code and password pairs appeared successful a "combo list" referred to arsenic "Anti Public". The database contained 458 cardinal unsocial email addresses, galore with aggregate antithetic passwords hacked from assorted online systems. The database was broadly circulated and utilized for "credential stuffing", that is attackers employment it successful an effort to place different online systems wherever the relationship proprietor had reused their password. For elaborate inheritance connected this incident, work Password reuse, credential stuffing and different cardinal records successful Have I Been Pwned.
Breach date: 16 December 2016
Date added to HIBP: 4 May 2017
Compromised accounts: 457,962,538
Compromised data: Email addresses, Passwords
Permalink
Apollo
In July 2018, the income engagement startup Apollo near a database containing billions of information points publically exposed without a password. The information was discovered by information researcher Vinny Troia who subsequently sent a subset of the information containing 126 cardinal unsocial email addresses to Have I Been Pwned. The information near exposed by Apollo was utilized successful their "revenue acceleration platform" and included idiosyncratic accusation specified arsenic names and email addresses arsenic good arsenic nonrecreational accusation including places of employment, the roles radical clasp and wherever they're located. Apollo stressed that the exposed information did not see delicate accusation specified arsenic passwords, societal information numbers oregon fiscal data. The Apollo website has a interaction form for those looking to get successful interaction with the organisation.
Breach date: 23 July 2018
Date added to HIBP: 5 October 2018
Compromised accounts: 125,929,660
Compromised data: Email addresses, Employers, Geographic locations, Job titles, Names, Phone numbers, Salutations, Social media profiles
Permalink
Appartoo
In March 2017, the French Flatsharing tract known arsenic Appartoo suffered a information breach. The incidental exposed an extended magnitude of idiosyncratic accusation connected astir 50k members including email addresses, genders, ages, backstage messages sent betwixt users of the work and passwords stored arsenic SHA-256 hashes. Appartoo advised that each subscribers were notified of the incidental successful aboriginal 2017.
Breach date: 25 March 2017
Date added to HIBP: 2 May 2019
Compromised accounts: 49,681
Compromised data: Ages, Auth tokens, Email addresses, Employment statuses, Genders, IP addresses, Marital statuses, Names, Passwords, Physical addresses, Private messages, Social media profiles
Permalink
Appen
In June 2020, the AI grooming information institution Appen suffered a information breach exposing the details of astir 5.9 cardinal users which were subsequently sold online. Included successful the breach were names, email addresses and passwords stored arsenic bcrypt hashes. Some records besides contained telephone numbers, employers and IP addresses. The information was provided to HIBP by dehashed.com.
Breach date: 22 June 2020
Date added to HIBP: 30 July 2020
Compromised accounts: 5,888,405
Compromised data: Email addresses, Employers, IP addresses, Names, Passwords, Phone numbers
Permalink
Aptoide
In April 2020, the autarkic Android app store Aptoide suffered a information breach. The incidental resulted successful the vulnerability of 20M lawsuit records which were subsequently shared online via a fashionable hacking forum. Impacted information included email and IP addresses, names, IP addresses and passwords stored arsenic SHA-1 hashes without a salt.
Breach date: 13 April 2020
Date added to HIBP: 19 April 2020
Compromised accounts: 20,012,235
Compromised data: Browser idiosyncratic cause details, Email addresses, IP addresses, Names, Passwords
Permalink
Armor Games
In January 2019, the crippled portal website Armor Games suffered a information breach. A full of 10.6 cardinal email addresses were impacted by the breach which besides exposed usernames, IP addresses, birthdays of head accounts and passwords stored arsenic salted SHA-1 hashes. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".
Breach date: 1 January 2019
Date added to HIBP: 20 July 2019
Compromised accounts: 10,604,307
Compromised data: Bios, Dates of birth, Email addresses, Genders, Geographic locations, IP addresses, Passwords, Usernames
Permalink
Army Force Online
In May 2016, the online gaming tract Army Force Online suffered a information breach that exposed 1.5M accounts. The breached information was recovered being regularly traded online and included usernames, email and IP addresses and MD5 passwords.
Breach date: 18 May 2016
Date added to HIBP: 10 November 2016
Compromised accounts: 1,531,235
Compromised data: Avatars, Email addresses, Geographic locations, IP addresses, Names, Passwords, Usernames, Website activity
Permalink
Artsy
In April 2018, the online arts database Artsy suffered a information breach which consequently appeared for merchantability connected a acheronian web marketplace. Over 1M accounts were impacted and included IP and email addresses, names and passwords stored arsenic salted SHA-512 hashes. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".
Breach date: 1 April 2018
Date added to HIBP: 25 May 2020
Compromised accounts: 1,079,970
Compromised data: Email addresses, IP addresses, Names, Passwords
Permalink
Artvalue
In June 2019, the France-based creation valuation website Artvalue.com near their 158k subordinate subscriber basal publically exposed successful a substance record connected their website. The exposed information included names, usernames, email addresses and passwords stored arsenic MD5 hashes. The tract relation did not respond erstwhile contacted astir the incident, though the exposed record was subsequently removed.
Breach date: 19 June 2019
Date added to HIBP: 19 July 2019
Compromised accounts: 157,692
Compromised data: Email addresses, Names, Passwords, Salutations, Usernames
Permalink
Ashley Madison
In July 2015, the infidelity website Ashley Madison suffered a superior information breach. The attackers threatened Ashley Madison with the afloat disclosure of the breach unless the work was unopen down. One period later, the database was dumped including much than 30M unsocial email addresses. This breach has been classed arsenic "sensitive" and is not publically searchable, though individuals whitethorn observe if they've been impacted by registering for notifications. Read astir this attack successful detail.
Breach date: 19 July 2015
Date added to HIBP: 18 August 2015
Compromised accounts: 30,811,934
Compromised data: Dates of birth, Email addresses, Ethnicities, Genders, Names, Passwords, Payment histories, Phone numbers, Physical addresses, Security questions and answers, Sexual orientations, Usernames, Website activity
Permalink
Astropid
In December 2013, the vBulletin forum for the societal engineering tract known arsenic "AstroPID" was breached and leaked publicly. The tract provided tips connected fraudulently obtaining goods and services, often by providing a morganatic "PID" oregon Product Information Description. The breach resulted successful astir 6k idiosyncratic accounts and implicit 220k backstage messages betwixt forum members being exposed.
Breach date: 19 December 2013
Date added to HIBP: 6 July 2014
Compromised accounts: 5,788
Compromised data: Email addresses, Instant messenger identities, IP addresses, Names, Passwords, Private messages, Usernames, Website activity
Permalink
Aternos
In December 2015, the work for creating and moving escaped Minecraft servers known arsenic Aternos suffered a information breach that impacted 1.4 cardinal subscribers. The information included usernames, email and IP addresses and hashed passwords.
Breach date: 6 December 2015
Date added to HIBP: 1 October 2016
Compromised accounts: 1,436,486
Compromised data: Email addresses, IP addresses, Passwords, Usernames, Website activity
Permalink
Atlas Quantum
In August 2018, the cryptocurrency concern level Atlas Quantum suffered a information breach. The breach leaked the idiosyncratic information of 261k investors connected the level including their names, telephone numbers, email addresses and relationship balances.
Breach date: 25 August 2018
Date added to HIBP: 27 August 2018
Compromised accounts: 261,463
Compromised data: Account balances, Email addresses, Names, Phone numbers
Permalink
Audi
In August 2019, Audi USA suffered a information breach aft a vendor near information unsecured and exposed connected the internet. The information contained 2.7M unsocial email addresses on with names, telephone numbers, carnal addresses and conveyance accusation including VIN. In a disclosure connection from Audi, they besides advised immoderate customers had driver's licenses, dates of birth, societal information numbers and different idiosyncratic accusation exposed.
Breach date: 14 August 2019
Date added to HIBP: 23 July 2021
Compromised accounts: 2,743,539
Compromised data: Dates of birth, Driver's licenses, Email addresses, Names, Phone numbers, Physical addresses, Social information numbers, Vehicle details
Permalink
Avast
In May 2014, the Avast anti-virus forum was hacked and 423k subordinate records were exposed. The Simple Machines Based forum included usernames, emails and password hashes.
Breach date: 26 May 2014
Date added to HIBP: 12 March 2016
Compromised accounts: 422,959
Compromised data: Email addresses, Passwords, Usernames
Permalink
B2B USA Businesses
In mid-2017, a spam database of implicit 105 cardinal individuals successful firm America was discovered online. Referred to arsenic "B2B USA Businesses", the database categorised email addresses by employer, providing accusation connected individuals' occupation titles positive their enactment telephone numbers and carnal addresses. Read much astir spam lists successful HIBP.
Breach date: 18 July 2017
Date added to HIBP: 18 July 2017
Compromised accounts: 105,059,554
Compromised data: Email addresses, Employers, Job titles, Names, Phone numbers, Physical addresses
Permalink
Baby Names
In astir 2008, the tract to assistance parents sanction their children known arsenic Baby Names suffered a information breach. The incidental exposed 846k email addresses and passwords stored arsenic salted MD5 hashes. When contacted successful October 2018, Baby Names advised that "the breach happened astatine slightest 10 years ago" and that members were notified astatine the time.
Breach date: 24 October 2008
Date added to HIBP: 24 October 2018
Compromised accounts: 846,742
Compromised data: Email addresses, Passwords
Permalink
Badoo
In June 2016, a information breach allegedly originating from the societal website Badoo was recovered to beryllium circulating amongst traders. Likely obtained respective years earlier, the information contained 112 cardinal unsocial email addresses with idiosyncratic information including names, birthdates and passwords stored arsenic MD5 hashes. Whilst determination are galore indicators suggesting Badoo did so endure a information breach, the legitimacy of the information could not beryllium emphatically proven truthful this breach has been categorised arsenic "unverified".
Breach date: 1 June 2013
Date added to HIBP: 6 July 2016
Compromised accounts: 112,005,531
Compromised data: Dates of birth, Email addresses, Genders, Names, Passwords, Usernames
Permalink
BannerBit
In astir December 2018, the online advertisement level BannerBit suffered a information breach. Containing 213k unsocial email addresses and plain substance passwords, the information was provided to HIBP by a 3rd party. Multiple attempts were made to interaction BannerBit, but nary effect was received.
Breach date: 29 December 2018
Date added to HIBP: 8 January 2019
Compromised accounts: 213,415
Compromised data: Email addresses, Passwords
Permalink
Banorte
In August 2022, millions of records from Mexican slope "Banorte" were publically dumped connected a fashionable hacking forum including 2.1M unsocial email addresses, carnal addresses, names, telephone numbers, RFC (tax) numbers, genders and slope balances. Banorte person stated that the information is "outdated", though person not yet indicated however acold backmost it dates to. Anecdotal feedback from HIBP subscribers suggests the information whitethorn day backmost 8 years to 2014.
Breach date: 18 August 2014
Date added to HIBP: 18 August 2022
Compromised accounts: 2,107,000
Compromised data: Account balances, Email addresses, Genders, Government issued IDs, Names, Phone numbers, Physical addresses
Permalink
Beautiful People
In November 2015, the dating website Beautiful People was hacked and implicit 1.1M accounts were leaked. The information was being traded successful underground circles and included a immense magnitude of idiosyncratic accusation related to dating.
Breach date: 11 November 2015
Date added to HIBP: 25 April 2016
Compromised accounts: 1,100,089
Compromised data: Beauty ratings, Car ownership statuses, Dates of birth, Drinking habits, Education levels, Email addresses, Genders, Geographic locations, Home ownership statuses, Income levels, IP addresses, Job titles, Names, Passwords, Personal descriptions, Personal interests, Physical attributes, Sexual orientations, Smoking habits, Website activity
Permalink
Bell (2014 breach)
In February 2014, Bell Canada suffered a information breach via the hacker corporate known arsenic NullCrew. The breach included information from aggregate locations wrong Bell and exposed email addresses, usernames, idiosyncratic preferences and a fig of unencrypted passwords and recognition paper information from 40,000 records containing conscionable implicit 20,000 unsocial email addresses and usernames.
Breach date: 1 February 2014
Date added to HIBP: 1 February 2014
Compromised accounts: 20,902
Compromised data: Credit cards, Genders, Passwords, Usernames
Permalink
Bell (2017 breach)
In May 2017, the Bell telecommunications institution successful Canada suffered a information breach resulting successful the vulnerability of millions of lawsuit records. The information was consequently leaked online with a connection from the attacker stating that they were "releasing a important information of Bell.ca's information owed to the information that they person failed to cooperate with us" and included a menace to leak more. The impacted information included implicit 2 cardinal unsocial email addresses and 153k survey results dating backmost to 2011 and 2012. There were besides 162 Bell worker records with much broad idiosyncratic information including names, telephone numbers and plain substance "passcodes". Bell suffered different breach successful 2014 which exposed 40k records.
Breach date: 15 May 2017
Date added to HIBP: 16 May 2017
Compromised accounts: 2,231,256
Compromised data: Email addresses, Geographic locations, IP addresses, Job titles, Names, Passwords, Phone numbers, Spoken languages, Survey results, Usernames
Permalink
Bestialitysextaboo
In March 2018, the carnal bestiality website known arsenic Bestialitysextaboo was hacked. A postulation of assorted sites moving connected the aforesaid work were besides compromised and details of the hack (including links to the data) were posted connected a fashionable forum. In all, much than 3.2k unsocial email addresses were included alongside usernames, IP addresses, dates of birth, genders and bcrypt hashes of passwords.
Breach date: 19 March 2018
Date added to HIBP: 29 March 2018
Compromised accounts: 3,204
Compromised data: Dates of birth, Email addresses, Genders, Geographic locations, IP addresses, Passwords, Private messages, Usernames
Permalink
Bhinneka
In aboriginal 2020, the Indonesian user electronics website Bhinneka suffered a information breach that exposed astir 1.3M lawsuit records. The information included email and carnal addresses, names, genders, dates of birth, telephone numbers and salted password hashes.
Breach date: 27 January 2020
Date added to HIBP: 6 October 2022
Compromised accounts: 1,274,340
Compromised data: Dates of birth, Email addresses, Genders, Names, Passwords, Phone numbers, Physical addresses
Permalink
bigbasket
In October 2020, the Indian market level bigbasket suffered a information breach that exposed implicit 20 cardinal lawsuit records. The information was primitively sold earlier being leaked publically successful April the pursuing twelvemonth and included email, IP and carnal addresses, names, phones numbers, dates of commencement passwords stored arsenic Django(SHA-1) hashes.
Breach date: 14 October 2020
Date added to HIBP: 26 April 2021
Compromised accounts: 24,500,011
Compromised data: Dates of birth, Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses
Permalink
BigMoneyJobs
In April 2014, the occupation tract bigmoneyjobs.com was hacked by an attacker known arsenic "ProbablyOnion". The onslaught resulted successful the exposure of implicit 36,000 idiosyncratic accounts including email addresses, usernames and passwords which were stored successful plain text. The onslaught was allegedly mounted by exploiting a SQL injection vulnerability.
Breach date: 3 April 2014
Date added to HIBP: 8 April 2014
Compromised accounts: 36,789
Compromised data: Career levels, Education levels, Email addresses, Names, Passwords, Phone numbers, Physical addresses, Salutations, User website URLs, Website activity
Permalink
Bin Weevils
In September 2014, the online crippled Bin Weevils suffered a information breach. Whilst primitively stating that lone usernames and passwords had been exposed, a consequent communicative connected DataBreaches.net indicated that a much extended acceptable of idiosyncratic attributes were impacted (comments determination besides suggest the information whitethorn person travel from a aboriginal breach). Data matching that signifier was aboriginal provided to Have I Been Pwned by @akshayindia6 and included astir 1.3m unsocial email addresses, genders, ages and plain substance passwords.
Breach date: 1 September 2014
Date added to HIBP: 18 August 2017
Compromised accounts: 1,287,073
Compromised data: Ages, Email addresses, Genders, IP addresses, Passwords, Usernames
Permalink
Biohack.me
In December 2016, the forum for the biohacking website Biohack.me suffered a information breach that exposed 3.4k accounts. The information included usernames, email addresses and hashed passwords on with the backstage messages of forum members. The information was self-submitted to HIBP by the Biohack.me operators.
Breach date: 2 December 2016
Date added to HIBP: 23 August 2017
Compromised accounts: 3,402
Compromised data: Email addresses, Passwords, Private messages, Usernames
Permalink
Bitcoin Security Forum Gmail Dump
In September 2014, a ample dump of astir 5M usernames and passwords was posted to a Russian Bitcoin forum. Whilst commonly reported arsenic 5M "Gmail passwords", the dump besides contained 123k yandex.ru addresses. Whilst the root of the breach remains unclear, the breached credentials were confirmed by aggregate root arsenic correct, albeit a fig of years old.
Breach date: 9 January 2014
Date added to HIBP: 10 September 2014
Compromised accounts: 4,789,599
Compromised data: Email addresses, Passwords
Permalink
Bitcoin Talk
In May 2015, the Bitcoin forum Bitcoin Talk was hacked and implicit 500k unsocial email addresses were exposed. The onslaught led to the vulnerability of a raft of idiosyncratic information including usernames, email and IP addresses, genders, commencement dates, information questions and MD5 hashes of their answers positive hashes of the passwords themselves.
Breach date: 22 May 2015
Date added to HIBP: 27 March 2017
Compromised accounts: 501,407
Compromised data: Dates of birth, Email addresses, Genders, IP addresses, Passwords, Security questions and answers, Usernames, Website activity
Permalink
Bitly
In May 2014, the nexus absorption institution Bitly announced they'd suffered a information breach. The breach contained implicit 9.3 cardinal unsocial email addresses, usernames and hashed passwords, astir utilizing SHA1 with a tiny fig utilizing bcrypt.
Breach date: 8 May 2014
Date added to HIBP: 6 October 2017
Compromised accounts: 9,313,136
Compromised data: Email addresses, Passwords, Usernames
Permalink
BitTorrent
In January 2016, the forum for the fashionable torrent bundle BitTorrent was hacked. The IP.Board based forum stored passwords arsenic anemic SHA1 salted hashes and the breached information besides included usernames, email and IP addresses.
Breach date: 1 January 2016
Date added to HIBP: 8 June 2016
Compromised accounts: 34,235
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
Black Hat World
In June 2014, the hunt motor optimisation forum Black Hat World had 3 quarters of a cardinal accounts breached from their system. The breach included assorted personally identifiable attributes which were publically released successful a MySQL database script.
Breach date: 23 June 2014
Date added to HIBP: 3 November 2015
Compromised accounts: 777,387
Compromised data: Dates of birth, Email addresses, Instant messenger identities, IP addresses, Passwords, Usernames, Website activity
Permalink
BlackBerry Fans
In May 2022, the Chinese BlackBerry enthusiasts website BlackBerry Fans suffered a information breach that exposed 174k subordinate records. The impacted information included usernames, email and IP addresses and passwords stored arsenic salted MD5 hashes.
Breach date: 6 May 2022
Date added to HIBP: 16 May 2022
Compromised accounts: 174,168
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
BlackSpigotMC
In July 2019, the hacking website BlackSpigotMC suffered a information breach. The XenForo forum based tract was allegedly compromised by a rival hacking website and resulted successful 8.5GB of information being leaked including the database and website itself. The exposed information included 140k unsocial email addresses, usernames, IP addresses, genders, geographic locations and passwords stored arsenic bcrypt hashes.
Breach date: 14 July 2019
Date added to HIBP: 17 July 2019
Compromised accounts: 140,029
Compromised data: Device information, Email addresses, Genders, Geographic locations, IP addresses, Passwords, Usernames
Permalink
BlankMediaGames
In December 2018, the Town of Salem website produced by BlankMediaGames suffered a information breach. Reported to HIBP by DeHashed, the information contained 7.6M unsocial idiosyncratic email addresses alongside usernames, IP addresses, acquisition histories and passwords stored arsenic phpass hashes. DeHashed made aggregate attempts to interaction BlankMediaGames implicit assorted channels and galore days but had yet to person a effect astatine the clip of publishing.
Breach date: 28 December 2018
Date added to HIBP: 2 January 2019
Compromised accounts: 7,633,234
Compromised data: Browser idiosyncratic cause details, Email addresses, IP addresses, Passwords, Purchases, Usernames, Website activity
Permalink
Bolt
In astir March 2017, the record sharing website Bolt suffered a information breach resulting successful the vulnerability of 995k unsocial idiosyncratic records. The information was sourced from their vBulletin forum and contained email and IP addresses, usernames and salted MD5 password hashes. The tract was antecedently reported arsenic compromised connected the Vigilante.pw breached database directory.
Breach date: 1 March 2017
Date added to HIBP: 24 November 2017
Compromised accounts: 995,274
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
Bombuj.eu
In December 2018, the Slovak website for watching movies online for escaped Bombuj.eu suffered a information breach. The incidental exposed implicit 575k unsocial email addresses and passwords stored arsenic unsalted MD5 hashes. No effect was received from Bombuj.eu erstwhile contacted astir the incident.
Breach date: 7 December 2018
Date added to HIBP: 10 December 2018
Compromised accounts: 575,437
Compromised data: Email addresses, Passwords
Permalink
Bonobos
In August 2020, the covering store Bonobos suffered a information breach that exposed astir 70GB of information containing 2.8 cardinal unsocial email addresses. The breach besides exposed names, carnal and IP addresses, telephone numbers, bid histories and passwords stored arsenic salted SHA-512 hashes, including humanities passwords. The breach besides exposed partial recognition paper information including paper type, the sanction connected the card, expiry day and the past 4 digits of the card. The information was provided to HIBP by dehashed.com.
Breach date: 14 August 2020
Date added to HIBP: 31 January 2021
Compromised accounts: 2,811,929
Compromised data: Email addresses, Historical passwords, IP addresses, Names, Partial recognition paper data, Passwords, Phone numbers, Physical addresses, Purchases
Permalink
Bookchor
In January 2021, the Indian publication trading website Bookchor suffered a information breach that exposed fractional a cardinal lawsuit records. The exposed information included email and IP addresses, names, genders, dates of birth, telephone numbers and passwords stored arsenic unsalted MD5 hashes. The information was subsequently traded connected a fashionable hacking forum.
Breach date: 28 January 2021
Date added to HIBP: 3 July 2022
Compromised accounts: 498,297
Compromised data: Dates of birth, Email addresses, Genders, IP addresses, Names, Passwords, Phone numbers, Social media profiles
Permalink
Bookmate
In mid-2018, the societal ebook subscription work Bookmate was among a raft of sites that were breached and their information past sold successful early-2019. The information included astir 4 cardinal unsocial email addresses alongside names, genders, dates of commencement and passwords stored arsenic salted SHA-512 hashes. The information was provided to HIBP by a root who requested it to beryllium attributed to "[email protected]".
Breach date: 8 July 2018
Date added to HIBP: 22 March 2019
Compromised accounts: 3,830,916
Compromised data: Dates of birth, Email addresses, Genders, Geographic locations, Names, Passwords, Usernames
Permalink
Bot of Legends
In November 2014, the forum for Bot of Legends suffered a information breach. The IP.Board forum contained 238k accounts including usernames, email and IP addresses and passwords stored arsenic salted MD5 hashes.
Breach date: 13 November 2014
Date added to HIBP: 27 December 2016
Compromised accounts: 238,373
Compromised data: Email addresses, IP addresses, Passwords, Usernames, Website activity
Permalink
Bourse des Vols
In January 2021, the French question institution Bourse des Vols suffered a information breach that exposed 1.46M unsocial email addresses crossed much than 1.2k .sql files and implicit 9GB of data. The impacted information exposed idiosyncratic accusation and question histories including names, telephone numbers, IP and carnal addresses, dates of commencement on with flights taken and purchases.
Breach date: 12 January 2021
Date added to HIBP: 3 July 2022
Compromised accounts: 1,460,130
Compromised data: Dates of birth, Email addresses, Flights taken, IP addresses, Names, Phone numbers, Physical addresses, Purchases
Permalink
Boxee
In March 2014, the location theatre PC bundle shaper Boxee had their forums compromised successful an attack. The attackers obtained the full vBulletin MySQL database and promptly posted it for download connected the Boxee forum itself. The information included 160k users, password histories, backstage messages and a assortment of different information exposed crossed astir 200 publically exposed tables.
Breach date: 29 March 2014
Date added to HIBP: 30 March 2014
Compromised accounts: 158,093
Compromised data: Dates of birth, Email addresses, Geographic locations, Historical passwords, Instant messenger identities, IP addresses, Passwords, Private messages, User website URLs, Usernames
Permalink
Brand New Tube
In August 2022, the streaming website Brand New Tube suffered a information breach that exposed the idiosyncratic accusation of astir 350k subscribers. The impacted information included email and IP addresses, usernames, genders, passwords stored arsenic unsalted SHA-1 hashes and backstage messages.
Breach date: 14 August 2022
Date added to HIBP: 8 September 2022
Compromised accounts: 349,627
Compromised data: Email addresses, Genders, IP addresses, Passwords, Private messages, Usernames
Permalink
Brazzers
In April 2013, the big website known arsenic Brazzers was hacked and 790k accounts were exposed publicly. Each grounds included a username, email code and password stored successful plain text. The breach was brought to airy by the Vigilante.pw information breach reporting tract successful September 2016.
Breach date: 1 April 2013
Date added to HIBP: 5 September 2016
Compromised accounts: 790,724
Compromised data: Email addresses, Passwords, Usernames
Permalink
BTC-Alpha
In November 2021, the crypto speech level BTC-Alpha suffered a ransomware onslaught information breach aft which lawsuit information was publically dumped. The impacted information included 362k email and IP addresses, usernames and passwords stored arsenic PBKDF2 hashes. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".
Breach date: 2 November 2021
Date added to HIBP: 27 January 2022
Compromised accounts: 362,426
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
BTC-E
In October 2014, the Bitcoin speech BTC-E was hacked and 568k accounts were exposed. The information included email and IP addresses, wallet balances and hashed passwords.
Breach date: 1 October 2014
Date added to HIBP: 12 March 2017
Compromised accounts: 568,340
Compromised data: Account balances, Email addresses, IP addresses, Passwords, Usernames, Website activity
Permalink
BtoBet
In December 2019, a ample postulation of information from Nigerian gambling institution Surebet247 was sent to HIBP. Alongside the Surebet247, database backups from gambling sites BetAlfa, BetWay, BongoBongo and TopBet was besides included. Further probe implicated betting level supplier BtoBet arsenic being the communal root of the data. Impacted information included idiosyncratic records and extended accusation connected gambling histories.
Breach date: 26 December 2019
Date added to HIBP: 11 January 2020
Compromised accounts: 444,241
Compromised data: Dates of birth, Email addresses, Financial transactions, Geographic locations, IP addresses, Names, Usernames
Permalink
Bukalapak
In March 2019, the Indonesian e-commerce website Bukalapak discovered a information breach of the organisation's backups dating backmost to October 2017. The incidental exposed astir 13 cardinal unsocial email addresses alongside IP addresses, names and passwords stored arsenic bcrypt and salted SHA-512 hashes. The information was provided to HIBP by a root who requested it to beryllium attributed to "Maxime Thalet".
Breach date: 23 October 2017
Date added to HIBP: 18 April 2019
Compromised accounts: 13,369,666
Compromised data: Email addresses, IP addresses, Names, Passwords, Usernames
Permalink
Bulgarian National Revenue Agency
In July 2019, a monolithic information breach of the Bulgarian National Revenue Agency began circulating with information connected 5 cardinal people. Allegedly obtained successful June, the information was broadly shared online and included taxation accusation alongside names, telephone numbers, carnal addresses and 471 1000 unsocial email addresses. The breach is said to person affected "nearly each adults successful Bulgaria".
Breach date: 15 July 2019
Date added to HIBP: 18 July 2019
Compromised accounts: 471,167
Compromised data: Email addresses, Names, Phone numbers, Physical addresses, Taxation records
Permalink
Business Acumen Magazine
In April 2014, the Australian "Business Acumen Magazine" website was hacked by an attacker known arsenic 1337MiR. The breach resulted successful implicit 26,000 accounts being exposed including usernames, email addresses and password stored with a anemic cryptographic hashing algorithm (MD5 with nary salt).
Breach date: 25 April 2014
Date added to HIBP: 11 May 2014
Compromised accounts: 26,596
Compromised data: Email addresses, Names, Passwords, Usernames, Website activity
Permalink
CafeMom
In 2014, the societal web for mothers CafeMom suffered a information breach. The information surfaced alongside a fig of different humanities breaches including Kickstarter, Bitly and Disqus and contained 2.6 cardinal email addresses and plain substance passwords.
Breach date: 10 April 2014
Date added to HIBP: 9 November 2017
Compromised accounts: 2,628,148
Compromised data: Email addresses, Passwords
Permalink
CafePress
In February 2019, the customized merchandise retailer CafePress suffered a information breach. The exposed information included 23 cardinal unsocial email addresses with immoderate records besides containing names, carnal addresses, telephone numbers and passwords stored arsenic SHA-1 hashes. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".
Breach date: 20 February 2019
Date added to HIBP: 5 August 2019
Compromised accounts: 23,205,290
Compromised data: Email addresses, Names, Passwords, Phone numbers, Physical addresses
Permalink
Cannabis.com
In February 2014, the vBulletin forum for the Marijuana tract cannabis.com was breached and leaked publicly. Whilst determination has been nary nationalist attribution of the breach, the leaked information included implicit 227k accounts and astir 10k backstage messages betwixt users of the forum.
Breach date: 5 February 2014
Date added to HIBP: 1 June 2014
Compromised accounts: 227,746
Compromised data: Dates of birth, Email addresses, Geographic locations, Historical passwords, Instant messenger identities, IP addresses, Passwords, Private messages, Usernames, Website activity
Permalink
Canva
In May 2019, the graphic plan instrumentality website Canva suffered a information breach that impacted 137 cardinal subscribers. The exposed information included email addresses, usernames, names, cities of residence and passwords stored arsenic bcrypt hashes for users not utilizing societal logins. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".
Breach date: 24 May 2019
Date added to HIBP: 9 August 2019
Compromised accounts: 137,272,116
Compromised data: Email addresses, Geographic locations, Names, Passwords, Usernames
Permalink
Capital Economics
In December 2020, the economical probe institution Capital Economics suffered a information breach that exposed 263k lawsuit records. The exposed information included email and carnal addresses, names, telephone numbers, occupation titles and the leader of impacted customers.
Breach date: 12 December 2020
Date added to HIBP: 4 July 2022
Compromised accounts: 263,829
Compromised data: Email addresses, Employers, Job titles, Names, Phone numbers, Physical addresses
Permalink
Carding Mafia (December 2021)
In December 2021, the Carding Mafia forum suffered a information breach that exposed implicit 300k members' email addresses. Dedicated to the theft and trading of stolen recognition cards, the forum breach besides exposed usernames, IP addresses and passwords stored arsenic salted MD5 hashes. This breach came lone 9 months aft different breach of the forum successful March 2021.
Breach date: 28 December 2021
Date added to HIBP: 16 January 2022
Compromised accounts: 303,877
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
Carding Mafia (March 2021)
In March 2021, the Carding Mafia forum suffered a information breach that exposed astir 300k members' email addresses. Dedicated to the theft and trading of stolen recognition cards, the forum breach besides exposed usernames, IP addresses and passwords stored arsenic salted MD5 hashes.
Breach date: 18 March 2021
Date added to HIBP: 23 March 2021
Compromised accounts: 297,744
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
CashCrate
In June 2017, quality broke that CashCrate had suffered a information breach exposing 6.8 cardinal records. The breach of the cash-for-surveys tract dated backmost to November 2016 and exposed names, carnal addresses, email addresses and passwords stored successful plain substance for older accounts on with anemic MD5 hashes for newer ones.
Breach date: 17 November 2016
Date added to HIBP: 20 April 2018
Compromised accounts: 6,844,490
Compromised data: Email addresses, Names, Passwords, Physical addresses
Permalink
Catho
In astir March 2020, the Brazilian recruitment website Catho was compromised and subsequently appeared alongside 20 different breached websites listed for merchantability connected a acheronian web marketplace. The breach included astir 11 cardinal records with 1.2 cardinal unsocial email addresses. Names, usernames and plain substance passwords were besides exposed. The information was provided to HIBP by breachbase.pw.
Breach date: 1 March 2020
Date added to HIBP: 18 August 2020
Compromised accounts: 1,173,012
Compromised data: Email addresses, Names, Passwords, Usernames
Permalink
CD Projekt RED
In March 2016, Polish crippled developer CD Projekt RED suffered a information breach. The hack of their forum led to the vulnerability of astir 1.9 cardinal accounts on with usernames, email addresses and salted SHA1 passwords.
Breach date: 1 March 2016
Date added to HIBP: 31 January 2017
Compromised accounts: 1,871,373
Compromised data: Email addresses, Passwords, Usernames
Permalink
Chatbooks
In March 2020, the photograph people work Chatbooks suffered a information breach which was subsequently enactment up for merchantability connected a acheronian web marketplace. The breach contained 15 cardinal idiosyncratic records with 2.5 cardinal unsocial email addresses alongside names, telephone numbers, societal media profiles and salted SHA-512 password hashes. The information was provided to HIBP by dehashed.com.
Breach date: 26 March 2020
Date added to HIBP: 29 July 2020
Compromised accounts: 2,520,441
Compromised data: Email addresses, Names, Passwords, Phone numbers, Social media profiles
Permalink
CheapAssGamer.com
In astir mid-2015, the forum for CheapAssGamer.com suffered a information breach. The database from the IP.Board based forum contained 445k accounts including usernames, email and IP addresses and salted MD5 password hashes.
Breach date: 1 July 2015
Date added to HIBP: 8 November 2016
Compromised accounts: 444,767
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
Chegg
In April 2018, the textbook rental work Chegg suffered a information breach that impacted 40 cardinal subscribers. The exposed information included email addresses, usernames, names and passwords stored arsenic unsalted MD5 hashes. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".
Breach date: 28 April 2018
Date added to HIBP: 16 August 2019
Compromised accounts: 39,721,127
Compromised data: Email addresses, Names, Passwords, Usernames
Permalink
Civil Online
In mid-2011, information was allegedly obtained from the Chinese engineering website known arsenic Civil Online and contained 7.8M accounts. Whilst determination is grounds that the information is legitimate, owed to the trouble of emphatically verifying the Chinese breach it has been flagged arsenic "unverified". The information successful the breach contains email and IP addresses, idiosyncratic names and MD5 password hashes. Read much astir Chinese information breaches successful Have I Been Pwned.
Breach date: 10 July 2011
Date added to HIBP: 7 November 2016
Compromised accounts: 7,830,195
Compromised data: Email addresses, IP addresses, Passwords, Usernames, Website activity
Permalink
Clash of Kings
In July 2016, the forum for the crippled "Clash of Kings" suffered a information breach that impacted 1.6 cardinal subscribers. The impacted information included usernames, IP and email addresses and passwords stored arsenic MD5 hashes. The information was provided to HIBP by dehashed.com.
Breach date: 14 July 2016
Date added to HIBP: 27 July 2019
Compromised accounts: 1,604,957
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
ClearVoice Surveys
In April 2021, the marketplace probe surveys institution ClearVoice Surveys had a publically facing database backup from 2015 taken and redistributed connected a fashionable hacking forum. The information included 15M unsocial email addresses crossed much than 17M rows of information that besides included names, carnal and IP addresses, genders, dates of commencement and plain substance passwords. ClearVoice Surveys advised they were alert of the breach and confirmed its authenticity.
Breach date: 23 August 2015
Date added to HIBP: 23 April 2021
Compromised accounts: 15,074,786
Compromised data: Dates of birth, Email addresses, Genders, IP addresses, Names, Passwords, Phone numbers, Physical addresses
Permalink
ClixSense
In September 2016, the paid-to-click tract ClixSense suffered a information breach which exposed 2.4 cardinal subscriber identities. The breached information was past posted online by the attackers who claimed it was a subset of a larger information breach totalling 6.6 cardinal records. The leaked information was extended and included names, physical, email and IP addresses, genders and commencement dates, relationship balances and passwords stored arsenic plain text.
