In January 2023, the Japanese arm of Zurich insurance suffered a data breach that exposed 2.6M customer records with over 756k unique email addresses. The data was subsequently posted to a popular hacking forum and also included names, genders, dates of birth and details of insured vehicles. The data was provided to HIBP by a source who requested it be attributed to "IntelBroker".
Breach date: 8 January 2023
Date added to HIBP: 22 January 2023
Compromised accounts: 756,737
Compromised data: Dates of birth, Email addresses, Genders, Names, Vehicle details
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => be1ac363913afba07be684e70dcbb7b7dcfd2ba1
)
[1] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#Autotrader
[title] => Autotrader - 20,032 breached accounts
[timestamp] => 1672959600
[author] =>
[content] =>
In January 2023, 1.4M records from the Autotrader online vehicle marketplace appeared on a popular hacking forum. Autotrader stated that the "data in question relates to aged listing data that was generally publicly available on our site at the time and open to automated collection methods". The data contained 20k unique email addresses alongside physical addresses and phone numbers of dealers and vehicle details including VIN numbers. The data was provided to HIBP by a source who requested it be attributed to "IntelBroker".
Breach date: 6 January 2023
Date added to HIBP: 23 January 2023
Compromised accounts: 20,032
Compromised data: Email addresses, Phone numbers, Physical addresses, Vehicle details, Vehicle identification numbers (VINs)
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 9584fb5fa6d888963617dd86a7fbe498e4547a97
)
[2] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#Gemini
[title] => Gemini - 5,274,214 breached accounts
[timestamp] => 1670886000
[author] =>
[content] =>
In late 2022, data allegedly taken from the Gemini crypto exchange was posted to a public hacking forum. The data consisted of email addresses and partial phone numbers, which Gemini later attributed to an incident at a third-party vendor (the vendor was not named). The data was provided to HIBP by a source who requested it be attributed to "ZAN @ BF".
Breach date: 13 December 2022
Date added to HIBP: 16 December 2022
Compromised accounts: 5,274,214
Compromised data: Email addresses, Partial phone numbers
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => ddba2c9277cd909b2d4fac91a3cc754a462c7a90
)
[3] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#CoinTracker
[title] => CoinTracker - 1,557,153 breached accounts
[timestamp] => 1669849200
[author] =>
[content] =>
In December 2022, the Crypto & NFT taxes service CoinTracker reported a data breach that impacted over 1.5M of their customers. The company later attributed the breach to a compromise SendGrid in an attack that targeted multiple customers of the email provider. The breach exposed email addresses and partially redacted phone numbers, with CoinTracker advising that the later did not originate from their service.
Breach date: 1 December 2022
Date added to HIBP: 12 December 2022
Compromised accounts: 1,557,153
Compromised data: Email addresses, Partial phone numbers
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 14c6e840faa1dd5e6147af9ef1121f7ce9d1e2d8
)
[4] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#Abandonia2022
[title] => Abandonia (2022) - 919,790 breached accounts
[timestamp] => 1668466800
[author] =>
[content] =>
In November 2022, the gaming website dedicated to classic DOS games Abandonia suffered a data breach resulting in the exposure of 920k unique user records. This breach was in addition to another one 7 years earlier in 2015. The data contained email and IP addresses, usernames and salted MD5 hashes of passwords.
Breach date: 15 November 2022
Date added to HIBP: 7 December 2022
Compromised accounts: 919,790
Compromised data: Email addresses, IP addresses, Passwords, Usernames
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 61a5d97856d57c4e71a5a1c88426fc7afb2099ef
)
[5] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#Doomworld
[title] => Doomworld - 34,478 breached accounts
[timestamp] => 1665525600
[author] =>
[content] =>
In October 2022, the Doomworld fourm suffered a data breach that exposed 34k member records. The data included email and IP addresses, usernames and bcrypt password hashes.
Breach date: 12 October 2022
Date added to HIBP: 24 October 2022
Compromised accounts: 34,478
Compromised data: Email addresses, IP addresses, Passwords, Usernames
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 8ed86b2f415438d35c2ed5c424b195686e06f566
)
[6] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#GetRevengeOnYourEx
[title] => Get Revenge On Your Ex - 79,195 breached accounts
[timestamp] => 1662674400
[author] =>
[content] =>
In September 2022, the revenge website Get Revenge On Your Ex suffered a data breach that exposed almost 80k unique email addresses. The data spanned both customers and victims including names, IP and physical addresses, phone numbers, purchase histories and plain text passwords. The data was subsequently shared on a public hacking forum, Get Revenge On Your Ex did not reply when contacted.
Sensitive breach, not publicly searchable.
Breach date: 9 September 2022
Date added to HIBP: 15 November 2022
Compromised accounts: 79,195
Compromised data: Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Purchases
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 6ad10f784cf0866c6a0d35d9b1f0ea2bc1aa21a2
)
[7] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#Wakanim
[title] => Wakanim - 6,706,951 breached accounts
[timestamp] => 1661637600
[author] =>
[content] =>
In August 2022, the European streaming service Wakanim suffered a data breach which was subsequently advertised and sold on a popular hacking forum. The breach exposed 6.7M customer records including email, IP and physical addresses, names and usernames.
Breach date: 28 August 2022
Date added to HIBP: 7 October 2022
Compromised accounts: 6,706,951
Compromised data: Browser user agent details, Email addresses, IP addresses, Names, Physical addresses, Usernames
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 71aab89fe48d4193c25aedb9bd4e4f9e608a1784
)
[8] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#TAPAirPortugal
[title] => TAP Air Portugal - 5,067,990 breached accounts
[timestamp] => 1661378400
[author] =>
[content] =>
In August 2022, the Portuguese airline TAP Air Portugal was the target of a ransomware attack perpetrated by the Ragnar Locker gang who later leaked the compromised data via a public dark web site. Over 5M unique email addresses were exposed alongside other personal data including names, genders, DoBs, phone numbers and physical addresses.
Breach date: 25 August 2022
Date added to HIBP: 23 September 2022
Compromised accounts: 5,067,990
Compromised data: Dates of birth, Email addresses, Genders, Names, Nationalities, Phone numbers, Physical addresses, Salutations, Spoken languages
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => e57ffdbc4957233d62d808c13ce7c9ba88eae8b7
)
[9] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#BrandNewTube
[title] => Brand New Tube - 349,627 breached accounts
[timestamp] => 1660428000
[author] =>
[content] =>
In August 2022, the streaming website Brand New Tube suffered a data breach that exposed the personal information of almost 350k subscribers. The impacted data included email and IP addresses, usernames, genders, passwords stored as unsalted SHA-1 hashes and private messages.
Breach date: 14 August 2022
Date added to HIBP: 8 September 2022
Compromised accounts: 349,627
Compromised data: Email addresses, Genders, IP addresses, Passwords, Private messages, Usernames
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => a51439d5b590ce12cdaac1adc2ad5e3b3c2534ea
)
[10] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#GGCorp
[title] => GGCorp - 2,376,330 breached accounts
[timestamp] => 1660168800
[author] =>
[content] =>
In August 2022, the MMORPG website GGCorp suffered a data breach that exposed almost 2.4M unique email addresses. The data also included IP addresses, usernames and MD5 password hashes.
Breach date: 11 August 2022
Date added to HIBP: 8 November 2022
Compromised accounts: 2,376,330
Compromised data: Email addresses, IP addresses, Passwords, Usernames
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => d85f8a0c4f295fabf7de43597ff6e5ab4946fa43
)
[11] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#Shitexpress
[title] => Shitexpress - 23,817 breached accounts
[timestamp] => 1659909600
[author] =>
[content] =>
In August 2022, the online faeces delivery service Shitexpress suffered a data breach that exposed 24k unique email addresses. The addresses spanned invoices, gift cards, promotions and PayPal records. The breach also exposed the IP and email addresses of senders, physical addresses of recipients and messages accompanying the shit delivery.
Sensitive breach, not publicly searchable.
Breach date: 8 August 2022
Date added to HIBP: 17 August 2022
Compromised accounts: 23,817
Compromised data: Email addresses, IP addresses, Names, Physical addresses, Private messages, Purchases
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 6af8c25e8f849895198246b3cf357c034f429b32
)
[12] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#DoorDash
[title] => DoorDash - 367,476 breached accounts
[timestamp] => 1659391200
[author] =>
[content] =>
In August 2022, the food ordering and delivery service DoorDash disclosed a data breach that impacted a portion of their customers. DoorDash attributed the breach to an unnamed "third-party vendor" they stated was the victim of a phishing campaign. The incident exposed 367k unique personal email addresses alongside names, post codes and partial card data, namely the brand, expiry data and last four digits of the card.
Breach date: 2 August 2022
Date added to HIBP: 7 January 2023
Compromised accounts: 367,476
Compromised data: Email addresses, Geographic locations, Names, Partial credit card data
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => b9232bcea8a440cefbe4e7244931f0cae1861d5d
)
[13] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#LaPosteMobile
[title] => La Poste Mobile - 533,886 breached accounts
[timestamp] => 1656885600
[author] =>
[content] =>
In July 2022, the French telecommunications company La Poste Mobile was the target of an attack by the LockBit ransomware which resulted in company data being published publicly. The impacted data included 533k unique email addresses along with names, physical addresses, phone numbers, dates of births, genders and banking information. 10 days after the attack, the La Poste Mobile website remained offline.
