Array ( [name] => Have I Been Pwned (HIBP) Bridge [uri] => https://haveibeenpwned.com [icon] => https://haveibeenpwned.com/favicon.ico [donationUri] => [items] => Array ( [0] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#ColoCrossing [title] => ColoCrossing - 7,183 breached accounts [timestamp] => 1748037600 [author] => [content] =>

In May 2025, hosting provider ColoCrossing identified a data breach that impacted customers of their ColoCloud virtual server product. ColoCrossing advised the incident was isolated to their cloud/VPS platform and stemmed from a single sign-on vulnerability. 7k email addresses were exposed in the incident along with names and MD5-Crypt password hashes.

Breach date: 24 May 2025
Date added to HIBP: 3 June 2025
Compromised accounts: 7,183
Compromised data: Email addresses, Names, Passwords
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => f725a3999d13a63d5c1a9b6a737c96c795403962 ) [1] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#OperationEndgame2 [title] => Operation Endgame 2.0 - 15,436,844 breached accounts [timestamp] => 1747951200 [author] => [content] =>

In May 2025, a coalition of law enforcement agencies took down the criminal infrastructure behind the malware used to launch ransomware attacks in a new phase of "Operation Endgame". This followed the first Operation Endgame exercise a year earlier, with the latest action resulting in 15.3M victim email addresses being provided to HIBP by law enforcement. A further 43.8M victim passwords were also provided for HIBP's Pwned Passwords service.

Malware breach.

Breach date: 23 May 2025
Date added to HIBP: 23 May 2025
Compromised accounts: 15,436,844
Compromised data: Email addresses, Passwords
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => a0647bda3d83372f099738a5e86641cfea5ddd48 ) [2] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#Ualabee [title] => Ualabee - 472,296 breached accounts [timestamp] => 1746482400 [author] => [content] =>

In May 2025, the South American mobility services platform Ualabee had hundreds of thousands of records scraped from an interface on their platform. The data included 472k unique email addresses along with names, profile photos, dates of birth and phone numbers.

Breach date: 6 May 2025
Date added to HIBP: 13 June 2025
Compromised accounts: 472,296
Compromised data: Dates of birth, Email addresses, Names, Phone numbers, Profile photos
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 4c3772bd9f46853c077439db6d2abfd8751d199e ) [3] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#SamsungGermany [title] => Samsung Germany Customer Tickets - 216,333 breached accounts [timestamp] => 1743289200 [author] => [content] =>

In March 2025, data from Samsung Germany was compromised in a data breach of their logistics provider, Spectos. Allegedly due to credentials being obtained by malware running on a Spectos employee's machine, the breach included 216k unique email addresses along with names, physical addresses, items purchased from Samsung Germany and related support tickets and shipping tracking numbers.

Breach date: 30 March 2025
Date added to HIBP: 13 April 2025
Compromised accounts: 216,333
Compromised data: Email addresses, Names, Physical addresses, Purchases, Salutations, Shipment tracking numbers, Support tickets
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => a7fd8e6abc2165ff1c84c18f7aec9f36e408c59a ) [4] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#GermanDonerKebab [title] => German Doner Kebab - 162,373 breached accounts [timestamp] => 1743030000 [author] => [content] =>

In March 2025, data allegedly sourced from German Doner Kebab was published on a popular hacking forum. The data included 162k unique email addresses alongside names, phone numbers and physical addresses. German Doner Kebab subsequently sent a disclosure notice to impacted individuals.

Breach date: 27 March 2025
Date added to HIBP: 30 March 2025
Compromised accounts: 162,373
Compromised data: Email addresses, Names, Phone numbers, Physical addresses
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 3862efbbb02073cd21740463694773426efe1ee1 ) [5] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#TehetsegKapu [title] => TehetségKapu - 54,357 breached accounts [timestamp] => 1742943600 [author] => [content] =>

In March 2025, almost 55k records were breached from the Hungarian education office website TehetségKapu. The data was subsequently published to a popular hacking forum and included email addresses, names and usernames.

Breach date: 26 March 2025
Date added to HIBP: 1 May 2025
Compromised accounts: 54,357
Compromised data: Email addresses, Names, Usernames
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => f8a5070047324038c553941a409a9ad00a675908 ) [6] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#TroyHuntMailchimpList [title] => Troy Hunt's Mailchimp List - 16,627 breached accounts [timestamp] => 1742857200 [author] => [content] =>

In March 2025, a phishing attack successfully gained access to Troy Hunt's Mailchimp account and automatically exported a list of people who had subscribed to the newsletter for his personal blog. The exported list contained 16k email addresses and other data automatically collected by Mailchimp including IP address and a derived latitude, longitude and time zone.

Breach date: 25 March 2025
Date added to HIBP: 25 March 2025
Compromised accounts: 16,627
Compromised data: Email addresses, Geographic locations, IP addresses
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 0c3d537e03c9b47d8483eedb64b9eee2ed75f043 ) [7] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#OrangeRomania [title] => Orange Romania - 556,557 breached accounts [timestamp] => 1740351600 [author] => [content] =>

In February 2025, the Romanian arm of telecommunications company Orange suffered a data breach which was subsequently published to a popular hacking forum. The data included 556k email addresses (of which hundreds of thousands were in the form of [phone number]@as1.romtelecom.net), phone numbers, subscription details, partial credit card data (type, last 4 digits, expiration date and issuing bank). The breach also exposed an extensive number of internal documents.

Breach date: 24 February 2025
Date added to HIBP: 27 February 2025
Compromised accounts: 556,557
Compromised data: Email addresses, Partial credit card data, Phone numbers
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 968967ad046769b4a3a4e879d5e529effb7a26bb ) [8] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#AlienStealerLogs [title] => ALIEN TXTBASE Stealer Logs - 284,132,969 breached accounts [timestamp] => 1739574000 [author] => [content] =>

In February 2025, 23 billion rows of stealer logs were obtained from a Telegram channel known as ALIEN TXTBASE. The data contained 284M unique email addresses alongside the websites they were entered into and the passwords used. This data is now searchable in HIBP by both email domain and the domain of the target website.

Breach date: 15 February 2025
Date added to HIBP: 25 February 2025
Compromised accounts: 284,132,969
Compromised data: Email addresses, Passwords
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 75d98d3cd9b93dee40ab105add986addb8390db8 ) [9] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#Cocospy [title] => Cocospy - 1,798,059 breached accounts [timestamp] => 1739487600 [author] => [content] =>

In February 2025, the spyware service Cocospy suffered a data breach along with sibling spyware service, Spyic. The Cocospy breach alone exposed almost 1.8M customer email addresses which were provided to HIBP, and reportedly also enabled unauthorised access to captured messages, photos, call logs, and more. The data was provided to HIBP by a source who requested it be attributed to "zathienaephi@proton.me".

Sensitive breach, not publicly searchable.