Breach date: 4 September 2016
Date added to HIBP: 11 September 2016
Compromised accounts: 2,424,784
Compromised data: Account balances, Dates of birth, Email addresses, Genders, IP addresses, Names, Passwords, Payment histories, Payment methods, Physical addresses, Usernames, Website activity
Permalink
CloudPets
In January, the shaper of teddy bears that grounds children's voices and sends them to household and friends via the net CloudPets near their database publically exposed and it was subsequently downloaded by outer parties (the information was besides taxable to 3 antithetic ransom demands). 583k records were provided to HIBP via a information trader and included email addresses and bcrypt hashes, but the afloat grade of idiosyncratic information exposed by the strategy was implicit 821k records and besides included children's names and references to representation photos and dependable recordings.
Breach date: 1 January 2017
Date added to HIBP: 27 February 2017
Compromised accounts: 583,503
Compromised data: Email addresses, Family members' names, Passwords
Permalink
Club Penguin Rewritten (January 2018)
In January 2018, the children's gaming tract Club Penguin Rewritten (CPRewritten) suffered a information breach (note: CPRewritten is an autarkic recreation of Disney's Club Penguin game). The incidental exposed astir 1.7 cardinal unsocial email addresses alongside IP addresses, usernames and passwords stored arsenic bcrypt hashes. When contacted, CPRewritten advised they were alert of the breach and had "contacted affected users".
Breach date: 21 January 2018
Date added to HIBP: 23 April 2019
Compromised accounts: 1,688,176
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
Club Penguin Rewritten (July 2019)
In July 2019, the children's gaming tract Club Penguin Rewritten (CPRewritten) suffered a information breach (note: CPRewritten is an autarkic recreation of Disney's Club Penguin game). In summation to an earlier information breach that impacted 1.7 cardinal accounts, the consequent breach exposed 4 cardinal unsocial email addresses alongside IP addresses, usernames and passwords stored arsenic bcrypt hashes.
Breach date: 27 July 2019
Date added to HIBP: 30 July 2019
Compromised accounts: 4,007,909
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
Coinmama
In August 2017, the crypto coin brokerage work Coinmama suffered a information breach that impacted 479k subscribers. The breach was discovered successful February 2019 with exposed information including email addresses, usernames and passwords stored arsenic MD5 WordPress hashes. The information was provided to HIBP by achromatic chapeau information researcher and information expert Adam Davies.
Breach date: 3 August 2017
Date added to HIBP: 30 August 2019
Compromised accounts: 478,824
Compromised data: Email addresses, Passwords, Usernames
Permalink
CoinMarketCap
During October 2021, 3.1 cardinal email addresses with accounts connected the cryptocurrency marketplace capitalisation website CoinMarketCap were discovered being traded connected hacking forums. Whilst the email addresses were recovered to correlate with CoinMarketCap accounts, it's unclear precisely however they were obtained. CoinMarketCap has provided the pursuing connection connected the data: "CoinMarketCap has go alert that batches of information person shown up online purporting to beryllium a database of idiosyncratic accounts. While the information lists we person seen are lone email addresses (no passwords), we person recovered a correlation with our subscriber base. We person not recovered immoderate grounds of a information leak from our ain servers — we are actively investigating this contented and volition update our subscribers arsenic soon arsenic we person immoderate caller information."
Breach date: 12 October 2021
Date added to HIBP: 22 October 2021
Compromised accounts: 3,117,548
Compromised data: Email addresses
Permalink
Collection #1
In January 2019, a ample postulation of credential stuffing lists (combinations of email addresses and passwords utilized to hijack accounts connected different services) was discovered being distributed connected a fashionable hacking forum. The information contained astir 2.7 billion records including 773 cardinal unsocial email addresses alongside passwords those addresses had utilized connected different breached services. Full details connected the incidental and however to hunt the breached passwords are provided successful the blog station The 773 Million Record "Collection #1" Data Breach.
Breach date: 7 January 2019
Date added to HIBP: 16 January 2019
Compromised accounts: 772,904,991
Compromised data: Email addresses, Passwords
Permalink
COMELEC (Philippines Voters)
In March 2016, the Philippines Commission of Elections website (COMELEC) was attacked and defaced, allegedly by Anonymous Philippines. Shortly after, data connected 55 cardinal Filipino voters was leaked publicly and included delicate accusation specified arsenic genders, marital statuses, tallness and value and biometric fingerprint data. The breach lone included 228k email addresses.
Breach date: 27 March 2016
Date added to HIBP: 14 April 2016
Compromised accounts: 228,605
Compromised data: Biometric data, Dates of birth, Email addresses, Family members' names, Genders, Job titles, Marital statuses, Names, Passport numbers, Phone numbers, Physical addresses, Physical attributes
Permalink
Coupon Mom / Armor Games
In 2014, a record allegedly containing information hacked from Coupon Mom was created and included 11 cardinal email addresses and plain substance passwords. On further investigation, the record was besides recovered to incorporate information indicating it had been sourced from Armor Games. Subsequent verification with HIBP subscribers confirmed the passwords had antecedently been utilized and galore subscribers had utilized either Coupon Mom oregon Armor Games successful the past. On disclosure to some organisations, each recovered that the information did not correspond their full lawsuit basal and perchance includes records from different sources with communal subscribers. The breach has subsequently been flagged arsenic "unverified" arsenic the root cannot beryllium emphatically proven. In July 2020, the information was besides recovered to incorporate BeerAdvocate accounts sourced from a antecedently chartless breach.
Breach date: 8 February 2014
Date added to HIBP: 9 November 2017
Compromised accounts: 11,010,525
Compromised data: Email addresses, Passwords
Permalink
Covve
In February 2020, a monolithic trove of idiosyncratic accusation referred to arsenic "db8151dd" was provided to HIBP aft being recovered near exposed connected a publically facing Elasticsearch server. Later identified arsenic originating from the Covve contacts app, the exposed information included extended idiosyncratic accusation and interactions betwixt Covve users and their contacts. The information was provided to HIBP by dehashed.com.
Breach date: 20 February 2020
Date added to HIBP: 15 May 2020
Compromised accounts: 22,802,117
Compromised data: Email addresses, Job titles, Names, Phone numbers, Physical addresses, Social media profiles
Permalink
Crack Community
In precocious 2013, the Crack Community forum specialising successful cracks for games was compromised and implicit 19k accounts published online. Built connected the MyBB forum platform, the compromised information included email addresses, IP addresses and salted MD5 passwords.
Breach date: 9 September 2013
Date added to HIBP: 3 February 2015
Compromised accounts: 19,210
Compromised data: Email addresses, IP addresses, Passwords, Usernames, Website activity
Permalink
Cracked.to
In July 2019, the hacking website Cracked.to suffered a information breach. There were 749k unsocial email addresses dispersed crossed 321k forum users and different tables successful the database. A rival hacking website claimed work for breaching the MyBB based forum which disclosed email and IP addresses, usernames, backstage messages and passwords stored arsenic bcrypt hashes.
Breach date: 21 July 2019
Date added to HIBP: 12 August 2019
Compromised accounts: 749,161
Compromised data: Email addresses, IP addresses, Passwords, Private messages, Usernames
Permalink
CrackingForum
In astir mid-2016, the cracking assemblage forum known arsenic CrackingForum suffered a information breach. The vBulletin based forum exposed 660k email and IP addresses, usernames and salted MD5 hashes.
Breach date: 1 July 2016
Date added to HIBP: 10 December 2017
Compromised accounts: 660,305
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
Creative
In May 2018, the forum for Singaporean hardware institution Creative Technology suffered a information breach which resulted successful the disclosure of 483k unsocial email addresses. Running connected an aged mentation of vBulletin, the breach besides disclosed usernames, IP addresses and salted MD5 password hashes. After being notified of the incident, Creative permanently unopen down the forum.
Breach date: 1 May 2018
Date added to HIBP: 7 June 2018
Compromised accounts: 483,015
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
Cross Fire
In August 2016, the Russian gaming forum known arsenic Cross Fire (or cfire.mail.ru) was hacked on with a fig of different forums connected the Russian message provider, mail.ru. The vBulletin forum contained 12.8 cardinal accounts including usernames, email addresses and passwords stored arsenic salted MD5 hashes.
Breach date: 8 August 2016
Date added to HIBP: 28 December 2016
Compromised accounts: 12,865,609
Compromised data: Email addresses, Passwords, Usernames
Permalink
CTARS
In May 2022, the lawsuit absorption strategy for the Australian government's NDIS (National Disability Insurance Scheme) suffered a information breach which was subsequently posted to an online hacking forum. The CTARS unreality level is utilized by attraction providers to grounds accusation astir NDIS participants and often contains delicate aesculapian information. Impacted information includes implicit 12k unsocial email addresses, carnal addresses, names, dates of birth, telephone numbers and information related to diligent conditions and treatments.
Breach date: 21 May 2021
Date added to HIBP: 31 May 2022
Compromised accounts: 12,314
Compromised data: Dates of birth, Email addresses, Genders, Names, Passwords, Personal wellness data, Phone numbers, Physical addresses, Salutations, Usernames
Permalink
CyberServe
In October 2021, the Israeli hosting supplier CyberServe was breached and ransomed earlier having a important magnitude of their lawsuit information leaked publically by a radical known arsenic "Black Shadow". Amongst the information was the LGBTQ dating tract Atraf and the Machon Mor aesculapian institute. Due to aggregate antithetic sites being compromised, the impacted information is wide and ranges from narration accusation to aesculapian information to email addresses and passwords stored successful plain text. The information was made disposable to HIBP with enactment from May Brooks-Kempler, laminitis of the Think Safe Cyber assemblage successful Israel.
Breach date: 29 October 2021
Date added to HIBP: 4 November 2021
Compromised accounts: 1,107,034
Compromised data: Dates of birth, Drinking habits, Email addresses, Family structure, Genders, Geographic locations, HIV statuses, IP addresses, Names, Passwords, Personal wellness data, Phone numbers, Physical attributes, Private messages, Profile photos, Religions, Sexual orientations, Smoking habits, Usernames
Permalink
D3Scene
In January 2016, the gaming website D3Scene, suffered a information breach. The compromised vBulletin forum exposed 569k cardinal email addresses, IP address, usernames and passwords stored arsenic salted MD5 hashes. The information was provided to HIBP by dehashed.com.
Breach date: 1 January 2016
Date added to HIBP: 15 June 2019
Compromised accounts: 568,827
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
DaFont
In May 2017, font sharing tract DaFont suffered a information breach resulting successful the vulnerability of 637k records. Allegedly owed to a SQL injection vulnerability exploited by aggregate parties, the exposed information included usernames, email addresses and passwords stored arsenic MD5 without a salt.
Breach date: 16 May 2017
Date added to HIBP: 18 May 2017
Compromised accounts: 637,340
Compromised data: Email addresses, Passwords, Usernames
Permalink
Daily Quiz
In January 2021, the quiz website Daily Quiz suffered a information breach that exposed implicit 8 cardinal unsocial email addresses. The information besides included usernames, IP addresses and passwords stored successful plain text.
Breach date: 13 January 2021
Date added to HIBP: 21 May 2021
Compromised accounts: 8,032,404
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
Dailymotion
In October 2016, the video sharing level Dailymotion suffered a information breach. The onslaught led to the vulnerability of much than 85 cardinal idiosyncratic accounts and included email addresses, usernames and bcrypt hashes of passwords.
Breach date: 20 October 2016
Date added to HIBP: 7 August 2017
Compromised accounts: 85,176,234
Compromised data: Email addresses, Passwords, Usernames
Permalink
DailyObjects
In astir January 2018, a postulation of much than 464k lawsuit records from the Indian online retailer DailyObjects were leaked online. The information included names, carnal and email addresses, telephone numbers and "pincodes" stored successful plain text. After aggregate attempts to interaction them, DailyObjects responded and received a transcript of the information for verification, nevertheless failed to respond to aggregate interaction attempts pursuing that.
Breach date: 1 January 2018
Date added to HIBP: 28 January 2020
Compromised accounts: 464,260
Compromised data: Email addresses, Names, Passwords, Phone numbers, Physical addresses
Permalink
Dangdang
In 2011, the Chinese e-commerce tract Dangdang suffered a information breach. The incidental exposed implicit 4.8 cardinal unsocial email addresses which were subsequently traded online implicit the ensuing years.
Breach date: 1 June 2011
Date added to HIBP: 10 January 2019
Compromised accounts: 4,848,734
Compromised data: Email addresses
Permalink
DaniWeb
In precocious 2015, the exertion and societal tract DaniWeb suffered a information breach. The onslaught resulted successful the disclosure of 1.1 cardinal accounts including email and IP addresses which were besides accompanied by salted MD5 hashes of passwords. However, DaniWeb person advised that "the breached password hashes and salts are incorrect" and that they person since switched to caller infrastructure and software.
Breach date: 1 December 2015
Date added to HIBP: 28 December 2016
Compromised accounts: 1,131,636
Compromised data: Email addresses, IP addresses, Passwords
Permalink
Data & Leads
In November 2018, security researcher Bob Diachenko identified an unprotected database believed to beryllium hosted by a information aggregator. Upon further investigation, the information was linked to selling institution Data & Leads. The exposed Elasticsearch lawsuit contained implicit 44M unsocial email addresses on with names, IP and carnal addresses, telephone numbers and employment information. No effect was received from Data & Leads erstwhile contacted by Bob and their tract subsequently went offline.
Breach date: 14 November 2018
Date added to HIBP: 28 November 2018
Compromised accounts: 44,320,330
Compromised data: Email addresses, Employers, IP addresses, Job titles, Names, Phone numbers, Physical addresses
Permalink
Data Enrichment Exposure From PDL Customer
In October 2019, security researchers Vinny Troia and Bob Diachenko identified an unprotected Elasticsearch server holding 1.2 cardinal records of idiosyncratic data. The exposed information included an scale indicating it was sourced from information enrichment institution People Data Labs (PDL) and contained 622 cardinal unsocial email addresses. The server was not owned by PDL and it's believed a lawsuit failed to decently unafraid the database. Exposed accusation included email addresses, telephone numbers, societal media profiles and occupation past data.
Breach date: 16 October 2019
Date added to HIBP: 22 November 2019
Compromised accounts: 622,161,052
Compromised data: Email addresses, Employers, Geographic locations, Job titles, Names, Phone numbers, Social media profiles
Permalink
Data Enrichment Records
In December 2016, more than 200 cardinal "data enrichment profiles" were recovered for merchantability connected the darknet. The seller claimed the information was sourced from Experian and whilst that assertion was rejected by the company, the information itself was recovered to beryllium morganatic suggesting it whitethorn person been sourced from different morganatic locations. In total, determination were much than 8 cardinal unsocial email addresses successful the information which besides contained a raft of different idiosyncratic attributes including recognition ratings, location ownership status, household operation and different fields described successful the communicative linked to above. The email addresses unsocial were provided to HIBP.
Breach date: 23 December 2016
Date added to HIBP: 8 June 2017
Compromised accounts: 8,176,132
Compromised data: Buying preferences, Charitable donations, Credit presumption information, Dates of birth, Email addresses, Family structure, Financial investments, Home ownership statuses, Income levels, Job titles, Marital statuses, Names, Net worths, Phone numbers, Physical addresses, Political donations
Permalink
DataCamp
In December 2018, the information subject website DataCamp suffered a information breach of records dating backmost to January 2017. The incidental exposed 760k unsocial email and IP addresses on with names and passwords stored arsenic bcrypt hashes. In 2019, the information appeared listed for merchantability connected a acheronian web marketplace (along with respective different ample breaches) and subsequently began circulating much broadly. The information was provided to HIBP by a root who requested it to beryllium attributed to "[email protected]".
Breach date: 30 January 2017
Date added to HIBP: 9 April 2019
Compromised accounts: 760,561
Compromised data: Email addresses, Geographic locations, IP addresses, Names, Passwords
Permalink
Dave
In June 2020, the integer banking app Dave suffered a information breach which exposed 7.5 cardinal rows of information and subsequently appeared for nationalist download connected a hacking forum. The breach exposed extended idiosyncratic accusation including astir 3 cardinal unsocial email addresses alongside names, dates of birth, encrypted societal information numbers and passwords stored arsenic bcrypt hashes. The information was provided to HIBP by dehashed.com.
Breach date: 28 June 2020
Date added to HIBP: 27 July 2020
Compromised accounts: 2,964,182
Compromised data: Dates of birth, Email addresses, Names, Passwords, Phone numbers, Physical addresses, Social information numbers
Permalink
Deezer
In precocious 2022, the euphony streaming work Deezer disclosed a information breach that impacted implicit 240M customers. The breach dated backmost to a mid-2019 backup exposed by a 3rd enactment spouse which was subsequently sold and past broadly redistributed connected a fashionable hacking forum. Impacted information included 229M unsocial email addresses, IP addresses, names, usernames, genders, DoBs and the geographic determination of the customer.
Breach date: 22 April 2019
Date added to HIBP: 2 January 2023
Compromised accounts: 229,037,936
Compromised data: Dates of birth, Email addresses, Genders, Geographic locations, IP addresses, Names, Spoken languages, Usernames
Permalink
Demon Forums
In February 2019, the hacking forum Demon Forums suffered a information breach. The compromise of the vBulletin forum exposed 52k unsocial email addresses alongside usernames and passwords stored arsenic salted MD5 hashes.
Breach date: 20 February 2019
Date added to HIBP: 4 April 2019
Compromised accounts: 52,623
Compromised data: Email addresses, Passwords, Usernames
Permalink
Descomplica
In March 2021, the Brazilian EdTech institution Descomplica suffered a information breach which was subsequently posted to a fashionable hacking forum. The information included astir 5 cardinal email addresses, names, the archetypal 6 and past 4 digits and the expiry day of recognition cards, acquisition histories and password hashes.
Breach date: 14 March 2021
Date added to HIBP: 28 April 2021
Compromised accounts: 4,845,378
Compromised data: Email addresses, Names, Partial recognition paper data, Passwords, Purchases
Permalink
Devil-Torrents.pl
In aboriginal 2021, the Polish torrents website Devil-Torrents.pl suffered a information breach. A subset of the information including 63k unsocial email addresses and cracked passwords were subsequently socialised connected a fashionable information breach sharing service.
Breach date: 4 January 2021
Date added to HIBP: 1 May 2022
Compromised accounts: 63,451
Compromised data: Email addresses, Passwords
Permalink
devkitPro
In February 2019, the devkitPro forum suffered a information breach. The phpBB based forum had 1,508 unsocial email addresses exposed successful the breach alongside forum posts, backstage messages and passwords stored arsenic anemic salted hashes. The information breach was self-submitted to HIBP by the forum operator.
Breach date: 3 February 2019
Date added to HIBP: 11 February 2019
Compromised accounts: 1,508
Compromised data: Email addresses, Passwords, Private messages
Permalink
diet.com
In August 2014, the fare and nutrition website diet.com suffered a information breach resulting successful the vulnerability of 1.4 cardinal unsocial idiosyncratic records dating backmost arsenic acold arsenic 2004. The information contained email and IP addresses, usernames, plain substance passwords and dietary accusation astir the tract members including eating habits, BMI and commencement date. The tract was antecedently reported arsenic compromised connected the Vigilante.pw breached database directory.
Breach date: 10 August 2014
Date added to HIBP: 13 October 2017
Compromised accounts: 1,383,759
Compromised data: Dates of birth, Eating habits, Email addresses, IP addresses, Names, Passwords, Physical attributes, Usernames
Permalink
Digimon
In September 2016, implicit 16GB of logs from a work indicated to beryllium digimon.co.in were obtained, astir apt from an unprotected Mongo DB instance. The work ceased moving soon afterwards and nary accusation remains astir the precise quality of it. Based connected enquiries made via Twitter, it appears to person been a message work perchance based connected PowerMTA and utilized for delivering spam. The logs contained accusation including 7.7M unsocial email recipients (names and addresses), message server IP addresses, email subjects and tracking accusation including message opens and clicks.
Breach date: 5 September 2016
Date added to HIBP: 28 September 2018
Compromised accounts: 7,687,679
Compromised data: Email addresses, Email messages, IP addresses, Names
Permalink
Disqus
In October 2017, the blog commenting work Disqus announced they'd suffered a information breach. The breach dated backmost to July 2012 but wasn't identified until years aboriginal erstwhile the information yet surfaced. The breach contained implicit 17.5 cardinal unsocial email addresses and usernames. Users who created logins connected Disqus had salted SHA1 hashes of passwords whilst users who logged successful via societal providers lone had references to those accounts.
Breach date: 1 July 2012
Date added to HIBP: 6 October 2017
Compromised accounts: 17,551,044
Compromised data: Email addresses, Passwords, Usernames
Permalink
DivX SubTitles
In astir 2010, the present defunct website DivX SubTitles suffered a information breach that exposed 783k idiosyncratic accounts including email addresses, usernames and plain substance passwords.
Breach date: 1 January 2010
Date added to HIBP: 14 June 2022
Compromised accounts: 783,058
Compromised data: Email addresses, Passwords, Usernames
Permalink
DLH.net
In July 2016, the gaming quality tract DLH.net suffered a information breach which exposed 3.3M subscriber identities. Along with the keys utilized to redeem and activate games connected the Steam platform, the breach besides resulted successful the vulnerability of email addresses, commencement dates and salted MD5 password hashes. The information was donated to Have I Been Pwned by information breach monitoring work Vigilante.pw.
Breach date: 31 July 2016
Date added to HIBP: 7 September 2016
Compromised accounts: 3,264,710
Compromised data: Dates of birth, Email addresses, Names, Passwords, Usernames, Website activity
Permalink
Dodonew.com
In precocious 2011, information was allegedly obtained from the Chinese website known arsenic Dodonew.com and contained 8.7M accounts. Whilst determination is grounds that the information is legitimate, owed to the trouble of emphatically verifying the Chinese breach it has been flagged arsenic "unverified". The information successful the breach contains email addresses and idiosyncratic names. Read much astir Chinese information breaches successful Have I Been Pwned.
Breach date: 1 December 2011
Date added to HIBP: 10 November 2016
Compromised accounts: 8,718,404
Compromised data: Email addresses, Usernames
Permalink
Domino's
In June 2014, Domino's Pizza successful France and Belgium was hacked by a radical going by the sanction "Rex Mundi" and their lawsuit information held to ransom. Domino's refused to wage the ransom and six months later, the attackers released the data on with troves of different hacked accounts. Amongst the lawsuit information was passwords stored with a anemic MD5 hashing algorithm and nary salt.
Breach date: 13 June 2014
Date added to HIBP: 4 January 2015
Compromised accounts: 648,231
Compromised data: Email addresses, Names, Passwords, Phone numbers, Physical addresses
Permalink
Domino's India
In April 2021, 13TB of compromised Domino's India appeared for merchantability connected a hacking forum aft which the institution acknowledged a large information breach they dated backmost to March. The compromised information included 22.5 cardinal unsocial email addresses, names, telephone numbers, bid histories and carnal addresses.
Breach date: 24 March 2021
Date added to HIBP: 3 June 2021
Compromised accounts: 22,527,655
Compromised data: Email addresses, Names, Phone numbers, Physical addresses, Purchases
Permalink
Doomworld
In October 2022, the Doomworld fourm suffered a information breach that exposed 34k subordinate records. The information included email and IP addresses, usernames and bcrypt password hashes.
Breach date: 12 October 2022
Date added to HIBP: 24 October 2022
Compromised accounts: 34,478
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
Doxbin
In January 2022, the "doxing" website designed to disclose the idiosyncratic accusation of targeted individuals ("doxes") Doxbin suffered a information breach. The breach was subsequently leaked online and included implicit 370k unsocial email addresses crossed idiosyncratic accounts and doxes. User accounts besides included usernames, password hashes and browser idiosyncratic agents. The idiosyncratic accusation disclosed successful the doxes was often extended including names, carnal addresses, telephone numbers and more.
Breach date: 5 January 2022
Date added to HIBP: 8 January 2022
Compromised accounts: 370,794
Compromised data: Browser idiosyncratic cause details, Email addresses, Passwords, Usernames
Permalink
DriveSure
In December 2020, the car dealership work supplier DriveSure suffered a information breach. The incidental resulted successful 26GB of information being downloaded and aboriginal shared connected a hacking forum. Impacted idiosyncratic accusation included 3.6 cardinal unsocial email addresses, names, telephone numbers and carnal addresses. Vehicle information was besides exposed and included makes, models, VIN numbers and odometer readings. A tiny fig of passwords stored arsenic bcrypt hashes were besides included successful the information set.
Breach date: 19 December 2020
Date added to HIBP: 10 May 2021
Compromised accounts: 3,675,099
Compromised data: Email addresses, Names, Passwords, Phone numbers, Physical addresses, Vehicle details
Permalink
Drizly
In astir July 2020, the US-based online intoxicant transportation work Drizly suffered a information breach. The information was sold online earlier being extensively redistributed and contained 2.5 cardinal unsocial email addresses alongside names, carnal and IP addresses, telephone numbers, dates of commencement and passwords stored arsenic bcrypt hashes. The information was provided to HIBP by dehashed.com.
Breach date: 2 July 2020
Date added to HIBP: 28 July 2020
Compromised accounts: 2,479,044
Compromised data: Dates of birth, Device information, Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses
Permalink
Dropbox
In mid-2012, Dropbox suffered a information breach which exposed the stored credentials of tens of millions of their customers. In August 2016, they forced password resets for customers they believed whitethorn beryllium astatine risk. A ample measurement of information totalling implicit 68 cardinal records was subsequently traded online and included email addresses and salted hashes of passwords (half of them SHA1, fractional of them bcrypt).
Breach date: 1 July 2012
Date added to HIBP: 31 August 2016
Compromised accounts: 68,648,009
Compromised data: Email addresses, Passwords
Permalink
Dubsmash
In December 2018, the video messaging work Dubsmash suffered a information breach. The incidental exposed 162 cardinal unsocial email addresses alongside usernames and PBKDF2 password hashes. In 2019, the information appeared listed for merchantability connected a acheronian web marketplace (along with respective different ample breaches) and subsequently began circulating much broadly. The information was provided to HIBP by a root who requested it to beryllium attributed to "[email protected]".
Breach date: 1 December 2018
Date added to HIBP: 25 February 2019
Compromised accounts: 161,749,950
Compromised data: Email addresses, Geographic locations, Names, Passwords, Phone numbers, Spoken languages, Usernames
Permalink
Ducks Unlimited
In mid-2021, Risk Based Security reported connected a database sourced from Ducks Unlimited being traded online. The information dated backmost to January 2021 and contained 1.3M unsocial email addresses crossed some a rank database and a database of website users. Impacted information included names, phones numbers, carnal addresses, dates of commencement and passwords stored arsenic unsalted MD5 hashes.
Breach date: 29 January 2021
Date added to HIBP: 16 November 2021
Compromised accounts: 1,324,364
Compromised data: Dates of birth, Email addresses, Names, Passwords, Phone numbers, Physical addresses
Permalink
Dueling Network
In March 2017, the Flash crippled based connected the Yu-Gi-Oh trading paper crippled Dueling Network suffered a information breach. The tract itself was taken offline successful 2016 owed to a cease-and-desist bid but the forum remained online for different year. The information breach exposed usernames, IP and email addresses and passwords stored arsenic MD5 hashes. The information was provided to HIBP by a root who requested it beryllium attributed to "burger vault".
Breach date: 29 March 2017
Date added to HIBP: 30 March 2020
Compromised accounts: 6,486,626
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
Dungeons & Dragons Online
In April 2013, the interactive video crippled Dungeons & Dragons Online suffered a information breach that exposed astir 1.6M players' accounts. The information was being actively traded connected underground forums and included email addresses, commencement dates and password hashes.
Breach date: 2 April 2013
Date added to HIBP: 12 March 2016
Compromised accounts: 1,580,933
Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames, Website activity
Permalink
Dunzo
In astir June 2019, the Indian transportation work Dunzo suffered a information breach. Exposing 3.5 cardinal unsocial email addresses, the Dunzo breach besides included names, telephone numbers and IP addresses which were each broadly distributed online via a hacking forum. The information was provided to HIBP by dehashed.com.
Breach date: 19 June 2020
Date added to HIBP: 29 July 2020
Compromised accounts: 3,465,259
Compromised data: Device information, Email addresses, Geographic locations, IP addresses, Names, Phone numbers
Permalink
Duowan.com
In astir 2011, information was allegedly obtained from the Chinese gaming website known arsenic Duowan.com and contained 2.6M accounts. Whilst determination is grounds that the information is legitimate, owed to the trouble of emphatically verifying the Chinese breach it has been flagged arsenic "unverified". The information successful the breach contains email addresses, idiosyncratic names and plain substance passwords. Read much astir Chinese information breaches successful Have I Been Pwned.
Breach date: 1 January 2011
Date added to HIBP: 7 November 2016
Compromised accounts: 2,639,894
Compromised data: Email addresses, Passwords, Usernames
Permalink
dvd-shop.ch
In December 2017, the online Swiss DVD store known arsenic dvd-shop.ch suffered a information breach. The incidental led to the vulnerability of 68k email addresses and plain substance passwords. The tract has since been updated to bespeak that it is presently closed.
Breach date: 5 December 2017
Date added to HIBP: 10 December 2017
Compromised accounts: 67,973
Compromised data: Email addresses, Passwords
Permalink
Eatigo
In October 2018, the edifice preservation work Eatigo suffered a information breach that exposed 2.8 cardinal accounts. The information included email addresses, names, telephone numbers, societal media profiles, genders and passwords stored arsenic unsalted MD5 hashes.
Breach date: 16 October 2018
Date added to HIBP: 25 August 2021
Compromised accounts: 2,789,609
Compromised data: Email addresses, Genders, Names, Passwords, Phone numbers, Social media profiles
Permalink
EatStreet
In May 2019, the online nutrient ordering work EatStreet suffered a information breach affecting 6.4 cardinal customers. An extended magnitude of idiosyncratic information was obtained including names, telephone numbers, addresses, partial recognition paper information and passwords stored arsenic bcrypt hashes. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".
Breach date: 3 May 2019
Date added to HIBP: 19 July 2019
Compromised accounts: 6,353,564
Compromised data: Dates of birth, Email addresses, Genders, Names, Partial recognition paper data, Passwords, Phone numbers, Physical addresses, Social media profiles
Permalink
Edmodo
In May 2017, the acquisition level Edmodo was hacked resulting successful the vulnerability of 77 cardinal records comprised of implicit 43 cardinal unsocial lawsuit email addresses. The information was consequently published to a fashionable hacking forum and made freely available. The records successful the breach included usernames, email addresses and bcrypt hashes of passwords.
Breach date: 11 May 2017
Date added to HIBP: 1 June 2017
Compromised accounts: 43,423,561
Compromised data: Email addresses, Passwords, Usernames
Permalink
Elance
Sometime successful 2009, staffing level Elance suffered a information breach that impacted 1.3 cardinal accounts. Appearing online 8 years later, the information contained usernames, email addresses, telephone numbers and SHA1 hashes of passwords, amongst different idiosyncratic data.
Breach date: 1 January 2009
Date added to HIBP: 18 February 2017
Compromised accounts: 1,291,178
Compromised data: Email addresses, Employers, Geographic locations, Passwords, Phone numbers, Usernames
Permalink
Elanic
In January 2020, the Indian manner marketplace Elanic had 2.8M records with 2.3M unsocial email addresses posted publically to a fashionable hacking forum. Elanic confirmed that they had "verified the information and it was pulled from 1 of our trial servers wherever this information was exposed publicly" and that the information was "old" (the hacking forum reported it arsenic being from 2016-2018). When asked astir disclosure to impacted customers, Elanic advised that they had "decided to not person arsenic specified immoderate connection and nationalist disclosure".
Breach date: 1 January 2018
Date added to HIBP: 4 May 2020
Compromised accounts: 2,325,283
Compromised data: Email addresses, Geographic locations, Usernames
Permalink
Elasticsearch Instance of Sales Leads connected AWS
In October 2018, security researcher Bob Diachenko identified aggregate exposed databases with hundreds of millions of records. One of those datasets was an Elasticsearch lawsuit connected AWS containing income pb information and 5.8M unsocial email addresses. The information contained accusation relating to individuals and the companies they worked for including their names, email addresses and institution sanction and interaction information. Despite champion efforts, it was not imaginable to place the proprietor of the information hence this breach arsenic been titled "Elasticsearch Sales Leads".
Breach date: 29 October 2018
Date added to HIBP: 17 November 2018
Compromised accounts: 5,788,169
Compromised data: Email addresses, Employers, Names, Physical addresses
Permalink
Emuparadise
In April 2018, the self-proclaimed "biggest retro gaming website connected earth", Emuparadise, suffered a information breach. The compromised vBulletin forum exposed 1.1 cardinal email addresses, IP address, usernames and passwords stored arsenic salted MD5 hashes. The information was provided to HIBP by dehashed.com.
Breach date: 1 April 2018
Date added to HIBP: 9 June 2019
Compromised accounts: 1,131,229
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
E-Pal
In October 2022, the work dedicated to uncovering friends connected Discord known arsenic E-Pal disclosed a information breach. The compromised information included implicit 100k unsocial email addresses and usernames spanning astir 1M orders. The information was subsequently distributed via a fashionable hacking forum.
Breach date: 15 April 2022
Date added to HIBP: 24 October 2022
Compromised accounts: 108,887
Compromised data: Email addresses, Purchases, Usernames
Permalink
Epic Games
In August 2016, the Epic Games forum suffered a information breach, allegedly owed to a SQL injection vulnerability successful vBulletin. The onslaught resulted successful the vulnerability of 252k accounts including usernames, email addresses and salted MD5 hashes of passwords.
Breach date: 11 August 2016
Date added to HIBP: 7 November 2016
Compromised accounts: 251,661
Compromised data: Email addresses, Passwords, Usernames
Permalink
EpicBot
In September 2019, the RuneScape bot supplier EpicBot suffered a information breach that impacted 817k subscribers. Data from the breach was subsequently shared connected a fashionable hacking forum and included usernames, email and IP addresses and passwords stored arsenic either salted MD5 oregon bcrypt hashes. EpicBot did not respond erstwhile contacted astir the incident.
Breach date: 1 September 2019
Date added to HIBP: 19 November 2019
Compromised accounts: 816,662
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
EpicNPC
In January 2016, the hacked relationship reseller EpicNPC suffered a information breach that impacted 409k subscribers. The impacted information included usernames, IP and email addresses and passwords stored arsenic salted MD5 hashes. The information was provided to HIBP by dehashed.com.
Breach date: 2 January 2016
Date added to HIBP: 27 July 2019
Compromised accounts: 408,795
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
Epik
In September 2021, the domain registrar and web big Epik suffered a important information breach, allegedly successful retaliation for hosting alt-right websites. The breach exposed a immense measurement of information not conscionable of Epik customers, but besides scraped WHOIS records belonging to individuals and organisations who were not Epik customers. The information included implicit 15 cardinal unsocial email addresses (including anonymised versions for domain privacy), names, telephone numbers, carnal addresses, purchases and passwords stored successful assorted formats.
Breach date: 13 September 2021
Date added to HIBP: 19 September 2021
Compromised accounts: 15,003,961
Compromised data: Email addresses, Names, Phone numbers, Physical addresses, Purchases
Permalink
Eroticy
In mid-2016, it's alleged that the big website known arsenic Eroticy was hacked. Almost 1.4 cardinal unsocial accounts were recovered circulating successful precocious 2016 which contained a raft of idiosyncratic accusation ranging from email addresses to telephone numbers to plain substance passwords. Whilst galore HIBP subscribers confirmed their information was legitimate, the existent root of the breach remains inconclusive. A elaborate relationship of the information has been published successful the anticipation of identifying the root of the breach.
Breach date: 1 June 2015
Date added to HIBP: 10 January 2017
Compromised accounts: 1,370,175
Compromised data: Email addresses, IP addresses, Names, Passwords, Payment histories, Phone numbers, Physical addresses, Usernames, Website activity
Permalink
Eskimi
In precocious 2020, the AdTech level Eskimi suffered a information breach that exposed 26M records with 1.2M unsocial email addresses. The information included usernames, dates of birth, genders and passwords stored arsenic unsalted MD5 hashes.
Breach date: 25 September 2020
Date added to HIBP: 16 July 2022
Compromised accounts: 1,197,620
Compromised data: Dates of birth, Email addresses, Genders, Geographic locations, Passwords, Usernames
Permalink
Estonian Citizens (via Estonian Cybercrime Bureau)
In June 2018, the Cybercrime Bureau of the Estonian Central Criminal Police contacted HIBP and asked for assistance successful making a information acceptable of 655k email addresses searchable. The Estonian constabulary suspected the email addresses and passwords they obtained were being utilized to entree mailboxes, cryptocurrency exchanges, unreality work accounts and different akin online assets. They've requested that individuals who find themselves successful the information acceptable and besides place that cryptocurrency has been stolen interaction them astatine [email protected].