Breach date: 4 July 2022
Date added to HIBP: 14 July 2022
Compromised accounts: 533,886
Compromised data: Bank account numbers, Dates of birth, Email addresses, Genders, Names, Phone numbers, Physical addresses
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => dcc713c67ab4696f0e82dc771e27ef52068dd4fd
)
[14] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#QuestionPro
[title] => QuestionPro - 22,229,637 breached accounts
[timestamp] => 1653084000
[author] =>
[content] =>
In May 2022, the survey website QuestionPro was the target of an extortion attempt relating to an alleged data breach. Over 100GB of data containing 22M unique email addresses (some of which appear to be generated by the platform), are alleged to have been extracted from the service along with IP addresses, browser user agents and results relating to surveys. QuestionPro would not confirm whether a breach had occurred (although they did confirm they were the target of an extortion attempt), so the data was initially flagged as "unverified". Subsequent verification by impacted HIBP subscribers later led to the removal of the unverified flag.
Breach date: 21 May 2022
Date added to HIBP: 5 August 2022
Compromised accounts: 22,229,637
Compromised data: Browser user agent details, Email addresses, IP addresses, Survey results
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => cd2b7139185bb498a7fe6f1d3148ccf24362b8ef
)
[15] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#AmartFurniture
[title] => Amart Furniture - 108,940 breached accounts
[timestamp] => 1652652000
[author] =>
[content] =>
In May 2022, the Australian retailer Amart Furniture advised that their warranty claims database hosted on Amazon Web Services had been the target of a cyber attack. Over 100k records containing email and physical address, names, phone numbers and passwords stored as bcrypt hashes were exposed and shared online by the attacker.
Breach date: 16 May 2022
Date added to HIBP: 26 May 2022
Compromised accounts: 108,940
Compromised data: Email addresses, Names, Passwords, Phone numbers, Physical addresses
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 19ae131ae8231ebf008cbddf6f9a7a2f2c809fe2
)
[16] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#Mangatoon
[title] => Mangatoon - 23,040,238 breached accounts
[timestamp] => 1652392800
[author] =>
[content] =>
In May 2022, the Hong Kong based Manga service Mangatoon suffered a data breach that exposed 23M subscriber records. The breach exposed names, email addresses, genders, social media account identities, auth tokens from social logins and passwords stored as salted MD5 hashes. Mangatoon did not respond to multiple attempts to make contact regarding the breach.
Breach date: 13 May 2022
Date added to HIBP: 6 July 2022
Compromised accounts: 23,040,238
Compromised data: Auth tokens, Avatars, Email addresses, Genders, Names, Passwords, Social media profiles, Usernames
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => f5355c7943e25d6266b9595fac57d2139ec4ee51
)
[17] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#BlackBerryFans
[title] => BlackBerry Fans - 174,168 breached accounts
[timestamp] => 1651788000
[author] =>
[content] =>
In May 2022, the Chinese BlackBerry enthusiasts website BlackBerry Fans suffered a data breach that exposed 174k member records. The impacted data included usernames, email and IP addresses and passwords stored as salted MD5 hashes.
Breach date: 6 May 2022
Date added to HIBP: 16 May 2022
Compromised accounts: 174,168
Compromised data: Email addresses, IP addresses, Passwords, Usernames
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => ff3439291f96eda813ff6dde2ea88843580caa1f
)
[18] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#Fanpass
[title] => Fanpass - 112,251 breached accounts
[timestamp] => 1651269600
[author] =>
[content] =>
In April 2022, the UK based website for buying and selling soccer tickets Fanpass suffered a data breach which exposed 112k customer records. Impacted data includes names, phone numbers, physical addresses, purchase histories and salted password hashes. The data was provided to HIBP by a source who requested it be attributed to "breaches.net".
Breach date: 30 April 2022
Date added to HIBP: 24 May 2022
Compromised accounts: 112,251
Compromised data: Email addresses, Genders, Names, Partial dates of birth, Passwords, Phone numbers, Physical addresses, Purchases, Social media profiles
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => c46e2ec162a1ab87188b60cd503b83dfa1521543
)
[19] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#EPal
[title] => E-Pal - 108,887 breached accounts
[timestamp] => 1649973600
[author] =>
[content] =>
In October 2022, the service dedicated to finding friends on Discord known as E-Pal disclosed a data breach. The compromised data included over 100k unique email addresses and usernames spanning approximately 1M orders. The data was subsequently distributed via a popular hacking forum.
Breach date: 15 April 2022
Date added to HIBP: 24 October 2022
Compromised accounts: 108,887
Compromised data: Email addresses, Purchases, Usernames
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 374d9c93b5f5390cd47ca95e933f50e459032668
)
[20] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#PayHere
[title] => PayHere - 1,580,249 breached accounts
[timestamp] => 1648335600
[author] =>
[content] =>
In late March 2022, the Sri Lankan payment gateway PayHere suffered a data breach that exposed more than 65GB of payment records including over 1.5M unique email addresses. The data also included IP and physical addresses, names, phone numbers, purchase histories and partially obfuscated credit card data (card type, first 6 and last 4 digits plus expiry date). A month later, PayHere published a blog on the incident titled Ensuring Integrity on PayHere Cybersecurity Incident.
Breach date: 27 March 2022
Date added to HIBP: 2 May 2022
Compromised accounts: 1,580,249
Compromised data: Email addresses, IP addresses, Names, Partial credit card data, Phone numbers, Physical addresses, Purchases
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => e0252df78d852f2a8d25a9e5bc711e7dc4e547f3
)
[21] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#CDEK
[title] => CDEK - 19,218,203 breached accounts
[timestamp] => 1646780400
[author] =>
[content] =>
In early 2022, a collective known as IT Army whose stated goal is to "completely de-anonymise most Russian users by leaking hundreds of gigabytes of databases" published over 30GB of data allegedly sourced from Russian courier service CDEK. The data contained over 19M unique email addresses along with names and phone numbers. The authenticity of the breach could not be independently established and has been flagged as "unverfieid".
Unverified breach, may be sourced from elsewhere.
Breach date: 9 March 2022
Date added to HIBP: 17 March 2022
Compromised accounts: 19,218,203
Compromised data: Email addresses, Names, Phone numbers
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 3750afda5c93ffe9e30b39b23779f0145c9c7e98
)
[22] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#NVIDIA
[title] => NVIDIA - 71,335 breached accounts
[timestamp] => 1645570800
[author] =>
[content] =>
In February 2022, microchip company NVIDIA suffered a data breach that exposed employee credentials and proprietary code. Impacted data included over 70k employee email addresses and NTLM password hashes, many of which were subsequently cracked and circulated within the hacking community.
Breach date: 23 February 2022
Date added to HIBP: 3 March 2022
Compromised accounts: 71,335
Compromised data: Email addresses, Passwords
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 088472395b2697109252aa04c2f12d53cf051d62
)
[23] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#GiveSendGo
[title] => GiveSendGo - 89,966 breached accounts
[timestamp] => 1644188400
[author] =>
[content] =>
In February 2022, the Christian fundraising service GiveSendGo suffered a data breach which exposed the personal data of 90k donors to the Canadian "Freedom Convoy" protest against vaccine mandates. The breach exposed names, email addresses, post codes, donation amount and comments left at the time of donation.
Breach date: 7 February 2022
Date added to HIBP: 15 February 2022
Compromised accounts: 89,966
Compromised data: Email addresses, Geographic locations, Names, Purchases
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => d345580fbe83bcbb4cf15d0129988d8b9a756659
)
[24] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#MacGeneration
[title] => MacGeneration - 101,004 breached accounts
[timestamp] => 1643410800
[author] =>
[content] =>
In January 2022, the French Apple news website MacGeneration suffered a data breach. The incident exposed over 100k usernames, email addresses and passwords stored as salted SHA-512 hashes. After discovering the incident, MacGeneration self-submitted data to HIBP.
Breach date: 29 January 2022
Date added to HIBP: 3 March 2022
Compromised accounts: 101,004
Compromised data: Email addresses, Passwords, Usernames
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 85b93cbca0201f96af35f41e9a9d204f557a5a9a
)
[25] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#Doxbin
[title] => Doxbin - 370,794 breached accounts
[timestamp] => 1641337200
[author] =>
[content] =>
In January 2022, the "doxing" website designed to disclose the personal information of targeted individuals ("doxes") Doxbin suffered a data breach. The breach was subsequently leaked online and included over 370k unique email addresses across user accounts and doxes. User accounts also included usernames, password hashes and browser user agents. The personal information disclosed in the doxes was often extensive including names, physical addresses, phone numbers and more.
Sensitive breach, not publicly searchable.
Breach date: 5 January 2022
Date added to HIBP: 8 January 2022
Compromised accounts: 370,794
Compromised data: Browser user agent details, Email addresses, Passwords, Usernames
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 65530384ced16d72df685f4f88d6572b950ea68c
)
[26] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#Twitter
[title] => Twitter - 6,682,453 breached accounts
[timestamp] => 1640991600
[author] =>
[content] =>
In January 2022, a vulnerability in Twitter's platform allowed an attacker to build a database of the email addresses and phone numbers of millions of users of the social platform. In a disclosure notice later shared in August 2022, Twitter advised that the vulnerability was related to a bug introduced in June 2021 and that they are directly notifying impacted customers. The impacted data included either email address or phone number alongside other public information including the username, display name, bio, location and profile photo. The data included 6.7M unique email addresses across both active and suspended accounts, the latter appearing in a separate list of 1.4M addresses.