Breach date: 14 February 2025
Date added to HIBP: 20 February 2025
Compromised accounts: 1,798,059
Compromised data: Email addresses
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => d2650e4ca7d07fd93a9a9fba9ea61d50910840a8 ) [10] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#Spyic [title] => Spyic - 875,999 breached accounts [timestamp] => 1739487600 [author] => [content] =>

In February 2025, the spyware service Spyic suffered a data breach along with sibling spyware service, Cocospy. The Spyic breach alone exposed almost 876k customer email addresses which were provided to HIBP, and reportedly also enabled unauthorised access to captured messages, photos, call logs, and more. The data was provided to HIBP by a source who requested it be attributed to "zathienaephi@proton.me".

Sensitive breach, not publicly searchable.

Breach date: 14 February 2025
Date added to HIBP: 21 February 2025
Compromised accounts: 875,999
Compromised data: Email addresses
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 8669f0cd6138950b2c766f50986f16afa6986002 ) [11] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#Lexipol [title] => Lexipol - 672,546 breached accounts [timestamp] => 1739228400 [author] => [content] =>

In February 2025, the public safety policy management systems company Lexipol suffered a data breach. Attributed to the self-proclaimed "Puppygirl Hacker Polycule", the breach exposed an extensive number of documents and user records which were subsequently published publicly. The breach included over 670k unique email addresses in the user records, along with names, phone numbers, system-generated usernames and passwords stored as either MD5 or SHA-256 hashes.

Sensitive breach, not publicly searchable.

Breach date: 11 February 2025
Date added to HIBP: 19 March 2025
Compromised accounts: 672,546
Compromised data: Email addresses, Names, Passwords, Phone numbers, Usernames
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => d09738a9b23312b9ae9d9a797d296bf8c6237da2 ) [12] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#Thermomix [title] => Thermomix Recipe World Forum - 3,123,439 breached accounts [timestamp] => 1738191600 [author] => [content] =>

In January 2025, the Rezeptwelt (German for "recipe world") forum for Thermomix owners suffered a data breach. The incident exposed 3.1M registered users' details including names, email and physical addresses, phone numbers, dates of birth and bios (usually cooking related). The data was provided to HIBP by a source who requested it be attributed to "ayame@xmpp.jp".

Breach date: 30 January 2025
Date added to HIBP: 6 February 2025
Compromised accounts: 3,123,439
Compromised data: Bios, Dates of birth, Email addresses, Names, Phone numbers, Physical addresses, Usernames
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 383d840e707d639ed13303d176fecc5f32691255 ) [13] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#DoxbinScrape [title] => Doxbin Scrape - 435,784 breached accounts [timestamp] => 1737673200 [author] => [content] =>

In January 2025, 435k email addresses were scraped from the "doxing" service Doxbin. Posts to the service are usually intended to disclose the personal information of non-consensually third parties. The data was provided to HIBP by a source who requested it be attributed to "oathnet.ru".

Sensitive breach, not publicly searchable.

Breach date: 24 January 2025
Date added to HIBP: 28 January 2025
Compromised accounts: 435,784
Compromised data: Email addresses
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => ed173bf868f5421296feac881c952030e4c9a848 ) [14] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#FrameAndOptic [title] => Frame & Optic - 15,678 breached accounts [timestamp] => 1736982000 [author] => [content] =>

In January 2025, the eyewear seller Frame & Optic suffered a data breach. The incident exposed almost 16k unique email addresses along with names, phone numbers and geolocation data including country, state and postcode. The data was provided to HIBP by a source who requested it be attributed to "oathnet.ru".

Breach date: 16 January 2025
Date added to HIBP: 22 January 2025
Compromised accounts: 15,678
Compromised data: Email addresses, Geographic locations, Names, Phone numbers
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => f58d5541d731ec1f1d312724b23c74d25444d356 ) [15] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#StealerLogsJan2025 [title] => Stealer Logs, Jan 2025 - 71,039,833 breached accounts [timestamp] => 1736722800 [author] => [content] =>

In January 2025, stealer logs with 71M email addresses were added to HIBP. Consisting of email address, password and the website the credentials were entered against, this breach marks the launch of a new HIBP feature enabling the retrieval of the specific websites the logs were collected against. The incident also resulted in 106M more passwords being added to the Pwned Passwords service.

Breach date: 13 January 2025
Date added to HIBP: 13 January 2025
Compromised accounts: 71,039,833
Compromised data: Email addresses, Passwords
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => bbaa39c6c8c5c4cf159f65451fc733991e1f8a09 ) [16] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#LandAirSea [title] => LandAirSea - 337,373 breached accounts [timestamp] => 1736636400 [author] => [content] =>

In January 2025, the GPS tracking service LandAirSea suffered a data breach that exposed 337k unique customer email addresses alongside names, usernames and password hashes. The breach also exposed partial credit card data (card type, last 4 digits and expiration), and GPS device identifiers and locations. LandAirSea is aware of the breach and has remediated the underlying vulnerability. The data was provided to HIBP by a source who requested it be attributed to "zathienaephi@proton.me".

Breach date: 12 January 2025
Date added to HIBP: 11 February 2025
Compromised accounts: 337,373
Compromised data: Email addresses, Names, Partial credit card data, Passwords, Physical addresses, Usernames
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 2e122ac63cb77133f41fc39fbf9c47c7c6884247 ) [17] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#Scholastic [title] => Scholastic - 4,247,768 breached accounts [timestamp] => 1736290800 [author] => [content] =>

In January 2025, a data breach of the publishing company Scholastic surfaced. The breach contained 4.2M unique email addresses with many of the records also including name, phone number and physical address.

Breach date: 8 January 2025
Date added to HIBP: 13 January 2025
Compromised accounts: 4,247,768
Compromised data: Email addresses, Names, Phone numbers, Physical addresses
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 752d5b00231c68a2e2e2c6910ddb1e8e3cee6139 ) [18] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#Speedio [title] => Speedio - 27,501,041 breached accounts [timestamp] => 1734994800 [author] => [content] =>

In December 2024, data alleged to have been taken from the Brazilian lead generation platform Speedio was posted for sale to a popular hacking forum. The data was allegedly obtained from an unsecured Elasticsearch instance and contained over 62M records of largely public business information including company names, phone numbers and physical addresses, along with 27M unique email addresses, predominantly from public services such as Gmail and Outlook. Speedio did not respond to multiple attempts to disclose the incident, and the origin of the data could not be independently verified. The data was provided to HIBP by a source who requested it be attributed to "ayame@xmpp.jp".

Unverified breach, may be sourced from elsewhere.