Breach date: 7 June 2018
Date added to HIBP: 11 June 2018
Compromised accounts: 655,161
Compromised data: Email addresses, Passwords
Permalink
eThekwini Municipality
In September 2016, the caller eThekwini eServices website successful South Africa was launched with a fig of information holes that pb to the leak of implicit 98k residents' idiosyncratic accusation and inferior bills crossed 82k unsocial email addresses. Emails were sent anterior to motorboat containing passwords successful plain substance and the tract allowed anyone to download inferior bills without capable authentication. Various methods of lawsuit information enumeration was imaginable and phishing attacks began appearing the time aft launch.
Breach date: 7 September 2016
Date added to HIBP: 15 September 2016
Compromised accounts: 81,830
Compromised data: Dates of birth, Deceased date, Email addresses, Genders, Government issued IDs, Names, Passport numbers, Passwords, Phone numbers, Physical addresses, Utility bills
Permalink
Ethereum
In December 2016, the forum for the nationalist blockchain-based distributed computing level Ethereum suffered a information breach. The database contained implicit 16k unsocial email addresses on with IP addresses, backstage forum messages and (mostly) bcrypt hashed passwords. Ethereum elected to self-submit the information to HIBP, providing the work with a database of email addresses impacted by the incident.
Breach date: 16 December 2016
Date added to HIBP: 20 December 2016
Compromised accounts: 16,431
Compromised data: Email addresses, IP addresses, Passwords, Private messages, Usernames, Website activity
Permalink
europa.jobs
In August 2019, the present defunct European jobs website europa.jobs (Google cache link) suffered a information breach. The incidental exposed 226k unsocial email addresses alongside extended idiosyncratic accusation including names, dates of birth, occupation applications and passwords. The information was subsequently redistributed connected a fashionable hacking forum.
Breach date: 11 August 2019
Date added to HIBP: 15 January 2020
Compromised accounts: 226,095
Compromised data: Dates of birth, Email addresses, Geographic locations, Job applications, Names, Passwords, Phone numbers, Spoken languages
Permalink
Evermotion
In May 2015, the Polish 3D modelling website known arsenic Evermotion suffered a information breach resulting successful the vulnerability of 435k unsocial idiosyncratic records. The information was sourced from a vBulletin forum and contained email addresses, usernames, dates of commencement and salted MD5 hashes of passwords. The tract was antecedently reported arsenic compromised connected the Vigilante.pw breached database directory.
Breach date: 7 May 2015
Date added to HIBP: 2 July 2017
Compromised accounts: 435,510
Compromised data: Dates of birth, Email addresses, Passwords, Usernames
Permalink
Everybody Edits
In March 2019, the multiplayer level crippled Everybody Edits suffered a information breach. The incidental exposed 871k unsocial email addresses alongside usernames and IP addresses. The information was subsequently distributed online crossed a postulation of files.
Breach date: 23 March 2019
Date added to HIBP: 3 April 2019
Compromised accounts: 871,190
Compromised data: Email addresses, IP addresses, Usernames
Permalink
Evite
In April 2019, the societal readying website for managing online invitations Evite identified a information breach of their systems. Upon investigation, they recovered unauthorised entree to a database archive dating backmost to 2013. The exposed information included a full of 101 cardinal unsocial email addresses, astir belonging to recipients of invitations. Members of the work besides had names, telephone numbers, carnal addresses, dates of birth, genders and passwords stored successful plain substance exposed. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".
Breach date: 11 August 2013
Date added to HIBP: 14 July 2019
Compromised accounts: 100,985,047
Compromised data: Dates of birth, Email addresses, Genders, Names, Passwords, Phone numbers, Physical addresses
Permalink
Evony
In June 2016, the online multiplayer crippled Evony was hacked and implicit 29 cardinal unsocial accounts were exposed. The onslaught led to the vulnerability of usernames, email and IP addresses and MD5 hashes of passwords (without salt).
Breach date: 1 June 2016
Date added to HIBP: 25 March 2017
Compromised accounts: 29,396,116
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
Exactis
In June 2018, the selling steadfast Exactis inadvertently publically leaked 340 cardinal records of idiosyncratic data. Security researcher Vinny Troia of Night Lion Security discovered the leak contained aggregate terabytes of idiosyncratic accusation dispersed crossed hundreds of abstracted fields including addresses, telephone numbers, household structures and extended profiling data. The information was collected arsenic portion of Exactis' work arsenic a "compiler and aggregator of premium concern & user data" which they past merchantability for profiling and selling purposes. A tiny subset of the exposed fields were provided to Have I Been Pwned and contained 132 cardinal unsocial email addresses.
Breach date: 1 June 2018
Date added to HIBP: 25 July 2018
Compromised accounts: 131,577,763
Compromised data: Credit presumption information, Dates of birth, Education levels, Email addresses, Ethnicities, Family structure, Financial investments, Genders, Home ownership statuses, Income levels, IP addresses, Marital statuses, Names, Net worths, Occupations, Personal interests, Phone numbers, Physical addresses, Religions, Spoken languages
Permalink
Experian (2015)
In September 2015, the US based recognition bureau and user information broker Experian suffered a information breach that impacted 15 cardinal customers who had applied for financing from T-Mobile. An alleged information breach was subsequently circulated containing idiosyncratic accusation including names, carnal and email addresses, commencement dates and assorted different idiosyncratic attributes. Multiple Have I Been Pwned subscribers verified portions of the information arsenic being accurate, but the existent root of it was inconclusive therefor this breach has been flagged arsenic "unverified".
Breach date: 16 September 2015
Date added to HIBP: 6 September 2016
Compromised accounts: 7,196,890
Compromised data: Credit presumption information, Dates of birth, Email addresses, Ethnicities, Family structure, Genders, Home ownership statuses, Income levels, IP addresses, Names, Phone numbers, Physical addresses, Purchasing habits
Permalink
Experian (South Africa)
In August 2020, Experian South Africa suffered a information breach which exposed the idiosyncratic accusation of tens of millions of individuals. Only 1.3M of the records contained email addresses, whilst astir contained authorities issued individuality numbers, names, addresses, occupations and employers, amongst different idiosyncratic information.
Breach date: 19 August 2020
Date added to HIBP: 1 September 2020
Compromised accounts: 1,284,637
Compromised data: Email addresses, Employers, Government issued IDs, Names, Occupations, Phone numbers
Permalink
Exploit.In
In precocious 2016, a immense database of email code and password pairs appeared successful a "combo list" referred to arsenic "Exploit.In". The database contained 593 cardinal unsocial email addresses, galore with aggregate antithetic passwords hacked from assorted online systems. The database was broadly circulated and utilized for "credential stuffing", that is attackers employment it successful an effort to place different online systems wherever the relationship proprietor had reused their password. For elaborate inheritance connected this incident, work Password reuse, credential stuffing and different cardinal records successful Have I Been Pwned.
Breach date: 13 October 2016
Date added to HIBP: 6 May 2017
Compromised accounts: 593,427,119
Compromised data: Email addresses, Passwords
Permalink
Exposed VINs
In June 2017, an unsecured database with much than 10 cardinal VINs (vehicle recognition numbers) was discovered by researchers. Believed to beryllium sourced from US car dealerships, the information included a raft of idiosyncratic accusation and conveyance information on with 397k unsocial email addresses.
Breach date: 5 June 2017
Date added to HIBP: 9 June 2017
Compromised accounts: 396,650
Compromised data: Dates of birth, Email addresses, Family structure, Genders, Names, Phone numbers, Physical addresses, Vehicle details
Permalink
EyeEm
In February 2018, photography website EyeEm suffered a information breach. The breach was identified among a postulation of different ample incidents and exposed astir 20M unsocial email addresses, names, usernames, bios and password hashes. The information was provided to HIBP by a root who asked for it to beryllium attributed to "Kuroi'sh oregon Gabriel Kimiaie-Asadi Bildstein".
Breach date: 28 February 2018
Date added to HIBP: 16 February 2019
Compromised accounts: 19,611,022
Compromised data: Bios, Email addresses, Names, Passwords, Usernames
Permalink
In April 2021, a ample information acceptable of implicit 500 cardinal Facebook users was made freely disposable for download. Encompassing astir 20% of Facebook's subscribers, the information was allegedly obtained by exploiting a vulnerability Facebook advises they rectified successful August 2019. The superior worth of the information is the relation of telephone numbers to identities; whilst each grounds included phone, lone 2.5 cardinal contained an email address. Most records contained names and genders with galore besides including dates of birth, location, narration presumption and employer.
Breach date: 1 August 2019
Date added to HIBP: 4 April 2021
Compromised accounts: 509,458,528
Compromised data: Dates of birth, Email addresses, Employers, Genders, Geographic locations, Names, Phone numbers, Relationship statuses
Permalink
Facepunch
In June 2016, the crippled improvement workplace Facepunch suffered a information breach that exposed 343k users. The breached information included usernames, email and IP addresses, dates of commencement and salted MD5 password hashes. Facepunch advised they were alert of the incidental and had notified radical astatine the time. The information was provided to HIBP by whitehat information researcher and information expert Adam Davies.
Breach date: 3 June 2016
Date added to HIBP: 17 October 2018
Compromised accounts: 342,913
Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames
Permalink
FaceUP
In 2013, the Danish societal media tract FaceUP suffered a information breach. The incidental exposed 87k unsocial email addresses alongside genders, dates of birth, names, telephone numbers and passwords stored arsenic unsalted MD5 hashes. When notified of the incident, FaceUP advised they had identified a SQL injection vulnerability astatine the clip and forced password resets connected impacted customers.
Breach date: 1 January 2013
Date added to HIBP: 13 January 2019
Compromised accounts: 87,633
Compromised data: Dates of birth, Email addresses, Genders, Names, Passwords, Phone numbers, Usernames
Permalink
Factual
In March 2017, a record containing 8M rows of information allegedly sourced from information aggregator Factual was compiled and aboriginal exchanged connected the premise it was a "breach". The information contained 2.5M unsocial email addresses alongside concern names, addresses and telephone numbers. After consultation with Factual, they advised the information was "publicly disposable accusation astir businesses and different points of involvement that Factual makes disposable connected its website and to customers".
Breach date: 22 March 2017
Date added to HIBP: 24 December 2019
Compromised accounts: 2,461,696
Compromised data: Email addresses, Employers, Phone numbers, Physical addresses
Permalink
Famm
In precocious 2020, the Japanese household photos website Famm suffered a information breach that subsequently exposed 1.3M lawsuit records, including 535k unsocial email addresses. Impacted information besides included names, dates of birth, genders and passwords stored arsenic SHA-256 hashes.
Breach date: 8 October 2020
Date added to HIBP: 16 July 2022
Compromised accounts: 535,240
Compromised data: Dates of birth, Email addresses, Genders, Names, Passwords
Permalink
Fanpass
In April 2022, the UK based website for buying and selling shot tickets Fanpass suffered a information breach which exposed 112k lawsuit records. Impacted information includes names, telephone numbers, carnal addresses, acquisition histories and salted password hashes. The information was provided to HIBP by a root who requested it beryllium attributed to "breaches.net".
Breach date: 30 April 2022
Date added to HIBP: 24 May 2022
Compromised accounts: 112,251
Compromised data: Email addresses, Genders, Names, Partial dates of birth, Passwords, Phone numbers, Physical addresses, Purchases, Social media profiles
Permalink
Fantasy Football Hub
In October 2021, the phantasy premier league (soccer) website Fantasy Football Hub suffered a information breach that exposed 66 1000 unsocial email addresses. The information included names, usernames, IP addresses, transactions and passwords stored arsenic WordPress MD5 hashes.
Breach date: 2 October 2021
Date added to HIBP: 7 October 2021
Compromised accounts: 66,479
Compromised data: Email addresses, IP addresses, Names, Passwords, Purchases, Usernames
Permalink
Fashion Nexus
In July 2018, UK-based ecommerce institution Fashion Nexus suffered a information breach which exposed 1.4 cardinal records. Multiple websites developed by sister institution White Room Solutions were impacted successful the breach amongst which were sites including Jaded London and AX Paris. The assorted sites exposed successful the incidental included a scope of antithetic information types including names, telephone numbers, addresses and passwords stored arsenic a premix of salted MD5 and SHA-1 arsenic good arsenic unsalted MD5 passwords. When asked by newsman Graham Cluley if a nationalist connection connected the incidental was available, a one-word effect of "No" was received.
Breach date: 9 July 2018
Date added to HIBP: 31 July 2018
Compromised accounts: 1,279,263
Compromised data: Browser idiosyncratic cause details, Dates of birth, Email addresses, Genders, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Purchases
Permalink
FashionFantasyGame
In precocious 2016, the manner gaming website Fashion Fantasy Game suffered a information breach. The incidental exposed 2.3 cardinal unsocial idiosyncratic accounts and corresponding MD5 password hashes with nary salt. The information was contributed to Have I Been Pwned courtesy of [email protected]
Breach date: 1 December 2016
Date added to HIBP: 20 April 2017
Compromised accounts: 2,357,872
Compromised data: Email addresses, Passwords
Permalink
Filmai.in
In astir 2019 oregon 2020, the Lithuanian movie streaming work Filmai.in suffered a information breach exposing 645k email addresses, usernames and plain substance passwords.
Breach date: 1 January 2020
Date added to HIBP: 23 February 2021
Compromised accounts: 645,786
Compromised data: Email addresses, Passwords, Usernames
Permalink
Final Fantasy Shrine
In September 2015, the Final Fantasy treatment forum known arsenic FFShrine was breached and the information dumped publicly. Approximately 620k records were released containing email addresses, IP addresses and salted hashes of passwords.
Breach date: 18 September 2015
Date added to HIBP: 31 October 2015
Compromised accounts: 620,677
Compromised data: Email addresses, Passwords, Usernames, Website activity
Permalink
Flash Flash Revolution (2016 breach)
In February 2016, the music-based bushed crippled known arsenic Flash Flash Revolution was hacked and 1.8M accounts were exposed. Along with email and IP addresses, the vBulletin forum besides exposed salted MD5 password hashes.
Breach date: 1 February 2016
Date added to HIBP: 6 September 2016
Compromised accounts: 1,771,845
Compromised data: Email addresses, Passwords, Usernames
Permalink
Flash Flash Revolution (2019 breach)
In July 2019, the music-based bushed crippled Flash Flash Revolution suffered a information breach. The 2019 breach imapcted astir 1.9 cardinal members and is in summation to the 2016 information breach of the aforesaid service. Email and IP addesses, usernames, dates of commencement and salted MD5 hashes were each exposed successful the breach. The information was provided with enactment from dehashed.com.
Breach date: 16 July 2019
Date added to HIBP: 21 July 2019
Compromised accounts: 1,858,124
Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames
Permalink
FlexBooker
In December 2021, the online booking work FlexBooker suffered a information breach that exposed 3.7 cardinal accounts. The information included email addresses, names, telephone numbers and for a tiny fig of accounts, password hashes and partial recognition paper data. FlexBooker has identified the breach arsenic originating from a compromised relationship wrong their AWS infrastructure. The information was recovered being actively traded connected a fashionable hacking forum and was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".
Breach date: 23 December 2021
Date added to HIBP: 6 January 2022
Compromised accounts: 3,756,794
Compromised data: Email addresses, Names, Partial recognition paper data, Passwords, Phone numbers
Permalink
Fling
In 2011, the self-proclaimed "World's Best Adult Social Network" website known arsenic Fling was hacked and much than 40 cardinal accounts obtained by the attacker. The breached information included highly delicate idiosyncratic attributes specified arsenic intersexual predisposition and intersexual interests arsenic good arsenic email addresses and passwords stored successful plain text.
Breach date: 10 March 2011
Date added to HIBP: 28 May 2016
Compromised accounts: 40,767,652
Compromised data: Dates of birth, Email addresses, Genders, Geographic locations, IP addresses, Passwords, Phone numbers, Sexual fetishes, Sexual orientations, Usernames, Website activity
Permalink
Florida Virtual School
In March 2018, the Florida Virtual School (FLVS) posted a information breach notification to their website. The schoolhouse had identified a information breach which had occurred sometime betwixt 6 May 2016 and 12 Feb 2018 and an XML record containing 368k pupil records was subsequently recovered circulating. Each grounds contained pupil name, day of birth, password, grade, email and genitor email resulting successful a full of 543k unsocial email addresses. Due to the prevalence of email addresses belonging to individuals who are inactive legally children, the information breach has been flagged arsenic "sensitive".
Breach date: 12 February 2018
Date added to HIBP: 18 March 2018
Compromised accounts: 542,902
Compromised data: Dates of birth, Email addresses, Names, Passwords, School grades (class levels), Usernames
Permalink
Foodora
In April 2016, the online nutrient transportation work Foodora suffered a information breach which was past extensively redistributed online. The breach included the idiosyncratic accusation of hundreds of thousands of customers from aggregate countries including their names, transportation addresses, telephone numbers and passwords stored arsenic either a salted MD5 oregon a bcrypt hash.
Breach date: 22 April 2016
Date added to HIBP: 16 June 2020
Compromised accounts: 582,578
Compromised data: Email addresses, Names, Passwords, Phone numbers, Physical addresses
Permalink
Forbes
In February 2014, the Forbes website succumbed to an onslaught that leaked implicit 1 cardinal idiosyncratic accounts. The onslaught was attributed to the Syrian Electronic Army, allegedly arsenic retribution for a perceived "Hate of Syria". The onslaught not lone leaked idiosyncratic credentials, but besides resulted successful the posting of fake quality stories to forbes.com.
Breach date: 15 February 2014
Date added to HIBP: 15 February 2014
Compromised accounts: 1,057,819
Compromised data: Email addresses, Passwords, User website URLs, Usernames
Permalink
ForumCommunity
In astir mid-2016, the Italian-based work for creating forums known arsenic ForumCommunity suffered a information breach. The incidental impacted implicit 776k unsocial email addresses on with usernames and unsalted MD5 password hashes. No effect was received from ForumCommunity erstwhile contacted.
Breach date: 1 June 2016
Date added to HIBP: 5 December 2018
Compromised accounts: 776,648
Compromised data: Email addresses, Passwords, Usernames
Permalink
Fotolog
In December 2018, the photograph sharing societal web Fotolog suffered a information breach that exposed 16.7 cardinal unsocial email addresses. The information besides included usernames and unsalted SHA-256 password hashes. The tract was dissolved the pursuing twelvemonth and repurposed arsenic a quality website based successful Brcko, Bosnia and Herzegovina.
Breach date: 1 December 2018
Date added to HIBP: 15 June 2021
Compromised accounts: 16,717,854
Compromised data: Email addresses, Passwords, Usernames
Permalink
Foxy Bingo
In April 2007, the online gambling tract Foxy Bingo was hacked and 252,000 accounts were obtained by the hackers. The breached records were subsequently sold and traded and included idiosyncratic accusation information specified arsenic plain substance passwords, commencement dates and location addresses.
Breach date: 4 April 2008
Date added to HIBP: 22 November 2015
Compromised accounts: 252,216
Compromised data: Account balances, Browser idiosyncratic cause details, Dates of birth, Email addresses, Genders, Names, Passwords, Phone numbers, Physical addresses, Usernames, Website activity
Permalink
Freedom Hosting II
In January 2017, the escaped hidden work big Freedom Hosting II suffered a information breach. The onslaught allegedly took down 20% of acheronian web sites moving down Tor hidden services with the attacker claiming that of the 10,613 impacted sites, much than 50% of the contented was kid pornography. The hack led to the vulnerability of MySQL databases for the sites which included a immense magnitude of accusation connected the hidden services Freedom Hosting II was managing. The impacted information classes acold exceeds those listed for the breach and disagree betwixt the thousands of impacted sites.
Breach date: 31 January 2017
Date added to HIBP: 5 February 2017
Compromised accounts: 380,830
Compromised data: Email addresses, Passwords, Usernames
Permalink
FreshMenu
In July 2016, the India-based nutrient transportation work FreshMenu suffered a information breach. The incidental exposed the idiosyncratic information of implicit 110k customers and included their names, email addresses, telephone numbers, location addresses and bid histories. When advised of the incident, FreshMenu acknowledged being already alert of the breach but stated they had decided not to notify impacted customers.
Breach date: 1 July 2016
Date added to HIBP: 10 September 2018
Compromised accounts: 110,355
Compromised data: Device information, Email addresses, Names, Phone numbers, Physical addresses, Purchases
Permalink
Fridae
In May 2014, implicit 25,000 idiosyncratic accounts were breached from the Asian lesbian, gay, bisexual and transgender website known arsenic "Fridae". The onslaught which was announced connected Twitter appears to person been orchestrated by Deletesec who assertion that "Digital weapons shall annihilate each secrecy wrong governments and corporations". The exposed information included password stored successful plain text.
Breach date: 2 May 2014
Date added to HIBP: 6 May 2014
Compromised accounts: 35,368
Compromised data: Email addresses, Passwords, Usernames, Website activity
Permalink
Funimation
In July 2016, the anime tract Funimation suffered a information breach that impacted 2.5 cardinal accounts. The information contained usernames, email addresses, dates of commencement and salted SHA1 hashes of passwords.
Breach date: 1 July 2016
Date added to HIBP: 20 February 2017
Compromised accounts: 2,491,103
Compromised data: Dates of birth, Email addresses, Passwords, Usernames
Permalink
Funny Games
In April 2018, the online amusement tract Funny Games suffered a information breach that disclosed 764k records including usernames, email and IP addresses and salted MD5 password hashes. The incidental was disclosed to Funny Games successful July who acknowledged the breach and identified it had been caused by bequest codification nary longer successful use. The grounds number successful the breach represent astir fractional of the idiosyncratic base.
Breach date: 28 April 2018
Date added to HIBP: 24 July 2018
Compromised accounts: 764,357
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
Fur Affinity
In May 2016, the Fur Affinity website for radical with an involvement successful anthropomorphic carnal characters (also known arsenic "furries") was hacked. The onslaught exposed 1.2M email addresses (many accounts had a antithetic "first" and "last" email against them) and hashed passwords.
Breach date: 17 May 2016
Date added to HIBP: 27 May 2016
Compromised accounts: 1,270,564
Compromised data: Email addresses, Passwords, Usernames
Permalink
Gaadi
In May 2015, the Indian motoring website known arsenic Gaadi had 4.3 cardinal records exposed successful a information breach. The information contained usernames, email and IP addresses, genders, the metropolis of users arsenic good arsenic passwords stored successful some plain substance and arsenic MD5 hashes. The tract was antecedently reported arsenic compromised connected the Vigilante.pw breached database directory.
Breach date: 14 May 2015
Date added to HIBP: 1 July 2018
Compromised accounts: 4,261,179
Compromised data: Email addresses, Genders, Geographic locations, IP addresses, Names, Passwords, Phone numbers, Usernames
Permalink
Gab
In February 2021, the alt-tech societal web work Gab suffered a information breach. The incidental exposed astir 70GB of information including 4M idiosyncratic accounts, a tiny fig of backstage chat logs and a database of nationalist groups and nationalist posts made to the service. Only a tiny fig of accounts included email addresses and / oregon passwords stored arsenic bcrypt hashes with a full of 66.5k unsocial email addresses being exposed crossed the corpus of data.
Breach date: 26 February 2021
Date added to HIBP: 3 March 2021
Compromised accounts: 66,521
Compromised data: Avatars, Email addresses, Names, Passwords, Private messages, Usernames
Permalink
Gamerzplanet
In astir October 2015, the online gaming forum known arsenic Gamerzplanet was hacked and much than 1.2M accounts were exposed. The vBulletin forum included IP addresses and passwords stored arsenic salted hashes utilizing a anemic implementation enabling galore to beryllium rapidly cracked.
Breach date: 23 October 2015
Date added to HIBP: 5 February 2016
Compromised accounts: 1,217,166
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
GameSalad
In February 2019, the acquisition and crippled instauration website Game Salad suffered a information breach. The incidental impacted 1.5M accounts and exposed email addresses, usernames, IP addresses and passwords stored arsenic SHA-256 hashes. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".
Breach date: 24 February 2019
Date added to HIBP: 21 July 2019
Compromised accounts: 1,506,242
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
GameTuts
Likely successful aboriginal 2015, the video crippled website GameTuts suffered a information breach and implicit 2 cardinal idiosyncratic accounts were exposed. The tract aboriginal shut down successful July 2016 but was identified arsenic having been hosted connected a vBulletin forum. The exposed information included usernames, email and IP addresses and salted MD5 hashes.
Breach date: 1 March 2015
Date added to HIBP: 23 September 2016
Compromised accounts: 2,064,274
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
Gamigo
In March 2012, the German online crippled steadfast Gamigo was hacked and much than 8 cardinal accounts publically leaked. The breach included email addresses and passwords stored arsenic anemic MD5 hashes with nary salt.
Breach date: 1 March 2012
Date added to HIBP: 18 January 2016
Compromised accounts: 8,243,604
Compromised data: Email addresses, Passwords
Permalink
GateHub
In October 2019, 1.4M accounts from the cryptocurrency wallet work GateHub were posted to a fashionable hacking forum. GateHub had previously acknowledged a information breach successful June, albeit with a smaller fig of impacted accounts. Data from the breach included email addresses, mnemonic phrases, encrypted maestro keys, encrypted betterment keys and passwords stored arsenic bcrypt hashes.
Breach date: 4 June 2019
Date added to HIBP: 20 November 2019
Compromised accounts: 1,408,078
Compromised data: Email addresses, Encrypted keys, Mnemonic phrases, Passwords
Permalink
Gawker
In December 2010, Gawker was attacked by the hacker corporate "Gnosis" successful retaliation for what was reported to beryllium a feud betwixt Gawker and 4Chan. Information astir Gawkers 1.3M users was published on with the information from Gawker's different web presences including Gizmodo and Lifehacker. Due to the prevalence of password reuse, galore victims of the breach then had their Twitter accounts compromised to nonstop Acai berry spam.
Breach date: 11 December 2010
Date added to HIBP: 4 December 2013
Compromised accounts: 1,247,574
Compromised data: Email addresses, Passwords, Usernames
Permalink
Ge.tt
In May 2017, the record sharing level Ge.tt suffered a information breach. The information was subsequently enactment up for merchantability connected a acheronian web marketplace successful February 2019 alongside a raft of different breaches. The Ge.tt breach included names, societal media illustration identifiers, SHA256 password hashes and astir 2.5M unsocial email addresses. The information was provided to HIBP by a root who requested it beryllium attributed to BreachDirectory.
Breach date: 4 May 2017
Date added to HIBP: 16 February 2021
Compromised accounts: 2,481,121
Compromised data: Email addresses, Names, Passwords, Social media profiles
Permalink
GeekedIn
In August 2016, the exertion recruitment tract GeekedIn near a MongoDB database exposed and implicit 8M records were extracted by an chartless 3rd party. The breached information was primitively scraped from GitHub successful usurpation of their presumption of usage and contained accusation exposed successful nationalist profiles, including implicit 1 cardinal members' email addresses. Full details connected the incidental (including however impacted members tin spot their leaked data) are covered successful the blog station connected 8 cardinal GitHub profiles were leaked from GeekedIn's MongoDB - here's however to spot yours.
Breach date: 15 August 2016
Date added to HIBP: 17 November 2016
Compromised accounts: 1,073,164
Compromised data: Email addresses, Geographic locations, Names, Professional skills, Usernames, Years of nonrecreational experience
Permalink
GeniusU
In November 2020, a postulation of information breaches were made nationalist including the "Entrepreneur Success Platform", GeniusU. Dating backmost to the erstwhile month, the information included 1.3M names, email and IP addresses, genders, links to societal media profiles and passwords stored arsenic bcrypt hashes. The information was provided to HIBP by dehashed.com.
Breach date: 2 October 2020
Date added to HIBP: 8 January 2021
Compromised accounts: 1,301,460
Compromised data: Email addresses, Genders, IP addresses, Names, Passwords, Social media profiles
Permalink
Get Revenge On Your Ex
In September 2022, the revenge website Get Revenge On Your Ex suffered a information breach that exposed astir 80k unsocial email addresses. The information spanned some customers and victims including names, IP and carnal addresses, telephone numbers, acquisition histories and plain substance passwords. The information was subsequently shared connected a nationalist hacking forum, Get Revenge On Your Ex did not reply erstwhile contacted.
Breach date: 9 September 2022
Date added to HIBP: 15 November 2022
Compromised accounts: 79,195
Compromised data: Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Purchases
Permalink
GFAN
In October 2016, information surfaced that was allegedly obtained from the Chinese website known arsenic GFAN and contained 22.5M accounts. Whilst determination is grounds that the information is legitimate, owed to the trouble of emphatically verifying the Chinese breach it has been flagged arsenic "unverified". The information successful the breach contains email and IP addresses, idiosyncratic names and salted and hashed passwords. Read much astir Chinese information breaches successful Have I Been Pwned.
Breach date: 10 October 2016
Date added to HIBP: 10 October 2016
Compromised accounts: 22,526,334
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
Glofox
In March 2020, the Irish gym absorption bundle institution Glofox suffered a information breach which exposed 2.3M rank records. The information included email addresses, names, telephone numbers, genders, dates of commencement and passwords stored arsenic unsalted MD5 hashes.
Breach date: 27 March 2020
Date added to HIBP: 10 January 2021
Compromised accounts: 2,330,735
Compromised data: Dates of birth, Email addresses, Genders, Names, Passwords, Phone numbers
Permalink
Go Games
In astir October 2015, the manga website Go Games suffered a information breach. The exposed information included 3.4M lawsuit records including email and IP addresses, usernames and passwords stored arsenic salted MD5 hashes. Go Games did not respond erstwhile contacted astir the incident. The information was provided to HIBP by dehashed.com.
Breach date: 24 October 2015
Date added to HIBP: 11 January 2020
Compromised accounts: 3,430,083
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
GoldSilver
In October 2018, the bullion acquisition and trader services tract GoldSilver suffered a information breach that exposed 243k unsocial email addresses spanning customers and mailing database subscribers. An extended magnitude of idiosyncratic accusation connected customers was obtained including names, addresses, telephone numbers, purchases and passwords and answers to information questions stored arsenic MD5 hashes. In a tiny fig of cases, passport, societal information numbers and partial recognition paper information was besides exposed. The information breach and root codification belonging to GoldSilver was publically posted connected a acheronian web work wherever it remained months later. When notified astir the incident, GoldSilver advised that "all affected customers person been straight notified".
Breach date: 21 October 2018
Date added to HIBP: 27 December 2018
Compromised accounts: 242,715
Compromised data: Bank relationship numbers, Email addresses, IP addresses, Names, Partial recognition paper data, Passport numbers, Phone numbers, Physical addresses, Purchases, Security questions and answers, Social information numbers
Permalink
gPotato
In July 2007, the multiplayer crippled portal known arsenic gPotato (link to archive of the tract astatine that time) suffered a information breach and implicit 2 cardinal idiosyncratic accounts were exposed. The tract aboriginal merged into the Webzen portal wherever the archetypal accounts inactive beryllium today. The exposed information included usernames, email and IP addresses, MD5 hashes and idiosyncratic attributes specified arsenic gender, commencement date, carnal code and information questions and answers stored successful plain text.
Breach date: 12 July 2007
Date added to HIBP: 24 September 2016
Compromised accounts: 2,136,520
Compromised data: Dates of birth, Email addresses, Genders, IP addresses, Names, Passwords, Physical addresses, Security questions and answers, Usernames, Website activity
Permalink
GTAGaming
In August 2016, the Grand Theft Auto forum GTAGaming was hacked and astir 200k idiosyncratic accounts were leaked. The vBulletin based forum included usernames, email addresses and password hashes.
Breach date: 1 August 2016
Date added to HIBP: 23 August 2016
Compromised accounts: 197,184
Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames, Website activity
Permalink
Guns and Robots
In astir April 2016, the gaming website Guns and Robots suffered a information breach resulting successful the vulnerability of 143k unsocial records. The information contained email and IP addresses, usernames and SHA-1 password hashes. The tract was antecedently reported arsenic compromised connected the Vigilante.pw breached database directory.
Breach date: 1 April 2016
Date added to HIBP: 14 February 2018
Compromised accounts: 143,569
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
Guns.com
In January 2021, the firearms website guns.com suffered a information breach. The breach exposed 376k unsocial email addresses on with names, telephone numbers, carnal addresses, weapon purchases, partial recognition paper data, dates of commencement and passwords stored arsenic bcrypt hashes.
Breach date: 12 January 2021
Date added to HIBP: 13 January 2022
Compromised accounts: 375,928
Compromised data: Dates of birth, Email addresses, Names, Partial recognition paper data, Passwords, Phone numbers, Physical addresses, Purchases
Permalink
Guntrader
In July 2021, the United Kingdom based website Guntrader suffered a information breach that exposed 112k unsocial email addresses. Extensive idiosyncratic accusation was besides exposed including names, telephone numbers, geolocation data, IP addresses and assorted carnal code attributes (cities for each users, implicit addresses for some). Passwords stored arsenic bcrypt hashes were besides exposed.
Breach date: 17 July 2021
Date added to HIBP: 21 July 2021
Compromised accounts: 112,031
Compromised data: Browser idiosyncratic cause details, Email addresses, Geographic locations, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Salutations
Permalink
hackforums.net
In June 2011, the hacktivist radical known arsenic "LulzSec" leaked one last ample information breach they titled "50 days of lulz". The compromised information came from sources specified arsenic AT&T, Battlefield Heroes and the hackforums.net website. The leaked Hack Forums information included credentials and idiosyncratic accusation of astir 200,000 registered forum users.
Breach date: 25 June 2011
Date added to HIBP: 11 May 2014
Compromised accounts: 191,540
Compromised data: Dates of birth, Email addresses, Instant messenger identities, IP addresses, Passwords, Social connections, Spoken languages, Time zones, User website URLs, Usernames, Website activity
Permalink
Hacking Team
In July 2015, the Italian information steadfast Hacking Team suffered a large information breach that resulted successful implicit 400GB of their information being posted online via a torrent. The information searchable connected "Have I Been Pwned?" is from 189GB worthy of PST message folders successful the dump. The contents of the PST files is searchable connected Wikileaks.
Breach date: 6 July 2015
Date added to HIBP: 12 July 2015
Compromised accounts: 32,310
Compromised data: Email addresses, Email messages
Permalink
HauteLook
In mid-2018, the manner buying tract HauteLook was among a raft of sites that were breached and their information past sold successful early-2019. The information included implicit 28 cardinal unsocial email addresses alongside names, genders, dates of commencement and passwords stored arsenic bcrypt hashes. The information was provided to HIBP by dehashed.com.
Breach date: 7 August 2018
Date added to HIBP: 21 March 2019
Compromised accounts: 28,510,459
Compromised data: Dates of birth, Email addresses, Genders, Geographic locations, Names, Passwords
Permalink
Havenly
In June 2020, the interior plan website Havenly suffered a information breach which impacted astir 1.4 cardinal members of the service. The exposed information included email addresses, names, telephone numbers, geographic locations and passwords stored arsenic SHA-1 hashes, each of which was subsequently shared extensively passim online hacking communities. The information was provided to HIBP by dehashed.com.
Breach date: 25 June 2020
Date added to HIBP: 1 August 2020
Compromised accounts: 1,369,180
Compromised data: Email addresses, Geographic locations, Names, Passwords, Phone numbers
Permalink
Health Now Networks
In March 2017, the telemarketing work Health Now Networks near a database containing hundreds of thousands of aesculapian records exposed. There were implicit 900,000 records successful full containing important volumes of idiosyncratic accusation including names, dates of birth, assorted aesculapian conditions and relation notes connected the individuals' health. The information included implicit 320k unsocial email addresses.
Breach date: 25 March 2017
Date added to HIBP: 7 April 2017
Compromised accounts: 321,920
Compromised data: Dates of birth, Email addresses, Genders, Health security information, IP addresses, Names, Personal wellness data, Phone numbers, Physical addresses, Security questions and answers, Social connections
Permalink
Hemmakväll
In July 2015, the Swedish video store concatenation Hemmakväll was hacked and astir 50k records dumped publicly. The disclosed information included assorted attributes of their customers including email and carnal addresses, names and telephone numbers. Passwords were besides leaked, stored with a anemic MD5 hashing algorithm.