Breach date: 1 January 2022
Date added to HIBP: 13 August 2022
Compromised accounts: 6,682,453
Compromised data: Bios, Email addresses, Geographic locations, Names, Phone numbers, Profile photos, Usernames
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 5392c950bdde4be7e5f5b8fdc6a1ca5f21e905cf
)
[27] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#CardingMafiaDec2021
[title] => Carding Mafia (December 2021) - 303,877 breached accounts
[timestamp] => 1640646000
[author] =>
[content] =>
In December 2021, the Carding Mafia forum suffered a data breach that exposed over 300k members' email addresses. Dedicated to the theft and trading of stolen credit cards, the forum breach also exposed usernames, IP addresses and passwords stored as salted MD5 hashes. This breach came only 9 months after another breach of the forum in March 2021.
Sensitive breach, not publicly searchable.
Breach date: 28 December 2021
Date added to HIBP: 16 January 2022
Compromised accounts: 303,877
Compromised data: Email addresses, IP addresses, Passwords, Usernames
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => d59333c1bf2572b5f8ee9e01ec881d038d6d2852
)
[28] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#FlexBooker
[title] => FlexBooker - 3,756,794 breached accounts
[timestamp] => 1640214000
[author] =>
[content] =>
In December 2021, the online booking service FlexBooker suffered a data breach that exposed 3.7 million accounts. The data included email addresses, names, phone numbers and for a small number of accounts, password hashes and partial credit card data. FlexBooker has identified the breach as originating from a compromised account within their AWS infrastructure. The data was found being actively traded on a popular hacking forum and was provided to HIBP by a source who requested it be attributed to "white_peacock@riseup.net".
Breach date: 23 December 2021
Date added to HIBP: 6 January 2022
Compromised accounts: 3,756,794
Compromised data: Email addresses, Names, Partial credit card data, Passwords, Phone numbers
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 39e290ee5f5c81faea1576a6bf5e25f13d0f8834
)
[29] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#RedLineStealer
[title] => RedLine Stealer - 441,657 breached accounts
[timestamp] => 1638658800
[author] =>
[content] =>
In December 2021, logs from the RedLine Stealer malware were left publicly exposed and were then obtained by security researcher Bob Diachenko. The data included 441 thousand unique email addresses, usernames and plain text passwords.
Malware breach.
Breach date: 5 December 2021
Date added to HIBP: 30 December 2021
Compromised accounts: 441,657
Compromised data: Email addresses, Passwords, Usernames
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 4749d164f1dc5e83ab2e5d83a0804e352139d612
)
[30] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#ABFRL
[title] => Aditya Birla Fashion and Retail - 5,470,063 breached accounts
[timestamp] => 1638313200
[author] =>
[content] =>
In December 2021, Indian retailer Aditya Birla Fashion and Retail Ltd was breached and ransomed. The ransom demand was allegedly rejected and data containing 5.4M unique email addresses was subsequently dumped publicly on a popular hacking forum the next month. The data contained extensive personal customer information including names, phone numbers, physical addresses, DoBs, order histories and passwords stored as MD5 hashes. Employee data was also dumped publicly and included salary grades, marital statuses and religions. The data was provided to HIBP by a source who requested it be attributed to "white_peacock@riseup.net".
Breach date: 1 December 2021
Date added to HIBP: 15 January 2022
Compromised accounts: 5,470,063
Compromised data: Email addresses, Genders, Income levels, Job titles, Marital statuses, Names, Passwords, Phone numbers, Physical addresses, Purchases, Religions, Salutations
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 4595eb8223feddd8d523454ace841206e75a08b1
)
[31] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#Travelio
[title] => Travelio - 471,376 breached accounts
[timestamp] => 1637622000
[author] =>
[content] =>
In November 2021, the Indonesian real estate website Travelio suffered a data breach that exposed over 470k customer accounts. The data included email addresses, names, password hashes, phone numbers and for some accounts, dates of birth, physical address and Facebook auth tokens. The data was provided to HIBP by a source who requested it be attributed to "white_peacock@riseup.net".
Breach date: 23 November 2021
Date added to HIBP: 8 April 2022
Compromised accounts: 471,376
Compromised data: Auth tokens, Dates of birth, Email addresses, Names, Passwords, Phone numbers, Physical addresses
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 005da2f847b0fcf0447f290d787b19eb6f66fd09
)
[32] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#ZAPHosting
[title] => ZAP-Hosting - 746,682 breached accounts
[timestamp] => 1637535600
[author] =>
[content] =>
In November 2021, web host ZAP-Hosting suffered a data breach that exposed over 60GB of data containing 746k unique email addresses. The breach also contained support chat logs, IP addresses, names, purchases, physical addresses and phone numbers.
Breach date: 22 November 2021
Date added to HIBP: 20 March 2022
Compromised accounts: 746,682
Compromised data: Browser user agent details, Chat logs, Email addresses, IP addresses, Names, Phone numbers, Physical addresses, Purchases
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 7d18f038a4b29886dac51ef9a53ebac6b0440bcd
)
[33] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#Stripchat
[title] => Stripchat - 10,001,355 breached accounts
[timestamp] => 1636066800
[author] =>
[content] =>
In November 2021, the live sex cams and adult chat website Stripchat left several databases exposed and unsecured. In June the following year, over 10M Stripchat records appeared on a popular hacking forum. The exposed data included usernames, email addresses and IP addresses.
Sensitive breach, not publicly searchable.
Breach date: 5 November 2021
Date added to HIBP: 31 August 2022
Compromised accounts: 10,001,355
Compromised data: Email addresses, IP addresses, Usernames
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 18e2649e10eb565e1972912ffcfd383a374d8164
)
[34] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#Robinhood
[title] => Robinhood - 5,003,937 breached accounts
[timestamp] => 1635894000
[author] =>
[content] =>
In November 2021, the online trading platform Robinhood suffered a data breach after a customer service representative was socially engineered. The incident exposed over 5M customer email addresses and 2M customer names. The data was provided to HIBP by a source who requested it be attributed to "Jarand Moen Romtviet".
Breach date: 3 November 2021
Date added to HIBP: 3 March 2022
Compromised accounts: 5,003,937
Compromised data: Email addresses
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => b74060413d6c7878fb4d0e8d7a8c5a147593b41c
)
[35] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#BTCAlpha
[title] => BTC-Alpha - 362,426 breached accounts
[timestamp] => 1635807600
[author] =>
[content] =>
In November 2021, the crypto exchange platform BTC-Alpha suffered a ransomware attack data breach after which customer data was publicly dumped. The impacted data included 362k email and IP addresses, usernames and passwords stored as PBKDF2 hashes. The data was provided to HIBP by a source who requested it be attributed to "white_peacock@riseup.net".
Breach date: 2 November 2021
Date added to HIBP: 28 January 2022
Compromised accounts: 362,426
Compromised data: Email addresses, IP addresses, Passwords, Usernames
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 4feacb37c5b7b0521b4894a142c59532de0ac31c
)
[36] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#CyberServe
[title] => CyberServe - 1,107,034 breached accounts
[timestamp] => 1635458400
[author] =>
[content] =>
In October 2021, the Israeli hosting provider CyberServe was breached and ransomed before having a substantial amount of their customer data leaked publicly by a group known as "Black Shadow". Amongst the data was the LGBTQ dating site Atraf and the Machon Mor medical institute. Due to multiple different sites being compromised, the impacted data is broad and ranges from relationship information to medical data to email addresses and passwords stored in plain text. The data was made available to HIBP with support from May Brooks-Kempler, founder of the Think Safe Cyber community in Israel.
Sensitive breach, not publicly searchable.
Breach date: 29 October 2021
Date added to HIBP: 4 November 2021
Compromised accounts: 1,107,034
Compromised data: Dates of birth, Drinking habits, Email addresses, Family structure, Genders, Geographic locations, HIV statuses, IP addresses, Names, Passwords, Personal health data, Phone numbers, Physical attributes, Private messages, Profile photos, Religions, Sexual orientations, Smoking habits, Usernames
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 73c8e966d014fa9ff32b5821cbdce3439e619774
)
[37] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#JukinMedia
[title] => JukinMedia - 314,290 breached accounts
[timestamp] => 1635372000
[author] =>
[content] =>
In October 2021, the "global leader in user-generated entertainment" Jukin Media suffered a data breach. The breach exposed 13GB of code, configuration and data consisting of 314k unique email addresses along with names, phone numbers, IP addresses and bcrypt password hashes.