Breach date: 24 December 2024
Date added to HIBP: 30 January 2025
Compromised accounts: 27,501,041
Compromised data: Company names, Email addresses, Phone numbers, Physical addresses
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 7108400fe31a58f2b4bcbe5eef7a7bbab071afc7 ) [19] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#BitView [title] => BitView - 63,127 breached accounts [timestamp] => 1734130800 [author] => [content] =>

In December 2024, the video sharing Community BitView suffered a data breach that exposed 63k customer records. Attributed to a backup taken by a previous administrator earlier in the year, the breach exposed email and IP addresses, bcrypt password hashes, usernames, bios, private messages, video comments and for some records, gender, date of birth and country of location.

Breach date: 14 December 2024
Date added to HIBP: 19 December 2024
Compromised accounts: 63,127
Compromised data: Bios, Comments, Dates of birth, Email addresses, Genders, Geographic locations, IP addresses, Passwords, Private messages, Usernames
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => a1368a46a3632e4ad6bd7fb691f2d782433d9578 ) [20] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#YoungLivingEssentialOils [title] => Young Living Essential Oils - 1,128,951 breached accounts [timestamp] => 1733871600 [author] => [content] =>

In December 2024, data claimed to be breached from the multi-level marketing company Young Living Essential Oils was posted to a popular hacking forum. The data contained 1.1M unique email addresses alongside names, the country of the account and in many cases, their date of birth. The data was provided to HIBP by a source who requested it be attributed to "Threat Actor 888". Young Living Essential Oils did not respond to multiple attempts to contact them about the data.

Breach date: 11 December 2024
Date added to HIBP: 19 December 2024
Compromised accounts: 1,128,951
Compromised data: Dates of birth, Email addresses, Geographic locations, Names
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 59c35e611745ce61957474ad6f0fa3c0a34eac09 ) [21] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#SeniorDating [title] => Senior Dating - 765,517 breached accounts [timestamp] => 1732316400 [author] => [content] =>

In 2024, the 40+ dating website Senior Dating suffered a data breach. Attributed to an exposed Firebase database, the breach included extensive personal information on 766k users of the service including email addresses, photos, genders, links to Facebook accounts, dates of birth and precise latitude and longitude, among other personal attributes. The website was shut down after the breach was acknowledged by the site operator in December, along with a breach of the "ladies.com" website run by the same organisation.

Sensitive breach, not publicly searchable.

Breach date: 23 November 2024
Date added to HIBP: 9 December 2024
Compromised accounts: 765,517
Compromised data: Bios, Dates of birth, Drinking habits, Education levels, Email addresses, Genders, Geographic locations, Occupations, Profile photos, Relationship statuses, Smoking habits, Social media profiles
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => b8a94aa2477fc2b9f6bd6280b8cae851aacc270d ) [22] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#Yonema [title] => Yonéma - 35,962 breached accounts [timestamp] => 1732143600 [author] => [content] =>

In November 2024, data from the Senegalese payment platform Yonéma was posted to a popular hacking forum. The data included 36k unique email addresses alongside phone numbers, names and what appears to be encrypted passwords and dates of birth.

Breach date: 21 November 2024
Date added to HIBP: 14 December 2024
Compromised accounts: 35,962
Compromised data: Dates of birth, Device information, Email addresses, IP addresses, Names, Passwords, Phone numbers
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => efb7340b596b3bce367776ea32f5317e950db5aa ) [23] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#FlipaClip [title] => FlipaClip - 892,854 breached accounts [timestamp] => 1731884400 [author] => [content] =>

In November 2024, the animation app FlipaClip suffered a data breach that exposed almost 900k records due to an exposed Firebase server. The impacted data included name, email address, country and date of birth. FlipaClip advised the issue has since been rectified.

Breach date: 18 November 2024
Date added to HIBP: 20 November 2024
Compromised accounts: 892,854
Compromised data: Dates of birth, Email addresses, Geographic locations, Names
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => e5ea51fd4abf759ab337b8bd114ee1cbcfdd0ecc ) [24] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#TheRealWorld [title] => The Real World - 324,382 breached accounts [timestamp] => 1731625200 [author] => [content] =>

In November 2024, the online course founded by Andrew Tate known as "The Real World" (previously "Hustler's University" suffered a data breach that exposed almost 325k users of the platform. The impacted data was limited to usernames, email addresses and chat logs.

Breach date: 15 November 2024
Date added to HIBP: 22 November 2024
Compromised accounts: 324,382
Compromised data: Chat logs, Email addresses, Usernames
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 81d7931e631be01a764ff38e0d14c909f556ba7d ) [25] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#PoinCampus [title] => PoinCampus - 89,116 breached accounts [timestamp] => 1731538800 [author] => [content] =>

In November 2024, the South Korean education platform PoinCampus suffered a data breach which was later published to a popular hacking forum. The data included 89k unique email addresses, names and a small number of phone numbers and dates of birth. The data was provided to HIBP by a source who requested it be attributed to "Threat Actor 888".

Breach date: 14 November 2024
Date added to HIBP: 4 February 2025
Compromised accounts: 89,116
Compromised data: Dates of birth, Email addresses, Names, Phone numbers
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => e4143e1fadaaf6c85420d8fd347960ad99ccf1a0 ) [26] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#Tibber [title] => Tibber - 50,002 breached accounts [timestamp] => 1731193200 [author] => [content] =>

In November 2024, the German electricity provider Tibber suffered a data breach that exposed the personal information of 50k customers. The data included names, email addresses, geographic locations (city and postcode) and total spend on purchases. The data was provided to HIBP by a source who requested it be attributed to "Threat Actor 888".

Breach date: 10 November 2024
Date added to HIBP: 14 December 2024
Compromised accounts: 50,002
Compromised data: Email addresses, Geographic locations, Names, Purchases
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => c2b251d44ca812d00665454415f7e2dbb449240f ) [27] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#1win [title] => 1win - 96,166,543 breached accounts [timestamp] => 1730502000 [author] => [content] =>

In November 2024, the online betting platform 1win suffered a data breach that exposed 96M users. The exposed data included email and IP addresses, phone numbers, dates of birth, country and SHA-256 password hashes. The data was provided to HIBP by a source who requested it be attributed to "Leidhall".

Breach date: 2 November 2024
Date added to HIBP: 3 February 2025
Compromised accounts: 96,166,543
Compromised data: Dates of birth, Email addresses, Geographic locations, IP addresses, Passwords, Phone numbers
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 76f1d86725df440d4ef5d4fd73398b469d7a72d0 ) [28] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#SuperDraft [title] => SuperDraft - 300,187 breached accounts [timestamp] => 1729980000 [author] => [content] =>

In October 2024, the fantasy sports platform SuperDraft suffered a data breach that exposed over 300k customer records. The breach contained 24GB of data including email addresses, usernames, purchases, latitudes and longitudes, dates of birth and bcrypt password hashes.