Breach date: 8 July 2015
Date added to HIBP: 9 July 2015
Compromised accounts: 47,297
Compromised data: Email addresses, Names, Passwords, Phone numbers, Physical addresses
Permalink
hemmelig.com
In December 2011, Norway's largest online enactment store hemmelig.com was hacked by a corporate calling themselves "Team Appunity". The onslaught exposed implicit 28,000 usernames and email addresses on with nicknames, gender, twelvemonth of commencement and unsalted MD5 password hashes.
Breach date: 21 December 2011
Date added to HIBP: 25 March 2014
Compromised accounts: 28,641
Compromised data: Email addresses, Genders, Nicknames, Partial dates of birth, Passwords, Usernames
Permalink
Heroes of Gaia
In aboriginal 2013, the online phantasy multiplayer crippled Heroes of Gaia suffered a information breach. The newest records successful the information acceptable bespeak a breach day of 4 January 2013 and see usernames, IP and email addresses but nary passwords.
Breach date: 4 January 2013
Date added to HIBP: 7 November 2016
Compromised accounts: 179,967
Compromised data: Browser idiosyncratic cause details, Email addresses, IP addresses, Usernames, Website activity
Permalink
Heroes of Newerth
In December 2012, the multiplayer online conflict arena crippled known arsenic Heroes of Newerth was hacked and implicit 8 cardinal accounts extracted from the system. The compromised information included usernames, email addresses and passwords.
Breach date: 17 December 2012
Date added to HIBP: 24 January 2016
Compromised accounts: 8,089,103
Compromised data: Email addresses, Passwords, Usernames
Permalink
HiAPK
In astir 2014, it's alleged that the Chinese Android store known arsenic HIAPK suffered a information breach that impacted 13.8 cardinal unsocial subscribers. Whilst determination is grounds that the information is legitimate, owed to the trouble of emphatically verifying the Chinese breach it has been flagged arsenic "unverified". The information successful the breach contains usernames, email addresses and salted MD5 password hashes and was provided to HIBP by achromatic chapeau information researcher and information expert Adam Davies. Read much astir Chinese information breaches successful Have I Been Pwned.
Breach date: 1 January 2014
Date added to HIBP: 1 April 2018
Compromised accounts: 13,873,674
Compromised data: Email addresses, Passwords, Usernames
Permalink
HLTV
In June 2016, the "home of competitory Counter Strike" website HLTV was hacked and 611k accounts were exposed. The onslaught led to the vulnerability of names, usernames, email addresses and bcrypt hashes of passwords.
Breach date: 19 June 2016
Date added to HIBP: 22 March 2017
Compromised accounts: 611,070
Compromised data: Email addresses, Names, Passwords, Usernames, Website activity
Permalink
Home Chef
In aboriginal 2020, the nutrient transportation work Home Chef suffered a information breach which was subsequently sold online. The breach exposed the idiosyncratic accusation of astir 9 cardinal customers including names, IP addresses, station codes, the past 4 digits of recognition paper numbers and passwords stored arsenic bcrypt hashes. The information was provided to HIBP by dehashed.com.
Breach date: 10 February 2020
Date added to HIBP: 13 November 2020
Compromised accounts: 8,815,692
Compromised data: Email addresses, Geographic locations, IP addresses, Names, Partial recognition paper data, Passwords, Phone numbers
Permalink
HongFire
In March 2015, the anime and manga forum HongFire suffered a information breach. The hack of their vBulletin forum led to the vulnerability of 1 cardinal accounts on with email and IP addresses, usernames, dates of commencement and salted MD5 passwords.
Breach date: 1 March 2015
Date added to HIBP: 5 February 2017
Compromised accounts: 999,991
Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames
Permalink
Hookers.nl
In October 2019, the Dutch prostitution forum Hookers.nl suffered a information breach which exposed the idiosyncratic accusation of enactment workers and their customers. The IP and email addresses, usernames and either bcrypt oregon salted MD5 password hashes of 291k members were accessed via an unpatched vulnerability successful the vBulletin forum software.
Breach date: 10 October 2019
Date added to HIBP: 23 October 2019
Compromised accounts: 290,955
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
HoundDawgs
In December 2017, the Danish torrent tracker known arsenic HoundDawgs suffered a information breach. More than 55GB of information was dumped publically and whilst there was initially contention arsenic to the severity of the incident, the information did so incorporate much than 45k unsocial email addresses implicit extended logs of torrenting activity, IP addresses and SHA1 passwords.
Breach date: 30 December 2017
Date added to HIBP: 3 January 2018
Compromised accounts: 45,701
Compromised data: Email addresses, IP addresses, Passwords, Website activity
Permalink
Houzz
In mid-2018, the lodging plan website Houzz suffered a information breach. The institution learned of the incidental aboriginal that twelvemonth past disclosed it to impacted members successful February 2019. Almost 49 cardinal unsocial email addresses were successful the breach alongside names, IP addresses, geographic locations and either salted hashes of passwords oregon links to societal media profiles utilized to authenticate to the service. The information was provided to HIBP by dehashed.com.
Breach date: 23 May 2018
Date added to HIBP: 12 March 2019
Compromised accounts: 48,881,308
Compromised data: Email addresses, Geographic locations, IP addresses, Names, Passwords, Social media profiles, Usernames
Permalink
HTC Mania
In January 2020, the Spanish mobile telephone forum HTC Mania suffered a information breach of the vBulletin based site. The incidental exposed 1.5M subordinate email addresses, usernames, IP addresses, dates of commencement and salted MD5 password hashes and password histories. Data from the breach was subsequently redistributed connected fashionable hacking websites.
Breach date: 4 January 2020
Date added to HIBP: 6 April 2020
Compromised accounts: 1,488,089
Compromised data: Dates of birth, Email addresses, Historical passwords, IP addresses, Passwords, Usernames
Permalink
HTH Studios
In August 2018, the big furry interactive crippled creator HTH Studios suffered a information breach impacting aggregate repositories of lawsuit data. Several months later, the information surfaced connected a fashionable hacking forum and included 411k unsocial email addresses on with carnal and IP addresses, names, orders, salted SHA-1 and salted MD5 hashes. HTH Studios is alert of the incident.
Breach date: 24 August 2018
Date added to HIBP: 20 November 2018
Compromised accounts: 411,755
Compromised data: Browser idiosyncratic cause details, Dates of birth, Email addresses, IP addresses, Names, Phone numbers, Physical addresses, Purchases, Usernames
Permalink
Hub4Tech
On an chartless day successful astir 2017, the Indian grooming and appraisal work known arsenic Hub4Tech suffered a information breach via a SQL injection attack. The incidental exposed astir 37k unsocial email addresses and passwords stored arsenic unsalted MD5 hashes. No effect was received from Hub4Tech erstwhile contacted astir the incident.
Breach date: 1 January 2017
Date added to HIBP: 9 December 2018
Compromised accounts: 36,916
Compromised data: Email addresses, Passwords
Permalink
Hurb
In astir March 2019, the online Brazilian question bureau Hurb (formerly Hotel Urbano) suffered a information breach. The information subsequently appeared online for download the pursuing twelvemonth and included implicit 20 cardinal lawsuit records with email and IP addresses, names, dates of birth, telephone numbers and passwords stored arsenic unsalted MD5 hashes. The information was provided to HIBP by dehashed.com.
Breach date: 14 March 2019
Date added to HIBP: 27 July 2020
Compromised accounts: 20,727,771
Compromised data: Dates of birth, Email addresses, IP addresses, Names, Passwords, Phone numbers, Social media profiles
Permalink
i-Dressup
In June 2016, the teen societal tract known arsenic i-Dressup was hacked and implicit 2 cardinal idiosyncratic accounts were exposed. At the clip the hack was reported, the i-Dressup operators were not contactable and the underlying SQL injection flaw remained open, allegedly exposing a full of 5.5 cardinal accounts. The breach included email addresses and passwords stored successful plain text.
Breach date: 15 July 2016
Date added to HIBP: 26 September 2016
Compromised accounts: 2,191,565
Compromised data: Email addresses, Passwords
Permalink
IIMJobs
In December 2018, the Indian occupation portal IIMJobs suffered a information breach that exposed 4.1 cardinal unsocial email addresses. The information besides included names, telephone numbers, geographic locations, dates of birth, occupation titles, occupation applications and screen letters positive passwords stored arsenic unsalted MD5 hashes. The information was provided to HIBP by dehashed.com.
Breach date: 31 December 2018
Date added to HIBP: 21 May 2021
Compromised accounts: 4,216,063
Compromised data: Dates of birth, Email addresses, Geographic locations, IP addresses, Job applications, Job titles, Names, Passwords, Phone numbers
Permalink
ILikeCheats
In October 2014, the crippled cheats website known arsenic ILikeCheats suffered a information breach that exposed 189k accounts. The vBulletin based forum leaked usernames, IP and email addresses and anemic MD5 hashes of passwords. The information was provided with enactment from dehashed.com.
Breach date: 18 October 2014
Date added to HIBP: 22 April 2018
Compromised accounts: 188,847
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
Imavex
In August 2021, the website improvement institution Imavex suffered a information breach that exposed 878 1000 unsocial email addresses. The information included idiosyncratic records containing names, usernames and password worldly with immoderate records besides containing genders and partial recognition paper data, including the past 4 digits of the paper and expiry date. Hundreds of thousands of signifier submissions and orders via Imavex customers were besides exposed and contained further idiosyncratic accusation of submitters and the contents of the form.
Breach date: 20 August 2021
Date added to HIBP: 26 August 2021
Compromised accounts: 878,209
Compromised data: Email addresses, Genders, Names, Partial recognition paper data, Passwords, Phone numbers, Physical addresses, Purchases, Usernames
Permalink
iMesh
In September 2013, the media and record sharing lawsuit known arsenic iMesh was hacked and astir 50M accounts were exposed. The information was aboriginal enactment up for merchantability connected a acheronian marketplace website successful mid-2016 and included email and IP addresses, usernames and salted MD5 hashes.
Breach date: 22 September 2013
Date added to HIBP: 2 July 2016
Compromised accounts: 49,467,477
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
imgur
In September 2013, the online representation sharing assemblage imgur suffered a information breach. A enactment of the information containing 1.7 cardinal email addresses and passwords surfaced much than 4 years aboriginal successful November 2017. Although imgur stored passwords arsenic SHA-256 hashes, the information successful the breach contained plain substance passwords suggesting that galore of the archetypal hashes had been cracked. imgur advises that they rolled implicit to bcrypt hashes successful 2016.
Breach date: 1 September 2013
Date added to HIBP: 25 November 2017
Compromised accounts: 1,749,806
Compromised data: Email addresses, Passwords
Permalink
IndiaMART
In August 2021, 38 cardinal records from Indian e-commerce institution IndiaMART were recovered being traded connected a fashionable hacking forum. Dated respective months earlier, the information included implicit 20 cardinal unsocial email addresses alongside names, telephone numbers and carnal addresses. It's unclear whether IndiaMART intentionally exposed the information attributes arsenic portion of the intended plan of the level oregon whether the information was obtained by exploiting a vulnerability successful the service.
Breach date: 23 May 2021
Date added to HIBP: 27 August 2021
Compromised accounts: 20,154,583
Compromised data: Email addresses, Names, Phone numbers, Physical addresses
Permalink
Insanelyi
In July 2014, the iOS forum Insanelyi was hacked by an attacker known arsenic Kim Jong-Cracks. A fashionable root of accusation for users of jailbroken iOS devices moving Cydia, the Insanelyi breach disclosed implicit 104k users' emails addresses, idiosyncratic names and weakly hashed passwords (salted MD5).
Breach date: 22 July 2014
Date added to HIBP: 22 July 2014
Compromised accounts: 104,097
Compromised data: Email addresses, Passwords, Usernames, Website activity
Permalink
InterPals
In precocious 2015, the online penpal tract InterPals had their website hacked and 3.4 cardinal accounts exposed. The compromised information included email addresses, geographical locations, birthdates and salted hashes of passwords.
Breach date: 4 November 2015
Date added to HIBP: 30 August 2016
Compromised accounts: 3,439,414
Compromised data: Dates of birth, Email addresses, Geographic locations, Names, Passwords, Usernames
Permalink
iPmart
During 2015, the iPmart forum (now known arsenic Mobi NUKE) was hacked and implicit 2 cardinal forum members' details were exposed. The vBulletin forum included IP addresses, commencement dates and passwords stored arsenic salted hashes utilizing a anemic implementation enabling galore to beryllium rapidly cracked. A further 368k accounts were added to "Have I Been Pwned" successful March 2016 bringing the full to implicit 2.4M.
Breach date: 1 July 2015
Date added to HIBP: 23 February 2016
Compromised accounts: 2,460,787
Compromised data: Dates of birth, Email addresses, Passwords, Usernames
Permalink
ixigo
In January 2019, the question and edifice booking tract ixigo suffered a information breach. The information appeared for merchantability connected a acheronian web marketplace the pursuing period and included implicit 17M unsocial email addresses alongside names, genders, telephone numbers, connections to Facebook profiles and passwords stored arsenic MD5 hashes. The information was provided to HIBP by a root who requested it to beryllium attributed to "[email protected]".
Breach date: 3 January 2019
Date added to HIBP: 17 March 2019
Compromised accounts: 17,204,697
Compromised data: Auth tokens, Device information, Email addresses, Genders, Names, Passwords, Phone numbers, Salutations, Social media profiles, Usernames
Permalink
James
In June 2020, 14 antecedently undisclosed information breaches appeared for sale including the Brazilian transportation service, "James". The breach occurred successful March 2020 and exposed 1.5M unsocial email addresses, lawsuit locations expressed successful longitude and latitude and passwords stored arsenic bcrypt hashes. The information was provided to HIBP by dehashed.com.
Breach date: 25 March 2020
Date added to HIBP: 5 November 2020
Compromised accounts: 1,541,284
Compromised data: Email addresses, Geographic locations, Passwords
Permalink
JD
In 2013 (exact day unknown), the Chinese e-commerce work JD suffered a information breach that exposed 13GB of information containing 77 cardinal unsocial email addresses. The information besides included usernames, telephone numbers and passwords stored arsenic SHA-1 hashes. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".
Breach date: 1 January 2013
Date added to HIBP: 2 June 2021
Compromised accounts: 77,449,341
Compromised data: Email addresses, Passwords, Phone numbers, Usernames
Permalink
Jefit
In August 2020, the workout tracking app Jefit suffered a information breach. The information was subsequently sold wrong the hacking assemblage and included implicit 9 cardinal email and IP addresses, usernames and passwords stored arsenic either vBulletin oregon argon2 hashes. Several cardinal cracked passwords aboriginal appeared successful wide circulation.
Breach date: 11 August 2020
Date added to HIBP: 27 April 2021
Compromised accounts: 9,052,457
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
JobStreet
In October 2017, the Malaysian website lowyat.net ran a communicative connected a monolithic acceptable of breached information affecting millions of Malaysians aft idiosyncratic posted it for merchantability connected their forums. The information spanned aggregate abstracted breaches including the JobStreet jobs website which contained astir 4 cardinal unsocial email addresses. The dates successful the breach bespeak the incidental occurred successful March 2012. The information aboriginal appeared freely downloadable connected a Tor hidden work and contained extended accusation connected occupation seekers including names, genders, commencement dates, telephone numbers, carnal addresses and passwords.
Breach date: 7 March 2012
Date added to HIBP: 30 October 2017
Compromised accounts: 3,883,455
Compromised data: Dates of birth, Email addresses, Genders, Geographic locations, Government issued IDs, Marital statuses, Names, Nationalities, Passwords, Phone numbers, Physical addresses, Usernames
Permalink
JoomlArt
In January 2018, the Joomla template website JoomlArt inadvertently exposed much than 22k unsocial lawsuit records successful a Jira ticket. The exposed information was from iJoomla and JomSocial, some services that JoomlArt acquired the erstwhile year. The information included usernames, email addresses, purchases and passwords stored arsenic MD5 hashes. When contacted, JoomlArt advised they were alert of the incidental and had antecedently notified impacted parties.
Breach date: 30 January 2018
Date added to HIBP: 1 November 2018
Compromised accounts: 22,477
Compromised data: Email addresses, Names, Passwords, Payment histories, Usernames
Permalink
JukinMedia
In October 2021, the "global person successful user-generated entertainment" Jukin Media suffered a information breach. The breach exposed 13GB of code, configuration and information consisting of 314k unsocial email addresses on with names, telephone numbers, IP addresses and bcrypt password hashes.
Breach date: 28 October 2021
Date added to HIBP: 17 July 2022
Compromised accounts: 314,290
Compromised data: Email addresses, Employers, IP addresses, Names, Occupations, Passwords, Phone numbers
Permalink
Justdate.com
An alleged breach of the dating website Justdate.com began circulating successful astir September 2016. Comprised of implicit 24 cardinal records, the information contained assorted idiosyncratic attributes specified arsenic email addresses, dates of commencement and carnal locations. However, upon verification with HIBP subscribers, lone a fraction of the information was recovered to beryllium close and nary relationship owners recalled utilizing the Justdate.com service. This breach has consequently been flagged arsenic fabricated; it's highly improbable the information was sourced from Justdate.com.
Breach date: 29 September 2016
Date added to HIBP: 7 February 2017
Compromised accounts: 24,451,312
Compromised data: Dates of birth, Email addresses, Geographic locations, Names
Permalink
Kayo.moe Credential Stuffing List
In September 2018, a postulation of astir 42 cardinal email code and plain substance password pairs was uploaded to the anonymous record sharing work kayo.moe. The relation of the work contacted HIBP to study the information which, upon further investigation, turned retired to beryllium a ample credential stuffing list. For much information, work astir The 42M Record kayo.moe Credential Stuffing Data.
Breach date: 11 September 2018
Date added to HIBP: 13 September 2018
Compromised accounts: 41,826,763
Compromised data: Email addresses, Passwords
Permalink
Kickstarter
In February 2014, the crowdfunding level Kickstarter announced they'd suffered a information breach. The breach contained astir 5.2 cardinal unsocial email addresses, usernames and salted SHA1 hashes of passwords.
Breach date: 16 February 2014
Date added to HIBP: 6 October 2017
Compromised accounts: 5,176,463
Compromised data: Email addresses, Passwords
Permalink
Kimsufi
In mid-2015, the forum for the providers of affordable dedicated servers known arsenic Kimsufi suffered a information breach. The vBulletin forum contained implicit fractional a cardinal accounts including usernames, email and IP addresses and passwords stored arsenic salted MD5 hashes.
Breach date: 1 May 2015
Date added to HIBP: 27 December 2016
Compromised accounts: 504,565
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
KiwiFarms
In September 2019, the forum for discussing "lolcows" (people who tin beryllium milked for laughs) Kiwi Farms suffered a information breach. The disclosure announcement advised that email and IP addresses, dates of commencement and contented created by members were each exposed successful the incident.
Breach date: 10 September 2019
Date added to HIBP: 17 September 2019
Compromised accounts: 4,606
Compromised data: Avatars, Dates of birth, Email addresses, IP addresses, Website activity
Permalink
KM.RU
In February 2016, the Russian portal and email work KM.RU was the people of an onslaught which was consequently detailed connected Reddit. Allegedly protesting "the overseas argumentation of Russia successful regards to Ukraine", KM.RU was 1 of respective Russian sites successful the breach and impacted astir 1.5M accounts including delicate idiosyncratic information.
Breach date: 29 February 2016
Date added to HIBP: 3 March 2016
Compromised accounts: 1,476,783
Compromised data: Dates of birth, Email addresses, Genders, Geographic locations, Recovery email addresses, Security questions and answers, Usernames
Permalink
KnownCircle
In astir April 2016, the "marketing automation for agents and nonrecreational work providers" institution KnownCircle had a ample measurement of information obtained by an outer party. The information belonging to the present defunct work appeared successful JSON format and contained gigabytes of information related to the existent property and security sectors. The idiosyncratic information successful the breach appears to person chiefly been utilized for selling purposes, including logs of emails sent and tracking of acquisition cards. A tiny fig of passwords for KnownCircle unit were besides contiguous and were stored arsenic bcrypt hashes.
Breach date: 12 April 2016
Date added to HIBP: 17 November 2018
Compromised accounts: 1,957,600
Compromised data: Email addresses, Email messages, Genders, Names, Passwords, Phone numbers, Physical addresses
Permalink
Knuddels
In September 2018, the German societal media website Knuddels suffered a information breach. The incidental exposed 808k unsocial email addresses alongside usernames, existent names, the metropolis of the idiosyncratic and their password successful plain text. Knuddels was subsequently fined €20k for the breach.
Breach date: 5 September 2018
Date added to HIBP: 8 April 2019
Compromised accounts: 808,330
Compromised data: Email addresses, Geographic locations, Names, Passwords, Usernames
Permalink
Kreditplus
In June 2020, the Indonesian recognition work Kreditplus suffered a information breach which exposed 896k records containing 769k unsocial email addresses. The breach exposed extended idiosyncratic accusation including names, household makeup, accusation connected spouses, income and expenses, religions and employment information. The information was provided to HIBP by breachbase.pw.
Breach date: 23 June 2020
Date added to HIBP: 3 August 2020
Compromised accounts: 768,890
Compromised data: Dates of birth, Email addresses, Employers, Family structure, Genders, Income levels, Living costs, Marital statuses, Mothers maiden names, Names, Phone numbers, Physical addresses, Places of birth, Religions, Spouses names
Permalink
La Poste Mobile
In July 2022, the French telecommunications institution La Poste Mobile was the people of an onslaught by the LockBit ransomware which resulted successful institution information being published publicly. The impacted information included 533k unsocial email addresses on with names, carnal addresses, telephone numbers, dates of births, genders and banking information. 10 days aft the attack, the La Poste Mobile website remained offline.
Breach date: 4 July 2022
Date added to HIBP: 14 July 2022
Compromised accounts: 533,886
Compromised data: Bank relationship numbers, Dates of birth, Email addresses, Genders, Names, Phone numbers, Physical addresses
Permalink
Lanwar
In July 2018, unit of the Lanwar gaming site discovered a information breach they judge dates backmost to sometime implicit the erstwhile respective months. The information contained 45k names, email addresses, usernames and plain substance passwords. A Lanwar unit subordinate self-submitted the breach to HIBP and has besides contacted the applicable authorities astir the incidental aft identifying a phishing effort to extort Bitcoin from a user.
Breach date: 28 July 2018
Date added to HIBP: 8 August 2018
Compromised accounts: 45,120
Compromised data: Email addresses, Names, Passwords, Physical addresses, Usernames
Permalink
Last.fm
In March 2012, the euphony website Last.fm was hacked and 43 cardinal idiosyncratic accounts were exposed. Whilst Last.fm knew of an incidental backmost successful 2012, the standard of the hack was not known until the information was released publically successful September 2016. The breach included 37 cardinal unsocial email addresses, usernames and passwords stored arsenic unsalted MD5 hashes.
Breach date: 22 March 2012
Date added to HIBP: 20 September 2016
Compromised accounts: 37,217,682
Compromised data: Email addresses, Passwords, Usernames, Website activity
Permalink
Lazada RedMart
In October 2020, news broke of Lazada RedMart information breach containing records arsenic caller arsenic July 2020 and being sold via an online marketplace. In all, the information contained 1.1 cardinal lawsuit email addresses alongside names, telephone numbers, carnal addresses, partial recognition paper numbers and passwords stored arsenic SHA-1 hashes.
Breach date: 30 July 2020
Date added to HIBP: 10 November 2020
Compromised accounts: 1,107,789
Compromised data: Email addresses, Names, Partial recognition paper data, Passwords, Phone numbers, Physical addresses
Permalink
Lead Hunter
In March 2020, a monolithic trove of idiosyncratic accusation referred to arsenic "Lead Hunter" was provided to HIBP aft being recovered near exposed connected a publically facing Elasticsearch server. The information contained 69 cardinal unsocial email addresses crossed 110 cardinal rows of information accompanied by further idiosyncratic accusation including names, telephone numbers, genders and carnal addresses. At the clip of publishing, the breach could not beryllium attributed to those liable for obtaining and exposing it. The information was provided to HIBP by dehashed.com.
Breach date: 4 March 2020
Date added to HIBP: 3 June 2020
Compromised accounts: 68,693,853
Compromised data: Email addresses, Genders, IP addresses, Names, Phone numbers, Physical addresses
Permalink
League of Legends
In June 2012, the multiplayer online crippled League of Legends suffered a information breach. At the time, the work had much than 32 cardinal registered accounts and the breach affected assorted idiosyncratic information attributes including "encrypted" passwords. In 2018, a 339k grounds subset of the information emerged with email addresses, usernames and plain substance passwords, apt cracked from the archetypal cryptographically protected ones.
Breach date: 11 June 2012
Date added to HIBP: 28 July 2018
Compromised accounts: 339,487
Compromised data: Email addresses, Passwords, Usernames
Permalink
Leet
In August 2016, the work for creating and moving Pocket Minecraft variation servers known arsenic Leet was reported arsenic having suffered a information breach that impacted 6 cardinal subscribers. The incidental reported by Softpedia had allegedly taken spot earlier successful the year, though the information acceptable sent to HIBP was dated arsenic precocious arsenic aboriginal September but contained lone 2 cardinal subscribers. The information included usernames, email and IP addresses and SHA512 hashes. A further 3 cardinal accounts were obtained and added to HIBP respective days aft the archetypal information was loaded bringing the full to implicit 5 million.
Breach date: 10 September 2016
Date added to HIBP: 30 September 2016
Compromised accounts: 5,081,689
Compromised data: Email addresses, IP addresses, Passwords, Usernames, Website activity
Permalink
Lifebear
In aboriginal 2019, the Japanese docket app Lifebear appeared for merchantability connected a acheronian web marketplace amongst a raft of different hacked websites. The breach exposed astir 3.7M unsocial email addresses, usernames and passwords stored arsenic salted MD5 hashes. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".
Breach date: 28 February 2019
Date added to HIBP: 25 May 2020
Compromised accounts: 3,670,561
Compromised data: Email addresses, Passwords, Usernames
Permalink
Lifeboat
In January 2016, the Minecraft assemblage known arsenic Lifeboat was hacked and much than 7 cardinal accounts leaked. Lifeboat knew of the incidental for 3 months earlier the breach was made nationalist but elected not to counsel customers. The leaked information included usernames, email addresses and passwords stored arsenic consecutive MD5 hashes.
Breach date: 1 January 2016
Date added to HIBP: 25 April 2016
Compromised accounts: 7,089,395
Compromised data: Email addresses, Passwords, Usernames
Permalink
Light's Hope
In June 2018, the World of Warcraft work Light's Hope suffered a information breach which they subsequently self-submitted to HIBP. Over 30K unsocial users were impacted and their exposed information included email addresses, dates of birth, backstage messages and passwords stored arsenic bcrypt hashes.
Breach date: 25 June 2018
Date added to HIBP: 4 July 2018
Compromised accounts: 30,484
Compromised data: Dates of birth, Email addresses, Geographic locations, IP addresses, Passwords, Private messages, Usernames
Permalink
Liker
In March 2021, the self-proclaimed "kinder, smarter societal network" Liker suffered a information breach, allegedly successful retaliation for the Gab information breach and scraping of information from Parler. The tract remained offline aft the breach which exposed 465k email addresses successful summation to names, dates of birth, acquisition levels, backstage messages, information questions and answers successful plain text, passwords stored arsenic bcrypt hashes and different idiosyncratic information attributes. Liker did not respond erstwhile contacted astir the breach.
Breach date: 8 March 2021
Date added to HIBP: 13 March 2021
Compromised accounts: 465,141
Compromised data: Auth tokens, Dates of birth, Education levels, Email addresses, Geographic locations, IP addresses, Names, Passwords, Phone numbers, Private messages, Security questions and answers, Social media profiles, Usernames
Permalink
In May 2016, LinkedIn had 164 cardinal email addresses and passwords exposed. Originally hacked successful 2012, the information remained retired of show until being offered for merchantability connected a acheronian marketplace tract 4 years later. The passwords successful the breach were stored arsenic SHA1 hashes without salt, the immense bulk of which were rapidly cracked successful the days pursuing the merchandise of the data.
Breach date: 5 May 2012
Date added to HIBP: 21 May 2016
Compromised accounts: 164,611,595
Compromised data: Email addresses, Passwords
Permalink
LinkedIn Scraped Data
During the archetypal fractional of 2021, LinkedIn was targeted by attackers who scraped information from hundreds of millions of nationalist profiles and aboriginal sold them online. Whilst the scraping did not represent a information breach nor did it entree immoderate idiosyncratic information not intended to beryllium publically accessible, the information was inactive monetised and aboriginal broadly circulated successful hacking circles. The scraped information contains astir 400M records with 125M unsocial email addresses, arsenic good arsenic names, geographic locations, genders and occupation titles. LinkedIn specifically addresses the incidental successful their station connected An update connected study of scraped data.
Breach date: 8 April 2021
Date added to HIBP: 2 October 2021
Compromised accounts: 125,698,496
Compromised data: Education levels, Email addresses, Genders, Geographic locations, Job titles, Names, Social media profiles
Permalink
Linux Forums
In May 2018, the Linux Forums website suffered a information breach which resulted successful the disclosure of 276k unsocial email addresses. Running connected an aged mentation of vBulletin, the breach besides disclosed usernames, IP addresses and salted MD5 password hashes. Linux Forums did not respond to aggregate attempts to interaction them astir the breach.
Breach date: 1 May 2018
Date added to HIBP: 7 June 2018
Compromised accounts: 275,785
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
Linux Mint
In February 2016, the website for the Linux distro known arsenic Linux Mint was hacked and the ISO infected with a backdoor. The tract besides ran a phpBB forum which was subsequently enactment up for merchantability implicit with astir 145k email addresses, passwords and different idiosyncratic subscriber information.
Breach date: 21 February 2016
Date added to HIBP: 22 February 2016
Compromised accounts: 144,989
Compromised data: Avatars, Dates of birth, Email addresses, Geographic locations, IP addresses, Passwords, Time zones, Website activity
Permalink
LiveAuctioneers
In June 2020, the online antiques marketplace LiveAuctioneers suffered a information breach which was subsequently sold online past extensively redistributed successful the hacking community. The information contained 3.4 cardinal records including names, email and IP addresses, carnal addresses, phones numbers and passwords stored arsenic unsalted MD5 hashes. The information was provided to HIBP by breachbase.pw.
Breach date: 19 June 2020
Date added to HIBP: 22 August 2020
Compromised accounts: 3,385,862
Compromised data: Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Usernames
Permalink
LiveJournal
In mid-2019, news broke of an alleged LiveJournal information breach. This followed multiple reports of credential maltreatment against Dreamwidth opening successful 2018, a fork of LiveJournal with a important crossover successful idiosyncratic base. The breach allegedly dates backmost to 2017 and contains 26M unsocial usernames and email addresses (both of which person been confirmed to beryllium connected LiveJournal) alongside plain substance passwords. An archive of the information was subsequently shared connected a fashionable hacking forum successful May 2020 and redistributed broadly. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".
Breach date: 1 January 2017
Date added to HIBP: 26 May 2020
Compromised accounts: 26,372,781
Compromised data: Email addresses, Passwords, Usernames
Permalink
Livpure
In August 2020, the Indian retailer Livpure suffered a information breach which exposed implicit 1 cardinal lawsuit purchases with 270 1000 unsocial email addresses. The information besides included names, telephone numbers, carnal addresses and details of purchased items. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".
Breach date: 29 August 2020
Date added to HIBP: 22 May 2021
Compromised accounts: 269,552
Compromised data: Email addresses, Names, Phone numbers, Physical addresses, Purchases, Salutations
Permalink
Lizard Squad
In January 2015, the hacker corporate known arsenic "Lizard Squad" created a DDoS work by the sanction of "Lizard Stresser" which could beryllium procured to equine attacks against online targets. Shortly thereafter, the work suffered a information breach which resulted successful the nationalist disclosure of implicit 13k idiosyncratic accounts including passwords stored successful plain text.
Breach date: 16 January 2015
Date added to HIBP: 18 January 2015
Compromised accounts: 13,451
Compromised data: Email addresses, Passwords, Usernames
Permalink
Lolzteam
In May 2018, the Russian hacking forum Lolzteam suffered a information breach that exposed 400k members. The impacted information included usernames and email addresses which were aboriginal redistributed via different hacking forum. The information was provided to HIBP by a root who requested it beryllium attributed to "ZAN @ BF".
Breach date: 13 May 2018
Date added to HIBP: 6 November 2022
Compromised accounts: 398,011
Compromised data: Email addresses, Usernames
Permalink
Lookbook
In August 2012, the manner tract Lookbook suffered a information breach. The information aboriginal appeared listed for merchantability successful June 2016 and included 1.1 cardinal usernames, email and IP addresses, commencement dates and plain substance passwords.
Breach date: 24 August 2012
Date added to HIBP: 8 November 2016
Compromised accounts: 1,074,948
Compromised data: Dates of birth, Email addresses, IP addresses, Names, Passwords, Usernames, Website activity
Permalink
Lord of the Rings Online
In August 2013, the interactive video crippled Lord of the Rings Online suffered a information breach that exposed implicit 1.1M players' accounts. The information was being actively traded connected underground forums and included email addresses, commencement dates and password hashes.
Breach date: 1 August 2013
Date added to HIBP: 12 March 2016
Compromised accounts: 1,141,278
Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames, Website activity
Permalink
Lounge Board
At immoderate constituent successful 2013, 45k accounts were breached from the Lounge Board "General Discussion Forum" and past dumped publicly. Lounge Board was a MyBB forum launched successful 2012 and discontinued successful mid 2013 (the past enactment successful the logs was from August 2013).
Breach date: 1 August 2013
Date added to HIBP: 6 July 2014
Compromised accounts: 45,018
Compromised data: Email addresses, IP addresses, Names, Passwords, Private messages, Usernames, Website activity
Permalink
Lumin PDF
In April 2019, the PDF absorption work Lumin PDF suffered a information breach. The breach wasn't publically disclosed until September erstwhile 15.5M records of idiosyncratic information appeared for download connected a fashionable hacking forum. The information had been near publically exposed successful a MongoDB lawsuit aft which Lumin PDF was allegedly been "contacted aggregate times, but ignored each the queries". The exposed information included names, email addresses, genders, spoken connection and either a bcrypt password hash oregon Google auth token. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".
Breach date: 1 April 2019
Date added to HIBP: 18 September 2019
Compromised accounts: 15,453,048
Compromised data: Auth tokens, Email addresses, Genders, Names, Passwords, Spoken languages, Usernames
Permalink
Lyrics Mania
In December 2017, the opus lyrics website known arsenic Lyrics Mania suffered a information breach. The information successful the breach included 109k usernames, email addresses and plain substance passwords. Numerous attempts were made to interaction Lyrics Mania astir the incident, nevertheless nary responses were received.
Breach date: 21 December 2017
Date added to HIBP: 15 January 2018
Compromised accounts: 109,202
Compromised data: Email addresses, Passwords, Usernames
Permalink
Mac Forums
In July 2016, the self-proclaimed "Ultimate Source For Your Mac" website Mac Forums suffered a information breach. The vBulletin-based strategy exposed implicit 326k usernames, email and IP addresses, dates of commencement and passwords stored arsenic salted MD5 hashes. The information was aboriginal discovered being traded connected a fashionable hacking forum. Mac Forums did not respond erstwhile contacted astir the incidental via their interaction america form.
Breach date: 3 July 2016
Date added to HIBP: 29 October 2018
Compromised accounts: 326,714
Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames
Permalink
MacGeneration
In January 2022, the French Apple quality website MacGeneration suffered a information breach. The incidental exposed implicit 100k usernames, email addresses and passwords stored arsenic salted SHA-512 hashes. After discovering the incident, MacGeneration self-submitted information to HIBP.
Breach date: 29 January 2022
Date added to HIBP: 3 March 2022
Compromised accounts: 101,004
Compromised data: Email addresses, Passwords, Usernames
Permalink
Mac-Torrents
In October 2015, the torrent tract Mac-Torrents was hacked and astir 94k usernames, email addresses and passwords were leaked. The passwords were hashed with MD5 and nary salt.