Breach date: 28 October 2021
Date added to HIBP: 17 July 2022
Compromised accounts: 314,290
Compromised data: Email addresses, Employers, IP addresses, Names, Occupations, Passwords, Phone numbers
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => d3d3732c6102da4b6fa2db115eb3d3be4253719e
)
[38] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#CoinMarketCap
[title] => CoinMarketCap - 3,117,548 breached accounts
[timestamp] => 1633989600
[author] =>
[content] =>
During October 2021, 3.1 million email addresses with accounts on the cryptocurrency market capitalisation website CoinMarketCap were discovered being traded on hacking forums. Whilst the email addresses were found to correlate with CoinMarketCap accounts, it's unclear precisely how they were obtained. CoinMarketCap has provided the following statement on the data: "CoinMarketCap has become aware that batches of data have shown up online purporting to be a list of user accounts. While the data lists we have seen are only email addresses (no passwords), we have found a correlation with our subscriber base. We have not found any evidence of a data leak from our own servers — we are actively investigating this issue and will update our subscribers as soon as we have any new information."
Breach date: 12 October 2021
Date added to HIBP: 22 October 2021
Compromised accounts: 3,117,548
Compromised data: Email addresses
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => b9c25f68dcbf62d2f77ae6864a667fdfca5f4c2c
)
[39] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#ActMobile
[title] => ActMobile - 1,583,193 breached accounts
[timestamp] => 1633644000
[author] =>
[content] =>
In October 2021, security researcher Bob Diachenko discovered an exposed database he attributed to ActMobile, the operators of Dash VPN and FreeVPN. The exposed data included 1.6 million unique email addresses along with IP addresses and password hashes, all of which were subsequently leaked on a popular hacking forum. Although usage of the service was verified by HIBP subscribers, ActMobile denied the data was sourced from them and the breach has subsequently been flagged as "unverified".
Unverified breach, may be sourced from elsewhere.
Breach date: 8 October 2021
Date added to HIBP: 9 November 2021
Compromised accounts: 1,583,193
Compromised data: Email addresses, IP addresses
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => e7783fafac67a3aded42c442183944ffa0045c80
)
[40] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#Protemps
[title] => Protemps - 49,591 breached accounts
[timestamp] => 1633298400
[author] =>
[content] =>
In October 2021, the Singaporean recruitment website Protemps suffered a data breach that exposed almost 50,000 unique email addresses. The impacted data includes names, email and physical addresses, phone numbers, passport numbers and passwords stored as unsalted MD5 hashes, among troves of other jobseeker data. The data was provided to HIBP by a source who requested it be attributed to "white_peacock@riseup.net".
Breach date: 4 October 2021
Date added to HIBP: 20 December 2021
Compromised accounts: 49,591
Compromised data: Email addresses, Genders, Job applications, Marital statuses, Names, Nationalities, Passport numbers, Passwords, Phone numbers, Physical addresses, Religions, Salutations
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => ad8dd6be28e633248aa90b2f8d4d32cf9ed931b1
)
[41] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#FantasyFootballHub
[title] => Fantasy Football Hub - 66,479 breached accounts
[timestamp] => 1633125600
[author] =>
[content] =>
In October 2021, the fantasy premier league (soccer) website Fantasy Football Hub suffered a data breach that exposed 66 thousand unique email addresses. The data included names, usernames, IP addresses, transactions and passwords stored as WordPress MD5 hashes.
Breach date: 2 October 2021
Date added to HIBP: 7 October 2021
Compromised accounts: 66,479
Compromised data: Email addresses, IP addresses, Names, Passwords, Purchases, Usernames
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 1e6bce623c812c52a844c6c1188eca972cc30d19
)
[42] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#Epik
[title] => Epik - 15,003,961 breached accounts
[timestamp] => 1631484000
[author] =>
[content] =>
In September 2021, the domain registrar and web host Epik suffered a significant data breach, allegedly in retaliation for hosting alt-right websites. The breach exposed a huge volume of data not just of Epik customers, but also scraped WHOIS records belonging to individuals and organisations who were not Epik customers. The data included over 15 million unique email addresses (including anonymised versions for domain privacy), names, phone numbers, physical addresses, purchases and passwords stored in various formats.
Breach date: 13 September 2021
Date added to HIBP: 19 September 2021
Compromised accounts: 15,003,961
Compromised data: Email addresses, Names, Phone numbers, Physical addresses, Purchases
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => d69c377604459c9ba17054a9be4be3bfe534e225
)
[43] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#RepublicanPartyOfTexas
[title] => Republican Party of Texas - 72,596 breached accounts
[timestamp] => 1631311200
[author] =>
[content] =>
In September 2021, the Republican Party of Texas was hacked by a group claiming to be "Anonymous" in retaliation for the state's controversial abortion ban. The September defacement was followed by a leak of data and documents which included material from the hosting provider Epik. Impacted data included over 72 thousand unique email addresses across various tables, some also including names, geographic location data, IP addresses and browser user agents.
Breach date: 11 September 2021
Date added to HIBP: 6 October 2021
Compromised accounts: 72,596
Compromised data: Browser user agent details, Email addresses, Geographic locations, IP addresses, Names
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => d9a506ea6e1421493f4336c18a201b28e0a6af79
)
[44] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#DatPiff
[title] => DatPiff - 7,476,940 breached accounts
[timestamp] => 1629842400
[author] =>
[content] =>
In late 2021, email address and plain text password pairs from the rap mixtape website DatPiff appeared for sale on a popular hacking forum. The data allegedly dated back to an earlier breach and in total, contained almost 7.5M email addresses and cracked password pairs. The original data source allegedly contained usernames, security questions and answers and passwords stored as MD5 hashes with a static salt.
Breach date: 25 August 2021
Date added to HIBP: 4 January 2022
Compromised accounts: 7,476,940
Compromised data: Email addresses, Passwords, Security questions and answers, Usernames
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => b28cd202251400f8422293c017dcbd0d21a9d56d
)
[45] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#Imavex
[title] => Imavex - 878,209 breached accounts
[timestamp] => 1629410400
[author] =>
[content] =>
In August 2021, the website development company Imavex suffered a data breach that exposed 878 thousand unique email addresses. The data included user records containing names, usernames and password material with some records also containing genders and partial credit card data, including the last 4 digits of the card and expiry date. Hundreds of thousands of form submissions and orders via Imavex customers were also exposed and contained further personal information of submitters and the contents of the form.
Breach date: 20 August 2021
Date added to HIBP: 26 August 2021
Compromised accounts: 878,209
Compromised data: Email addresses, Genders, Names, Partial credit card data, Passwords, Phone numbers, Physical addresses, Purchases, Usernames
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 2434acdcc2834bf663da947d6e198ec5a52679d7
)
[46] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#OpenSubtitles
[title] => Open Subtitles - 6,783,158 breached accounts
[timestamp] => 1627768800
[author] =>
[content] =>
In August 2021, the subtitling website Open Subtitles suffered a data breach and subsequent ransom demand. The breach exposed almost 7M subscribers' personal data including email and IP addresses, usernames, the country of the user and passwords stored as unsalted MD5 hashes.
Breach date: 1 August 2021
Date added to HIBP: 19 January 2022
Compromised accounts: 6,783,158
Compromised data: Email addresses, Geographic locations, IP addresses, Passwords, Usernames
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => c6f2442f4e0d31f6524d3c252a4938119e72ae00
)
[47] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#Guntrader
[title] => Guntrader - 112,031 breached accounts
[timestamp] => 1626472800
[author] =>
[content] =>
In July 2021, the United Kingdom based website Guntrader suffered a data breach that exposed 112k unique email addresses. Extensive personal information was also exposed including names, phone numbers, geolocation data, IP addresses and various physical address attributes (cities for all users, complete addresses for some). Passwords stored as bcrypt hashes were also exposed.
Breach date: 17 July 2021
Date added to HIBP: 21 July 2021
Compromised accounts: 112,031
Compromised data: Browser user agent details, Email addresses, Geographic locations, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Salutations
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => ef05f4e2a23494e255ddea7907aa4847fe5b2a2d
)
[48] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#ShortEdition
[title] => Short Édition - 505,466 breached accounts
[timestamp] => 1624658400
[author] =>
[content] =>
In June 2021, the French publishing house of short literature Short Édition suffered a data breach that exposed 505k records. Impacted data included email and physical addresses, names, usernames, phone numbers, dates of birth, genders and passwords stored as either salted SHA-1 or salted SHA-512 hashes. Short Édition self-submitted the impacted data to HIBP.
Breach date: 26 June 2021
Date added to HIBP: 19 July 2021
Compromised accounts: 505,466
Compromised data: Dates of birth, Email addresses, Genders, Names, Passwords, Phone numbers, Physical addresses, Social media profiles, Usernames
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 1f657770668074d69e5b91e5948d46a398cb0b3c
)
[49] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#Start
[title] => START - 7,455,386 breached accounts
[timestamp] => 1622498400
[author] =>
[content] =>
In August 2022, news broke of an attack against the Russian streaming service "START". The incident led to the exposure of 44M records containing 7.4M unique email addresses. The impacted data also included the subscriber's country and password hash. START subsequently acknowledged the incident in a Telegram post and stated that the data dated back to 2021.
Breach date: 1 June 2021
Date added to HIBP: 30 August 2022
Compromised accounts: 7,455,386
Compromised data: Email addresses, Geographic locations, Names, Passwords
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 952f375412e89ff213a8aca383d18e5691354347
)
[50] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#IndiaMART
[title] => IndiaMART - 20,154,583 breached accounts
[timestamp] => 1621720800
[author] =>
[content] =>
In August 2021, 38 million records from Indian e-commerce company IndiaMART were found being traded on a popular hacking forum. Dated several months earlier, the data included over 20 million unique email addresses alongside names, phone numbers and physical addresses. It's unclear whether IndiaMART intentionally exposed the data attributes as part of the intended design of the platform or whether the data was obtained by exploiting a vulnerability in the service.