Breach date: 27 October 2024
Date added to HIBP: 12 January 2025
Compromised accounts: 300,187
Compromised data: Dates of birth, Email addresses, Geographic locations, Passwords, Purchases, Usernames
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => cabf09ca50021b1a0ad6dcced27a3e043e355bbf ) [29] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#HotTopic [title] => Hot Topic - 56,904,909 breached accounts [timestamp] => 1729288800 [author] => [content] =>

In October 2024, retailer Hot Topic suffered a data breach that exposed 57 million unique email addresses. The impacted data also included physical addresses, phone numbers, purchases, genders, dates of birth and partial credit data containing card type, expiry and last 4 digits.

Breach date: 19 October 2024
Date added to HIBP: 11 November 2024
Compromised accounts: 56,904,909
Compromised data: Dates of birth, Email addresses, Genders, Names, Partial credit card data, Phone numbers, Physical addresses, Purchases, Salutations
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => c13188ec66603ef68c312a99c2ee3bfba1ebe437 ) [30] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#FreeMobile [title] => Free - 13,926,173 breached accounts [timestamp] => 1729116000 [author] => [content] =>

In October 2024, French ISP "Free" suffered a data breach which was subsequently posted for sale and later, leaked publicly. The data included 14M unique email addresses along with names, physical addresses, phone numbers, genders, dates of birth and for many records, IBAN bank account numbers. Free advised that the numbers were "not enough to make a direct debit from a bank".

Breach date: 17 October 2024
Date added to HIBP: 27 May 2025
Compromised accounts: 13,926,173
Compromised data: Bank account numbers, Dates of birth, Genders, Names, Phone numbers, Physical addresses
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 201a9bbdb309c575e4fb00b96edf2f3983dcfdfd ) [31] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#Earth2 [title] => Earth 2 - 420,961 breached accounts [timestamp] => 1729029600 [author] => [content] =>

In October 2024, 421k unique email addresses from the virtual earth game Earth 2 were derived from embedded Gravatar images. Appearing alongside player usernames, the root cause was related to how Gravatar presents links to avatars as MD5 hashes within consuming services, a feature Earth 2 advised has now been disabled on their platform. This incident did not expose any further personal information, passwords or financial data.

Breach date: 16 October 2024
Date added to HIBP: 7 November 2024
Compromised accounts: 420,961
Compromised data: Email addresses, Usernames
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => a2254351441951b0fda4eb1b01bf9133e1409f39 ) [32] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#Finsure [title] => Finsure - 296,124 breached accounts [timestamp] => 1728943200 [author] => [content] =>

In October 2024, almost 300k unique email addresses from Australian mortgage broking group Finsure were obtained from the ActivePipe real estate marketing platform. The impacted data also included names, phone numbers and physical addresses. The incident did not directly affect any of Finsure's systems or expose any passwords or financial data.

Breach date: 15 October 2024
Date added to HIBP: 19 November 2024
Compromised accounts: 296,124
Compromised data: Email addresses, Names, Phone numbers, Physical addresses
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 2f90522b250fbb8abb84047e5763b98a637c6943 ) [33] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#FlatEarthDave [title] => Flat Earth Sun, Moon and Zodiac App - 33,294 breached accounts [timestamp] => 1728943200 [author] => [content] =>

In October 2024, the flat earth sun, moon and zodiac app created by Flat Earth Dave was found to be leaking extensive personal information of its users. The data included 33k unique email addresses along with usernames, latitudes and longitudes (their position on the globe) and passwords stored in plain text. A small number of profiles also contained names, dates of birth and genders.

Breach date: 15 October 2024
Date added to HIBP: 2 March 2025
Compromised accounts: 33,294
Compromised data: Dates of birth, Email addresses, Genders, Geographic locations, Names, Passwords, Usernames
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 10819608cfadf0b91d42440e4faf6df344645db1 ) [34] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#TheClubPenguinExperience [title] => The Club Penguin Experience - 6,342 breached accounts [timestamp] => 1728856800 [author] => [content] =>

In October 2024, The Club Penguin Experience (TCPE) suffered a data breach. The incident exposed over 6k subscribers' email addresses alongside usernames, age groups, passwords stored as bcrypt hashes and in some cases, plain text password hints. TCPE sent prompt disclosure notices to impacted customers following the breach.

Breach date: 14 October 2024
Date added to HIBP: 26 October 2024
Compromised accounts: 6,342
Compromised data: Age groups, Email addresses, Password hints, Passwords, Usernames
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => ea003be605056b432601963274fc8c251994b41d ) [35] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#Switch [title] => Switch - 5,397 breached accounts [timestamp] => 1727733600 [author] => [content] =>

In October 2024, the Hungarian IT headhunting service Switch inadvertently exposed thousands of customer records via a public GitHub repository. The exposed data contained job applications with names, email addresses and in some cases, commentary on the applicant.

Breach date: 1 October 2024
Date added to HIBP: 5 October 2024
Compromised accounts: 5,397
Compromised data: Email addresses, Job applications, Names, Social media profiles
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 3e44c920427e845df4958295eb8c3045b55fcfd5 ) [36] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#digiDirect [title] => digiDirect - 304,337 breached accounts [timestamp] => 1727560800 [author] => [content] =>

In September 2024, a data breach sourced from the Australian retailer digiDirect was published to a popular hacking forum. The breach exposed over 300k rows of data including email and physical address, name, phone number and date of birth. Approximately half the email addresses were on domains from external marketplaces including Amazon, eBay and Westfield.

Breach date: 29 September 2024
Date added to HIBP: 25 October 2024
Compromised accounts: 304,337
Compromised data: Dates of birth, Email addresses, Names, Phone numbers, Physical addresses
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 06041e607e0f9d7f8e852500882bf0abc183da59 ) [37] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#InternetArchive [title] => Internet Archive - 31,081,179 breached accounts [timestamp] => 1727474400 [author] => [content] =>

In September 2024, the digital library of internet sites Internet Archive suffered a data breach that exposed 31M records. The breach exposed user records including email addresses, screen names and bcrypt password hashes.

Breach date: 28 September 2024
Date added to HIBP: 10 October 2024
Compromised accounts: 31,081,179
Compromised data: Email addresses, Passwords, Usernames
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 66d13e9f7f9159317cc28a343128126d8be6edb3 ) [38] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#FrenchCitizens [title] => French Citizens - 28,445,106 breached accounts [timestamp] => 1727215200 [author] => [content] =>

In September 2024, over 90M rows of data on French Citizens was found left exposed in a publicly facing database. Compiled from various data breaches, the corpus contained 28M unique email addresses with the various source breaches each exposing different fields including name, physical and IP address, phone number and partial credit card data including payment type and last 4 digits.

Breach date: 25 September 2024
Date added to HIBP: 20 December 2024
Compromised accounts: 28,445,106
Compromised data: Device information, Email addresses, IP addresses, Names, Partial credit card data, Phone numbers, Physical addresses
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 83564b32213b89517aac7b44cfc3c3737c502654 ) [39] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#Muah [title] => Muah.AI - 1,910,261 breached accounts [timestamp] => 1726524000 [author] => [content] =>

In September 2024, the "AI girlfriend" website Muah.AI suffered a data breach. The breach exposed 1.9M email addresses alongside prompts to generate AI-based images. Many of the prompts were highly sexual in nature, with many also describing child exploitation scenarios.