Breach date: 31 October 2015
Date added to HIBP: 31 October 2015
Compromised accounts: 93,992
Compromised data: Email addresses, Passwords, Usernames
Permalink
mail.ru Dump
In September 2014, respective ample dumps of idiosyncratic accounts appeared connected the Russian Bitcoin Security Forum including 1 with astir 5M email addresses and passwords, predominantly connected the mail.ru domain. Whilst unlikely to beryllium the effect of a nonstop onslaught against mail.ru, the credentials were confirmed by galore arsenic morganatic for different services they had subscribed to. Further information allegedly valid for mail.ru and containing email addresses and plain substance passwords was added successful January 2018 bringing to full to much than 16M records. The incidental was besides past flagged arsenic "unverified", a conception that was introduced aft the archetypal information load successful 2014.
Breach date: 10 September 2014
Date added to HIBP: 12 September 2014
Compromised accounts: 16,630,988
Compromised data: Email addresses, Passwords
Permalink
MajorGeeks
In November 2015, astir 270k accounts from the MajorGeeks enactment forum were breached. The accounts were being actively sold and traded online and included email addresses, salted password hashes and IP addresses.
Breach date: 15 November 2015
Date added to HIBP: 3 March 2016
Compromised accounts: 269,548
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
MALL.cz
In July 2017, the Czech Republic e-commerce tract MALL.cz suffered a information breach aft which 735k unsocial accounts including email addresses, names, telephone numbers and passwords were aboriginal posted online. Whilst passwords were stored arsenic hashes, a fig of antithetic algorithms of varying spot were utilized implicit time. All passwords included successful the publically distributed information were successful plain substance and were apt conscionable those that had been successfully cracked (members with beardown passwords don't look to beryllium included). According to MALL.cz, the breach lone impacted accounts created earlier 2015.
Breach date: 27 July 2017
Date added to HIBP: 4 September 2017
Compromised accounts: 735,405
Compromised data: Email addresses, Names, Passwords, Phone numbers
Permalink
Malwarebytes
In November 2014, the Malwarebytes forum was hacked and 111k subordinate records were exposed. The IP.Board forum included email and IP addresses, commencement dates and passwords stored arsenic salted hashes utilizing a anemic implementation enabling galore to beryllium rapidly cracked.
Breach date: 15 November 2014
Date added to HIBP: 9 March 2016
Compromised accounts: 111,623
Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames, Website activity
Permalink
Manga Traders
In June 2014, the Manga trading website Mangatraders.com had the usernames and passwords of implicit 900k users leaked connected the internet (approximately 855k of the emails were unique). The passwords were weakly hashed with a azygous iteration of MD5 leaving them susceptible to being easy cracked.
Breach date: 9 June 2014
Date added to HIBP: 10 June 2014
Compromised accounts: 855,249
Compromised data: Email addresses, Passwords
Permalink
MangaDex
In March 2021, the manga instrumentality tract MangaDex suffered a information breach that resulted successful the vulnerability of astir 3 cardinal subscribers. The information included email and IP addresses, usernames and passwords stored arsenic bcrypt hashes. The information was subsequently circulated wrong hacking groups.
Breach date: 22 March 2021
Date added to HIBP: 25 April 2021
Compromised accounts: 2,987,329
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
MangaFox.me
In astir July 2016, the manga website known arsenic mangafox.me suffered a information breach. The vBulletin based forum exposed 1.3 cardinal accounts including usernames, email and IP addresses, dates of commencement and salted MD5 password hashes.
Breach date: 1 June 2016
Date added to HIBP: 17 March 2018
Compromised accounts: 1,311,610
Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames
Permalink
Mangatoon
In May 2022, the Hong Kong based Manga work Mangatoon suffered a information breach that exposed 23M subscriber records. The breach exposed names, email addresses, genders, societal media relationship identities, auth tokens from societal logins and passwords stored arsenic salted MD5 hashes. Mangatoon did not respond to aggregate attempts to marque interaction regarding the breach.
Breach date: 13 May 2022
Date added to HIBP: 6 July 2022
Compromised accounts: 23,040,238
Compromised data: Auth tokens, Avatars, Email addresses, Genders, Names, Passwords, Social media profiles, Usernames
Permalink
Mappery
In December 2018, the mapping website Mappery suffered a information breach that exposed implicit 205k unsocial email addresses. The incidental besides exposed usernames, the geographic determination of the idiosyncratic and passwords stored arsenic unsalted SHA-1 hashes. No effect was received from Mappery erstwhile contacted astir the incident.
Breach date: 11 December 2018
Date added to HIBP: 18 December 2018
Compromised accounts: 205,242
Compromised data: Email addresses, Geographic locations, Passwords, Usernames
Permalink
Mashable
In astir mid-2020, Mashable suffered a information breach that subsequently turned up publically successful November 2020. The information included 1.4 cardinal unsocial email addresses on with names, genders, expired auth tokens, carnal locations, links to societal media profiles and days and months of birth. The information was provided to HIBP by dehashed.com.
Breach date: 1 June 2020
Date added to HIBP: 10 November 2020
Compromised accounts: 1,414,677
Compromised data: Auth tokens, Email addresses, Genders, Geographic locations, IP addresses, Names, Partial dates of birth, Social media profiles
Permalink
Master Deeds
In March 2017, a 27GB database backup record named "Master Deeds" was sent to HIBP by a protagonist of the project. Upon elaborate investigation aboriginal that year, the record was recovered to incorporate the idiosyncratic information of tens of millions of surviving and deceased South African residents. The information included extended idiosyncratic attributes specified arsenic names, addresses, ethnicities, genders, commencement dates, authorities issued idiosyncratic recognition numbers and 2.2 cardinal email addresses. At the clip of publishing, it's alleged the information was sourced from Dracore Data Sciences (Dracore is yet to publically corroborate oregon contradict the information was sourced from their systems). On 18 October 2017, the record was recovered to person been published to a publically accessible web server wherever it was located astatine the basal of an IP code with directory listing enabled. The record was dated 8 April 2015.
Breach date: 14 March 2017
Date added to HIBP: 18 October 2017
Compromised accounts: 2,257,930
Compromised data: Dates of birth, Deceased statuses, Email addresses, Employers, Ethnicities, Genders, Government issued IDs, Home ownership statuses, Job titles, Names, Nationalities, Phone numbers, Physical addresses
Permalink
Mastercard Priceless Specials
In August 2019, the German Mastercard bonus programme "Priceless Specials" suffered a information breach. Personal information connected astir 90k programme members was subsequently extensively circulated online and included names, email and IP addresses, telephone numbers and partial recognition paper data. Following the incident, the programme was subsequently suspended.
Breach date: 20 August 2019
Date added to HIBP: 1 September 2019
Compromised accounts: 89,388
Compromised data: Email addresses, IP addresses, Names, Partial recognition paper data, Phone numbers, Salutations
Permalink
Mate1.com
In February 2016, the dating tract mate1.com suffered a immense information breach resulting successful the disclosure of implicit 27 cardinal subscribers' information. The information included profoundly idiosyncratic accusation astir their backstage lives including cause and intoxicant habits, incomes levels and intersexual fetishes arsenic good arsenic passwords stored successful plain text.
Breach date: 29 February 2016
Date added to HIBP: 14 April 2016
Compromised accounts: 27,393,015
Compromised data: Astrological signs, Dates of birth, Drinking habits, Drug habits, Education levels, Email addresses, Ethnicities, Fitness levels, Genders, Geographic locations, Income levels, Job titles, Names, Parenting plans, Passwords, Personal descriptions, Physical attributes, Political views, Relationship statuses, Religions, Sexual fetishes, Travel habits, Usernames, Website activity, Work habits
Permalink
Mathway
In January 2020, the mathematics solving website Mathway suffered a information breach that exposed implicit 25M records. The information was subsequently sold connected a acheronian web marketplace and included names, Google and Facebook IDs, email addresses and salted password hashes.
Breach date: 13 January 2020
Date added to HIBP: 5 June 2020
Compromised accounts: 25,692,862
Compromised data: Device information, Email addresses, Names, Passwords, Social media profiles
Permalink
MCBans
In October 2016, the Minecraft banning work known arsenic MCBans suffered a information breach resulting successful the vulnerability of 120k unsocial idiosyncratic records. The information contained email and IP addresses, usernames and password hashes of chartless format. The tract was antecedently reported arsenic compromised connected the Vigilante.pw breached database directory.
Breach date: 27 October 2016
Date added to HIBP: 23 July 2017
Compromised accounts: 119,948
Compromised data: Email addresses, IP addresses, Passwords, Usernames, Website activity
Permalink
MDPI
In August 2016, the Swiss scholarly unfastened entree steadfast known arsenic MDPI had 17.5GB of information obtained from an unprotected Mongo DB instance. The information contained email exchanges betwixt MDPI and their authors and reviewers which included 845k unsocial email addresses. MDPI person confirmed that the strategy has since been protected and that nary information of a delicate quality was impacted. As such, they concluded that notification to their subscribers was not indispensable owed to the information that each their authors and reviewers are disposable online connected their website.
Breach date: 30 August 2016
Date added to HIBP: 25 March 2018
Compromised accounts: 845,012
Compromised data: Email addresses, Email messages, IP addresses, Names
Permalink
Mecho Download
In October 2013, the (now defunct) downloads website "Mecho Download" suffered a information breach that exposed 438k records. Data from the vBulletin based website included email and IP addresses, usernames and passwords stored arsenic salted MD5 hashes.
Breach date: 31 October 2013
Date added to HIBP: 2 August 2022
Compromised accounts: 437,928
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
MeetMindful
In aboriginal 2020, the online dating work MeetMindful suffered a information breach that exposed 1.4 cardinal unsocial lawsuit email addresses. Included successful the information was an extended array of idiosyncratic accusation utilized to find romanticist matches including carnal attributes, usage of alcohol, drugs and cigarettes, marital statuses, birthdates, genders and the sex being sought. Additional idiosyncratic accusation specified arsenic names, geographical locations and IP addresses were besides exposed, on with passwords stored arsenic bcrypt hashes.
Breach date: 26 January 2020
Date added to HIBP: 31 January 2021
Compromised accounts: 1,422,717
Compromised data: Dates of birth, Drinking habits, Drug habits, Email addresses, Genders, Geographic locations, IP addresses, Marital statuses, Names, Passwords, Physical attributes, Religions, Sexual orientations, Smoking habits, Social media profiles, Usernames
Permalink
MGM Resorts
In July 2019, MGM Resorts discovered a information breach of 1 of their unreality services. The breach included 10.6M impermanent records with 3.1M unsocial email addresses stemming backmost to 2017. The exposed information included email and carnal addresses, names, telephone numbers and dates of commencement and was subsequently shared connected a fashionable hacking forum successful February 2020 wherever it was extensively redistributed. The information was provided to HIBP by Under The Breach.
Breach date: 25 July 2019
Date added to HIBP: 20 February 2020
Compromised accounts: 3,081,321
Compromised data: Dates of birth, Email addresses, Names, Phone numbers, Physical addresses
Permalink
MGM Resorts (2022 Update)
In July 2019, MGM Resorts discovered a information breach of 1 of their unreality services. The breach included 10.6M impermanent records with 3.1M unsocial email addresses stemming backmost to 2017. In May 2022, a superset of the information totalling astir 25M unsocial email addresses crossed 142M rows was extensively shared connected Telegram. On analysis, it's highly apt the information stems from the aforesaid incidental with 142M records having been discovered for merchantability connected a acheronian web marketplace successful mid-2020. The exposed information included email and carnal addresses, names, telephone numbers and dates of birth.
Breach date: 25 July 2019
Date added to HIBP: 29 May 2022
Compromised accounts: 24,842,001
Compromised data: Dates of birth, Email addresses, Names, Phone numbers, Physical addresses
Permalink
MindJolt
In March 2019, the online gaming website MindJolt suffered a information breach that exposed 28M unsocial email addresses. Also impacted were names and dates of birth, but nary passwords. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".
Breach date: 18 March 2019
Date added to HIBP: 13 July 2019
Compromised accounts: 28,364,826
Compromised data: Dates of birth, Email addresses, Names
Permalink
Minecraft Pocket Edition Forum
In May 2015, the Minecraft Pocket Edition forum was hacked and implicit 16k accounts were dumped public. Allegedly hacked by @rmsg0d, the forum information included galore idiosyncratic pieces of information for each user. The forum has subsequently been decommissioned.
Breach date: 24 May 2015
Date added to HIBP: 30 June 2015
Compromised accounts: 16,034
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
Minecraft World Map
In astir January 2016, the Minecraft World Map tract designed for sharing maps created for the crippled was hacked and implicit 71k idiosyncratic accounts were exposed. The information included usernames, email and IP addresses on with salted and hashed passwords.
Breach date: 15 January 2016
Date added to HIBP: 29 August 2016
Compromised accounts: 71,081
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
Minefield
In June 2015, the French Minecraft server known arsenic Minefield was hacked and 188k subordinate records were exposed. The IP.Board forum included email and IP addresses, commencement dates and passwords stored arsenic salted hashes utilizing a anemic implementation enabling galore to beryllium rapidly cracked.
Breach date: 28 June 2015
Date added to HIBP: 9 March 2016
Compromised accounts: 188,343
Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames, Website activity
Permalink
Minehut
In May 2019, the Minecraft server website Minehut suffered a information breach. The institution advised a database backup had been obtained aft which they subsequently notified each impacted users. 397k email addresses from the incidental were provided to HIBP. A information acceptable with some email addresses and bcrypt password hashes was besides aboriginal provided to HIBP.
Breach date: 17 May 2019
Date added to HIBP: 17 September 2019
Compromised accounts: 396,533
Compromised data: Email addresses, Passwords
Permalink
Minted
In May 2020, the online marketplace for autarkic artists Minted suffered a information breach that exposed 4.4M unsocial lawsuit records subsequently sold connected a acheronian web marketplace. Exposed information besides included names, carnal addresses, telephone numbers and passwords stored arsenic bcrypt hashes. The information was provided to HIBP by dehashed.com.
Breach date: 6 May 2020
Date added to HIBP: 3 November 2020
Compromised accounts: 4,418,182
Compromised data: Email addresses, Names, Passwords, Phone numbers, Physical addresses
Permalink
MMG Fusion
In December 2020, the dental signifier absorption work MMG Fusion was the unfortunate of a information breach which exposed 2.6M unsocial email addresses. The information besides included diligent appointments, names, telephone numbers, dates of birth, genders and carnal addresses. A tiny fig of records besides included passwords stored arsenic bcrypt hashes.
Breach date: 20 December 2020
Date added to HIBP: 7 August 2021
Compromised accounts: 2,660,295
Compromised data: Appointments, Dates of birth, Email addresses, Genders, Marital statuses, Names, Passwords, Phone numbers, Physical addresses
Permalink
MobiFriends
In January 2020, the Barcelona-based dating app MobiFriends suffered a information breach that exposed 3.5 cardinal unsocial email addresses. The information besides included usernames, genders, dates of commencement and MD5 password hashes. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".
Breach date: 6 January 2020
Date added to HIBP: 23 May 2021
Compromised accounts: 3,512,952
Compromised data: Dates of birth, Email addresses, Genders, Passwords, Usernames
Permalink
MoDaCo
In astir January 2016, the UK based Android assemblage known arsenic MoDaCo suffered a information breach which exposed 880k subscriber identities. The information included email and IP addresses, usernames and passwords stored arsenic salted MD5 hashes.
Breach date: 1 January 2016
Date added to HIBP: 20 September 2016
Compromised accounts: 879,703
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
Modern Business Solutions
In October 2016, a ample Mongo DB record containing tens of millions of accounts was shared publically connected Twitter (the record has since been removed). The database contained implicit 58M unsocial email addresses on with IP addresses, names, location addresses, genders, occupation titles, dates of commencement and telephone numbers. The information was subsequently attributed to "Modern Business Solutions", a institution that provides information retention and database hosting solutions. They've yet to admit the incidental oregon explicate however they came to beryllium successful possession of the data.
Breach date: 8 October 2016
Date added to HIBP: 12 October 2016
Compromised accounts: 58,843,488
Compromised data: Dates of birth, Email addresses, Genders, IP addresses, Job titles, Names, Phone numbers, Physical addresses
Permalink
Money Bookers
Sometime successful 2009, the e-wallet work known arsenic Money Bookers suffered a information breach which exposed astir 4.5M customers. Now called Skrill, the breach was not discovered until October 2015 and included names, email addresses, location addresses and IP addresses.
Breach date: 1 January 2009
Date added to HIBP: 30 November 2015
Compromised accounts: 4,483,605
Compromised data: Dates of birth, Email addresses, IP addresses, Names, Phone numbers, Physical addresses
Permalink
Moneycontrol
In April 2021, hackers posted information for merchantability originating from the online Indian fiscal platform, Moneycontrol. The information included 763 1000 unsocial email addresses (allegedly a subset of a larger 40 cardinal relationship breach), alongside geographic locations, telephone numbers, genders, dates of commencement and plain substance passwords. The day of the archetypal breach is unclear, though the breached information indicates the record was created successful September 2017 and Moneycontrol has stated that the breach is "an aged information set".
Breach date: 7 September 2017
Date added to HIBP: 22 May 2021
Compromised accounts: 762,874
Compromised data: Email addresses, Genders, Geographic locations, Passwords, Phone numbers
Permalink
Morele.net
In October 2018, the Polish e-commerce website Morele.net suffered a information breach. The incidental exposed astir 2.5 cardinal unsocial email addresses alongside telephone numbers, names and passwords stored arsenic md5crypt hashes.
Breach date: 10 October 2018
Date added to HIBP: 20 April 2019
Compromised accounts: 2,467,304
Compromised data: Email addresses, Names, Passwords, Phone numbers
Permalink
Mortal Online
In June 2018, the massively multiplayer online role-playing crippled (MMORPG) Mortal Online suffered a information breach. A record containing 570k email addresses and cracked passwords was subsequently distributed online. A larger much implicit record containing 607k email addresses with archetypal unsalted MD5 password hashes on with names, usernames and carnal addresses was aboriginal provided and the archetypal breach successful HIBP was updated accordingly. The information was provided to HIBP by whitehat information researcher and information expert Adam Davies.
Breach date: 17 June 2018
Date added to HIBP: 31 August 2018
Compromised accounts: 606,637
Compromised data: Email addresses, Names, Passwords, Physical addresses, Usernames
Permalink
MPGH
In October 2015, the multiplayer crippled hacking website MPGH was hacked and 3.1 cardinal idiosyncratic accounts disclosed. The vBulletin forum breach contained usernames, email addresses, IP addresses and salted hashes of passwords.
Breach date: 22 October 2015
Date added to HIBP: 26 October 2015
Compromised accounts: 3,122,898
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
MrExcel
In December 2016, the forum for the Microsoft Excel tips and solutions tract Mr Excel suffered a information breach. The hack of the vBulletin forum led to the vulnerability of implicit 366k accounts on with email and IP addresses, dates of commencement and salted passwords hashed with MD5. The proprietor of the MrExcel forum subsequently self-submitted the information to HIBP.
Breach date: 5 December 2016
Date added to HIBP: 22 January 2017
Compromised accounts: 366,140
Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Social connections, Usernames, Website activity
Permalink
mSpy
In May 2015, the "monitoring" bundle known arsenic mSpy suffered a major information breach. The bundle (allegedly often utilized to spy connected unsuspecting victims), stored extended idiosyncratic accusation wrong their online work which aft being breached, was made freely disposable connected the internet.
Breach date: 14 May 2015
Date added to HIBP: 28 May 2015
Compromised accounts: 699,793
Compromised data: Device usage tracking data
Permalink
Muslim Directory
In February 2014, the UK usher to services and concern known arsenic the Muslim Directory was attacked by the hacker known arsenic @th3inf1d3l. The information was consequently dumped publically and included the web accounts of tens of thousands of users which contained information including their names, location address, property group, email, website enactment and password successful plain text.
Breach date: 17 February 2014
Date added to HIBP: 23 February 2014
Compromised accounts: 37,784
Compromised data: Age groups, Email addresses, Employers, Names, Passwords, Phone numbers, Physical addresses, Website activity
Permalink
Muslim Match
In June 2016, the Muslim Match dating website had 150k email addresses exposed. The information included backstage chats and messages betwixt narration seekers and galore different idiosyncratic attributes including passwords hashed with MD5.
Breach date: 24 June 2016
Date added to HIBP: 29 June 2016
Compromised accounts: 149,830
Compromised data: Chat logs, Email addresses, Geographic locations, IP addresses, Passwords, Private messages, User statuses, Usernames
Permalink
MyFHA
In astir February 2015, the location financing website MyFHA suffered a information breach which disclosed the idiosyncratic accusation of astir 1 cardinal people. The information included extended idiosyncratic accusation relating to location financing including idiosyncratic interaction info, recognition statuses, household incomes, indebtedness amounts and notes connected idiosyncratic circumstances, often referring to ineligible issues, divorces and wellness conditions. Multiple parties contacted HIBP with the information aft which MyFHA was alerted successful mid-July and acknowledged the legitimacy of the breach past took the tract offline.
Breach date: 18 February 2015
Date added to HIBP: 9 August 2018
Compromised accounts: 972,629
Compromised data: Credit presumption information, Email addresses, Home indebtedness information, Income levels, IP addresses, Names, Passwords, Personal descriptions, Physical addresses
Permalink
MyFitnessPal
In February 2018, the fare and workout work MyFitnessPal suffered a information breach. The incidental exposed 144 cardinal unsocial email addresses alongside usernames, IP addresses and passwords stored arsenic SHA-1 and bcrypt hashes (the erstwhile for earlier accounts, the second for newer accounts). In 2019, the information appeared listed for merchantability connected a acheronian web marketplace (along with respective different ample breaches) and subsequently began circulating much broadly. The information was provided to HIBP by a root who requested it to beryllium attributed to "[email protected]".
Breach date: 1 February 2018
Date added to HIBP: 21 February 2019
Compromised accounts: 143,606,147
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
MyHeritage
In October 2017, the genealogy website MyHeritage suffered a information breach. The incidental was reported 7 months aboriginal aft a information researcher discovered the information and contacted MyHeritage. In total, much than 92M lawsuit records were exposed and included email addresses and salted SHA-1 password hashes. In 2019, the information appeared listed for merchantability connected a acheronian web marketplace (along with respective different ample breaches) and subsequently began circulating much broadly. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".
Breach date: 26 October 2017
Date added to HIBP: 20 February 2019
Compromised accounts: 91,991,358
Compromised data: Email addresses, Passwords
Permalink
myRepoSpace
In July 2015, the Cydia repository known arsenic myRepoSpace was hacked and user information leaked publicly. Cydia is designed to facilitate the installation of apps connected jailbroken iOS devices. The repository work was allegedly hacked by @its_not_herpes and 0x8badfl00d successful retaliation for the work refusing to region pirated tweaks.
Breach date: 6 July 2015
Date added to HIBP: 8 July 2015
Compromised accounts: 252,751
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
MyVidster
In August 2015, the societal video sharing and bookmarking tract MyVidster was hacked and astir 20,000 accounts were dumped online. The dump included usernames, email addresses and hashed passwords.
Breach date: 15 August 2015
Date added to HIBP: 10 October 2015
Compromised accounts: 19,863
Compromised data: Email addresses, Passwords, Usernames
Permalink
NapsGear
In October 2015, the anabolic steroids retailer NapsGear suffered a information breach. An extended magnitude of idiosyncratic accusation connected 287k customers was exposed including email addresses, names, addresses, telephone numbers, acquisition histories and salted MD5 password hashes.
Breach date: 21 October 2015
Date added to HIBP: 10 September 2018
Compromised accounts: 287,071
Compromised data: Dates of birth, Email addresses, Genders, Names, Passwords, Phone numbers, Physical addresses, Purchases
Permalink
Naughty America
In March 2016, the big website Naughty America was hacked and the information consequently sold online. The breach included information from galore systems with assorted idiosyncratic individuality attributes, the largest of which had passwords stored arsenic easy crackable MD5 hashes. There were 1.4 cardinal unsocial email addresses successful the breach.
Breach date: 14 March 2016
Date added to HIBP: 24 April 2016
Compromised accounts: 1,398,630
Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames, Website activity
Permalink
NemoWeb
In September 2016, astir 21GB of information from the French website utilized for "standardised and decentralized means of speech for publishing newsgroup articles" NemoWeb was leaked from what appears to person been an unprotected Mongo DB. The information consisted of a ample measurement of emails sent to the work and included astir 3.5M unsocial addresses, albeit galore of them auto-generated. Multiple attempts were made to interaction the operators of NemoWeb but nary effect was received.
Breach date: 4 September 2016
Date added to HIBP: 19 September 2018
Compromised accounts: 3,472,916
Compromised data: Email addresses, Names
Permalink
Neopets
In May 2016, a acceptable of breached information originating from the virtual favored website "Neopets" was recovered being traded online. Allegedly hacked "several years earlier", the information contains delicate idiosyncratic accusation including birthdates, genders and names arsenic good arsenic astir 27 cardinal unsocial email addresses. Passwords were stored successful plain substance and IP addresses were besides contiguous successful the breach.
Breach date: 5 May 2013
Date added to HIBP: 7 July 2016
Compromised accounts: 26,892,897
Compromised data: Dates of birth, Email addresses, Genders, Geographic locations, IP addresses, Names, Passwords, Usernames
Permalink
Neteller
In May 2010, the e-wallet work known arsenic Neteller suffered a information breach which exposed implicit 3.6M customers. The breach was not discovered until October 2015 and included names, email addresses, location addresses and relationship balances.
Breach date: 17 May 2010
Date added to HIBP: 30 November 2015
Compromised accounts: 3,619,948
Compromised data: Account balances, Dates of birth, Email addresses, Genders, IP addresses, Names, Phone numbers, Physical addresses, Security questions and answers, Website activity
Permalink
NetGalley
In December 2020, the publication promotion tract NetGalley suffered a information breach. The incidental exposed 1.4 cardinal unsocial email addresses alongside names, usernames, carnal and IP addresses, telephone numbers, dates of commencement and passwords stored arsenic salted SHA-1 hashes. The information was provided to HIBP by a root who requested it beryllium attributed to [email protected]
Breach date: 21 December 2020
Date added to HIBP: 23 February 2021
Compromised accounts: 1,436,435
Compromised data: Dates of birth, Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Usernames
Permalink
Netlog
In July 2018, the Belgian societal networking tract Netlog identified a information breach of their systems dating backmost to November 2012 (PDF). Although the work was discontinued successful 2015, the information breach inactive impacted 49 cardinal subscribers for whom email addresses and plain substance passwords were exposed. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".
Breach date: 1 November 2012
Date added to HIBP: 15 July 2019
Compromised accounts: 49,038,354
Compromised data: Email addresses, Passwords
Permalink
NetProspex
In 2016, a database of implicit 33 cardinal individuals successful firm America sourced from Dun & Bradstreet's NetProspex work was leaked online. D&B judge the targeted selling information was mislaid by a lawsuit who purchased it from them. It contained extended idiosyncratic and firm accusation including names, email addresses, occupation titles and wide accusation astir the employer.
Breach date: 1 September 2016
Date added to HIBP: 15 March 2017
Compromised accounts: 33,698,126
Compromised data: Email addresses, Employers, Job titles, Names, Phone numbers, Physical addresses
Permalink
NextGenUpdate
Early successful 2014, the video crippled website NextGenUpdate reportedly suffered a information breach that disclosed astir 1.2 cardinal accounts. Amongst the information breach was usernames, email addresses, IP addresses and salted and hashed passwords.
Breach date: 22 April 2014
Date added to HIBP: 5 June 2015
Compromised accounts: 1,194,597
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
Nexus Mods
In December 2015, the crippled modding tract Nexus Mods released a connection notifying users that they had been hacked. They subsequently dated the hack arsenic having occurred successful July 2013 though determination is grounds to suggest the information was being traded months successful beforehand of that. The breach contained usernames, email addresses and passwords stored arsenic a salted hashes.
Breach date: 22 July 2013
Date added to HIBP: 17 January 2016
Compromised accounts: 5,915,013
Compromised data: Email addresses, Passwords, Usernames
Permalink
Nihonomaru
In precocious 2015, the anime assemblage known arsenic Nihonomaru had their vBulletin forum hacked and 1.7 cardinal accounts exposed. The compromised information included email and IP addresses, usernames and salted hashes of passwords.
Breach date: 1 December 2015
Date added to HIBP: 30 August 2016
Compromised accounts: 1,697,282
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
Nival
In February 2016, the Russian gaming institution Nival was the people of an onslaught which was consequently detailed connected Reddit. Allegedly protesting "the overseas argumentation of Russia successful regards to Ukraine", Nival was 1 of respective Russian sites successful the breach and impacted implicit 1.5M accounts including delicate idiosyncratic information.
Breach date: 29 February 2016
Date added to HIBP: 3 March 2016
Compromised accounts: 1,535,473
Compromised data: Avatars, Dates of birth, Email addresses, Genders, Names, Spoken languages, Usernames, Website activity
Permalink
Non Nude Girls
In May 2013, the non-consensual voyeurism tract "Non Nude Girls" suffered a information breach. The hack of the vBulletin forum led to the vulnerability of implicit 75k accounts on with email and IP addresses, names and plain substance passwords.
Breach date: 21 May 2013
Date added to HIBP: 25 January 2017
Compromised accounts: 75,383
Compromised data: Email addresses, IP addresses, Names, Passwords, Usernames, Website activity
Permalink
Not Acxiom
In 2020, a corpus of information containing astir a 4th of a cardinal records spanning implicit 400 antithetic fields was misattributed to database selling institution Acxiom and subsequently circulated wrong the hacking community. On review, Acxiom concluded that "the claims are so mendacious and that the data, which has been readily disposable crossed aggregate environments, does not travel from Acxiom and is successful nary mode the taxable of an Acxiom breach". The information contained astir 52M unsocial email addresses.
Breach date: 21 June 2020
Date added to HIBP: 22 November 2022
Compromised accounts: 51,730,831
Compromised data: Email addresses, IP addresses, Names, Phone numbers, Physical addresses
Permalink
Nulled.ch
In May 2020, the hacking forum Nulled.ch was breached and the information published to a rival hacking forum. Over 43k records were compromised and included IP and email addresses, usernames and passwords stored arsenic salted MD5 hashes alongside the backstage connection past of the website's admin. The information was provided to HIBP by a root who requested it beryllium attributed to "Split10".
Breach date: 20 May 2020
Date added to HIBP: 24 May 2020
Compromised accounts: 43,491
Compromised data: Email addresses, IP addresses, Passwords, Private messages, Usernames
Permalink
Nulled.cr
In May 2016, the cracking assemblage forum known arsenic Nulled.cr was hacked and 599k idiosyncratic accounts were leaked publicly. The compromised information included email and IP addresses, anemic salted MD5 password hashes and hundreds of thousands of backstage messages betwixt members.
Breach date: 6 May 2016
Date added to HIBP: 9 May 2016
Compromised accounts: 599,080
Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Private messages, Usernames, Website activity
Permalink
NurseryCam
In February 2021, a bid of egregiously atrocious information flaws were identified successful the NurseryCam system designed for parents to remotely show their children whilst attending nursery. The flaws led to the vulnerability of implicit 10k genitor records earlier the work was unopen down. The email addresses unsocial were provided to Have I Been Pwned to guarantee parents were decently notified of the incident.
Breach date: 12 February 2021
Date added to HIBP: 23 February 2021
Compromised accounts: 10,585
Compromised data: Email addresses
Permalink
OGUsers (2019 breach)
In May 2019, the relationship hijacking and SIM swapping forum OGusers suffered a information breach. The breach exposed a database backup from December 2018 which was published connected a rival hacking forum. There were 161k unsocial email addresses dispersed crossed 113k forum users and different tables successful the database. The exposed information besides included usernames, IP addresses, backstage messages and passwords stored arsenic salted MD5 hashes.
Breach date: 26 December 2018
Date added to HIBP: 19 May 2019
Compromised accounts: 161,143
Compromised data: Email addresses, IP addresses, Passwords, Private messages, Usernames
Permalink
OGUsers (2020 breach)
In April 2020, the relationship hijacking and SIM swapping forum OGUsers suffered their 2nd information breach successful little than a year. As with the erstwhile breach, the exposed information included email and IP addresses, usernames, backstage messages and passwords stored arsenic salted MD5 hashes. A full of 263k email addresses crossed idiosyncratic accounts and different tables were posted to a rival hacking forum.
Breach date: 2 April 2020
Date added to HIBP: 4 April 2020
Compromised accounts: 263,189
Compromised data: Email addresses, IP addresses, Passwords, Private messages, Usernames
Permalink
OGUsers (2021 breach)
In April 2021, the relationship hijacking and SIM swapping forum OGusers suffered a information breach, the 4th since December 2018. The breach was subsequently sold connected a rival hacking forum and contained usernames, email and IP addresses and passwords stored arsenic either salted MD5 oregon argon2 hashes. A full of 348k unsocial email addresses appeared successful the breach.
Breach date: 11 April 2021
Date added to HIBP: 16 May 2022
Compromised accounts: 348,302
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
Onliner Spambot
In August 2017, a spambot by the sanction of Onliner Spambot was identified by information researcher Benkow moʞuƎq. The malicious bundle contained a server-based constituent located connected an IP code successful the Netherlands which exposed a ample fig of files containing idiosyncratic information. In total, determination were 711 cardinal unsocial email addresses, galore of which were besides accompanied by corresponding passwords. A afloat write-up connected what information was recovered is successful the blog station titled Inside the Massive 711 Million Record Onliner Spambot Dump.
Breach date: 28 August 2017
Date added to HIBP: 29 August 2017
Compromised accounts: 711,477,622
Compromised data: Email addresses, Passwords
Permalink
Onverse
In January 2016, the online virtual satellite known arsenic Onverse was hacked and 800k accounts were exposed. Along with email and IP addresses, the tract besides exposed salted MD5 password hashes.
Breach date: 1 January 2016
Date added to HIBP: 6 September 2016
Compromised accounts: 800,157
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
Open CS:GO
In December 2017, the website for purchasing Counter-Strike skins known arsenic Open CS:GO (Counter-Strike: Global Offensive) suffered a information breach (address since redirects to dropgun.com). The 10GB record contained an extended magnitude of idiosyncratic accusation including email and IP addresses, telephone numbers, carnal addresses and acquisition histories. Numerous attempts were made to interaction Open CS:GO astir the incident, nevertheless nary responses were received.
Breach date: 28 November 2017
Date added to HIBP: 15 January 2018
Compromised accounts: 512,311
Compromised data: Avatars, Email addresses, IP addresses, Phone numbers, Physical addresses, Purchases, Social media profiles, Usernames
Permalink
Open Subtitles
In August 2021, the subtitling website Open Subtitles suffered a information breach and consequent ransom demand. The breach exposed astir 7M subscribers' idiosyncratic information including email and IP addresses, usernames, the state of the idiosyncratic and passwords stored arsenic unsalted MD5 hashes.
Breach date: 1 August 2021
Date added to HIBP: 19 January 2022
Compromised accounts: 6,783,158
Compromised data: Email addresses, Geographic locations, IP addresses, Passwords, Usernames
Permalink
OrderSnapp
In June 2020, the edifice solutions supplier OrderSnapp suffered a information breach which exposed 1.3M unsocial email addresses. Impacted information besides included names, telephone numbers, dates of commencement and passwords stored arsenic bcrypt hashes. The information was provided to HIBP by dehashed.com.
Breach date: 29 June 2020
Date added to HIBP: 8 August 2021
Compromised accounts: 1,304,447
Compromised data: Dates of birth, Email addresses, Names, Passwords, Phone numbers
Permalink
Ordine Avvocati di Roma
In May 2019, the Lawyers Order of Rome suffered a information breach by a radical claiming to beryllium Anonymous Italy. Data connected tens of thousands of Roman lawyers was taken from the breached strategy and redistributed online. The information included interaction information, email addresses and email messages themselves encompassing tens of thousands of unsocial email addresses. A full of 42k unsocial addresses appeared successful the breach.
Breach date: 7 May 2019
Date added to HIBP: 26 May 2019
Compromised accounts: 41,960
Compromised data: Email addresses, Email messages, Geographic locations, Passwords, Phone numbers
Permalink
OVH
In mid-2015, the forum for the hosting supplier known arsenic OVH suffered a information breach. The vBulletin forum contained 453k accounts including usernames, email and IP addresses and passwords stored arsenic salted MD5 hashes.