Breach date: 23 May 2021
Date added to HIBP: 27 August 2021
Compromised accounts: 20,154,583
Compromised data: Email addresses, Names, Phone numbers, Physical addresses
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 1c0c650b24cc815a66c60772f5803739ea9762ad
)
[51] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#ParagonCheats
[title] => Paragon Cheats - 188,089 breached accounts
[timestamp] => 1621634400
[author] =>
[content] =>
In May 2021, the Grand Theft Auto Online cheats website Paragon Cheats suffered a data breach that lead to the shutdown of the service. The breach exposed 188k customer records including usernames, email and IP addresses. The data was provided to HIBP by a source who requested it be attributed to "VRAirhead and xFueY".
Breach date: 22 May 2021
Date added to HIBP: 14 May 2022
Compromised accounts: 188,089
Compromised data: Browser user agent details, Email addresses, IP addresses, Usernames
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 58aa4c0dd30d762e65b82dfbce9bdef821d8d13a
)
[52] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#CTARS
[title] => CTARS - 12,314 breached accounts
[timestamp] => 1621548000
[author] =>
[content] =>
In May 2022, the client management system for the Australian government's NDIS (National Disability Insurance Scheme) suffered a data breach which was subsequently posted to an online hacking forum. The CTARS cloud platform is used by care providers to record information about NDIS participants and often contains sensitive medical information. Impacted data includes over 12k unique email addresses, physical addresses, names, dates of birth, phone numbers and data related to patient conditions and treatments.
Sensitive breach, not publicly searchable.
Breach date: 21 May 2021
Date added to HIBP: 1 June 2022
Compromised accounts: 12,314
Compromised data: Dates of birth, Email addresses, Genders, Names, Passwords, Personal health data, Phone numbers, Physical addresses, Salutations, Usernames
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => d605b749183aebe030edc5fb556d5e768692e6f8
)
[53] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#SirHurt
[title] => SirHurt - 90,655 breached accounts
[timestamp] => 1619128800
[author] =>
[content] =>
In April 2021, the the Roblox cheats website SirHurt suffered a data breach that exposed over 90k customer records. The exposed data included email and IP addresses, usernames and passwords stored as MD5 hashes.
Breach date: 23 April 2021
Date added to HIBP: 24 May 2022
Compromised accounts: 90,655
Compromised data: Email addresses, IP addresses, Passwords, Usernames
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 57a796e6d514706cd36d85fcc7bcf410e00846a6
)
[54] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#OGUsers2021
[title] => OGUsers (2021 breach) - 348,302 breached accounts
[timestamp] => 1618092000
[author] =>
[content] =>
In April 2021, the account hijacking and SIM swapping forum OGusers suffered a data breach, the fourth since December 2018. The breach was subsequently sold on a rival hacking forum and contained usernames, email and IP addresses and passwords stored as either salted MD5 or argon2 hashes. A total of 348k unique email addresses appeared in the breach.
Breach date: 11 April 2021
Date added to HIBP: 16 May 2022
Compromised accounts: 348,302
Compromised data: Email addresses, IP addresses, Passwords, Usernames
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => a02b316d63338bb4c9aee55914b514a8f28c8882
)
[55] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#LinkedInScrape
[title] => LinkedIn Scraped Data - 125,698,496 breached accounts
[timestamp] => 1617832800
[author] =>
[content] =>
During the first half of 2021, LinkedIn was targeted by attackers who scraped data from hundreds of millions of public profiles and later sold them online. Whilst the scraping did not constitute a data breach nor did it access any personal data not intended to be publicly accessible, the data was still monetised and later broadly circulated in hacking circles. The scraped data contains approximately 400M records with 125M unique email addresses, as well as names, geographic locations, genders and job titles. LinkedIn specifically addresses the incident in their post on An update on report of scraped data.
Breach date: 8 April 2021
Date added to HIBP: 2 October 2021
Compromised accounts: 125,698,496
Compromised data: Education levels, Email addresses, Genders, Geographic locations, Job titles, Names, Social media profiles
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => f9cd37a29e819017286910afa61e6b067d7838cd
)
[56] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#PhoneHouse
[title] => Phone House España - 5,223,350 breached accounts
[timestamp] => 1617832800
[author] =>
[content] =>
In April 2021, the Spanish retailer Phone House allegedly suffered a ransomware attack that also exposed significant volumes of customer data. Attributed to the Babuk ransomware, a collection of data alleged to be a subset of a larger corpus was posted to a dark web site and contained 5.2M email addresses along with names, nationalities, genders, dates of birth, phone numbers and physical addresses. Phone House has been threatened with further releases if a ransom is not paid.
Breach date: 8 April 2021
Date added to HIBP: 22 April 2021
Compromised accounts: 5,223,350
Compromised data: Dates of birth, Email addresses, Genders, Names, Nationalities, Phone numbers, Physical addresses
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => d46c5c5714cab1137e35695a5063cc5b4d5678e2
)
[57] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#Upstox
[title] => Upstox - 111,002 breached accounts
[timestamp] => 1617832800
[author] =>
[content] =>
In April 2021, Indian brokerage firm Upstox suffered a data breach. The incident exposed extensive personal information on over 100k customers including names, genders, dates of birth, physical addresses, banking information and passwords stored as bcrypt hashes. Extensive "know your customer" information was also exposed including scans of bank statements, cheques and identity documents complete with Aadhaar numbers. The data was provided to HIBP by a source who requested it be attributed to "white_peacock@riseup.net".
Breach date: 8 April 2021
Date added to HIBP: 19 January 2022
Compromised accounts: 111,002
Compromised data: Bank account numbers, Dates of birth, Email addresses, Family members' names, Genders, Government issued IDs, Income levels, Marital statuses, Nationalities, Occupations, Passwords, Phone numbers, Physical addresses
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 8cf9eb66066acd04799f1664fcca3f4de0afc438
)
[58] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#SlideTeam
[title] => SlideTeam - 1,464,271 breached accounts
[timestamp] => 1617660000
[author] =>
[content] =>
In April 2021, the "world’s largest collection of pre-designed presentation slides" SlideTeam had 1.4M records breached and later published to a popular hacking forum the following year. Allegedly sourced from a compromised Magento instance, the data included names, email addresses and passwords stored as salted hashes.
Breach date: 6 April 2021
Date added to HIBP: 7 January 2023
Compromised accounts: 1,464,271
Compromised data: Email addresses, Names, Passwords
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => af45e1257f8b535b3f62669137572053b616e9b7
)
[59] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#DominosIndia
[title] => Domino's India - 22,527,655 breached accounts
[timestamp] => 1616540400
[author] =>
[content] =>
In April 2021, 13TB of compromised Domino's India appeared for sale on a hacking forum after which the company acknowledged a major data breach they dated back to March. The compromised data included 22.5 million unique email addresses, names, phone numbers, order histories and physical addresses.
Breach date: 24 March 2021
Date added to HIBP: 3 June 2021
Compromised accounts: 22,527,655
Compromised data: Email addresses, Names, Phone numbers, Physical addresses, Purchases
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 9ebe9333b153ffb63ae488f795ac178d31b2db3f
)
[60] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#MangaDex
[title] => MangaDex - 2,987,329 breached accounts
[timestamp] => 1616367600
[author] =>
[content] =>
In March 2021, the manga fan site MangaDex suffered a data breach that resulted in the exposure of almost 3 million subscribers. The data included email and IP addresses, usernames and passwords stored as bcrypt hashes. The data was subsequently circulated within hacking groups.
Breach date: 22 March 2021
Date added to HIBP: 25 April 2021
Compromised accounts: 2,987,329
Compromised data: Email addresses, IP addresses, Passwords, Usernames
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 1f4c55e72ff01cfb2cb34b923ae7874153122264
)
[61] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#ParkMobile
[title] => ParkMobile - 20,949,825 breached accounts
[timestamp] => 1616281200
[author] =>
[content] =>
In March 2021, the mobile parking app service ParkMobile suffered a data breach which exposed 21 million customers' personal data. The impacted data included email addresses, names, phone numbers, vehicle licence plates and passwords stored as bcrypt hashes. The following month, the data appeared on a public hacking forum where it was extensively redistributed.
Breach date: 21 March 2021
Date added to HIBP: 30 April 2021
Compromised accounts: 20,949,825
Compromised data: Email addresses, Licence plates, Names, Passwords, Phone numbers
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 96b3307b8ae73a91fd6a6855fad22bc0a5a1e7e4
)
[62] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#CardingMafia
[title] => Carding Mafia (March 2021) - 297,744 breached accounts
[timestamp] => 1616022000
[author] =>
[content] =>
In March 2021, the Carding Mafia forum suffered a data breach that exposed almost 300k members' email addresses. Dedicated to the theft and trading of stolen credit cards, the forum breach also exposed usernames, IP addresses and passwords stored as salted MD5 hashes.
Sensitive breach, not publicly searchable.