Sensitive breach, not publicly searchable.

Breach date: 17 September 2024
Date added to HIBP: 9 October 2024
Compromised accounts: 1,910,261
Compromised data: Email addresses, Sexual fetishes
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 539daa63c7fb8e51a3123696dd26c0da27595807 ) [40] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#InstitutoNacionalDeDeportesDeChile [title] => Instituto Nacional de Deportes de Chile - 319,613 breached accounts [timestamp] => 1726092000 [author] => [content] =>

In September 2024, the Instituto Nacional de Deportes de Chile (Chile's National Sports Institute) suffered a data breach. The incident exposed 1.7M rows of data with 320k unique email addresses alongside names, dates of birth, genders and bcrypt password hashes. The newest records in the data date back to August 2022, suggesting the breach may be of an older data set.

Breach date: 12 September 2024
Date added to HIBP: 17 September 2024
Compromised accounts: 319,613
Compromised data: Dates of birth, Email addresses, Genders, Names, Passwords, Usernames
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 96d82ec84115ad0380fd466751ab628e67b9aab5 ) [41] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#Boulanger [title] => Boulanger - 2,077,078 breached accounts [timestamp] => 1725573600 [author] => [content] =>

In September 2024, French electronics retailer Boulanger suffered a data breach that exposed over 27M rows of data. The data included 2M unique email addresses along with names, physical addresses, phone numbers and latitude and longitude. The data was later publicly published to a popular hacking forum. The data was provided to HIBP by a source who requested it be attributed to "leidhall".

Breach date: 6 September 2024
Date added to HIBP: 8 April 2025
Compromised accounts: 2,077,078
Compromised data: Email addresses, Geographic locations, Names, Phone numbers, Physical addresses
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 9a3e555405ff340ea39c0f35c7229661d748905a ) [42] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#MC2Data [title] => MC2 Data - 2,122,280 breached accounts [timestamp] => 1723932000 [author] => [content] =>

In August 2024, data aggregator MC2 Data left a database publicly accessible without a password which was subsequently discovered by a security researcher. The breach exposed the personal information of 2.1M subscribers to the service which was marketed under a series of different brand names. The data included email addresses, names and salted SHA-256 password hashes.

Breach date: 18 August 2024
Date added to HIBP: 15 December 2024
Compromised accounts: 2,122,280
Compromised data: Email addresses, Names, Passwords
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 2f5e5702f7470da4b5671fd6be507b9bbd1b7bb3 ) [43] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#ExploreTalentAug2024 [title] => Explore Talent (August 2024) - 8,929,384 breached accounts [timestamp] => 1723672800 [author] => [content] =>

In August 2024, a slew of security vulnerabilities were identified with a conglomerate of online services which included the talent network Explore Talent. A vulnerable API exposed the personal records of 11.4M users of the service of which 8.9M unique email addresses were provided to HIBP. This incident is separate to the Explore Talent breach which occurred in 2022 and was loaded into HIBP in July 2024.

Breach date: 15 August 2024
Date added to HIBP: 19 August 2024
Compromised accounts: 8,929,384
Compromised data: Email addresses
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => eb0d8d27a8ce8a1b8b3f5ae1fcd1970f972d1d06 ) [44] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#Tracki [title] => Tracki - 372,557 breached accounts [timestamp] => 1723672800 [author] => [content] =>

In August 2024, a slew of security vulnerabilities were identified with a conglomerate of online services which included the GPS tracking service Tracki. Multiple vulnerabilities exposed the personal records of 372k users of the service including names and email addresses.

Breach date: 15 August 2024
Date added to HIBP: 19 August 2024
Compromised accounts: 372,557
Compromised data: Email addresses, Names
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 9abb50f679c23670f684f388dfb9a67da96aeba1 ) [45] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#schenkYOU [title] => schenkYOU - 237,349 breached accounts [timestamp] => 1723672800 [author] => [content] =>

In September 2024, data from the online German gift store schenkYOU was put up for sale on a popular hacking forum. Obtained the month before, the data included 237k unique email addresses alongside names, dates of birth and salted SHA-256 password hashes. The standalone store was subsequently shut down with all traffic redirected to their Amazon store.

Breach date: 15 August 2024
Date added to HIBP: 19 December 2024
Compromised accounts: 237,349
Compromised data: Dates of birth, Email addresses, Names, Passwords
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => d011db3779db18a517e895d723708ab52bde9f21 ) [46] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#ChrisLeong [title] => Chris Leong - 27,096 breached accounts [timestamp] => 1723240800 [author] => [content] =>

In August 2024, the website of Master Chris Leong "a leading Tit Tar practitioner in Malaysia" suffered a data breach. The incident exposed 27k unique email addresses along with names, physical addresses, dates of birth, genders, nationalities and in many cases, links to Facebook profiles. The company did not respond when contacted about the breach.

Breach date: 10 August 2024
Date added to HIBP: 14 August 2024
Compromised accounts: 27,096
Compromised data: Dates of birth, Email addresses, Genders, Names, Nationalities, Phone numbers, Physical addresses, Purchases, Social media profiles
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 7a01d983f4045c10de72f94530236204e3898be2 ) [47] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#NotSOCRadar [title] => Not SOCRadar - 282,478,425 breached accounts [timestamp] => 1722636000 [author] => [content] =>

In August 2024, over 332M rows of email addresses were posted to a popular hacking forum. The post alleged the addresses were scraped from cybersecurity firm SOCRadar, however an investigation on their behalf concluded that "the actor merely utilised functionalities inherent in the platform's standard offerings, designed to gather information from publicly available sources". There is no suggestion the incident compromised SOCRadar's security or posed any risk to their customers. In total, the data set contained 282M unique addresses of valid email address format.

Breach date: 3 August 2024
Date added to HIBP: 9 August 2024
Compromised accounts: 282,478,425
Compromised data: Email addresses
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => c56dd8ad1df731a3b57794546f82bd82a4c99807 ) [48] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#Ubook [title] => Ubook - 699,908 breached accounts [timestamp] => 1722117600 [author] => [content] =>

In July 2024, 700k unique email addresses from the audiobook platform Ubook were posted to a popular hacking forum. Allegedly scraped from the service, the data appears to be sourced from the Ubook Exchange (UBX) and also includes names, genders, dates of birth and links to profile photos.

Breach date: 28 July 2024
Date added to HIBP: 31 July 2024
Compromised accounts: 699,908
Compromised data: Dates of birth, Email addresses, Genders, Names, Profile photos
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 61908157a14418567f683c2b00fd8e37c98e5409 ) [49] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#TelegramStealerLogs [title] => Stealer Logs Posted to Telegram - 26,105,473 breached accounts [timestamp] => 1721253600 [author] => [content] =>

In July 2024, info stealer logs with 26M unique email addresses were collated from malicious Telegram channels. The data contained 22GB of logs consisting of email addresses, passwords and the websites they were used on, all obtained by malware running on infected machines.