Breach date: 1 May 2015
Date added to HIBP: 27 December 2016
Compromised accounts: 452,899
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
OwnedCore
In astir August 2013, the World of Warcraft exploits forum known arsenic OwnedCore was hacked and much than 880k accounts were exposed. The vBulletin forum included IP addresses and passwords stored arsenic salted hashes utilizing a anemic implementation enabling galore to beryllium rapidly cracked.
Breach date: 1 August 2013
Date added to HIBP: 6 February 2016
Compromised accounts: 880,331
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
Oxfam
In January 2021, Oxfam Australia was the unfortunate of a information breach which exposed 1.8M unsocial email addresses of supporters of the charity. The information was enactment up for merchantability connected a fashionable hacking forum and besides included names, telephone numbers, addresses, genders and dates of birth. A tiny fig of radical besides had partial recognition paper information exposed (the archetypal 6 and past 3 digits of the card, positive paper benignant and expiry) and successful immoderate cases the slope name, relationship fig and BSB were besides exposed. The information was subsequently made freely disposable connected the hacking forum aboriginal the pursuing month.
Breach date: 20 January 2021
Date added to HIBP: 2 March 2021
Compromised accounts: 1,834,006
Compromised data: Bank relationship numbers, Dates of birth, Email addresses, Genders, Names, Partial recognition paper data, Payment histories, Phone numbers, Physical addresses
Permalink
Paddy Power
In October 2010, the Irish bookmaker Paddy Power suffered a information breach that exposed 750,000 lawsuit records with astir 600,000 unsocial email addresses. The breach was not disclosed until July 2014 and contained extended idiosyncratic accusation including names, addresses, telephone numbers and plain substance information questions and answers.
Breach date: 25 October 2010
Date added to HIBP: 11 October 2015
Compromised accounts: 590,954
Compromised data: Account balances, Dates of birth, Email addresses, IP addresses, Names, Phone numbers, Physical addresses, Security questions and answers, Usernames, Website activity
Permalink
Paragon Cheats
In May 2021, the Grand Theft Auto Online cheats website Paragon Cheats suffered a information breach that pb to the shutdown of the service. The breach exposed 188k lawsuit records including usernames, email and IP addresses. The information was provided to HIBP by a root who requested it beryllium attributed to "VRAirhead and xFueY".
Breach date: 22 May 2021
Date added to HIBP: 14 May 2022
Compromised accounts: 188,089
Compromised data: Browser idiosyncratic cause details, Email addresses, IP addresses, Usernames
Permalink
ParkMobile
In March 2021, the mobile parking app work ParkMobile suffered a information breach which exposed 21 cardinal customers' idiosyncratic data. The impacted information included email addresses, names, telephone numbers, conveyance licence plates and passwords stored arsenic bcrypt hashes. The pursuing month, the information appeared connected a nationalist hacking forum wherever it was extensively redistributed.
Breach date: 21 March 2021
Date added to HIBP: 30 April 2021
Compromised accounts: 20,949,825
Compromised data: Email addresses, Licence plates, Names, Passwords, Phone numbers
Permalink
Patreon
In October 2015, the crowdfunding tract Patreon was hacked and implicit 16GB of information was released publicly. The dump included astir 14GB of database records with much than 2.3M unsocial email addresses, millions of idiosyncratic messages and passwords stored arsenic bcrypt hashes.
Breach date: 1 October 2015
Date added to HIBP: 2 October 2015
Compromised accounts: 2,330,382
Compromised data: Email addresses, Passwords, Payment histories, Physical addresses, Private messages, Website activity
Permalink
PayAsUGym
In December 2016, an attacker breached PayAsUGym's website exposing implicit 400k customers' idiosyncratic data. The information was consequently leaked publically and broadly distributed via Twitter. The leaked information contained idiosyncratic accusation including email addresses and passwords hashed utilizing MD5 without a salt.
Breach date: 15 December 2016
Date added to HIBP: 17 December 2016
Compromised accounts: 400,260
Compromised data: Browser idiosyncratic cause details, Email addresses, IP addresses, Names, Partial recognition paper data, Passwords, Phone numbers, Website activity
Permalink
PayHere
In precocious March 2022, the Sri Lankan outgo gateway PayHere suffered a information breach that exposed much than 65GB of outgo records including implicit 1.5M unsocial email addresses. The information besides included IP and carnal addresses, names, telephone numbers, acquisition histories and partially obfuscated recognition paper information (card type, archetypal 6 and past 4 digits positive expiry date). A period later, PayHere published a blog connected the incidental titled Ensuring Integrity connected PayHere Cybersecurity Incident.
Breach date: 27 March 2022
Date added to HIBP: 2 May 2022
Compromised accounts: 1,580,249
Compromised data: Email addresses, IP addresses, Names, Partial recognition paper data, Phone numbers, Physical addresses, Purchases
Permalink
Paytm
In August 2020, the Indian outgo supplier Paytm was reported arsenic having suffered a information breach and consequent ransom demand, aft which the information was circulated publicly. Further probe into the information concluded that the breach was fabricated and did not originate from Paytm. The impacted information covered 3.4M unsocial email addresses on with names, telephone numbers, genders, dates of birth, income levels and erstwhile purchases.
Breach date: 30 August 2020
Date added to HIBP: 26 July 2022
Compromised accounts: 3,395,101
Compromised data: Dates of birth, Email addresses, Genders, Geographic locations, Income levels, Names, Phone numbers, Purchases
Permalink
Peatix
In January 2019, the lawsuit organising level Peatix suffered a information breach. The incidental exposed 4.2M email addresses, names and salted password hashes. The information was provided to HIBP by dehashed.com.
Breach date: 20 January 2019
Date added to HIBP: 6 December 2020
Compromised accounts: 4,227,907
Compromised data: Email addresses, Names, Passwords
Permalink
Pemiblanc
In April 2018, a credential stuffing database containing 111 cardinal email addresses and passwords known arsenic Pemiblanc was discovered connected a French server. The database contained email addresses and passwords collated from antithetic information breaches and utilized to equine relationship takeover attacks against different services. Read much astir the incident.
Breach date: 2 April 2018
Date added to HIBP: 9 July 2018
Compromised accounts: 110,964,206
Compromised data: Email addresses, Passwords
Permalink
People's Energy
In December 2020, the UK powerfulness institution People's Energy suffered a information breach. The breach exposed astir 7GB of files containing 359k unsocial email addresses on with names, phones numbers, carnal addresses and dates of birth. The incidental besides included People's Energy unit email addresses and bcrypt password hashes (no lawsuit passwords were exposed). The information was provided to HIBP by a root who requested it beryllium attributed to [email protected]
Breach date: 16 December 2020
Date added to HIBP: 23 February 2021
Compromised accounts: 358,822
Compromised data: Dates of birth, Email addresses, Names, Passwords, Phone numbers, Physical addresses
Permalink
Phone House España
In April 2021, the Spanish retailer Phone House allegedly suffered a ransomware onslaught that besides exposed important volumes of lawsuit data. Attributed to the Babuk ransomware, a postulation of information alleged to beryllium a subset of a larger corpus was posted to a acheronian web tract and contained 5.2M email addresses on with names, nationalities, genders, dates of birth, telephone numbers and carnal addresses. Phone House has been threatened with further releases if a ransom is not paid.
Breach date: 8 April 2021
Date added to HIBP: 22 April 2021
Compromised accounts: 5,223,350
Compromised data: Dates of birth, Email addresses, Genders, Names, Nationalities, Phone numbers, Physical addresses
Permalink
PHP Freaks
In October 2015, the PHP treatment committee PHP Freaks was hacked and 173k idiosyncratic accounts were publically leaked. The breach included aggregate idiosyncratic information attributes arsenic good arsenic salted and hashed passwords.
Breach date: 27 October 2015
Date added to HIBP: 30 October 2015
Compromised accounts: 173,891
Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames, Website activity
Permalink
Pixel Federation
In December 2013, a breach of the web-based crippled assemblage based successful Slovakia exposed implicit 38,000 accounts which were promptly posted online. The breach included email addresses and unsalted MD5 hashed passwords, galore of which were easy converted backmost to plain text.
Breach date: 4 December 2013
Date added to HIBP: 6 December 2013
Compromised accounts: 38,108
Compromised data: Email addresses, Passwords
Permalink
Pixlr
In October 2020, the online photograph editing exertion Pixlr suffered a information breach exposing 1.9 cardinal subscribers. Impacted information included names, email addresses, societal media profiles, the state signed up from and passwords stored arsenic SHA-512 hashes. The information was provided to HIBP by dehashed.com.
Breach date: 7 October 2020
Date added to HIBP: 1 February 2021
Compromised accounts: 1,906,808
Compromised data: Email addresses, Geographic locations, Names, Passwords, Social media profiles
Permalink
piZap
In astir December 2017, the online photograph editing tract piZap suffered a information breach. The information was aboriginal placed up for merchantability connected a acheronian web marketplace on with a postulation of different information breaches successful February 2019. A full of 42 cardinal unsocial email addresses were included successful the breach alongside names, genders and links to Facebook profiles erstwhile the societal media level was utilized to authenticate to piZap. When accounts were created straight connected piZap without utilizing Facebook for authentication, passwords stored arsenic SHA-1 hashes were besides exposed. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".
Breach date: 7 December 2017
Date added to HIBP: 16 July 2019
Compromised accounts: 41,817,893
Compromised data: Email addresses, Genders, Geographic locations, Names, Passwords, Social media profiles, Usernames, Website activity
Permalink
Planet Calypso
In astir July 2019, the forums for the Planet Calypso crippled suffered a information breach. The breach of the vBulletin based forum exposed email and IP addresses, usernames and passwords stored arsenic salted MD5 hashes.
Breach date: 1 July 2019
Date added to HIBP: 12 January 2020
Compromised accounts: 62,261
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
Playbook
In September 2021, a publically accessible PostgresSQL database belonging to the Playbook work was identified. Run by VC steadfast Plug and Play Ventures, the database had been exposed since October 2020 and contained much than 50 1000 unsocial email addresses on with names, telephone numbers, occupation titles and passwords stored arsenic PBKDF2 hashes. It took much than 2 weeks aft being notified of the exposed information to decently unafraid it. It's chartless whether Plug and Play Ventures notified impacted individuals arsenic they ceased responding to queries from the press.
Breach date: 19 October 2020
Date added to HIBP: 11 October 2021
Compromised accounts: 50,538
Compromised data: Email addresses, Job titles, Names, Passwords, Phone numbers, Social media profiles
Permalink
Plex
In July 2015, the treatment forum for Plex media centre was hacked and implicit 327k accounts exposed. The IP.Board forum included IP addresses and passwords stored arsenic salted hashes utilizing a anemic implementation enabling galore to beryllium rapidly cracked.
Breach date: 2 July 2015
Date added to HIBP: 8 February 2016
Compromised accounts: 327,314
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
Pluto TV
In October 2018, the net tv work Pluto TV suffered a information breach which was past shared extensively successful hacking communities. Pluto TV "decided not to proactively pass users of the breach" which contained 3.2M unsocial email and IP addresses, names, usernames, genders, dates of commencement and passwords stored arsenic bcrypt hashes. The information was provided to HIBP by dehashed.com.
Breach date: 12 October 2018
Date added to HIBP: 5 December 2020
Compromised accounts: 3,225,080
Compromised data: Dates of birth, Device information, Email addresses, Genders, IP addresses, Names, Passwords, Social media profiles, Usernames
Permalink
Pokébip
In July 2015, the French Pokémon tract Pokébip suffered a information breach which exposed 657k subscriber identities. The information included email and IP addresses, usernames and passwords stored arsenic unsalted MD5 hashes.
Breach date: 28 July 2015
Date added to HIBP: 9 September 2016
Compromised accounts: 657,001
Compromised data: Email addresses, IP addresses, Passwords, Time zones, Usernames, Website activity
Permalink
Pokémon Creed
In August 2014, the Pokémon RPG website Pokémon Creed was hacked aft a quality with rival site, Pokémon Dusk. In a post connected Facebook, "Cruz Dusk" announced the hack past pasted the dumped MySQL database connected pkmndusk.in. The breached information included implicit 116k usernames, email addresses and plain substance passwords.
Breach date: 8 August 2014
Date added to HIBP: 10 August 2014
Compromised accounts: 116,465
Compromised data: Email addresses, Genders, IP addresses, Passwords, Usernames, Website activity
Permalink
Pokémon Negro
In astir October 2016, the Spanish Pokémon tract Pokémon Negro suffered a information breach. The onslaught resulted successful the disclosure of 830k accounts including email and IP addresses on with plain substance passwords. Pokémon Negro did not respond erstwhile contacted astir the breach.
Breach date: 1 October 2016
Date added to HIBP: 3 January 2017
Compromised accounts: 830,155
Compromised data: Email addresses, IP addresses, Passwords
Permalink
PoliceOne
In February 2017, the instrumentality enforcement website PoliceOne confirmed they'd suffered a information breach. The breach contained implicit 700k accounts which appeared for merchantability by a information broker and included email and IP addresses, usernames and salted MD5 password hashes. The record the information was contained successful indicated the archetypal breach dated backmost to July 2014.
Breach date: 1 July 2014
Date added to HIBP: 15 November 2017
Compromised accounts: 709,926
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
Poshmark
In mid-2018, societal commerce marketplace Poshmark suffered a information breach that exposed 36M idiosyncratic accounts. The compromised information included email addresses, names, usernames, genders, locations and passwords stored arsenic bcrypt hashes. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".
Breach date: 16 May 2018
Date added to HIBP: 2 September 2019
Compromised accounts: 36,395,491
Compromised data: Email addresses, Genders, Geographic locations, Names, Passwords, Usernames
Permalink
Powerbot
In astir September 2014, the RuneScape bot website Powerbot suffered a information breach resulting successful the vulnerability of implicit fractional a cardinal unsocial idiosyncratic records. The information contained email and IP addresses, usernames and salted MD5 hashes of passwords. The tract was antecedently reported arsenic compromised connected the Vigilante.pw breached database directory.
Breach date: 1 September 2014
Date added to HIBP: 1 July 2017
Compromised accounts: 503,501
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
PPCGeeks
In August 2016, the pouch PC instrumentality tract forum PPCGeeks suffered a information breach that exposed implicit 490k records. The breach of the vBulletin forum exposed email and IP addresses, usernames, dates of commencement and passwords stored arsenic salted MD5 hashes. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".
Breach date: 19 August 2016
Date added to HIBP: 18 July 2022
Compromised accounts: 492,518
Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames
Permalink
ProctorU
In June 2020, the online exam work ProctorU suffered a information breach which was subsequently shared extensively crossed online hacking communities. The breach contained 444k idiosyncratic records including names, email and carnal addresses, phones numbers and passwords stored arsenic bcrypt hashes. The information was provided to HIBP by breachbase.pw.
Breach date: 26 June 2020
Date added to HIBP: 6 August 2020
Compromised accounts: 444,453
Compromised data: Email addresses, Names, Passwords, Phone numbers, Physical addresses, Usernames
Permalink
Programming Forums
In astir precocious 2015, the programming forum astatine programmingforums.org suffered a information breach resulting successful the vulnerability of 707k unsocial idiosyncratic records. The information contained email and IP addresses, usernames and salted MD5 hashes of passwords. The tract was antecedently reported arsenic compromised connected the Vigilante.pw breached database directory.
Breach date: 1 December 2015
Date added to HIBP: 1 July 2017
Compromised accounts: 707,432
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
Promo
In July 2020, the self-proclaimed "World's #1 Marketing Video Maker" Promo suffered a information breach which was past shared extensively connected a hacking forum. The incidental exposed 22 cardinal records containing astir 15 cardinal unsocial email addresses alongside IP addresses, genders, names and salted SHA-256 password hashes. The information was provided to HIBP by dehashed.com.
Breach date: 22 June 2020
Date added to HIBP: 26 July 2020
Compromised accounts: 14,610,585
Compromised data: Email addresses, Genders, IP addresses, Names, Passwords
Permalink
PropTiger
In January 2018, the Indian spot website PropTiger suffered a information breach which resulted successful a 3.46GB database record being exposed and subsequently shared extensively connected a fashionable hacking forum 2 years later. The exposed information contained some idiosyncratic records and login histories with implicit 2M unsocial lawsuit email addresses. Exposed information besides included further idiosyncratic attributes specified arsenic names, dates of birth, genders, IP addresses and passwords stored arsenic MD5 hashes. PropTiger advised they judge the usability of the information is "limited" owed to however definite information attributes were generated and stored. The information was provided to HIBP by dehashed.com.
Breach date: 30 January 2018
Date added to HIBP: 24 March 2020
Compromised accounts: 2,156,921
Compromised data: Dates of birth, Device information, Email addresses, Genders, IP addresses, Names, Passwords
Permalink
Protemps
In October 2021, the Singaporean recruitment website Protemps suffered a information breach that exposed astir 50,000 unsocial email addresses. The impacted information includes names, email and carnal addresses, telephone numbers, passport numbers and passwords stored arsenic unsalted MD5 hashes, among troves of different jobseeker data. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".
Breach date: 4 October 2021
Date added to HIBP: 20 December 2021
Compromised accounts: 49,591
Compromised data: Email addresses, Genders, Job applications, Marital statuses, Names, Nationalities, Passport numbers, Passwords, Phone numbers, Physical addresses, Religions, Salutations
Permalink
PS3Hax
In astir July 2015, the Sony Playstation hacks and mods forum known arsenic PS3Hax was hacked and much than 447k accounts were exposed. The vBulletin forum included IP addresses and passwords stored arsenic salted hashes utilizing a anemic implementation enabling galore to beryllium rapidly cracked.
Breach date: 1 July 2015
Date added to HIBP: 7 February 2016
Compromised accounts: 447,410
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
PSP ISO
In astir September 2015, the PlayStation PSP forum known arsenic PSP ISO was hacked and astir 1.3 cardinal accounts were exposed. Along with email and IP addresses, the vBulletin forum besides exposed salted MD5 password hashes.
Breach date: 25 September 2015
Date added to HIBP: 29 January 2017
Compromised accounts: 1,274,070
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
PSX-Scene
In astir February 2015, the Sony Playstation forum known arsenic PSX-Scene was hacked and much than 340k accounts were exposed. The vBulletin forum included IP addresses and passwords stored arsenic salted hashes utilizing a anemic implementation enabling galore to beryllium rapidly cracked.
Breach date: 1 February 2015
Date added to HIBP: 7 February 2016
Compromised accounts: 341,118
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
Qatar National Bank
In July 2015, the Qatar National Bank suffered a information breach which exposed 15k documents totalling 1.4GB and detailing much than 100k accounts with passwords and PINs. The incidental was made nationalist immoderate 9 months aboriginal successful April 2016 erstwhile the documents appeared publically connected a record sharing site. Analysis of the breached information suggests the onslaught began by exploiting a SQL injection flaw successful the bank's website.
Breach date: 1 July 2015
Date added to HIBP: 1 May 2016
Compromised accounts: 88,678
Compromised data: Bank relationship numbers, Customer feedback, Dates of birth, Financial transactions, Genders, Geographic locations, Government issued IDs, IP addresses, Marital statuses, Names, Passwords, Phone numbers, Physical addresses, PINs, Security questions and answers, Spoken languages
Permalink
QIP
In mid-2011, the Russian instant messaging work known arsenic QIP (Quiet Internet Pager) suffered a information breach. The onslaught resulted successful the disclosure of implicit 26 cardinal unsocial accounts including email addresses and passwords with the information yet appearing successful nationalist years later.
Breach date: 1 June 2011
Date added to HIBP: 8 January 2017
Compromised accounts: 26,183,992
Compromised data: Email addresses, Passwords, Usernames, Website activity
Permalink
Quantum Booter
In March 2014, the booter service Quantum Booter (also referred to arsenic Quantum Stresser) suffered a breach which pb to the disclosure of their interior database. The leaked information included backstage discussions relating to malicious enactment Quantum Booter users were performing against online adversaries, including the IP addresses of those utilizing the work to equine DDoS attacks.
Breach date: 18 March 2014
Date added to HIBP: 4 April 2015
Compromised accounts: 48,592
Compromised data: Email addresses, IP addresses, Passwords, Private messages, Usernames, Website activity
Permalink
QuestionPro
In May 2022, the survey website QuestionPro was the people of an extortion effort relating to an alleged information breach. Over 100GB of information containing 22M unsocial email addresses (some of which look to beryllium generated by the platform), are alleged to person been extracted from the work on with IP addresses, browser idiosyncratic agents and results relating to surveys. QuestionPro would not corroborate whether a breach had occurred (although they did corroborate they were the people of an extortion attempt), truthful the information was initially flagged arsenic "unverified". Subsequent verification by impacted HIBP subscribers aboriginal led to the removal of the unverified flag.
Breach date: 21 May 2022
Date added to HIBP: 5 August 2022
Compromised accounts: 22,229,637
Compromised data: Browser idiosyncratic cause details, Email addresses, IP addresses, Survey results
Permalink
Quidd
In 2019, online marketplace for trading stickers, cards, toys, and different collectibles Quidd suffered a information breach. The breach exposed astir 4 cardinal users' email addresses, usernames and passwords stored arsenic bcrypt hashes. The information was subsequently sold past redistributed extensively via hacking forums.
Breach date: 1 July 2019
Date added to HIBP: 24 June 2020
Compromised accounts: 3,805,863
Compromised data: Email addresses, Passwords, Usernames
Permalink
QuinStreet
In astir precocious 2015, the shaper of "performance selling products" QuinStreet had a fig of their online assets compromised. The onslaught impacted 28 abstracted sites, predominantly exertion forums specified arsenic flashkit.com, codeguru.com and webdeveloper.com (view a afloat database of sites). QuinStreet advised that impacted users person been notified and passwords reset. The information contained details connected implicit 4.9 cardinal radical and included email addresses, dates of commencement and salted MD5 hashes.
Breach date: 14 December 2015
Date added to HIBP: 17 December 2016
Compromised accounts: 4,907,802
Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames, Website activity
Permalink
R2 (2017 forum breach)
In aboriginal 2017, the forum for the gaming website R2 Games was hacked. R2 had antecedently appeared connected HIBP successful 2015 aft a anterior incident. This 1 exposed implicit 1 cardinal unsocial idiosyncratic accounts and corresponding MD5 password hashes with nary salt.
Breach date: 1 January 2017
Date added to HIBP: 25 April 2017
Compromised accounts: 1,023,466
Compromised data: Email addresses, Passwords, Usernames, Website activity
Permalink
R2Games
In precocious 2015, the gaming website R2Games was hacked and much than 2.1M idiosyncratic records disclosed. The vBulletin forum included IP addresses and passwords stored arsenic salted hashes utilizing a anemic implementation enabling galore to beryllium rapidly cracked. A further 11M accounts were added to "Have I Been Pwned" successful March 2016 and different 9M successful July 2016 bringing the full to implicit 22M.
Breach date: 1 November 2015
Date added to HIBP: 9 February 2016
Compromised accounts: 22,281,337
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
Rambler
In precocious 2016, a information dump of astir 100M accounts from Rambler, sometimes referred to arsenic "The Russian Yahoo", was discovered being traded online. The information acceptable provided to Have I Been Pwned included 91M unsocial usernames (which besides signifier portion of Rambler email addresses) and plain substance passwords. According to Rambler, the information dates backmost to March 2014.
Breach date: 1 March 2014
Date added to HIBP: 1 November 2016
Compromised accounts: 91,436,280
Compromised data: Email addresses, Passwords, Usernames
Permalink
RankWatch
In astir November 2016, the hunt motor optimisation absorption institution RankWatch exposed a Mongo DB with nary password publically whereupon their information was exfiltrated and posted to an online forum. The information contained 7.4 cardinal unsocial email addresses on with names, employers, telephone numbers and occupation titles successful a array called "us_emails". When contacted and advised of the incident, RankWatch would not uncover the intent of the data, wherever it had been acquired from and whether the information owners had consented to its collection. The forum which primitively posted the information explained it arsenic being "in the aforesaid vein arsenic the modbsolutions leak", a ample database of firm information allegedly utilized for spam purposes.
Breach date: 19 November 2016
Date added to HIBP: 3 November 2017
Compromised accounts: 7,445,067
Compromised data: Email addresses, Employers, Job titles, Names, Phone numbers
Permalink
Rbx.Rocks
In August 2018, the Roblox trading tract Rbx.Rocks suffered a information breach. Almost 25k records were sent to HIBP successful November and included names, email addresses and passwords stored arsenic bcrypt hashes. In July 2019, a further 125k records emerged bringing the full size of the incidental to 150k. The website has since gone offline with a connection stating that "Rbx.Rocks v2.0 is presently nether construction".
Breach date: 6 August 2018
Date added to HIBP: 7 November 2018
Compromised accounts: 149,958
Compromised data: Email addresses, Names, Passwords
Permalink
Read Novel
In May 2019, the Chinese lit website Read Novel allegedly suffered a information breach that exposed 22M unsocial email addresses. Data besides included usernames, genders, telephone numbers and passwords stored arsenic salted MD5 hashes. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]". Read much astir Chinese information breaches successful Have I Been Pwned.
Breach date: 1 May 2019
Date added to HIBP: 16 May 2022
Compromised accounts: 22,424,472
Compromised data: Email addresses, Genders, Passwords, Phone numbers, Usernames
Permalink
Real Estate Mogul
In September 2016, the existent property concern tract Real Estate Mogul had a Mongo DB lawsuit compromised and 5GB of information downloaded by an unauthorised party. The information contained existent property listings including addresses and the names, telephone numbers and 308k unsocial email addresses of the sellers. Real Estate Mogul was advised of the incidental successful September 2018 and stated that they "found nary lawsuit of idiosyncratic relationship credentials similar usernames and passwords nor billing accusation wrong this file".
Breach date: 6 September 2016
Date added to HIBP: 24 September 2018
Compromised accounts: 307,768
Compromised data: Email addresses, Names, Phone numbers, Physical addresses
Permalink
RedDoorz
In September 2020, the edifice absorption & booking level RedDoorz suffered a information breach that exposed implicit 5.8M idiosyncratic accounts. The breached information included names, email addresses, telephone numbers, genders, dates of commencement and passwords stored arsenic bcrypt hashes. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".
Breach date: 4 September 2020
Date added to HIBP: 28 January 2022
Compromised accounts: 5,890,277
Compromised data: Dates of birth, Email addresses, Genders, Names, Occupations, Passwords, Phone numbers
Permalink
Regpack
In July 2016, a tweet was posted with a nexus to an alleged information breach of BlueSnap, a planetary outgo gateway and merchant relationship provider. The information contained 324k outgo records crossed 105k unsocial email addresses and included idiosyncratic attributes specified arsenic name, location code and telephone number. The information was verified with aggregate Have I Been Pwned subscribers who confirmed it besides contained valid transactions, partial recognition paper numbers, expiry dates and CVVs. A downstream user of BlueSnap services known arsenic Regpack was subsequently identified arsenic the root of the information aft they identified quality mistake had near the transactions exposed connected a publically facing server. A afloat probe of the information and connection by Regpack is elaborate successful the station titled Someone conscionable mislaid 324k outgo records, implicit with CVVs.
Breach date: 20 May 2016
Date added to HIBP: 13 September 2016
Compromised accounts: 104,977
Compromised data: Browser idiosyncratic cause details, Credit paper CVV, Email addresses, IP addresses, Names, Partial recognition paper data, Phone numbers, Physical addresses, Purchases
Permalink
Reincubate
In October 2020, the app information institution Reincubate suffered a information breach which exposed a backup from November 2017 (the newest grounds successful the information appeared respective months earlier). The information included implicit 616k unsocial email addresses, names and passwords stored arsenic PBKDF2 hashes.
Breach date: 11 May 2017
Date added to HIBP: 29 October 2020
Compromised accounts: 616,146
Compromised data: Email addresses, Names, Passwords
Permalink
River City Media Spam List
In January 2017, a monolithic trove of information from River City Media was recovered exposed online. The information was recovered to incorporate astir 1.4 cardinal records including email and IP addresses, names and carnal addresses, each of which was utilized arsenic portion of an tremendous spam operation. Once de-duplicated, determination were 393 cardinal unsocial email addresses wrong the exposed data.
Breach date: 1 January 2017
Date added to HIBP: 8 March 2017
Compromised accounts: 393,430,309
Compromised data: Email addresses, IP addresses, Names, Physical addresses
Permalink
Robinhood
In November 2021, the online trading level Robinhood suffered a information breach aft a lawsuit work typical was socially engineered. The incidental exposed implicit 5M lawsuit email addresses and 2M lawsuit names. The information was provided to HIBP by a root who requested it beryllium attributed to "Jarand Moen Romtviet".
Breach date: 3 November 2021
Date added to HIBP: 3 March 2022
Compromised accounts: 5,003,937
Compromised data: Email addresses
Permalink
Roll20
In December 2018, the tabletop role-playing games website Roll20 suffered a information breach. Almost 4 cardinal customers were impacted by the breach and had email and IP addresses, names, bcrypt hashes of passwords and the past 4 digits of recognition cards exposed. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".
Breach date: 26 December 2018
Date added to HIBP: 19 July 2019
Compromised accounts: 3,994,436
Compromised data: Email addresses, IP addresses, Names, Partial recognition paper data, Passwords
Permalink
Romwe
In mid-2018, the Hong Kong-based retailer Romwe suffered a information breach which exposed astir 20 cardinal customers. The information was subsequently sold online and includes names, telephone numbers, email and IP addresses, lawsuit geographic locations and passwords stored arsenic salted SHA-1 hashes. The information was provided to HIBP by dehashed.com.
Breach date: 1 June 2018
Date added to HIBP: 18 January 2021
Compromised accounts: 19,531,820
Compromised data: Geographic locations, IP addresses, Names, Passwords, Phone numbers, Physical addresses
Permalink
Rosebutt Board
Some clip anterior to May 2016, the forum known arsenic "Rosebutt Board" was hacked and 107k accounts were exposed. The self-described "top 1 committee for anal fisting, prolapse, immense insertions and rosebutt fans" had email and IP addresses, usernames and weakly stored salted MD5 password hashes hacked from the IP.Board based forum.
Breach date: 9 May 2016
Date added to HIBP: 10 May 2016
Compromised accounts: 107,303
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
Royal Enfield
In January 2020, motorcycle shaper Royal Enfield near a database publically exposed that resulted successful the inadvertent work of implicit 400k customers. The impacted information included email and carnal addresses, names, motorcycle information, societal media profiles, passwords, and different idiosyncratic information. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".
Breach date: 1 January 2019
Date added to HIBP: 31 March 2022
Compromised accounts: 420,873
Compromised data: Dates of birth, Email addresses, Genders, Names, Passwords, Phone numbers, Physical addresses, Social media profiles, Vehicle details
Permalink
Russian America
In astir 2017, the website for Russian speakers successful America known arsenic Russian America suffered a information breach. The incidental exposed 183k unsocial records including names, email addresses, telephone numbers and passwords stored successful some plain substance and arsenic MD5 hashes. Russian America was contacted astir the breach but did not respond.
Breach date: 1 January 2017
Date added to HIBP: 13 September 2018
Compromised accounts: 182,717
Compromised data: Email addresses, Names, Passwords, Phone numbers
Permalink
SC Daily Phone Spam List
In aboriginal 2015, a spam database known arsenic SC Daily Phone emerged containing astir 33M identities. The information includes idiosyncratic attributes specified arsenic names, carnal and IP addresses, genders, commencement dates and telephone numbers. Read much astir spam lists successful HIBP.
Breach date: 14 April 2015
Date added to HIBP: 24 November 2016
Compromised accounts: 32,939,105
Compromised data: Dates of birth, Email addresses, Genders, IP addresses, Names, Physical addresses
Permalink
Scentbird
In June 2020, the online fragrance work Scentbird suffered a information breach that exposed the idiosyncratic accusation of implicit 5.8 cardinal customers. Personal accusation including names, email addresses, genders, dates of birth, passwords stored arsenic bcrypt hashes and indicators of password spot were each exposed. The information was provided to HIBP by breachbase.pw.
Breach date: 22 June 2020
Date added to HIBP: 30 July 2020
Compromised accounts: 5,814,988
Compromised data: Dates of birth, Email addresses, Genders, Names, Password strengths, Passwords
Permalink
Seedpeer
In July 2015, the torrent tract Seedpeer was hacked and 282k subordinate records were exposed. The information included usernames, email addresses and passwords stored arsenic anemic MD5 hashes.
Breach date: 12 July 2015
Date added to HIBP: 9 March 2016
Compromised accounts: 281,924
Compromised data: Email addresses, Passwords, Usernames
Permalink
Sephora
In astir January 2017, the quality store Sephora suffered a information breach. Impacting customers successful South East Asia, Australia and New Zealand, 780k unsocial email addresses were included successful the breach alongside names, genders, dates of birth, ethnicities and different idiosyncratic information. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".
Breach date: 9 January 2017
Date added to HIBP: 6 October 2019
Compromised accounts: 780,073
Compromised data: Dates of birth, Email addresses, Ethnicities, Genders, Names, Physical attributes
Permalink
ServerPact
In mid-2015, the Dutch Minecraft tract ServerPact was hacked and 73k accounts were exposed. Along with commencement dates, email and IP addresses, the tract besides exposed SHA1 password hashes with the username arsenic the salt.
Breach date: 1 January 2016
Date added to HIBP: 6 September 2016
Compromised accounts: 73,587
Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames
Permalink
Shadi.com
In July 2016, the Muslim dating tract Shadi.com suffered a information breach that exposed implicit 2M members' email addresses. The breach besides exposed passwords stored arsenic MD5 hashes alongside their plain substance equivalents. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".
Breach date: 9 July 2016
Date added to HIBP: 20 July 2022
Compromised accounts: 2,021,984
Compromised data: Email addresses, Passwords
Permalink
ShareThis
In July 2018, the societal bookmarking and sharing work ShareThis suffered a information breach. The incidental exposed 41 cardinal unsocial email addresses alongside names and successful immoderate cases, dates of commencement and password hashes. In 2019, the information appeared listed for merchantability connected a acheronian web marketplace (along with respective different ample breaches) and subsequently began circulating much broadly. The information was provided to HIBP by dehashed.com.
Breach date: 9 July 2018
Date added to HIBP: 3 March 2019
Compromised accounts: 40,960,499
Compromised data: Dates of birth, Email addresses, Names, Passwords
Permalink
SHEIN
In June 2018, online manner retailer SHEIN suffered a information breach. The institution discovered the breach 2 months aboriginal successful August past disclosed the incidental different period aft that. A full of 39 cardinal unsocial email addresses were recovered successful the breach alongside MD5 password hashes. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".
Breach date: 1 June 2018
Date added to HIBP: 17 July 2019
Compromised accounts: 39,086,762
Compromised data: Email addresses, Passwords
Permalink
Shitexpress
In August 2022, the online faeces transportation work Shitexpress suffered a information breach that exposed 24k unsocial email addresses. The addresses spanned invoices, acquisition cards, promotions and PayPal records. The breach besides exposed the IP and email addresses of senders, carnal addresses of recipients and messages accompanying the crap delivery.
Breach date: 8 August 2022
Date added to HIBP: 16 August 2022
Compromised accounts: 23,817
Compromised data: Email addresses, IP addresses, Names, Physical addresses, Private messages, Purchases
Permalink
ShockGore
In August 2020, the website for sharing graphic videos and images of gore and carnal cruelty suffered a information breach. The breach exposed 74k unsocial email addresses alongside usernames, IP addresses, genders and unsalted SHA-1 password hashes. Private messages were besides exposed, galore containing requests for worldly of a depraved nature. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".
Breach date: 11 August 2020
Date added to HIBP: 20 January 2022
Compromised accounts: 73,944
Compromised data: Email addresses, Genders, IP addresses, Passwords, Private messages, Usernames
Permalink
ShopBack
In September 2020, the cashback reward programme ShopBack suffered a information breach. The incidental exposed implicit 20 cardinal unsocial email addresses on with names, telephone numbers, state of residence and passwords stored arsenic salted SHA-1 hashes. The information was provided to HIBP by dehashed.com.