Breach date: 18 March 2021
Date added to HIBP: 23 March 2021
Compromised accounts: 297,744
Compromised data: Email addresses, IP addresses, Passwords, Usernames
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 8edb4cc8020b1de26c761738befb4d41d95641e5
)
[63] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#IDCGames
[title] => IDC Games - 3,966,871 breached accounts
[timestamp] => 1615762800
[author] =>
[content] =>
In March 2021, 4 million records sourced from IDC Games were shared on a public hacking forum. The data included usernames, email addresses and passwords stored as salted MD5 hashes.
Breach date: 15 March 2021
Date added to HIBP: 17 November 2021
Compromised accounts: 3,966,871
Compromised data: Email addresses, Passwords, Usernames
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 19fb2d12afac1d001ea58a76cea259b3679ad443
)
[64] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#Descomplica
[title] => Descomplica - 4,845,378 breached accounts
[timestamp] => 1615676400
[author] =>
[content] =>
In March 2021, the Brazilian EdTech company Descomplica suffered a data breach which was subsequently posted to a popular hacking forum. The data included almost 5 million email addresses, names, the first 6 and last 4 digits and the expiry date of credit cards, purchase histories and password hashes.
Breach date: 14 March 2021
Date added to HIBP: 28 April 2021
Compromised accounts: 4,845,378
Compromised data: Email addresses, Names, Partial credit card data, Passwords, Purchases
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 71e8563a4b3127cf84a61fcefde7bcdc0d26a971
)
[65] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#Liker
[title] => Liker - 465,141 breached accounts
[timestamp] => 1615158000
[author] =>
[content] =>
In March 2021, the self-proclaimed "kinder, smarter social network" Liker suffered a data breach, allegedly in retaliation for the Gab data breach and scraping of data from Parler. The site remained offline after the breach which exposed 465k email addresses in addition to names, dates of birth, education levels, private messages, security questions and answers in plain text, passwords stored as bcrypt hashes and other personal data attributes. Liker did not respond when contacted about the breach.
Breach date: 8 March 2021
Date added to HIBP: 13 March 2021
Compromised accounts: 465,141
Compromised data: Auth tokens, Dates of birth, Education levels, Email addresses, Geographic locations, IP addresses, Names, Passwords, Phone numbers, Private messages, Security questions and answers, Social media profiles, Usernames
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 5f22a78fd75d20a29254750c5b31ae4489ec3eb5
)
[66] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#WeLeakInfo
[title] => WeLeakInfo - 11,788 breached accounts
[timestamp] => 1615158000
[author] =>
[content] =>
In March 2021, the Stripe account of the now-defunct WeLeakInfo service was taken over by "pompompurin" after acquiring an expired domain name with an email address used to manage the account. Access to Stripe then exposed almost 12k unique email addresses from customers who'd made credit card payments in order to obtain breached data hosted by WeLeakInfo. The data was subsequently leaked publicly and also included names, payment histories, IP addresses, billing addresses, partial credit card data and the organisation making the purchase.
Sensitive breach, not publicly searchable.
Breach date: 8 March 2021
Date added to HIBP: 15 March 2021
Compromised accounts: 11,788
Compromised data: Browser user agent details, Email addresses, Employers, IP addresses, Names, Partial credit card data, Physical addresses, Purchases
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 08597e82d96e7c219209d7fa6997ec1cdfd55beb
)
[67] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#Gab
[title] => Gab - 66,521 breached accounts
[timestamp] => 1614294000
[author] =>
[content] =>
In February 2021, the alt-tech social network service Gab suffered a data breach. The incident exposed almost 70GB of data including 4M user accounts, a small number of private chat logs and a list of public groups and public posts made to the service. Only a small number of accounts included email addresses and / or passwords stored as bcrypt hashes with a total of 66.5k unique email addresses being exposed across the corpus of data.
Sensitive breach, not publicly searchable.
Breach date: 26 February 2021
Date added to HIBP: 4 March 2021
Compromised accounts: 66,521
Compromised data: Avatars, Email addresses, Names, Passwords, Private messages, Usernames
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 443667666706ab74faa9913afbc9a6e468d598f0
)
[68] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#SuperVPNGeckoVPN
[title] => SuperVPN & GeckoVPN - 20,339,937 breached accounts
[timestamp] => 1614207600
[author] =>
[content] =>
In February 2021, a series of "free" VPN services were breached including SuperVPN and GeckoVPN, exposing over 20M records. The data appeared together in a single file with a small number of records also included from FlashVPN, suggesting that all three brands may share the same platform. Impacted data also included email addresses, the country logged in from and the date and time each login occurred alongside device information including the make and model, IMSI number and serial number. The data was provided to HIBP by a source who requested it be attributed to redredred@riseup.net.
Breach date: 25 February 2021
Date added to HIBP: 28 February 2021
Compromised accounts: 20,339,937
Compromised data: Device information, Device serial numbers, Email addresses, Geographic locations, IMSI numbers, Login histories
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 946081f5a1af72b8949c18786e3039f80fb19d54
)
[69] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#Ticketcounter
[title] => Ticketcounter - 1,921,722 breached accounts
[timestamp] => 1613948400
[author] =>
[content] =>
In August 2020, the Dutch ticketing service Ticketcounter inadvertently published a database backup to a publicly accessible location where it was then found and downloaded in February 2021. The data contained 1.9M unique email addresses which were offered for sale on a hacking forum alongside names, physical and IP addresses, genders, dates of birth, payment histories and in some cases, bank account numbers. Ticketcounter was later held to ransom with the threat of the breached being released publicly. The data was provided to HIBP by a source who requested it be attributed to redredred@riseup.net.
Breach date: 22 February 2021
Date added to HIBP: 1 March 2021
Compromised accounts: 1,921,722
Compromised data: Bank account numbers, Dates of birth, Email addresses, Genders, IP addresses, Names, Payment histories, Phone numbers, Physical addresses
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 25dfb6eba209a51284bcdcc749bb95d0033d3e3b
)
[70] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#NurseryCam
[title] => NurseryCam - 10,585 breached accounts
[timestamp] => 1613084400
[author] =>
[content] =>
In February 2021, a series of egregiously bad security flaws were identified in the NurseryCam system designed for parents to remotely monitor their children whilst attending nursery. The flaws led to the exposure of over 10k parent records before the service was shut down. The email addresses alone were provided to Have I Been Pwned to ensure parents were properly notified of the incident.
Breach date: 12 February 2021
Date added to HIBP: 23 February 2021
Compromised accounts: 10,585
Compromised data: Email addresses
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 657f4cfe8598a70e3fb52230684f6a61f4bc541e
)
[71] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#CityBee
[title] => CityBee - 110,156 breached accounts
[timestamp] => 1612479600
[author] =>
[content] =>
In February 2021, the Lithuanian car-sharing service CityBee announced they'd suffered a data breach that exposed 110k customers' personal information. The breach exposed names, email addresses, government issued IDs and passwords stored as unsalted SHA-1 hashes.
Breach date: 5 February 2021
Date added to HIBP: 17 February 2021
Compromised accounts: 110,156
Compromised data: Email addresses, Government issued IDs, Names, Passwords
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 96b970de833b8ed8652cbd10dd43fbbc91f668a0
)
[72] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#KomplettFritid
[title] => KomplettFritid - 139,401 breached accounts
[timestamp] => 1612134000
[author] =>
[content] =>
In January 2023, the online Norwegian store KomplettFritid was reported as having had a data breach dating back to February 2021. The incident exposed 140k customer records including physical, email and IP addresses, names, phone numbers and passwords. Most passwords were stored as bcrypt hashes with a small number appearing in plain text.
Breach date: 1 February 2021
Date added to HIBP: 23 January 2023
Compromised accounts: 139,401
Compromised data: Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 1f5128594931a89e1fe1abe2a0651bb401dc592b
)
[73] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#Raychat
[title] => Raychat - 938,981 breached accounts
[timestamp] => 1612047600
[author] =>
[content] =>
In January 2021, the now defunct Iranian social media platform Raychat suffered a data breach that exposed 939 thousand unique email addresses. The data included names, IP addresses, browser user agent strings and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.
Breach date: 31 January 2021
Date added to HIBP: 4 July 2021
Compromised accounts: 938,981
Compromised data: Browser user agent details, Email addresses, IP addresses, Names, Passwords
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => fc2ca56ea0f66f39b1e0f37a96cd64f45bd7a960
)
[74] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#DucksUnlimited
[title] => Ducks Unlimited - 1,324,364 breached accounts
[timestamp] => 1611874800
[author] =>
[content] =>
In mid-2021, Risk Based Security reported on a database sourced from Ducks Unlimited being traded online. The data dated back to January 2021 and contained 1.3M unique email addresses across both a membership list and a list of website users. Impacted data included names, phones numbers, physical addresses, dates of birth and passwords stored as unsalted MD5 hashes.
Breach date: 29 January 2021
Date added to HIBP: 16 November 2021
Compromised accounts: 1,324,364
Compromised data: Dates of birth, Email addresses, Names, Passwords, Phone numbers, Physical addresses
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 2b160d81497e3c354d57c7d2977680d3484bda29
)
[75] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#Bookchor
[title] => Bookchor - 498,297 breached accounts
[timestamp] => 1611788400
[author] =>
[content] =>
In January 2021, the Indian book trading website Bookchor suffered a data breach that exposed half a million customer records. The exposed data included email and IP addresses, names, genders, dates of birth, phone numbers and passwords stored as unsalted MD5 hashes. The data was subsequently traded on a popular hacking forum.