Breach date: 18 July 2024
Date added to HIBP: 1 August 2024
Compromised accounts: 26,105,473
Compromised data: Email addresses, Passwords
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => ba964f28ce0eeeb8d252da23536600f746ca14bb ) [50] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#TheHeritageFoundation [title] => The Heritage Foundation - 72,004 breached accounts [timestamp] => 1720476000 [author] => [content] =>

In July 2024, hacktivists published almost 2GB of data taken from The Heritage Foundation and their media arm, The Daily Signal. The data contained 72k unique email addresses, primarily used for commenting on articles (along with names, IP addresses and the comments left) and by content contributors (along with usernames and passwords stored as either MD5 or phpass hashes).

Breach date: 9 July 2024
Date added to HIBP: 10 July 2024
Compromised accounts: 72,004
Compromised data: Email addresses, IP addresses, Names, Passwords, Usernames
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 78199e89c59e5b129ff036b063709e1eeed4826e ) [51] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#MSI [title] => MSI - 249,990 breached accounts [timestamp] => 1720303200 [author] => [content] =>

In July 2024, MSI inadvertently exposed hundreds of thousands of customer records related to RMA claims that were subsequently found to be publicly accessible. The data included 250k unique email addresses alongside names, phone numbers, physical addresses and warranty claims. When contacted about the incident, MSI advised that "there is no evidence the information was ever accessed" and that "the security incident we had did not trigger state data breach notification obligations" due to the absence of "(social security number, driver's license number….etc)".

Breach date: 7 July 2024
Date added to HIBP: 17 January 2025
Compromised accounts: 249,990
Compromised data: Email addresses, Names, Phone numbers, Physical addresses, Warranty claims
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 6a49536e76b82ce8b9a33ce1c5d38715367ea986 ) [52] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#LuLu [title] => LuLu - 2,796,835 breached accounts [timestamp] => 1720216800 [author] => [content] =>

In July 2024, the Emirati-based LuLu retail store suffered a data breach. The impacted data included 190k email addresses and associated phone numbers which were subsequently shared on a popular hacking forum. The data was provided to HIBP by a source who requested it be attributed to "IntelBroker". The following month, the threat of leaking the full database was carried out and a backup from October 2022 with a further 2.6M unique email addresses appeared. This data also included names, physical addresses, orders and PBKDF2 password hashes.

Breach date: 6 July 2024
Date added to HIBP: 2 August 2024
Compromised accounts: 2,796,835
Compromised data: Email addresses, Names, Passwords, Phone numbers, Physical addresses, Purchases
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 4a73091e125c5bef0cbff45b6e36cd6a4b1b37bf ) [53] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#AnimeLeague [title] => AnimeLeague - 192,134 breached accounts [timestamp] => 1720044000 [author] => [content] =>

In July 2024, AnimeLeague disclosed a data breach of their services. The data was posted for sale on a popular hacking forum and included 2 databases covering both event registration records and a dump of the phpBB bulletin board. The impacted data included passwords in various hashed formats including SHA-1, salted md5 and bcrypt, as well as usernames, private messages, dates of birth, purchases and 192k unique email addresses.

Breach date: 4 July 2024
Date added to HIBP: 31 July 2024
Compromised accounts: 192,134
Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Phone numbers, Private messages, Purchases, Usernames
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => f75a3c11867458a22a7c3fb0f11de537dd11c44e ) [54] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#RobloxDeveloperConference2024 [title] => FNTECH - 10,386 breached accounts [timestamp] => 1720044000 [author] => [content] =>

In July 2024, the events management platform FNTECH suffered a data breach that exposed 10k unique email addresses. The data contained registrants from various events, including participants of the Roblox Developer Conference registration list. The data also included names and IP addresses.

Breach date: 4 July 2024
Date added to HIBP: 6 July 2024
Compromised accounts: 10,386
Compromised data: Email addresses, IP addresses, Names
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 886d634ea8b6a3578a6f5576a030fcd836c5400f ) [55] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#HuskyOwners [title] => Husky Owners - 16,502 breached accounts [timestamp] => 1720044000 [author] => [content] =>

In July 2024, the Husky Owners forum website was defaced and linked to a breach of user data containing 16k records. The exposed data included usernames, email addresses, dates of birth and time zones.

Breach date: 4 July 2024
Date added to HIBP: 7 July 2024
Compromised accounts: 16,502
Compromised data: Dates of birth, Email addresses, Time zones, Usernames
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => dc56d06c8347066b895aca5a214f6861b51e23bc ) [56] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#Ladies [title] => Ladies.com - 118,809 breached accounts [timestamp] => 1719957600 [author] => [content] =>

In 2024, the lesbian dating website ladies.com suffered a data breach. Attributed to an exposed Firebase database, the breach included extensive personal information on 119k users of the service including email addresses, photos, sexual orientation, genders, dates of birth and precise latitude and longitude, among other personal attributes. The website was shut down in mid-2024 and the breach later acknowledged by the site operator in December, along with a breach of the "Senior Dating" website run by the same organisation.

Sensitive breach, not publicly searchable.

Breach date: 3 July 2024
Date added to HIBP: 9 December 2024
Compromised accounts: 118,809
Compromised data: Bios, Dates of birth, Drinking habits, Education levels, Email addresses, Family structure, Genders, Geographic locations, Photos, Profile photos, Relationship statuses, Sexual orientations, Smoking habits, Tattoo status, Usernames
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 5059330e07ed20af037fcd34958f650eed88002c ) [57] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#CentralTickets [title] => Central Tickets - 722,860 breached accounts [timestamp] => 1719784800 [author] => [content] =>

In September 2024, data from the ticketing service Central Tickets was publicly posted to a hacking forum. The data suggests the breach occurred several months earlier and exposed 723k unique email addresses alongside names, phone numbers, IP addresses, purchases and passwords stored as unsalted SHA-1 hashes.

Breach date: 1 July 2024
Date added to HIBP: 30 September 2024
Compromised accounts: 722,860
Compromised data: Device information, Email addresses, IP addresses, Names, Passwords, Phone numbers, Purchases
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 0b5ff2afecab6f0c5f2bf2fd444d9d84ee36e858 ) [58] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#Otelier [title] => Otelier - 436,855 breached accounts [timestamp] => 1719784800 [author] => [content] =>

In July 2024, a threat actor gained access to the hotel management platform Otelier and retrieved customer data from well-known hotel brands including Marriott, Hilton, and Hyatt. The data included 437k customer email addresses (a further 868k generated email addresses from the booking.com and Expedia platforms were not loaded into HIBP), names, physical addresses, phone numbers, booking information related to travel plans, purchases recorded by the platform and in a small number of cases, partial credit card data. The data was provided to HIBP by a source who requested it be attributed to "ayame@xmpp.jp".