Breach date: 17 September 2020
Date added to HIBP: 25 April 2021
Compromised accounts: 20,529,819
Compromised data: Email addresses, Geographic locations, Names, Passwords, Phone numbers
Permalink
Short Édition
In June 2021, the French publishing location of abbreviated lit Short Édition suffered a information breach that exposed 505k records. Impacted information included email and carnal addresses, names, usernames, telephone numbers, dates of birth, genders and passwords stored arsenic either salted SHA-1 oregon salted SHA-512 hashes. Short Édition self-submitted the impacted information to HIBP.
Breach date: 26 June 2021
Date added to HIBP: 19 July 2021
Compromised accounts: 505,466
Compromised data: Dates of birth, Email addresses, Genders, Names, Passwords, Phone numbers, Physical addresses, Social media profiles, Usernames
Permalink
Shotbow
In May 2016, the multiplayer server for Minecraft work Shotbow announced they'd suffered a information breach. The incidental resulted successful the vulnerability of implicit 1 cardinal unsocial email addresses, usernames and salted SHA-256 password hashes.
Breach date: 9 May 2016
Date added to HIBP: 29 October 2017
Compromised accounts: 1,052,753
Compromised data: Email addresses, Passwords, Usernames
Permalink
SirHurt
In April 2021, the the Roblox cheats website SirHurt suffered a information breach that exposed implicit 90k lawsuit records. The exposed information included email and IP addresses, usernames and passwords stored arsenic MD5 hashes.
Breach date: 23 April 2021
Date added to HIBP: 24 May 2022
Compromised accounts: 90,655
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
SitePoint
In June 2020, the web improvement tract SitePoint suffered a information breach that exposed implicit 1M lawsuit records. Impacted information included email and IP addresses, names, usernames, bios and passwords stored arsenic bcrypt hashes.
Breach date: 20 June 2020
Date added to HIBP: 17 August 2022
Compromised accounts: 1,021,790
Compromised data: Bios, Email addresses, IP addresses, Names, Passwords, Usernames
Permalink
SkTorrent
In February 2016, the Slovak torrent tracking tract SkTorrent was hacked and implicit 117k records leaked online. The information dump included usernames, email addresses and passwords stored successful plain text.
Breach date: 19 February 2016
Date added to HIBP: 23 February 2016
Compromised accounts: 117,070
Compromised data: Email addresses, Passwords, Usernames
Permalink
Slickwraps
In February 2020, the online store for user electronics wraps Slickwraps suffered a information breach. The incidental resulted successful the vulnerability of 858k unsocial email addresses crossed lawsuit records and newsletter subscribers. Additional impacted information included names, carnal addresses, telephone numbers and acquisition histories.
Breach date: 16 February 2020
Date added to HIBP: 22 February 2020
Compromised accounts: 857,611
Compromised data: Email addresses, Names, Phone numbers, Physical addresses, Purchases
Permalink
Smogon
In April 2018, the Pokémon website known arsenic Smogon announced they'd suffered a information breach. The breach dated backmost to September 2017 and affected their XenForo based forum. The exposed information included usernames, email addresses, genders and some bcrypt and MD5 password hashes.
Breach date: 10 September 2017
Date added to HIBP: 11 April 2018
Compromised accounts: 386,489
Compromised data: Email addresses, Genders, Geographic locations, Passwords, Usernames, Website activity
Permalink
Snail
In March 2015, the gaming website Snail suffered a information breach that impacted 1.4 cardinal subscribers. The impacted information included usernames, IP and email addresses and passwords stored arsenic unsalted MD5 hashes. The information was provided to HIBP by dehashed.com.
Breach date: 14 March 2015
Date added to HIBP: 27 July 2019
Compromised accounts: 1,410,899
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
Snapchat
In January 2014 conscionable 1 week aft Gibson Security elaborate vulnerabilities successful the service, Snapchat had 4.6 cardinal usernames and telephone fig exposed. The onslaught progressive brute unit enumeration of a ample fig of telephone numbers against the Snapchat API successful what appears to beryllium a effect to Snapchat's assertion that specified an onslaught was "theoretical". Consequently, the breach enabled idiosyncratic usernames (which are often utilized crossed different services) to beryllium resolved to telephone numbers which users usually privation to support private.
Breach date: 1 January 2014
Date added to HIBP: 2 January 2014
Compromised accounts: 4,609,615
Compromised data: Geographic locations, Phone numbers, Usernames
Permalink
Social Engineered
In June 2019, the "Art of Human Hacking" tract Social Engineered suffered a information breach. The breach of the MyBB forum was published connected a rival hacking forum and included 89k unsocial email addresses dispersed crossed 55k forum users and different tables successful the database. The exposed information besides included usernames, IP addresses, backstage messages and passwords stored arsenic salted MD5 hashes.
Breach date: 13 June 2019
Date added to HIBP: 23 June 2019
Compromised accounts: 89,392
Compromised data: Email addresses, IP addresses, Passwords, Private messages, Usernames
Permalink
Società Italiana degli Autori ed Editori
In November 2018, the Società Italiana degli Autori ed Editori (Italian Society of Authors and Publishers, oregon SIAE) was hacked, defaced and astir 4GB of information leaked publically via Twitter. The information included implicit 14k registered users' names, email addresses and passwords.
Breach date: 3 November 2018
Date added to HIBP: 7 November 2018
Compromised accounts: 14,609
Compromised data: Email addresses, IP addresses, Names, Passwords, Phone numbers
Permalink
Sonicbids
In December 2019, the booking website Sonicbids suffered a information breach which they attributed to "a information privateness lawsuit involving our third-party unreality hosting services". The breach contained 752k idiosyncratic records including names and usernames, email addresses and passwords stored arsenic PBKDF2 hashes. The information was provided to HIBP by breachbase.pw.
Breach date: 30 December 2019
Date added to HIBP: 18 August 2020
Compromised accounts: 751,700
Compromised data: Email addresses, Names, Passwords, Usernames
Permalink
Sony
In 2011, Sony suffered breach aft breach aft breach — it was a very atrocious twelvemonth for them. The breaches spanned assorted areas of the concern ranging from the PlayStation web each the mode done to the question representation arm, Sony Pictures. A SQL Injection vulnerability successful sonypictures.com pb to tens of thousands of accounts crossed aggregate systems being exposed implicit with plain substance passwords.
Breach date: 2 June 2011
Date added to HIBP: 4 December 2013
Compromised accounts: 37,103
Compromised data: Dates of birth, Email addresses, Genders, Names, Passwords, Phone numbers, Physical addresses, Usernames
Permalink
Soundwave
In astir mid 2015, the euphony tracking app Soundwave suffered a information breach. The breach stemmed from an incidental whereby "production information had been utilized to populate the trial database" and was past inadvertently exposed successful a MongoDB. The information contained 130k records and included email addresses, dates of birth, genders and MD5 hashes of passwords without a salt.
Breach date: 16 July 2015
Date added to HIBP: 17 March 2017
Compromised accounts: 130,705
Compromised data: Dates of birth, Email addresses, Genders, Geographic locations, Names, Passwords, Social connections
Permalink
Special K Data Feed Spam List
In mid to precocious 2015, a spam database known arsenic the Special K Data Feed was discovered containing astir 31M identities. The information includes idiosyncratic attributes specified arsenic names, carnal and IP addresses, genders, commencement dates and telephone numbers. Read much astir spam lists successful HIBP.
Breach date: 7 October 2015
Date added to HIBP: 24 November 2016
Compromised accounts: 30,741,620
Compromised data: Dates of birth, Email addresses, Genders, IP addresses, Names, Physical addresses
Permalink
Spirol
In February 2014, Connecticut based Spirol Fastening Solutions suffered a information breach that exposed implicit 70,000 lawsuit records. The onslaught was allegedly mounted by exploiting a SQL injection vulnerability which yielded information from Spirol’s CRM strategy ranging from customers’ names, companies, interaction accusation and implicit 55,000 unsocial email addresses.
Breach date: 22 February 2014
Date added to HIBP: 22 February 2014
Compromised accounts: 55,622
Compromised data: Email addresses, Employers, Job titles, Names, Phone numbers, Physical addresses
Permalink
SpyFone
In August 2018, the spyware institution SpyFone near terabytes of information publically exposed. Collected surreptitiously whilst the targets were utilizing their devices, the information included photos, audio recordings, substance messages and browsing past which were past exposed via a fig of misconfigurations wrong SpyFone's systems. The information belonged the thousands of SpyFone customers and included 44k unsocial email addresses, galore apt belonging to radical the targeted phones had interaction with.
Breach date: 16 August 2018
Date added to HIBP: 24 August 2018
Compromised accounts: 44,109
Compromised data: Audio recordings, Browsing histories, Device information, Email addresses, Geographic locations, IMEI numbers, IP addresses, Names, Passwords, Photos, SMS messages
Permalink
Staminus
In March 2016, the DDoS extortion work Staminus was "massively hacked" resulting successful an outage of much than 20 hours and the disclosure of lawsuit credentials (with unsalted MD5 hashes), enactment tickets, recognition paper numbers and different delicate data. 27k unsocial email addresses were recovered successful the information which was subsequently released to the public. Staminus is nary longer successful operation.
Breach date: 11 March 2016
Date added to HIBP: 5 October 2017
Compromised accounts: 26,815
Compromised data: Credit cards, Email addresses, IP addresses, Passwords, Support tickets, Usernames
Permalink
StarNet
In February 2015, the Moldavian ISP "StarNet" had it's database published online. The dump included astir 140k email addresses, galore with idiosyncratic details including interaction information, usage patterns of the ISP and adjacent passport numbers.
Breach date: 26 February 2015
Date added to HIBP: 11 April 2015
Compromised accounts: 139,395
Compromised data: Customer interactions, Dates of birth, Email addresses, Genders, IP addresses, MAC addresses, Names, Passport numbers, Passwords, Phone numbers
Permalink
StarTribune
In October 2019, the Minnesota-based quality work StarTribune suffered a information breach which was subsequently sold connected the acheronian web. The breach exposed implicit 2 cardinal unsocial email addresses alongside names, usernames, carnal addresses, dates of birth, genders and passwords stored arsenic bcrypt hashes. The information was provided to HIBP by dehashed.com.
Breach date: 10 October 2019
Date added to HIBP: 30 October 2020
Compromised accounts: 2,192,857
Compromised data: Dates of birth, Email addresses, Genders, Names, Passwords, Physical addresses, Usernames
Permalink
Ster-Kinekor
In 2016, the South African cinema institution Ster-Kinekor had a information flaw which leaked a ample magnitude of lawsuit information via an enumeration vulnerability successful the API of their aged website. Whilst much than 6 cardinal accounts were leaked by the flaw, the exposed information lone contained 1.6 cardinal unsocial email addresses. The information besides included extended idiosyncratic accusation specified arsenic names, addresses, birthdates, genders and plain substance passwords.
Breach date: 9 March 2017
Date added to HIBP: 13 March 2017
Compromised accounts: 1,619,544
Compromised data: Dates of birth, Email addresses, Genders, Names, Passwords, Phone numbers, Physical addresses, Spoken languages
Permalink
StockX
In July 2019, the manner and sneaker trading level StockX suffered a information breach which was subsequently sold via a acheronian webmarketplace. The exposed information included 6.8 cardinal unsocial email addresses, names, carnal addresses, purchases and passwords stored arsenic salted MD5 hashes. The information was provided to HIBP by dehashed.com.
Breach date: 26 July 2019
Date added to HIBP: 10 August 2019
Compromised accounts: 6,840,339
Compromised data: Email addresses, Names, Passwords, Physical addresses, Purchases, Usernames
Permalink
StoryBird
In August 2015, the storytelling work StoryBird suffered a information breach exposing 4 cardinal records with 1 cardinal unsocial email addresses. Impacted information besides included names, usernames and passwords stored arsenic PBKDF2 hashes. The information was provided to HIBP by dehashed.com.
Breach date: 7 August 2015
Date added to HIBP: 2 February 2021
Compromised accounts: 1,047,200
Compromised data: Email addresses, Names, Passwords, Usernames
Permalink
Straffic
In February 2020, Israeli selling institution Straffic exposed a database with 140GB of idiosyncratic data. The publically accessible Elasticsearch database contained implicit 300M rows with 49M unsocial email addresses. Exposed information besides included names, telephone numbers, carnal addresses and genders. In their breach disclosure message, Straffic stated that "it is intolerable to make a wholly immune system, and these things tin occur".
Breach date: 14 February 2020
Date added to HIBP: 27 February 2020
Compromised accounts: 48,580,249
Compromised data: Email addresses, Genders, Names, Phone numbers, Physical addresses
Permalink
Stratfor
In December 2011, "Anonymous" attacked the planetary quality institution known arsenic "Stratfor" and consequently disclosed a veritable treasure trove of information including hundreds of gigabytes of email and tens of thousands of recognition paper details which were promptly utilized by the attackers to marque charitable donations (among different uses). The breach besides included 860,000 idiosyncratic accounts implicit with email address, clip zone, immoderate interior strategy information and MD5 hashed passwords with nary salt.
Breach date: 24 December 2011
Date added to HIBP: 4 December 2013
Compromised accounts: 859,777
Compromised data: Credit cards, Email addresses, Names, Passwords, Phone numbers, Physical addresses, Usernames
Permalink
StreetEasy
In astir June 2016, the existent property website StreetEasy suffered a information breach. In total, 988k unsocial email addresses were included successful the breach alongside names, usernames and SHA-1 hashes of passwords, each of which appeared for merchantability connected a acheronian web marketplace successful February 2019. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".
Breach date: 28 June 2016
Date added to HIBP: 6 October 2019
Compromised accounts: 988,230
Compromised data: Email addresses, Names, Passwords, Usernames
Permalink
Stripchat
In November 2021, the unrecorded enactment cams and big chat website Stripchat near respective databases exposed and unsecured. In June the pursuing year, implicit 10M Stripchat records appeared connected a fashionable hacking forum. The exposed information included usernames, email addresses and IP addresses.
Breach date: 5 November 2021
Date added to HIBP: 31 August 2022
Compromised accounts: 10,001,355
Compromised data: Email addresses, IP addresses, Usernames
Permalink
Stronghold Kingdoms
In July 2018, the monolithic multiplayer online crippled Stronghold Kingdoms suffered a information breach. Almost 5.2 cardinal accounts were impacted by the incidental which exposed emails addresses, usernames and passwords stored arsenic salted SHA-1 hashes. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".
Breach date: 4 July 2018
Date added to HIBP: 21 July 2019
Compromised accounts: 5,187,305
Compromised data: Email addresses, Passwords, Usernames
Permalink
SubaGames
In November 2016, the crippled developer Suba Games suffered a information breach which led to the vulnerability of 6.1M unsocial email addresses. Impacted information besides included usernames and passwords, astir of which appeared circulating successful the breached record successful plain substance aft being cracked from salted MD5 hashes. The information was provided to HIBP by dehashed.com.
Breach date: 1 November 2016
Date added to HIBP: 25 August 2021
Compromised accounts: 6,137,666
Compromised data: Email addresses, Passwords, Usernames
Permalink
Sumo Torrent
In June 2014, the torrent tract Sumo Torrent was hacked and 285k subordinate records were exposed. The information included IP addresses, email addresses and passwords stored arsenic anemic MD5 hashes.
Breach date: 21 June 2014
Date added to HIBP: 9 March 2016
Compromised accounts: 285,191
Compromised data: Email addresses, IP addresses, Passwords, Usernames, Website activity
Permalink
SuperVPN & GeckoVPN
In February 2021, a bid of "free" VPN services were breached including SuperVPN and GeckoVPN, exposing implicit 20M records. The information appeared unneurotic successful a azygous record with a tiny fig of records besides included from FlashVPN, suggesting that each 3 brands whitethorn stock the aforesaid platform. Impacted information besides included email addresses, the state logged successful from and the day and clip each login occurred alongside instrumentality accusation including the marque and model, IMSI fig and serial number. The information was provided to HIBP by a root who requested it beryllium attributed to [email protected]
Breach date: 25 February 2021
Date added to HIBP: 28 February 2021
Compromised accounts: 20,339,937
Compromised data: Device information, Device serial numbers, Email addresses, Geographic locations, IMSI numbers, Login histories
Permalink
SvenskaMagic
Sometime successful 2015, the Swedish magic website SvenskaMagic suffered a information breach that exposed implicit 30k records. The compromised information included usernames, email addresses and MD5 password hashes. The information was self-submitted to HIBP by SvenskaMagic.
Breach date: 1 July 2015
Date added to HIBP: 30 August 2018
Compromised accounts: 30,327
Compromised data: Email addresses, Passwords, Usernames
Permalink
SweClockers.com
In aboriginal 2015, the Swedish tech quality tract SweClockers was hacked and 255k accounts were exposed. The onslaught led to the vulnerability of usernames, email addresses and salted hashes of passwords stored with a operation of MD5 and SHA512.
Breach date: 1 April 2015
Date added to HIBP: 22 March 2017
Compromised accounts: 254,867
Compromised data: Email addresses, Passwords, Usernames
Permalink
Swvl
In June 2020, the Egyptian autobus relation Swvl suffered a information breach which impacted implicit 4 cardinal members of the service. The exposed information included names, email addresses, telephone numbers, illustration photos, partial recognition paper information (type and past 4 digits) and passwords stored arsenic bcrypt hashes, each of which was subsequently shared extensively passim online hacking communities. The information was provided to HIBP by breachbase.pw.
Breach date: 23 June 2020
Date added to HIBP: 31 July 2020
Compromised accounts: 4,195,918
Compromised data: Email addresses, Names, Partial recognition paper data, Passwords, Phone numbers, Profile photos
Permalink
TaiLieu
In November 2019, the Vietnamese acquisition website TaiLieu allegedly suffered a information breach exposing 7.3M lawsuit records. Impacted information included names and usernames, email addresses, dates of birth, genders and passwords stored arsenic unsalted MD5 hashes. The information was provided to HIBP by dehashed.com aft being shared connected a fashionable hacking forum. TaiLieu did not respond erstwhile contacted astir the incident.
Breach date: 24 November 2019
Date added to HIBP: 3 May 2020
Compromised accounts: 7,327,477
Compromised data: Dates of birth, Email addresses, Genders, Geographic locations, Names, Passwords, Phone numbers, Usernames
Permalink
Tamodo
In February 2020, the affiliate selling web Tamodo suffered a information breach which was subsequently shared connected a fashionable hacking forum. The incidental exposed astir 500k accounts including names, email addresses, dates of commencement and passwords stored arsenic bcrypt hashes. Tamodo failed to respond to aggregate attempts to study the breach via published connection channels.
Breach date: 28 February 2020
Date added to HIBP: 24 March 2020
Compromised accounts: 494,945
Compromised data: Dates of birth, Email addresses, Genders, Geographic locations, IP addresses, Names, Passwords
Permalink
Taobao
In astir 2012, it's alleged that the Chinese buying tract known arsenic Taobao suffered a information breach that impacted implicit 21 cardinal subscribers. Whilst determination is grounds that the information is legitimate, owed to the trouble of emphatically verifying the Chinese breach it has been flagged arsenic "unverified". The information successful the breach contains email addresses and plain substance passwords. Read much astir Chinese information breaches successful Have I Been Pwned.
Breach date: 1 January 2012
Date added to HIBP: 8 October 2016
Compromised accounts: 21,149,008
Compromised data: Email addresses, Passwords
Permalink
TAP Air Portugal
In August 2022, the Portuguese hose TAP Air Portugal was the people of a ransomware onslaught perpetrated by the Ragnar Locker gang who aboriginal leaked the compromised information via a nationalist acheronian web site. Over 5M unsocial email addresses were exposed alongside different idiosyncratic information including names, genders, DoBs, telephone numbers and carnal addresses.
Breach date: 25 August 2022
Date added to HIBP: 23 September 2022
Compromised accounts: 5,067,990
Compromised data: Dates of birth, Email addresses, Genders, Names, Nationalities, Phone numbers, Physical addresses, Salutations, Spoken languages
Permalink
Team SoloMid
In December 2014, the physics sports organisation known arsenic Team SoloMid was hacked and 442k members accounts were leaked. The accounts included email and IP addresses, usernames and salted hashes of passwords.
Breach date: 22 December 2014
Date added to HIBP: 9 March 2016
Compromised accounts: 442,166
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
Technic
In November 2018, the Minecraft modpack level known arsenic Technic suffered a information breach. Technic promptly disclosed the breach and advised that the impacted information included implicit 265k unsocial users' email and IP addresses, chat logs, backstage messages and passwords stored arsenic bcrypt hashes with a enactment origin of 13. Technic self-submitted the breach to HIBP.
Breach date: 30 November 2018
Date added to HIBP: 4 December 2018
Compromised accounts: 265,410
Compromised data: Chat logs, Email addresses, IP addresses, Passwords, Private messages, Time zones
Permalink
Telecom Regulatory Authority of India
In April 2015, the Telecom Regulatory Authority of India (TRAI) published tens of 1000 of emails sent by Indian citizens supporting nett neutrality arsenic portion of the SaveTheInternet campaign. The published information included lists of emails including the sender's sanction and email code arsenic good arsenic the contents of the email arsenic well, often with signatures including different idiosyncratic data.
Breach date: 27 April 2015
Date added to HIBP: 27 April 2015
Compromised accounts: 107,776
Compromised data: Email addresses, Email messages
Permalink
Teracod
In May 2015, astir 100k idiosyncratic records were extracted from the Hungarian torrent tract known arsenic Teracod. The information was aboriginal discovered being torrented itself and included email addresses, passwords, backstage messages betwixt members and the peering past of IP addresses utilizing the service.
Breach date: 28 May 2016
Date added to HIBP: 22 August 2016
Compromised accounts: 97,151
Compromised data: Avatars, Email addresses, IP addresses, Passwords, Payment histories, Private messages, Usernames, Website activity
Permalink
TGBUS
In astir 2017, it's alleged that the Chinese gaming tract known arsenic TGBUS suffered a information breach that impacted implicit 10 cardinal unsocial subscribers. Whilst determination is grounds that the information is legitimate, owed to the trouble of emphatically verifying the Chinese breach it has been flagged arsenic "unverified". The information successful the breach contains usernames, email addresses and salted MD5 password hashes and was provided with enactment from dehashed.com. Read much astir Chinese information breaches successful Have I Been Pwned.
Breach date: 1 September 2017
Date added to HIBP: 28 April 2018
Compromised accounts: 10,371,766
Compromised data: Email addresses, Passwords, Usernames
Permalink
The Candid Board
In September 2015, the non-consensual voyeurism tract "The Candid Board" suffered a information breach. The hack of the vBulletin forum led to the vulnerability of implicit 178k accounts on with email and IP addresses, dates of commencement and salted passwords hashed with MD5.
Breach date: 3 September 2015
Date added to HIBP: 22 January 2017
Compromised accounts: 178,201
Compromised data: Dates of birth, Email addresses, Geographic locations, IP addresses, Passwords, Usernames, Website activity
Permalink
The Fappening
In December 2015, the forum for discussing bare personage photos known arsenic "The Fappening" (named aft the iCloud leaks of 2014) was compromised and 179k accounts were leaked. Exposed subordinate information included usernames, email addresses and salted hashes of passwords.
Breach date: 1 December 2015
Date added to HIBP: 13 April 2016
Compromised accounts: 179,030
Compromised data: Email addresses, Passwords, Usernames
Permalink
The Fly connected the Wall
In December 2017, the banal marketplace quality website The Fly connected the Wall suffered a information breach. The information successful the breach included 84k unsocial email addresses arsenic good arsenic acquisition histories and recognition paper data. Numerous attempts were made to interaction The Fly connected the Wall astir the incident, nevertheless nary responses were received.
Breach date: 31 December 2017
Date added to HIBP: 15 January 2018
Compromised accounts: 84,011
Compromised data: Age groups, Credit cards, Email addresses, Genders, Names, Passwords, Phone numbers, Physical addresses, Purchases, Usernames
Permalink
The Halloween Spot
In September 2019, the Halloween costume store The Halloween Spot suffered a information breach. Originally misattributed to fancy formal store Smiffys, the breach contained 13GB of information with implicit 10k unsocial email addresses alongside names, carnal and IP addresses, telephone numbers and bid histories. The Halloween Spot advised customers the breach was traced backmost to "an aged shipping accusation database".
Breach date: 27 September 2019
Date added to HIBP: 16 March 2020
Compromised accounts: 10,653
Compromised data: Email addresses, IP addresses, Names, Phone numbers, Physical addresses, Purchases
Permalink
TheTVDB.com
In November 2017, the unfastened tv database known arsenic TheTVDB.com suffered a information breach. The breached information was posted to a hacking forum and included 182k records with usernames, email addresses and MySQL password hashes.
Breach date: 21 November 2017
Date added to HIBP: 29 January 2018
Compromised accounts: 181,871
Compromised data: Email addresses, Passwords, Usernames
Permalink
Thingiverse
In October 2021, a database backup taken from the 3D exemplary sharing work Thingiverse began extensively circulating wrong the hacking community. Dating backmost to October 2020, the 36GB record contained 228 1000 unsocial email addresses, mostly alongside comments near connected 3D models. The information besides included usernames, IP addresses, afloat names and passwords stored arsenic either unsalted SHA-1 oregon bcrypt hashes. In immoderate cases, carnal addresses was besides exposed. Thingiverse's owner, MakerBot, is alert of the incidental but astatine the clip of writing, is yet to contented a disclosure statement. The information was provided to HIBP by dehashed.com.
Breach date: 13 October 2020
Date added to HIBP: 14 October 2021
Compromised accounts: 228,102
Compromised data: Dates of birth, Email addresses, IP addresses, Names, Passwords, Physical addresses, Usernames
Permalink
ThisHabbo Forum
In 2014, the ThisHabbo forum (a instrumentality tract for Habbo.com, a Finnish societal networking site) appeared among a database of compromised sites which has subsequently been removed from the internet. Whilst the existent day of the exploit is not clear, the breached information includes usernames, email addresses, IP addresses and salted hashes of passwords. A further 584k records were added from a much broad breach record provided successful October 2016.
Breach date: 1 January 2014
Date added to HIBP: 28 March 2015
Compromised accounts: 612,414
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
Tianya
In December 2011, China's largest online forum known arsenic Tianya was hacked and tens of millions of accounts were obtained by the attacker. The leaked information included names, usernames and email addresses.
Breach date: 26 December 2011
Date added to HIBP: 30 June 2016
Compromised accounts: 29,020,808
Compromised data: Email addresses, Names, Usernames
Permalink
Ticketcounter
In August 2020, the Dutch ticketing work Ticketcounter inadvertently published a database backup to a publically accessible determination wherever it was past recovered and downloaded successful February 2021. The information contained 1.9M unsocial email addresses which were offered for merchantability connected a hacking forum alongside names, carnal and IP addresses, genders, dates of birth, outgo histories and successful immoderate cases, slope relationship numbers. Ticketcounter was aboriginal held to ransom with the menace of the breached being released publicly. The information was provided to HIBP by a root who requested it beryllium attributed to [email protected]
Breach date: 22 February 2021
Date added to HIBP: 1 March 2021
Compromised accounts: 1,921,722
Compromised data: Bank relationship numbers, Dates of birth, Email addresses, Genders, IP addresses, Names, Payment histories, Phone numbers, Physical addresses
Permalink
Ticketfly
In May 2018, the website for the summons organisation work Ticketfly was defaced by an attacker and was subsequently taken offline. The attacker allegedly requested a ransom to stock details of the vulnerability with Ticketfly but did not person a reply and subsequently posted the breached information online to a publically accessible location. The information included implicit 26 cardinal unsocial email addresses on with names, carnal addresses and telephone numbers. Whilst determination were nary passwords successful the publically leaked data, Ticketfly aboriginal issued an incidental update and stated that "It is possible, however, that hashed values of password credentials could person been accessed".
Breach date: 31 May 2018
Date added to HIBP: 3 June 2018
Compromised accounts: 26,151,608
Compromised data: Email addresses, Names, Phone numbers, Physical addresses
Permalink
Tokopedia
In April 2020, Indonesia's largest online store Tokopedia suffered a information breach. The incidental resulted successful 15M rows of information being posted to a fashionable hacking forum. An further 76M rows were aboriginal provided to HIBP successful July 2020. In total, the information included implicit 71M unsocial email addresses alongside names, genders, commencement dates and passwords stored arsenic SHA2-384 hashes.
Breach date: 17 April 2020
Date added to HIBP: 2 May 2020
Compromised accounts: 71,443,698
Compromised data: Dates of birth, Email addresses, Genders, Names, Passwords
Permalink
ToonDoo
In August 2019, the comic portion instauration website ToonDoo suffered a information breach. The information was subsequently redistributed connected a fashionable hacking forum successful November wherever the idiosyncratic accusation of implicit 6M subscribers was shared. Impacted information included email and IP addresses, usernames, genders, the determination of the idiosyncratic and salted password hashes.
Breach date: 21 August 2019
Date added to HIBP: 11 November 2019
Compromised accounts: 6,002,694
Compromised data: Email addresses, Genders, Geographic locations, IP addresses, Passwords, Usernames
Permalink
Torrent Invites
In December 2013, the torrent tract Torrent Invites was hacked and implicit 352k accounts were exposed. The vBulletin forum contained usernames, email and IP addresses, commencement dates and salted MD5 hashes of passwords.
Breach date: 12 December 2013
Date added to HIBP: 22 March 2017
Compromised accounts: 352,120
Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames, Website activity
Permalink
Tout
In astir September 2014, the present defunct societal networking work Tout suffered a information breach. The breach subsequently appeared years aboriginal and included 653k unsocial email addresses, names, IP addresses, the determination of the user, their bio and passwords stored arsenic bcrypt hashes. The information was provided to HIBP by a root who requested it to beryllium attributed to "[email protected]".
Breach date: 11 September 2014
Date added to HIBP: 25 January 2020
Compromised accounts: 652,683
Compromised data: Bios, Email addresses, Geographic locations, IP addresses, Names, Passwords, Usernames
Permalink
Travel Oklahoma
In December 2020, the Oklahoma authorities Tourism and Recreation Department suffered a information breach. The incidental exposed 637k email addresses crossed a assortment of tables including property ranges against brochure orders and dates of commencement against contention entries. Genders, names and carnal addresses were besides exposed. The information was provided to HIBP by a root who requested it beryllium attributed to "badhou3a".
Breach date: 17 December 2020
Date added to HIBP: 10 March 2021
Compromised accounts: 637,279
Compromised data: Age groups, Dates of birth, Email addresses, Genders, Names, Physical addresses
Permalink
Travelio
In November 2021, the Indonesian existent property website Travelio suffered a information breach that exposed implicit 470k lawsuit accounts. The information included email addresses, names, password hashes, telephone numbers and for immoderate accounts, dates of birth, carnal code and Facebook auth tokens. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".
Breach date: 23 November 2021
Date added to HIBP: 8 April 2022
Compromised accounts: 471,376
Compromised data: Auth tokens, Dates of birth, Email addresses, Names, Passwords, Phone numbers, Physical addresses
Permalink
Trik Spam Botnet
In June 2018, the bid and power server of a malicious botnet known arsenic the "Trik Spam Botnet" was misconfigured specified that it exposed the email addresses of much than 43 cardinal people. The researchers who discovered the exposed Russian server judge the database of addresses was utilized to administer assorted malware strains via malspam campaigns (emails designed to present malware).
Breach date: 12 June 2018
Date added to HIBP: 14 June 2018
Compromised accounts: 43,432,346
Compromised data: Email addresses
Permalink
Trillian
In December 2015, the instant messaging exertion Trillian suffered a information breach. The breach became known successful July 2016 and exposed assorted idiosyncratic information attributes including names, email addresses and passwords stored arsenic salted MD5 hashes.
Breach date: 27 December 2015
Date added to HIBP: 15 July 2016
Compromised accounts: 3,827,238
Compromised data: Dates of birth, Email addresses, IP addresses, Names, Passwords, Usernames
Permalink
TrueFire
In February 2020, the guitar tuition website TrueFire suffered a information breach which impacted 600k members. The breach exposed extended idiosyncratic accusation including names, email and carnal addresses, relationship balances and unsalted MD5 password hashes. The information was provided to HIBP by dehashed.com.
Breach date: 21 February 2020
Date added to HIBP: 2 August 2020
Compromised accounts: 599,667
Compromised data: Account balances, Dates of birth, Email addresses, Names, Passwords, Phone numbers, Physical addresses, Usernames
Permalink
tumblr
In aboriginal 2013, tumblr suffered a information breach which resulted successful the vulnerability of implicit 65 cardinal accounts. The information was aboriginal enactment up for merchantability connected a acheronian marketplace website and included email addresses and passwords stored arsenic salted SHA1 hashes.
Breach date: 28 February 2013
Date added to HIBP: 29 May 2016
Compromised accounts: 65,469,298
Compromised data: Email addresses, Passwords
Permalink
In January 2022, a vulnerability successful Twitter's level allowed an attacker to physique a database of the email addresses and telephone numbers of millions of users of the societal platform. In a disclosure announcement aboriginal shared successful August 2022, Twitter advised that the vulnerability was related to a bug introduced successful June 2021 and that they are straight notifying impacted customers. The impacted information included either email code oregon telephone fig alongside different nationalist accusation including the username, show name, bio, determination and illustration photo. The information included 6.7M unsocial email addresses crossed some progressive and suspended accounts, the second appearing successful a abstracted database of 1.4M addresses.
Breach date: 1 January 2022
Date added to HIBP: 13 August 2022
Compromised accounts: 6,682,453
Compromised data: Bios, Email addresses, Geographic locations, Names, Phone numbers, Profile photos, Usernames
Permalink
Twitter (200M)
In aboriginal 2023, over 200M records scraped from Twitter appeared connected a fashionable hacking forum. The information was obtained sometime successful 2021 by abusing an API that enabled email addresses to beryllium resolved to Twitter profiles. The consequent results were past composed into a corpus of information containing email addresses alongside nationalist Twitter illustration accusation including names, usernames and follower counts.
Breach date: 1 January 2021
Date added to HIBP: 5 January 2023
Compromised accounts: 211,524,284
Compromised data: Email addresses, Names, Social media profiles, Usernames
Permalink
Uiggy
In June 2016, the Facebook exertion known arsenic Uiggy was hacked and 4.3M accounts were exposed, 2.7M of which had email addresses against them. The leaked accounts besides exposed names, genders and the Facebook ID of the owners.
Breach date: 1 June 2016
Date added to HIBP: 27 June 2016
Compromised accounts: 2,682,650
Compromised data: Email addresses, Genders, Names, Social connections, Website activity
Permalink
Ulmon
In January 2020, the question app creator Ulmon suffered a information breach. The work had astir 1.3M records with 777k unsocial email addresses, names, passwords stored arsenic bcrypt hashes and successful immoderate cases, societal media illustration IDs, telephone numbers and bios. The information was subsequently posted to a fashionable hacking forum.
Breach date: 26 January 2020
Date added to HIBP: 8 May 2020
Compromised accounts: 777,769
Compromised data: Bios, Email addresses, Names, Passwords, Phone numbers, Social media profiles
Permalink
UN Internet Governance Forum
In February 2014, the Internet Governance Forum (formed by the United Nations for argumentation dialog connected issues of net governance) was attacked by hacker corporate known arsenic Deletesec. Although tasked with "ensuring the information and stableness of the Internet", the IGF’s website was inactive breached and resulted successful the leak of 3,200 email addresses, names, usernames and cryptographically stored passwords.
Breach date: 20 February 2014
Date added to HIBP: 23 February 2014
Compromised accounts: 3,200
Compromised data: Email addresses, Names, Passwords, Usernames
Permalink
Underworld Empire
In April 2017, the vBulletin forum for the Underworld Empire game suffered a information breach that exposed 429k accounts. The information was past posted to a hacking forum successful mid-February 2018 wherever it was made disposable to download. The root information contained IP and email addresses, usernames and salted MD5 hashes.
Breach date: 25 April 2017
Date added to HIBP: 19 February 2018
Compromised accounts: 428,779
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
Unico Campania
In August 2020, the Neapolitan nationalist transport website Unico Campania was hacked and the information extensively circulated. The breach contained 166k idiosyncratic records with email addresses and plain substance passwords.
Breach date: 19 August 2020
Date added to HIBP: 19 August 2020
Compromised accounts: 166,031
Compromised data: Email addresses, Passwords
Permalink
Universarium
In astir November 2019, the Russian "Remote preparatory module for IT specialties" Universarium suffered a information breach. The incidental exposed 565k email addresses and passwords successful plain text. Universarium did not respond to aggregate attempts to marque interaction implicit a play of galore weeks. The information was provided to HIBP by dehashed.com.