Breach date: 28 January 2021
Date added to HIBP: 4 July 2022
Compromised accounts: 498,297
Compromised data: Dates of birth, Email addresses, Genders, IP addresses, Names, Passwords, Phone numbers, Social media profiles
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 26393fdc50148a4a481183a298855c20b47c9ec2
)
[76] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#Emotet
[title] => Emotet - 4,324,770 breached accounts
[timestamp] => 1611702000
[author] =>
[content] =>
In January 2021, the FBI in partnership with the Dutch NHTCU, German BKA and other international law enforcement agencies brought down the world's most dangerous malware: Emotet. The agencies obtained data collected by the malware and provided impacted email addresses to HIBP so that impacted individuals and domain owners could assess their exposure. Read more about the takedown and recommended actions.
Sensitive breach, not publicly searchable.
Malware breach.
Breach date: 27 January 2021
Date added to HIBP: 27 April 2021
Compromised accounts: 4,324,770
Compromised data: Email addresses, Passwords
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 6a37b5f1ead862b035955761279f1f9e3d4cb757
)
[77] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#Astoria
[title] => Unverified Data Source - 11,498,146 breached accounts
[timestamp] => 1611615600
[author] =>
[content] =>
In January 2021, over 11M unique email addresses were discovered by Night Lion Security alongside an extensive amount of personal information including names, physical and IP addresses, phone numbers and dates of birth. Some records also contained social security numbers, driver's license details, personal financial information and health-related data, depending on where the information was sourced from. Initially attributed to Astoria Company, they subsequently investigated the incident and confirmed the data did not originate from their services.
Unverified breach, may be sourced from elsewhere.
Breach date: 26 January 2021
Date added to HIBP: 24 March 2021
Compromised accounts: 11,498,146
Compromised data: Bank account numbers, Credit status information, Dates of birth, Email addresses, Employers, Health insurance information, Income levels, IP addresses, Names, Personal health data, Phone numbers, Physical addresses, Smoking habits, Social security numbers
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 76cf50d4009b499c4d430a1dfb5399f3afc0a622
)
[78] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#Oxfam
[title] => Oxfam - 1,834,006 breached accounts
[timestamp] => 1611097200
[author] =>
[content] =>
In January 2021, Oxfam Australia was the victim of a data breach which exposed 1.8M unique email addresses of supporters of the charity. The data was put up for sale on a popular hacking forum and also included names, phone numbers, addresses, genders and dates of birth. A small number of people also had partial credit card data exposed (the first 6 and last 3 digits of the card, plus card type and expiry) and in some cases the bank name, account number and BSB were also exposed. The data was subsequently made freely available on the hacking forum later the following month.
Breach date: 20 January 2021
Date added to HIBP: 2 March 2021
Compromised accounts: 1,834,006
Compromised data: Bank account numbers, Dates of birth, Email addresses, Genders, Names, Partial credit card data, Payment histories, Phone numbers, Physical addresses
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => a624427c217fd1679af0627bd195a8ff24497b11
)
[79] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#DailyQuiz
[title] => Daily Quiz - 8,032,404 breached accounts
[timestamp] => 1610492400
[author] =>
[content] =>
In January 2021, the quiz website Daily Quiz suffered a data breach that exposed over 8 million unique email addresses. The data also included usernames, IP addresses and passwords stored in plain text.
Breach date: 13 January 2021
Date added to HIBP: 21 May 2021
Compromised accounts: 8,032,404
Compromised data: Email addresses, IP addresses, Passwords, Usernames
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 322e77b3c61d3438ddb7fa8e30385ac64765f836
)
[80] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#BourseDesVols
[title] => Bourse des Vols - 1,460,130 breached accounts
[timestamp] => 1610406000
[author] =>
[content] =>
In January 2021, the French travel company Bourse des Vols suffered a data breach that exposed 1.46M unique email addresses across more than 1.2k .sql files and over 9GB of data. The impacted data exposed personal information and travel histories including names, phone numbers, IP and physical addresses, dates of birth along with flights taken and purchases.
Breach date: 12 January 2021
Date added to HIBP: 3 July 2022
Compromised accounts: 1,460,130
Compromised data: Dates of birth, Email addresses, Flights taken, IP addresses, Names, Phone numbers, Physical addresses, Purchases
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 309e3bb10ecb34aed462ad5b52c773151f5e6af4
)
[81] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#GunsDotCom
[title] => Guns.com - 375,928 breached accounts
[timestamp] => 1610406000
[author] =>
[content] =>
In January 2021, the firearms website guns.com suffered a data breach. The breach exposed 376k unique email addresses along with names, phone numbers, physical addresses, gun purchases, partial credit card data, dates of birth and passwords stored as bcrypt hashes.
Sensitive breach, not publicly searchable.
Breach date: 12 January 2021
Date added to HIBP: 13 January 2022
Compromised accounts: 375,928
Compromised data: Dates of birth, Email addresses, Names, Partial credit card data, Passwords, Phone numbers, Physical addresses, Purchases
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => ff9254d937a7188efa4e487beb92d891408a040a
)
[82] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#WedMeGood
[title] => WedMeGood - 1,306,723 breached accounts
[timestamp] => 1609887600
[author] =>
[content] =>
In January 2021, the Indian wedding planning platform WedMeGood suffered a data breach that exposed 1.3 million customers. The breach exposed 41.5GB of data including email and physical addresses, names, genders, phone numbers and password hashes. The data was provided to HIBP by dehashed.com.
Breach date: 6 January 2021
Date added to HIBP: 13 May 2021
Compromised accounts: 1,306,723
Compromised data: Email addresses, Genders, Names, Passwords, Phone numbers, Physical addresses
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 3d70bb623c8fe25eb0db2359a32c5d600304f7f8
)
[83] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#DevilTorrents
[title] => Devil-Torrents.pl - 63,451 breached accounts
[timestamp] => 1609714800
[author] =>
[content] =>
In early 2021, the Polish torrents website Devil-Torrents.pl suffered a data breach. A subset of the data including 63k unique email addresses and cracked passwords were subsequently socialised on a popular data breach sharing service.
Breach date: 4 January 2021
Date added to HIBP: 2 May 2022
Compromised accounts: 63,451
Compromised data: Email addresses, Passwords
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 59bc850881a53816100a618a526e7991760c7b00
)
[84] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#Adecco
[title] => Adecco - 4,284,538 breached accounts
[timestamp] => 1609628400
[author] =>
[content] =>
In March 2021, news broke of a massive data breach impacting millions of Adecco customers in South America which was subsequently sold on a popular hacking forum. The breach exposed over 4M unique email addresses as well as genders, dates of birth, marital statuses, phone numbers and passwords stored as bcrypt hashes.
Breach date: 3 January 2021
Date added to HIBP: 31 May 2022
Compromised accounts: 4,284,538
Compromised data: Email addresses, Genders, Geographic locations, Marital statuses, Names, Passwords, Phone numbers
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 5fef6546ab7af852179ddbbe70a83581466254c7
)
[85] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#Twitter200M
[title] => Twitter (200M) - 211,524,284 breached accounts
[timestamp] => 1609455600
[author] =>
[content] =>
In early 2023, over 200M records scraped from Twitter appeared on a popular hacking forum. The data was obtained sometime in 2021 by abusing an API that enabled email addresses to be resolved to Twitter profiles. The subsequent results were then composed into a corpus of data containing email addresses alongside public Twitter profile information including names, usernames and follower counts.
Breach date: 1 January 2021
Date added to HIBP: 5 January 2023
Compromised accounts: 211,524,284
Compromised data: Email addresses, Names, Social media profiles, Usernames
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 9865b4717f3daaaacbacef32b81f478b6dfeac56
)
[86] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#UC
[title] => University of California - 547,422 breached accounts
[timestamp] => 1608764400
[author] =>
[content] =>
In December 2020, the University of California suffered a data breach due to vulnerability in in a third-party provider, Accellion. The breach exposed extensive personal data on both students and staff including 547 thousand unique email addresses, names, dates of birth, genders, social security numbers, ethnicities and other academic related data attributes. Further analysis is available in Exploring the Impact of the UC Data Breach. The data was provided to HIBP courtesy of Cyril Gorlla.
Breach date: 24 December 2020
Date added to HIBP: 20 June 2021
Compromised accounts: 547,422
Compromised data: Dates of birth, Education levels, Email addresses, Ethnicities, Genders, Job titles, Names, Phone numbers, Physical addresses, Social security numbers
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 591e272980f29149d094e061515f3a24c2416346
)
[87] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#NetGalley
[title] => NetGalley - 1,436,435 breached accounts
[timestamp] => 1608505200
[author] =>
[content] =>
In December 2020, the book promotion site NetGalley suffered a data breach. The incident exposed 1.4 million unique email addresses alongside names, usernames, physical and IP addresses, phone numbers, dates of birth and passwords stored as salted SHA-1 hashes. The data was provided to HIBP by a source who requested it be attributed to pom@pompur.in.