Breach date: 1 July 2024
Date added to HIBP: 18 January 2025
Compromised accounts: 436,855
Compromised data: Email addresses, Names, Partial credit card data, Phone numbers, Physical addresses, Purchases, Travel plans
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => f8037047f9ae42f0131a3beb2a4e7b0958112262 ) [59] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#ShoeZone [title] => Shoe Zone - 46,140 breached accounts [timestamp] => 1719525600 [author] => [content] =>

In June 2024, the UK footwear chain Shoe Zone disclosed a data breach that was subsequently posted for sale on a popular hacking forum. The data included over 100k orders containing names, addresses, partial credit card numbers (card type and last 4 digits), and 46k unique email addresses. The data was provided to HIBP by a source who requested it be attributed to "IntelBroker".

Breach date: 28 June 2024
Date added to HIBP: 6 August 2024
Compromised accounts: 46,140
Compromised data: Email addresses, Names, Partial credit card data, Physical addresses, Purchases
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 0d4715fdff56161b239c1faaf1243fe3932402fa ) [60] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#BudTrader [title] => BudTrader - 2,721,185 breached accounts [timestamp] => 1719439200 [author] => [content] =>

In July 2024, a data breach of the now defunct cannabis social platform BudTrader was posted for sale on a hacking forum. Dating back to the previous month, the breach of the website exposed 2.7M email addresses, usernames and WordPress password hashes.

Sensitive breach, not publicly searchable.

Breach date: 27 June 2024
Date added to HIBP: 1 October 2024
Compromised accounts: 2,721,185
Compromised data: Email addresses, Passwords, Usernames
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 82cef16a2be2b646c1588156c3b348251e4bb125 ) [61] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#SpyX [title] => SpyX - 1,977,011 breached accounts [timestamp] => 1719180000 [author] => [content] =>

In June 2024, spyware maker SpyX suffered a data breach that exposed almost 2M unique email addresses. The breach also exposed IP addresses, countries of residence, device information and 6-digit PINs in the password field. Further, a collection of iCloud credentials likely used to monitor targets directly via the cloud were also in the breach and contained the target's email address and plain text Apple password.

Sensitive breach, not publicly searchable.

Breach date: 24 June 2024
Date added to HIBP: 19 March 2025
Compromised accounts: 1,977,011
Compromised data: Device information, Email addresses, Geographic locations, IP addresses, Passwords
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 4b7359bc592e2db108f347415beec3c6f920e886 ) [62] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#Zacks2024 [title] => Zacks (2024) - 11,994,223 breached accounts [timestamp] => 1719007200 [author] => [content] =>

In June 2024, the investment research company Zacks was allegedly breached, and data was later published to a popular hacking forum. This comes after a separate Zacks data breach confirmed by the organisation in 2023 with the subsequent breach disclosing millions of additional records representing a superset of data from the first incident. The 2024 breach included 12M unique email addresses along with IP and physical addresses, names, usernames, phone numbers and unsalted SHA-256 password hashes. Zacks did not respond to multiple attempts to contact them about the incident.

Breach date: 22 June 2024
Date added to HIBP: 13 February 2025
Compromised accounts: 11,994,223
Compromised data: Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Usernames
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 7701c9af3b66ac62cfdcaae613d737fb54dba459 ) [63] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#ZLib [title] => Z-lib - 9,737,374 breached accounts [timestamp] => 1718834400 [author] => [content] =>

In June 2024, almost 10M user records from Z-lib were discovered exposed online. Now defunct, Z-lib was a malicious clone of Z-Library, a well-known shadow online platform for pirating books and academic papers. The exposed data included usernames, email addresses, countries of residence, Bitcoin and Monero cryptocurrency wallet addresses, purchases and bcrypt password hashes.

Breach date: 20 June 2024
Date added to HIBP: 4 November 2024
Compromised accounts: 9,737,374
Compromised data: Cryptocurrency wallet addresses, Email addresses, Geographic locations, Passwords, Purchases, Usernames
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 37ef3a7ba9bfb2ebd5c74d1ece4f2cecfd0a42ab ) [64] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#mSpy2024 [title] => mSpy (2024) - 2,394,179 breached accounts [timestamp] => 1717884000 [author] => [content] =>

In June 2024, a huge trove of data from spyware maker mSpy was obtained by hacktivists and published online. Comprising of 142GB of user data and support tickets along with 176GB of more than half a million attachments, the data contained 2.4M unique email addresses, IP addresses names and photos. The data was predominantly support tickets seeking help to install the spyware on target devices, whilst the attachments contained various data including screen grans of financial transactions, photos of credit cards and nude selfies.

Sensitive breach, not publicly searchable.

Breach date: 9 June 2024
Date added to HIBP: 11 July 2024
Compromised accounts: 2,394,179
Compromised data: Email addresses, IP addresses, Names, Photos
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 57521cd3288ca075e9b69dc7d3a41b93aa029ae8 ) [65] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#AdvanceAutoParts [title] => Advance Auto Parts - 79,243,727 breached accounts [timestamp] => 1717538400 [author] => [content] =>

In June 2024, Advance Auto Parts confirmed they had suffered a data breach which was posted for sale to a popular hacking forum. Linked to unauthorised access to Snowflake cloud services, the breach exposed a large number of records related to both customers and employees. In total, 79M unique email addresses were included in the breach, alongside names, phone numbers, addresses and further data attributes related to company employees.

Breach date: 5 June 2024
Date added to HIBP: 24 June 2024
Compromised accounts: 79,243,727
Compromised data: Email addresses, Names, Phone numbers, Physical addresses
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => d456e88fb176e20782643f40075fed83ca589f22 ) [66] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#Spytech [title] => Spytech - 5,645 breached accounts [timestamp] => 1717452000 [author] => [content] =>

In July 2024, spyware maker Spytech suffered a data breach that exposed data collected as recently as the previous month. Designed to "invisibly record everything users do", the breach exposed information related to both purchasers and targets of the product. Target data collection (and subsequent exposure) included the infected computer name, browsing history, applications used, usernames of authenticated users, keywords being monitored, file operations (creation and deletion), computer usage times and email addresses, often captured within the spyware's logs. The data also included the names, purchases and md5 password hashes of purchasers.

Sensitive breach, not publicly searchable.

Breach date: 4 June 2024
Date added to HIBP: 30 July 2024
Compromised accounts: 5,645
Compromised data: Browsing histories, Device information, Email addresses, Names, Passwords, Purchases, Usernames
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 44d711703963650e28b198bd905f4b09c8c19d44 ) [67] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#RobinsonsMalls [title] => Robinsons Malls - 195,597 breached accounts [timestamp] => 1717192800 [author] => [content] =>

In June 2024, the Philippines' largest shopping-mall operators Robinsons Malls suffered a data breach stemming from their mobile app. The incident exposed 195k unique email addresses along with names, phone numbers, dates of birth, genders and the user's city and province.