Breach date: 1 November 2019
Date added to HIBP: 3 January 2020
Compromised accounts: 564,962
Compromised data: Email addresses, Passwords
Permalink
University of California
In December 2020, the University of California suffered a information breach owed to vulnerability successful in a third-party provider, Accellion. The breach exposed extended idiosyncratic information connected some students and unit including 547 1000 unsocial email addresses, names, dates of birth, genders, societal information numbers, ethnicities and different world related information attributes. Further investigation is disposable successful Exploring the Impact of the UC Data Breach. The information was provided to HIBP courtesy of Cyril Gorlla.
Breach date: 24 December 2020
Date added to HIBP: 20 June 2021
Compromised accounts: 547,422
Compromised data: Dates of birth, Education levels, Email addresses, Ethnicities, Genders, Job titles, Names, Phone numbers, Physical addresses, Social information numbers
Permalink
Unreal Engine
In August 2016, the Unreal Engine Forum suffered a information breach, allegedly owed to a SQL injection vulnerability successful vBulletin. The onslaught resulted successful the vulnerability of 530k accounts including usernames, email addresses and salted MD5 hashes of passwords.
Breach date: 11 August 2016
Date added to HIBP: 7 November 2016
Compromised accounts: 530,147
Compromised data: Email addresses, Passwords, Usernames
Permalink
Unverified Data Source
In January 2021, implicit 11M unsocial email addresses were discovered by Night Lion Security alongside an extended magnitude of idiosyncratic accusation including names, carnal and IP addresses, telephone numbers and dates of birth. Some records besides contained societal information numbers, driver's licence details, idiosyncratic fiscal accusation and health-related data, depending connected wherever the accusation was sourced from. Initially attributed to Astoria Company, they subsequently investigated the incidental and confirmed the information did not originate from their services.
Breach date: 26 January 2021
Date added to HIBP: 24 March 2021
Compromised accounts: 11,498,146
Compromised data: Bank relationship numbers, Credit presumption information, Dates of birth, Email addresses, Employers, Health security information, Income levels, IP addresses, Names, Personal wellness data, Phone numbers, Physical addresses, Smoking habits, Social information numbers
Permalink
Upstox
In April 2021, Indian brokerage steadfast Upstox suffered a information breach. The incidental exposed extended idiosyncratic accusation connected implicit 100k customers including names, genders, dates of birth, carnal addresses, banking accusation and passwords stored arsenic bcrypt hashes. Extensive "know your customer" accusation was besides exposed including scans of slope statements, cheques and individuality documents implicit with Aadhaar numbers. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".
Breach date: 8 April 2021
Date added to HIBP: 19 January 2022
Compromised accounts: 111,002
Compromised data: Bank relationship numbers, Dates of birth, Email addresses, Family members' names, Genders, Government issued IDs, Income levels, Marital statuses, Nationalities, Occupations, Passwords, Phone numbers, Physical addresses
Permalink
Utah Gun Exchange
In July 2020, the Utah Gun Exchange website suffered a information breach which included respective different associated websites. In total, 235k unsocial email addresses were exposed earlier being traded online alongside names, usernames, genders, IP addresses and password hashes. The information was provided to HIBP by breachbase.pw.
Breach date: 17 July 2020
Date added to HIBP: 19 August 2020
Compromised accounts: 235,233
Compromised data: Email addresses, Genders, IP addresses, Passwords, Usernames
Permalink
uTorrent
In aboriginal 2016, the forum for the uTorrent BitTorrent lawsuit suffered a information breach which came to airy aboriginal successful the year. The database from the IP.Board based forum contained 395k accounts including usernames, email addresses and MD5 password hashes without a salt.
Breach date: 14 January 2016
Date added to HIBP: 5 November 2016
Compromised accounts: 395,044
Compromised data: Email addresses, Passwords, Usernames
Permalink
uuu9
In September 2016, information was allegedly obtained from the Chinese website known arsenic uuu9.com and contained 7.5M accounts. Whilst determination is grounds that the information is legitimate, owed to the trouble of emphatically verifying the Chinese breach it has been flagged arsenic "unverified". The information successful the breach contains email addresses and idiosyncratic names. Read much astir Chinese information breaches successful Have I Been Pwned.
Breach date: 6 September 2016
Date added to HIBP: 27 December 2016
Compromised accounts: 7,485,802
Compromised data: Email addresses, Passwords, Usernames
Permalink
Vakinha
In June 2020, the Brazilian money raising work Vakinha suffered a information breach which impacted astir 4.8 cardinal members. The exposed information included email addresses, names, telephone numbers, geographic locations and passwords stored arsenic bcrypt hashes, each of which was subsequently shared extensively passim online hacking communities. The information was provided to HIBP by dehashed.com.
Breach date: 22 June 2020
Date added to HIBP: 1 August 2020
Compromised accounts: 4,775,203
Compromised data: Dates of birth, Email addresses, IP addresses, Names, Passwords, Phone numbers
Permalink
Vastaamo
In October 2020, the Finnish psychotherapy work Vastaamo was the taxable of a ransomware onslaught targeting archetypal the institution itself, followed by their patients directly. The archetypal information incidental dates backmost to a play betwixt precocious 2018 and aboriginal 2019 and exposed information including 30k unsocial email addresses, names, societal information numbers and notes connected individuals' psychotherapy sessions. This breach has been flagged arsenic "sensitive" and is lone searchable by owners of the email addresses and domains exposed successful the incident.
Breach date: 31 March 2019
Date added to HIBP: 17 July 2021
Compromised accounts: 30,433
Compromised data: Email addresses, Names, Personal wellness data, Social information numbers
Permalink
vBulletin
In November 2015, the forum bundle shaper vBulletin suffered a superior information breach. The onslaught pb to the merchandise of some forum idiosyncratic and lawsuit accounts totalling astir 519k records. The breach included email addresses, commencement dates, information questions and answers for customers and salted hashes of passwords for some sources.
Breach date: 3 November 2015
Date added to HIBP: 24 January 2016
Compromised accounts: 518,966
Compromised data: Dates of birth, Email addresses, Homepage URLs, Instant messenger identities, IP addresses, Passwords, Security questions and answers, Spoken languages, Website activity
Permalink
Vedantu
In mid-2019, the Indian interactive online tutoring level Vedantu suffered a information breach which exposed the idiosyncratic information of 687k users. The JSON formatted database dump exposed extended idiosyncratic accusation including email and IP address, names, telephone numbers, genders and passwords stored arsenic bcrypt hashes. When contacted astir the incident, Vedantu advised that they were alert of the breach and were successful the process of informing their customers.
Breach date: 8 July 2019
Date added to HIBP: 1 November 2019
Compromised accounts: 686,899
Compromised data: Browser idiosyncratic cause details, Email addresses, Genders, IP addresses, Names, Passwords, Phone numbers, Spoken languages, Time zones, Website activity
Permalink
Verifications.io
In February 2019, the email code validation work verifications.io suffered a information breach. Discovered by Bob Diachenko and Vinny Troia, the breach was owed to the information being stored successful a MongoDB lawsuit near publically facing without a password and resulted successful 763 cardinal unsocial email addresses being exposed. Many records wrong the information besides included further idiosyncratic attributes specified arsenic names, telephone numbers, IP addresses, dates of commencement and genders. No passwords were included successful the data. The Verifications.io website went offline during the disclosure process, though an archived transcript remains viewable.
Breach date: 25 February 2019
Date added to HIBP: 9 March 2019
Compromised accounts: 763,117,241
Compromised data: Dates of birth, Email addresses, Employers, Genders, Geographic locations, IP addresses, Job titles, Names, Phone numbers, Physical addresses
Permalink
Vianet
In April 2020, the Nepalese net work supplier Vianet suffered a information breach. The onslaught connected the ISP led to the vulnerability of 177k lawsuit records including 94k unsocial email addresses. Also exposed were names, telephone numbers and carnal addresses.
Breach date: 8 April 2020
Date added to HIBP: 22 April 2020
Compromised accounts: 94,353
Compromised data: Email addresses, Names, Phone numbers, Physical addresses
Permalink
Victory Phones
In January 2017, the automated telephony services institution Victory Phones near a Mongo DB database publically facing without a password. Subsequently, 213GB of information was downloaded by an unauthorised enactment including names, addresses, telephone numbers and implicit 166k unsocial email addresses.
Breach date: 1 January 2017
Date added to HIBP: 11 October 2017
Compromised accounts: 166,046
Compromised data: Dates of birth, Email addresses, IP addresses, Names, Phone numbers, Physical addresses
Permalink
ViewFines
In May 2018, the South African website for viewing postulation fines online known arsenic ViewFines suffered a information breach. Over 934k records containing 778k unsocial email addresses were exposed and included names, telephone numbers, authorities issued IDs and passwords stored successful plain text.
Breach date: 7 May 2018
Date added to HIBP: 24 May 2018
Compromised accounts: 777,649
Compromised data: Email addresses, Government issued IDs, Names, Passwords, Phone numbers
Permalink
VK
In astir 2012, the Russian societal media tract known arsenic VK was hacked and astir 100 cardinal accounts were exposed. The information emerged successful June 2016 wherever it was being sold via a acheronian marketplace website and included names, telephone numbers email addresses and plain substance passwords.
Breach date: 1 January 2012
Date added to HIBP: 9 June 2016
Compromised accounts: 93,338,602
Compromised data: Email addresses, Names, Passwords, Phone numbers
Permalink
VNG
In April 2018, news broke of a monolithic information breach impacting the Vietnamese institution known arsenic VNG aft information was discovered being traded connected a fashionable hacking forum wherever it was extensively redistributed. The breach dated backmost to an incidental successful May of 2015 and included of implicit 163 cardinal customers. The information successful the breach contained a wide scope of idiosyncratic attributes including usernames, commencement dates, genders and location addresses on with unsalted MD5 hashes and 25 cardinal unsocial email addresses. The information was provided to HIBP by dehashed.com.
Breach date: 19 May 2015
Date added to HIBP: 28 April 2018
Compromised accounts: 24,853,850
Compromised data: Dates of birth, Email addresses, Genders, IP addresses, Marital statuses, Names, Occupations, Passwords, Phone numbers, Physical addresses, Usernames
Permalink
Vodafone
In November 2013, Vodafone successful Iceland suffered an attack attributed to the Turkish hacker corporate "Maxn3y". The information was consequently publically exposed and included idiosyncratic names, email addresses, societal information numbers, SMS message, server logs and passwords from a assortment of antithetic interior sources.
Breach date: 30 November 2013
Date added to HIBP: 30 November 2013
Compromised accounts: 56,021
Compromised data: Credit cards, Email addresses, Government issued IDs, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Purchases, SMS messages, Usernames
Permalink
Void.to
In June 2019, the hacking website Void.to suffered a information breach. There were 95k unsocial email addresses dispersed crossed 86k forum users and different tables successful the database. A rival hacking website claimed work for breaching the MyBB based forum which disclosed email and IP addresses, usernames, backstage messages and passwords stored arsenic either salted MD5 oregon bcrypt hashes.
Breach date: 13 June 2019
Date added to HIBP: 11 September 2019
Compromised accounts: 95,431
Compromised data: Email addresses, IP addresses, Passwords, Private messages, Usernames
Permalink
VTech
In November 2015, hackers extracted much than 4.8 cardinal parents' and 227k children's accounts from VTech's Learning Lodge website. The Hong Kong institution produces learning products for children including bundle sold via the compromised website. The information breach exposed extended idiosyncratic details including location addresses, information questions and answers and passwords stored arsenic anemic MD5 hashes. Furthermore, children's details including names, ages, genders and associations to their parents' records were besides exposed.
Breach date: 13 November 2015
Date added to HIBP: 25 November 2015
Compromised accounts: 4,833,678
Compromised data: Dates of birth, Email addresses, Family members' names, Genders, IP addresses, Names, Passwords, Physical addresses, Security questions and answers, Usernames, Website activity
Permalink
V-Tight Gel
In astir February 2016, information surfaced which was allegedly obtained from V-Tight Gel (vaginal tightening gel). Whilst the information acceptable was titled V-Tight, wrong determination were 50 different (predominantly wellness-related) domain names, astir owned by the aforesaid entity. Multiple HIBP subscribers confirmed that though they couldn't callback providing information specifically to V-Tight, their idiosyncratic accusation including name, telephone and carnal code was accurate. V-Tight Gel did not reply to aggregate requests for comment.
Breach date: 13 February 2016
Date added to HIBP: 17 November 2017
Compromised accounts: 2,013,164
Compromised data: Email addresses, IP addresses, Names, Phone numbers, Physical addresses
Permalink
Wakanim
In August 2022, the European streaming work Wakanim suffered a information breach which was subsequently advertised and sold connected a fashionable hacking forum. The breach exposed 6.7M lawsuit records including email, IP and carnal addresses, names and usernames.
Breach date: 28 August 2022
Date added to HIBP: 6 October 2022
Compromised accounts: 6,706,951
Compromised data: Browser idiosyncratic cause details, Email addresses, IP addresses, Names, Physical addresses, Usernames
Permalink
Wanelo
In astir December 2018, the integer promenade Wanelo suffered a information breach. The information was aboriginal placed up for merchantability connected a acheronian web marketplace on with a postulation of different information breaches successful April 2019. A full of 23 cardinal unsocial email addresses were included successful the breach alongside passwords stored arsenic either MD5 oregon bcrypt hashes. After the archetypal HIBP load, further information containing names, shipping addresses and IP addresses were besides provided to HIBP, albeit without nonstop relation to the email addresses and passwords. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".
Breach date: 13 December 2018
Date added to HIBP: 30 September 2019
Compromised accounts: 23,165,793
Compromised data: Email addresses, IP addresses, Names, Passwords, Physical addresses
Permalink
War Inc.
In mid-2012, the real-time strategy crippled War Inc. suffered a information breach. The onslaught resulted successful the vulnerability of implicit 1 cardinal accounts including usernames, email addresses and salted MD5 hashes of passwords.
Breach date: 4 July 2012
Date added to HIBP: 7 November 2016
Compromised accounts: 1,020,136
Compromised data: Email addresses, Passwords, Usernames, Website activity
Permalink
Warframe
In November 2014, the online crippled Warframe was hacked and 819k unsocial email addresses were exposed. Allegedly owed to a SQL injection flaw successful Drupal, the onslaught exposed usernames, email addresses and information successful a "pass" file which adheres to the salted SHA12 password hashing signifier utilized by Drupal 7. Digital Extremes (the developers of Warframe), asserts the salted hashes are of "alias names" alternatively than passwords.
Breach date: 24 November 2014
Date added to HIBP: 21 July 2016
Compromised accounts: 819,478
Compromised data: Email addresses, Usernames, Website activity
Permalink
Warmane
In astir December 2016, the online work for World of Warcraft backstage servers Warmane suffered a information breach. The incidental exposed implicit 1.1M accounts including usernames, email addresses, dates of commencement and salted MD5 password hashes. The information was subsequently extensively circulated online and was aboriginal provided to HIBP by whitehat information researcher and information expert Adam Davies.
Breach date: 1 December 2016
Date added to HIBP: 8 September 2018
Compromised accounts: 1,116,256
Compromised data: Dates of birth, Email addresses, Passwords, Usernames
Permalink
Wattpad
In June 2020, the user-generated stories website Wattpad suffered a immense information breach that exposed astir 270 cardinal records. The information was initially sold past published connected a nationalist hacking forum wherever it was broadly shared. The incidental exposed extended idiosyncratic accusation including names and usernames, email and IP addresses, genders, commencement dates and passwords stored arsenic bcrypt hashes.
Breach date: 29 June 2020
Date added to HIBP: 19 July 2020
Compromised accounts: 268,765,495
Compromised data: Bios, Dates of birth, Email addresses, Genders, Geographic locations, IP addresses, Names, Passwords, Social media profiles, User website URLs, Usernames
Permalink
We Heart It
In November 2013, the image-based societal web We Heart It suffered a information breach. The incidental wasn't discovered until October 2017 erstwhile 8.6 cardinal idiosyncratic records were sent to HIBP. The information contained idiosyncratic names, email addresses and password hashes, 80% of which were salted SHA-256 with the remainder being MD5 with nary salt.
Breach date: 3 November 2013
Date added to HIBP: 14 October 2017
Compromised accounts: 8,600,635
Compromised data: Email addresses, Passwords, Usernames
Permalink
WedMeGood
In January 2021, the Indian wedding readying level WedMeGood suffered a information breach that exposed 1.3 cardinal customers. The breach exposed 41.5GB of information including email and carnal addresses, names, genders, telephone numbers and password hashes. The information was provided to HIBP by dehashed.com.
Breach date: 6 January 2021
Date added to HIBP: 13 May 2021
Compromised accounts: 1,306,723
Compromised data: Email addresses, Genders, Names, Passwords, Phone numbers, Physical addresses
Permalink
WeLeakInfo
In March 2021, the Stripe relationship of the now-defunct WeLeakInfo work was taken implicit by "pompompurin" aft acquiring an expired domain sanction with an email code utilized to negociate the account. Access to Stripe past exposed astir 12k unsocial email addresses from customers who'd made recognition paper payments successful bid to get breached information hosted by WeLeakInfo. The information was subsequently leaked publically and besides included names, outgo histories, IP addresses, billing addresses, partial recognition paper information and the organisation making the purchase.
Breach date: 8 March 2021
Date added to HIBP: 15 March 2021
Compromised accounts: 11,788
Compromised data: Browser idiosyncratic cause details, Email addresses, Employers, IP addresses, Names, Partial recognition paper data, Physical addresses, Purchases
Permalink
Wendy's
In March 2018, Wendy's successful the Philippines suffered a information breach which impacted implicit 52k customers and occupation applicants. The breach exposed extended idiosyncratic accusation including names, email and IP addresses, carnal addresses, telephone numbers and passwords stored arsenic MD5 hashes.
Breach date: 31 March 2018
Date added to HIBP: 24 May 2022
Compromised accounts: 52,485
Compromised data: Education levels, Email addresses, IP addresses, Job applications, Names, Passwords, Phone numbers, Physical addresses
Permalink
Whitepages
In mid-2016, the telephone and code directory work Whitepages was among a raft of sites that were breached and their information past sold successful early-2019. The information included implicit 11 cardinal unsocial email addresses alongside names and passwords stored arsenic either a SHA-1 oregon bcrypt hash. The information was provided to HIBP by a root who requested it to beryllium attributed to "[email protected]".
Breach date: 27 June 2016
Date added to HIBP: 27 March 2019
Compromised accounts: 11,657,763
Compromised data: Email addresses, Names, Passwords
Permalink
WHMCS
In May 2012, the web hosting, billing and automation institution WHMCS suffered a information breach that exposed 134k email addresses. The breach included extended accusation astir customers and outgo histories including partial recognition paper numbers.
Breach date: 21 May 2012
Date added to HIBP: 28 June 2016
Compromised accounts: 134,047
Compromised data: Email addresses, Email messages, Employers, IP addresses, Names, Partial recognition paper data, Passwords, Payment histories, Physical addresses, Website activity
Permalink
Wiener Büchereien
In June 2019, the room of Vienna (Wiener Büchereien) suffered a information breach. The compromised information included 224k unsocial email addresses, names, carnal addresses, telephone numbers and dates of birth. The breached information was subsequently posted to Twitter by the alleged perpetrator of the breach.
Breach date: 10 June 2019
Date added to HIBP: 28 June 2019
Compromised accounts: 224,119
Compromised data: Dates of birth, Email addresses, Names, Phone numbers, Physical addresses
Permalink
Wife Lovers
In October 2018, the tract dedicated to posting bare photos and different erotica of wives Wife Lovers suffered a information breach. The underlying database supported a full of 8 antithetic big websites and contained implicit 1.2M unsocial email addresses. Wife Lovers acknowledged the breach which impacted names, usernames, email and IP addresses and passwords hashed utilizing the anemic DEScrypt algorithm. The breach has been marked arsenic "sensitive" owed to the quality of the site.
Breach date: 7 October 2018
Date added to HIBP: 20 October 2018
Compromised accounts: 1,274,051
Compromised data: Email addresses, IP addresses, Names, Passwords, Usernames
Permalink
WIIU ISO
In September 2015, the Nintendo Wii U forum known arsenic WIIU ISO was hacked and 458k accounts were exposed. Along with email and IP addresses, the vBulletin forum besides exposed salted MD5 password hashes.
Breach date: 25 September 2015
Date added to HIBP: 6 September 2016
Compromised accounts: 458,155
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
WildStar
In July 2015, the IP.Board forum for the gaming website WildStar suffered a information breach that exposed implicit 738k forum members' accounts. The information was being actively traded connected underground forums and included email addresses, commencement dates and passwords.
Breach date: 11 July 2015
Date added to HIBP: 6 March 2016
Compromised accounts: 738,556
Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames
Permalink
Win7Vista Forum
In September 2013, the Win7Vista Windows forum (since renamed to the "Beyond Windows 9" forum) was hacked and aboriginal had its interior database dumped. The dump included implicit 200k members’ idiosyncratic accusation and different interior information extracted from the forum.
Breach date: 3 September 2013
Date added to HIBP: 1 June 2014
Compromised accounts: 202,683
Compromised data: Email addresses, Instant messenger identities, IP addresses, Names, Passwords, Private messages, Usernames, Website activity
Permalink
Wishbone (2016)
In August 2016, the mobile app to "compare anything" known arsenic Wishbone suffered a information breach. The information contained 9.4 cardinal records with 2.2 cardinal unsocial email addresses and was allegedly a subset of the implicit information set. The exposed information included genders, birthdates, email addresses and telephone numbers for an assemblage predominantly composed of teenagers and young adults.
Breach date: 7 August 2016
Date added to HIBP: 15 March 2017
Compromised accounts: 2,247,314
Compromised data: Auth tokens, Dates of birth, Email addresses, Genders, Names, Phone numbers, Usernames
Permalink
Wishbone (2020)
In January 2020, the mobile app to "compare anything" Wishbone suffered different information breach which followed their breach from 2016. An extended magnitude of idiosyncratic accusation including astir 10M unsocial email addresses alongside names, telephone numbers geographic locations and different idiosyncratic attributes were leaked online and extensively redistributed. Passwords stored arsenic unsalted MD5 hashes were besides included successful the breach. The information was provided to HIBP by a root who requested it beryllium attributed to "All3in".
Breach date: 27 January 2020
Date added to HIBP: 28 May 2020
Compromised accounts: 9,705,172
Compromised data: Auth tokens, Dates of birth, Email addresses, Genders, Geographic locations, IP addresses, Names, Passwords, Phone numbers, Profile photos, Social media profiles, Usernames
Permalink
WiziShop
In July 2020, the French e-commerce level WiziShop suffered a information breach. The breach exposed 18GB worthy of information including names, telephone numbers, dates of birth, carnal and IP addresses, SHA-1 password hashes and astir 3 cardinal unsocial email addresses. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".
Breach date: 14 July 2020
Date added to HIBP: 5 October 2020
Compromised accounts: 2,856,769
Compromised data: Dates of birth, Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses
Permalink
Wongnai
In October 2020, 17 antecedently undisclosed information breaches appeared for sale including the Thai restaurant, edifice and attraction uncovering service, Wongnai. The breach exposed astir 4M unsocial lawsuit records from immoderate clip during 2020 on with names, telephone numbers, links to societal media profiles and passwords stored arsenic MD5 hashes. The information was self-submitted to HIBP by Wongnai.
Breach date: 28 October 2020
Date added to HIBP: 4 November 2020
Compromised accounts: 3,924,454
Compromised data: Dates of birth, Email addresses, Geographic locations, IP addresses, Names, Passwords, Phone numbers, Social media profiles
Permalink
WPSandbox
In November 2018, the WordPress sandboxing work that allows radical to make impermanent websites WP Sandbox discovered their work was being utilized to big a phishing tract attempting to cod Microsoft OneDrive accounts. After identifying the malicious site, WP Sandbox took it offline, contacted the 858 radical who provided accusation to it past self-submitted their addresses to HIBP. The phishing leafage requested some email addresses and passwords.
Breach date: 4 November 2018
Date added to HIBP: 6 November 2018
Compromised accounts: 858
Compromised data: Email addresses, Passwords
Permalink
WPT Amateur Poker League
In January 2014, the World Poker Tour (WPT) Amateur Poker League website was hacked by the Twitter idiosyncratic @smitt3nz. The onslaught resulted successful the nationalist disclosure of 175,000 accounts including 148,000 email addresses. The plain substance password for each relationship was besides included successful the breach.
Breach date: 4 January 2014
Date added to HIBP: 1 February 2014
Compromised accounts: 148,366
Compromised data: Email addresses, Passwords
Permalink
xat
In November 2015, the online chatroom known arsenic "xat" was hacked and 6 cardinal idiosyncratic accounts were exposed. Used arsenic a chat motor connected websites, the leaked information included usernames, email and IP addresses on with hashed passwords.
Breach date: 4 November 2015
Date added to HIBP: 5 August 2016
Compromised accounts: 5,968,783
Compromised data: Email addresses, IP addresses, Passwords, Usernames, Website activity
Permalink
Xbox 360 ISO
In astir September 2015, the XBOX 360 forum known arsenic XBOX360 ISO was hacked and 1.2 cardinal accounts were exposed. Along with email and IP addresses, the vBulletin forum besides exposed salted MD5 password hashes.
Breach date: 25 September 2015
Date added to HIBP: 29 January 2017
Compromised accounts: 1,296,959
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
Xbox-Scene
In astir February 2015, the Xbox forum known arsenic Xbox-Scene was hacked and much than 432k accounts were exposed. The IP.Board forum included IP addresses and passwords stored arsenic salted hashes utilizing a anemic implementation enabling galore to beryllium rapidly cracked.
Breach date: 1 February 2015
Date added to HIBP: 7 February 2016
Compromised accounts: 432,552
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
XKCD
In July 2019, the forum for webcomic XKCD suffered a information breach that impacted 562k subscribers. The breached phpBB forum leaked usernames, email and IP addresses and passwords stored successful MD5 phpBB3 format. The information was provided to HIBP by achromatic chapeau information researcher and information expert Adam Davies.
Breach date: 1 July 2019
Date added to HIBP: 1 September 2019
Compromised accounts: 561,991
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
XPG
In astir aboriginal 2016, the gaming website Xpgamesaves (XPG) suffered a information breach resulting successful the vulnerability of 890k unsocial idiosyncratic records. The information contained email and IP addresses, usernames and salted MD5 hashes of passwords. The tract was antecedently reported arsenic compromised connected the Vigilante.pw breached database directory. This information was provided by information researcher and information analyst, Adam Davies.
Breach date: 1 January 2016
Date added to HIBP: 1 July 2017
Compromised accounts: 890,341
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
XSplit
In November 2013, the makers of gaming unrecorded streaming and signaling bundle XSplit was compromised successful an online attack. The information breach leaked astir 3M names, email addresses, usernames and hashed passwords.
Breach date: 7 November 2013
Date added to HIBP: 8 August 2015
Compromised accounts: 2,983,472
Compromised data: Email addresses, Names, Passwords, Usernames
Permalink
Yam
In June 2013, the Taiwanese website Yam.com suffered a information breach which was shared to a fashionable hacking forum successful 2021. The information included 13 cardinal unsocial email addresses alongside names, usernames, telephone numbers, carnal addresses, dates of commencement and unsalted MD5 password hashes.
Breach date: 2 June 2013
Date added to HIBP: 22 May 2021
Compromised accounts: 13,258,797
Compromised data: Dates of birth, Email addresses, Names, Passwords, Phone numbers, Physical addresses, Usernames
Permalink
Yatra
In September 2013, the Indian bookings website known arsenic Yatra had 5 cardinal records exposed successful a information breach. The information contained email and carnal addresses, dates of commencement and telephone numbers on with some PINs and passwords stored successful plain text. The tract was antecedently reported arsenic compromised connected the Vigilante.pw breached database directory.
Breach date: 1 September 2013
Date added to HIBP: 4 July 2018
Compromised accounts: 5,033,997
Compromised data: Dates of birth, Email addresses, Names, Passwords, Phone numbers, Physical addresses, PINs
Permalink
yotepresto.com
In June 2020, the Mexican lending level yotepresto.com suffered a information breach. Over 1.4 cardinal customers were impacted by the breach which disclosed email and IP addresses, usernames and passwords stored arsenic bcrypt hashes. The information was provided to HIBP by dehashed.com.
Breach date: 22 June 2020
Date added to HIBP: 25 June 2021
Compromised accounts: 1,444,629
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Permalink
Youku
In precocious 2016, the online Chinese video work Youku suffered a information breach. The incidental exposed 92 cardinal unsocial idiosyncratic accounts and corresponding MD5 password hashes. The information was contributed to Have I Been Pwned courtesy of [email protected]
Breach date: 1 December 2016
Date added to HIBP: 15 April 2017
Compromised accounts: 91,890,110
Compromised data: Email addresses, Passwords
Permalink
YouNow
In February 2019, data from the unrecorded broadcasting work YouNow appeared for merchantability connected a acheronian web marketplace. Whilst it's not wide what day the existent breach occurred on, the impacted information included 18M unsocial email addresses, IP addresses, names, usernames and links to societal media profiles. As authentication is performed via societal providers, nary passwords were exposed successful the breach. Many records didn't person associated email addresses frankincense the unsocial fig is little than the reported full fig of accounts. The information was provided to HIBP by a root who requested it beryllium attributed to "[email protected]".
Breach date: 15 February 2019
Date added to HIBP: 18 July 2019
Compromised accounts: 18,241,518
Compromised data: Email addresses, IP addresses, Names, Social media profiles, Usernames
Permalink
YouPorn
In February 2012, the big website YouPorn had implicit 1.3M idiosyncratic accounts exposed successful a information breach. The publically released information included some email addresses and plain substance passwords.
Breach date: 21 February 2012
Date added to HIBP: 30 July 2015
Compromised accounts: 1,327,567
Compromised data: Email addresses, Passwords
Permalink
You've Been Scraped
In October and November 2018, security researcher Bob Diachenko identified respective unprotected MongoDB instances believed to beryllium hosted by a information aggregator. Containing a full of implicit 66M records, the proprietor of the information couldn't beryllium identified but it is believed to person been scraped from LinkedIn hence the rubric "You've Been Scraped". The exposed records included names, some enactment and idiosyncratic email addresses, occupation titles and links to the individuals' LinkedIn profiles.
Breach date: 5 October 2018
Date added to HIBP: 6 December 2018
Compromised accounts: 66,147,869
Compromised data: Email addresses, Employers, Geographic locations, Job titles, Names, Social media profiles
Permalink
ZAP-Hosting
In November 2021, web big ZAP-Hosting suffered a information breach that exposed implicit 60GB of information containing 746k unsocial email addresses. The breach besides contained enactment chat logs, IP addresses, names, purchases, carnal addresses and telephone numbers.
Breach date: 22 November 2021
Date added to HIBP: 19 March 2022
Compromised accounts: 746,682
Compromised data: Browser idiosyncratic cause details, Chat logs, Email addresses, IP addresses, Names, Phone numbers, Physical addresses, Purchases
Permalink
Zhenai.com
In December 2011, the Chinese dating tract known arsenic Zhenai.com suffered a information breach that impacted 5 cardinal subscribers. Whilst determination is grounds that the information is legitimate, owed to the trouble of emphatically verifying the Chinese breach it has been flagged arsenic "unverified". The information successful the breach contains email addresses and plain substance passwords. Read much astir Chinese information breaches successful Have I Been Pwned.
Breach date: 21 December 2011
Date added to HIBP: 11 July 2019
Compromised accounts: 5,024,908
Compromised data: Email addresses, Passwords
Permalink
Zomato
In May 2017, the edifice usher website Zomato was hacked resulting successful the vulnerability of astir 17 cardinal accounts. The information was consequently redistributed online and contains email addresses, usernames and salted MD5 hashes of passwords (the password hash was not contiguous connected each accounts). This information was provided to HIBP by whitehat information researcher and information expert Adam Davies.
Breach date: 17 May 2017
Date added to HIBP: 4 September 2017
Compromised accounts: 16,472,873
Compromised data: Email addresses, Passwords, Usernames
Permalink
Zoosk (2011)
In astir 2011, an alleged breach of the dating website Zoosk began circulating. Comprised of astir 53 cardinal records, the information contained email addresses and plain substance passwords. However, during extended verification successful May 2016 no grounds could beryllium recovered that the information was so sourced from the dating service. This breach has consequently been flagged arsenic fabricated; it's highly improbable the information was sourced from Zoosk.
Breach date: 1 January 2011
Date added to HIBP: 8 February 2017
Compromised accounts: 52,578,183
Compromised data: Email addresses, Passwords
Permalink
Zoosk (2020)
In January 2020, the online dating work Zoosk suffered a information breach which was subsequently shared extensively crossed online hacking communities. The breach contained 24 cardinal unsocial email addresses alongside extended idiosyncratic accusation including genders, sexualities, dates of birth, carnal attributes specified arsenic tallness and weight, religions, ethnicities and governmental views. The breach besides allegedly exposed MD5 password hashes, though the information circulating successful hacking circles had this tract nulled out. The breach was provided to HIBP by breachbase.pw.
Breach date: 12 January 2020
Date added to HIBP: 7 August 2020
Compromised accounts: 23,927,853
Compromised data: Dates of birth, Drinking habits, Education levels, Email addresses, Ethnicities, Family structure, Genders, Geographic locations, Income levels, Names, Nicknames, Physical attributes, Political views, Relationship statuses, Religions, Sexual orientations, Smoking habits
Permalink
Zooville
In September 2019, the zoophilia and bestiality forum Zooville suffered a information breach. The usernames and email addresses of 71k members were accessed via an unpatched vulnerability successful the vBulletin forum bundle past subsequently distributed online. A 2nd information acceptable was aboriginal provided to HIBP which contained a implicit vBulletin database dump including IP addresses, dates of commencement and passwords stored arsenic bcrypt hashes. The tract head advised that pursuing the breach, each information had been deleted from the forum and a caller 1 had been stood up connected the XenForo platform. The information was provided to HIBP by a root who requested it beryllium attributed to "burger vault".
Breach date: 27 September 2019
Date added to HIBP: 19 October 2019
Compromised accounts: 71,407
Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames
Permalink
Zynga
In September 2019, crippled developer Zynga (the creator of Words with Friends) suffered a information breach. The incidental exposed 173M unsocial email addresses alongside usernames and passwords stored arsenic salted SHA-1 hashes. The information was provided to HIBP by dehashed.com.
Breach date: 1 September 2019
Date added to HIBP: 19 December 2019
Compromised accounts: 172,869,660
Compromised data: Email addresses, Passwords, Phone numbers, Usernames
Permalink
Пара Па
In August 2016, the Russian gaming tract known arsenic Пара Па (or parapa.mail.ru) was hacked on with a fig of different forums connected the Russian message provider, mail.ru. The vBulletin forum contained 4.9 cardinal accounts including usernames, email addresses and passwords stored arsenic salted MD5 hashes.
Breach date: 8 August 2016
Date added to HIBP: 28 December 2016
Compromised accounts: 4,946,850
Compromised data: Email addresses, Passwords, Usernames
Permalink
Спрашивай.ру
In May 2015, Спрашивай.ру (a the Russian website for anonymous reviews) was reported to person had 6.7 cardinal idiosyncratic details exposed by a hacker known arsenic "w0rm". Intended to beryllium a tract for expressing anonymous opinions, the leaked information included email addresses, commencement dates and different personally identifiable information astir about 3.5 cardinal unsocial email addresses recovered successful the leak.
Breach date: 11 May 2015
Date added to HIBP: 12 May 2015
Compromised accounts: 3,474,763
Compromised data: Dates of birth, Email addresses, Genders, Geographic locations, IP addresses, Passwords, Spoken languages
Permalink
집꾸미기
In March 2020, the Korean interior decoration website ???? (Decorating the House) suffered a information breach which impacted astir 1.3 cardinal members. Served via the URL ggumim.co.kr, the exposed information included email addresses, names, usernames and telephone numbers, each of which was subsequently shared extensively passim online hacking communities. The information was provided to HIBP by breachbase.pw.
Breach date: 27 March 2020
Date added to HIBP: 2 August 2020
Compromised accounts: 1,298,651
Compromised data: Email addresses, Names, Phone numbers, Usernames
Permalink
English (US)