Breach date: 21 December 2020
Date added to HIBP: 23 February 2021
Compromised accounts: 1,436,435
Compromised data: Dates of birth, Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Usernames
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 3030a1e429f177550e557e1f4b091d09cafd862d
)
[88] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#MMGFusion
[title] => MMG Fusion - 2,660,295 breached accounts
[timestamp] => 1608418800
[author] =>
[content] =>
In December 2020, the dental practice management service MMG Fusion was the victim of a data breach which exposed 2.6M unique email addresses. The data also included patient appointments, names, phone numbers, dates of birth, genders and physical addresses. A small number of records also included passwords stored as bcrypt hashes.
Breach date: 20 December 2020
Date added to HIBP: 8 August 2021
Compromised accounts: 2,660,295
Compromised data: Appointments, Dates of birth, Email addresses, Genders, Marital statuses, Names, Passwords, Phone numbers, Physical addresses
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => a260bea040a09d8add6f3f0709aa419781d5b34d
)
[89] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#DriveSure
[title] => DriveSure - 3,675,099 breached accounts
[timestamp] => 1608332400
[author] =>
[content] =>
In December 2020, the car dealership service provider DriveSure suffered a data breach. The incident resulted in 26GB of data being downloaded and later shared on a hacking forum. Impacted personal information included 3.6 million unique email addresses, names, phone numbers and physical addresses. Vehicle data was also exposed and included makes, models, VIN numbers and odometer readings. A small number of passwords stored as bcrypt hashes were also included in the data set.
Breach date: 19 December 2020
Date added to HIBP: 10 May 2021
Compromised accounts: 3,675,099
Compromised data: Email addresses, Names, Passwords, Phone numbers, Physical addresses, Vehicle details
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => e2d773483747d10c432288032b0d95bbc5d16555
)
[90] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#TravelOK
[title] => Travel Oklahoma - 637,279 breached accounts
[timestamp] => 1608159600
[author] =>
[content] =>
In December 2020, the Oklahoma state Tourism and Recreation Department suffered a data breach. The incident exposed 637k email addresses across a variety of tables including age ranges against brochure orders and dates of birth against contest entries. Genders, names and physical addresses were also exposed. The data was provided to HIBP by a source who requested it be attributed to "badhou3a".
Breach date: 17 December 2020
Date added to HIBP: 10 March 2021
Compromised accounts: 637,279
Compromised data: Age groups, Dates of birth, Email addresses, Genders, Names, Physical addresses
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 85b9f53d9063bc95673d1f1050368462b6661bda
)
[91] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#PeoplesEnergy
[title] => People's Energy - 358,822 breached accounts
[timestamp] => 1608073200
[author] =>
[content] =>
In December 2020, the UK power company People's Energy suffered a data breach. The breach exposed almost 7GB of files containing 359k unique email addresses along with names, phones numbers, physical addresses and dates of birth. The incident also included People's Energy staff email addresses and bcrypt password hashes (no customer passwords were exposed). The data was provided to HIBP by a source who requested it be attributed to pom@pompur.in.
Breach date: 16 December 2020
Date added to HIBP: 23 February 2021
Compromised accounts: 358,822
Compromised data: Dates of birth, Email addresses, Names, Passwords, Phone numbers, Physical addresses
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 177da5cc09cbdcff7a612dc49d372ee162f7f6a4
)
[92] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#CapialEconomics
[title] => Capital Economics - 263,829 breached accounts
[timestamp] => 1607727600
[author] =>
[content] =>
In December 2020, the economic research company Capital Economics suffered a data breach that exposed 263k customer records. The exposed data included email and physical addresses, names, phone numbers, job titles and the employer of impacted customers.
Breach date: 12 December 2020
Date added to HIBP: 4 July 2022
Compromised accounts: 263,829
Compromised data: Email addresses, Employers, Job titles, Names, Phone numbers, Physical addresses
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 13342727620a2b0e78bfc3500ec32fa50b42e507
)
[93] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#Cit0day
[title] => Cit0day - 226,883,414 breached accounts
[timestamp] => 1604444400
[author] =>
[content] =>
In November 2020, a collection of more than 23,000 allegedly breached websites known as Cit0day were made available for download on several hacking forums. The data consisted of 226M unique email address alongside password pairs, often represented as both password hashes and the cracked, plain text versions. Independent verification of the data established it contains many legitimate, previously undisclosed breaches. The data was provided to HIBP by dehashed.com.
Unverified breach, may be sourced from elsewhere.
Breach date: 4 November 2020
Date added to HIBP: 19 November 2020
Compromised accounts: 226,883,414
Compromised data: Email addresses, Passwords
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 31cc8cbbcf1e9b2b815b38f96cc4a71578b64cd2
)
[94] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#Wongnai
[title] => Wongnai - 3,924,454 breached accounts
[timestamp] => 1603839600
[author] =>
[content] =>
In October 2020, 17 previously undisclosed data breaches appeared for sale including the Thai restaurant, hotel and attraction finding service, Wongnai. The breach exposed almost 4M unique customer records from some time during 2020 along with names, phone numbers, links to social media profiles and passwords stored as MD5 hashes. The data was self-submitted to HIBP by Wongnai.
Breach date: 28 October 2020
Date added to HIBP: 4 November 2020
Compromised accounts: 3,924,454
Compromised data: Dates of birth, Email addresses, Geographic locations, IP addresses, Names, Passwords, Phone numbers, Social media profiles
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => d8b7c43745d731704caa0bf20b6d36ad044df43e
)
[95] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#Playbook
[title] => Playbook - 50,538 breached accounts
[timestamp] => 1603058400
[author] =>
[content] =>
In September 2021, a publicly accessible PostgresSQL database belonging to the Playbook service was identified. Run by VC firm Plug and Play Ventures, the database had been exposed since October 2020 and contained more than 50 thousand unique email addresses along with names, phone numbers, job titles and passwords stored as PBKDF2 hashes. It took more than 2 weeks after being notified of the exposed data to properly secure it. It's unknown whether Plug and Play Ventures notified impacted individuals as they ceased responding to queries from the press.
Breach date: 19 October 2020
Date added to HIBP: 12 October 2021
Compromised accounts: 50,538
Compromised data: Email addresses, Job titles, Names, Passwords, Phone numbers, Social media profiles
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 06645f54280fb8629528cd411349e2ed2cfc40b5
)
[96] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#bigbasket
[title] => bigbasket - 24,500,011 breached accounts
[timestamp] => 1602626400
[author] =>
[content] =>
In October 2020, the Indian grocery platform bigbasket suffered a data breach that exposed over 20 million customer records. The data was originally sold before being leaked publicly in April the following year and included email, IP and physical addresses, names, phones numbers, dates of birth passwords stored as Django(SHA-1) hashes.
Breach date: 14 October 2020
Date added to HIBP: 26 April 2021
Compromised accounts: 24,500,011
Compromised data: Dates of birth, Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 67cdab0ade561c985d1b3eee50e48ac605241f00
)
[97] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#Thingiverse
[title] => Thingiverse - 228,102 breached accounts
[timestamp] => 1602540000
[author] =>
[content] =>
In October 2021, a database backup taken from the 3D model sharing service Thingiverse began extensively circulating within the hacking community. Dating back to October 2020, the 36GB file contained 228 thousand unique email addresses, mostly alongside comments left on 3D models. The data also included usernames, IP addresses, full names and passwords stored as either unsalted SHA-1 or bcrypt hashes. In some cases, physical addresses was also exposed. Thingiverse's owner, MakerBot, is aware of the incident but at the time of writing, is yet to issue a disclosure statement. The data was provided to HIBP by dehashed.com.
Breach date: 13 October 2020
Date added to HIBP: 14 October 2021
Compromised accounts: 228,102
Compromised data: Dates of birth, Email addresses, IP addresses, Names, Passwords, Physical addresses, Usernames
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 8172d4ce531d55a413b608c2da7a97ca4a3c2ae2
)
[98] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#AnimalJam
[title] => Animal Jam - 7,104,998 breached accounts
[timestamp] => 1602453600
[author] =>
[content] =>
In October 2020, the online game for kids Animal Jam suffered a data breach which was subsequently shared through online hacking communities the following month. The data contained 46 million user accounts with over 7 million unique email addresses. Impacted data also included usernames, IP addresses and for some records, dates of birth (sometimes in partial form), physical addresses, parent names and passwords stored as PBKDF2 hashes.
Breach date: 12 October 2020
Date added to HIBP: 12 November 2020
Compromised accounts: 7,104,998
Compromised data: Dates of birth, Email addresses, Genders, IP addresses, Names, Passwords, Physical addresses, Usernames
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => e084bed4c132d327f1e1d41d6dce5a102f5d68bc
)
[99] => Array
(
[uri] => https://haveibeenpwned.com/PwnedWebsites#Famm
[title] => Famm - 535,240 breached accounts
[timestamp] => 1602108000
[author] =>
[content] =>
In late 2020, the Japanese family photos website Famm suffered a data breach that subsequently exposed 1.3M customer records, including 535k unique email addresses. Impacted data also included names, dates of birth, genders and passwords stored as SHA-256 hashes.
Breach date: 8 October 2020
Date added to HIBP: 16 July 2022
Compromised accounts: 535,240
Compromised data: Dates of birth, Email addresses, Genders, Names, Passwords
[enclosures] => Array
(
)
[categories] => Array
(
)
[uid] => 369d092dc4f0d8b10eaf5b03a0b1a69a71721c3d
)
)