Breach date: 1 June 2024
Date added to HIBP: 25 June 2025
Compromised accounts: 195,597
Compromised data: Dates of birth, Email addresses, Genders, Geographic locations, Names, Phone numbers
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 85e3da4e9702bff97190eb4899a9e6d34aaaef9e ) [68] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#Ticketek [title] => Ticketek - 17,643,173 breached accounts [timestamp] => 1717106400 [author] => [content] =>

In May 2024, the Australian event ticketing company Ticketek reported a data breach linked to a third party cloud-based platform. The following month, the data appeared for sale on a popular hacking forum and was later linked to a series of breaches of the Snowflake cloud storage service. The data contained almost 30M rows with 17.6M unique email addresses alongside names, genders, dates of birth and hashed passwords.

Retired breach, removed from system.

Breach date: 31 May 2024
Date added to HIBP: 28 June 2024
Compromised accounts: 17,643,173
Compromised data: Dates of birth, Email addresses, Genders, Names, Passwords, Salutations
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 275c82028b23a7415f0bb291c6c4b7588ef05027 ) [69] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#OperationEndgame [title] => Operation Endgame - 16,466,858 breached accounts [timestamp] => 1717020000 [author] => [content] =>

In May 2024, a coalition of international law enforcement agencies took down a series of botnets in a campaign they coined "Operation Endgame". Data seized in the operation included impacted email addresses and passwords which were provided to HIBP to help victims learn of their exposure.

Malware breach.

Breach date: 30 May 2024
Date added to HIBP: 30 May 2024
Compromised accounts: 16,466,858
Compromised data: Email addresses, Passwords
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 40f4daa73f1bfe91a0251abea4c26236c2bebf50 ) [70] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#TelegramCombolists [title] => Combolists Posted to Telegram - 361,468,099 breached accounts [timestamp] => 1716847200 [author] => [content] =>

In May 2024, 2B rows of data with 361M unique email addresses were collated from malicious Telegram channels. The data contained 122GB across 1.7k files with email addresses, usernames, passwords and in many cases, the website they were entered into. The data appears to have been sourced from a combination of existing combolists and info stealer malware.

Breach date: 28 May 2024
Date added to HIBP: 3 June 2024
Compromised accounts: 361,468,099
Compromised data: Email addresses, Passwords, Usernames
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => fccffae504d1ff14c0b562be34107cd173fe1664 ) [71] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#pcTattletale [title] => pcTattletale - 138,751 breached accounts [timestamp] => 1716588000 [author] => [content] =>

In May 2024, the spyware service pcTattletale suffered a data breach that defaced the website and posted tens of gigabytes of data to the homepage, allegedly due to pcTattletale not responding to a previous security vulnerability report. The breach exposed data including membership records, infected PC names, captured messages and extensive logs of IP addresses and device information.

Sensitive breach, not publicly searchable.

Breach date: 25 May 2024
Date added to HIBP: 25 May 2024
Compromised accounts: 138,751
Compromised data: Device information, Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses, SMS messages, Usernames
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => ed788d53dc55742bac2de23a0b00c44915ed17e9 ) [72] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#ThePostMillennial [title] => The Post Millennial - 56,973,345 breached accounts [timestamp] => 1714600800 [author] => [content] =>

In May 2024, the conservative news website The Post Millennial suffered a data breach. The breach resulted in the defacement of the website and links posted to 3 different corpuses of data including hundreds of writers and editors (IP, physical address and email exposed), tens of thousands of subscribers to the site (name, email, username, phone and plain text password exposed), and tens of millions of email addresses from thousands of mailing lists alleged to have been used by The Post Millennial (this has not been independently verified). The mailing lists appear to be sourced from various campaigns not necessarily run by The Post Millennial and contain a variety of different personal attributes including name, phone and physical address (depending on the campaign). The data was subsequently posted to a popular hacking forum and extensively torrented.

Breach date: 2 May 2024
Date added to HIBP: 10 May 2024
Compromised accounts: 56,973,345
Compromised data: Email addresses, Genders, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Usernames
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => c6223693f330eaa1612499f5d059c054ba64697b ) [73] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#PipingRock [title] => Piping Rock - 2,103,100 breached accounts [timestamp] => 1713909600 [author] => [content] =>

In April 2024, 2.1M email addresses from the online health products store Piping Rock were publicly posted to a popular hacking forum. The data also included names, phone numbers and physical addresses. The account posting the data had previously posted multiple other data breaches which all appear to have been obtained from the Shopify service used by the respective websites.

Breach date: 24 April 2024
Date added to HIBP: 26 April 2024
Compromised accounts: 2,103,100
Compromised data: Email addresses, Names, Phone numbers, Physical addresses
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 819181c1a48f2f1041763e05baa1e03d8bf1306b ) [74] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#Tappware [title] => Tappware - 94,734 breached accounts [timestamp] => 1713823200 [author] => [content] =>

In April 2024, a substantial volume of data was taken from the Bangladeshi IT services provider Tappware and published to a popular hacking forum. Comprising of 95k unique email addresses, the data also included extensive labour information on local citizens including names, physical addresses, job titles, dates of birth, genders and scans of government issued national identity (NID) cards.

Breach date: 23 April 2024
Date added to HIBP: 9 May 2024
Compromised accounts: 94,734
Compromised data: Dates of birth, Email addresses, Genders, Government issued IDs, Job titles, Names, Phone numbers, Physical addresses, Religions
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => c8cbaeeb8476d787716968c800e824a78ca0f398 ) [75] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#Sport2000 [title] => Sport 2000 - 3,189,643 breached accounts [timestamp] => 1713391200 [author] => [content] =>

In April 2024, the French sporting equipment manufacturer Sport 2000 announced it had suffered a data breach. The data was subsequently put up for sale on a popular hacking forum and included 4.4M rows with 3.2M unique email addresses alongside names, physical addresses, phone numbers, dates of birth and purchases made by store name. The data was provided to HIBP by a source who requested it be attributed to "oathnet.ru".

Breach date: 18 April 2024
Date added to HIBP: 28 August 2024
Compromised accounts: 3,189,643
Compromised data: Dates of birth, Email addresses, Names, Phone numbers, Physical addresses, Purchases, Salutations
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 374fbfc6c373775a38357fdc18b526aa597c1259 ) [76] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#T2 [title] => T2 - 94,584 breached accounts [timestamp] => 1713304800 [author] => [content] =>

In April 2024, 95k records from the T2 tea store were posted to a popular hacking forum. Data included email and physical addresses, names, phone numbers, dates of birth, purchases and passwords stored as scrypt hashes.

Breach date: 17 April 2024
Date added to HIBP: 22 April 2024
Compromised accounts: 94,584
Compromised data: Dates of birth, Email addresses, Names, Passwords, Phone numbers, Physical addresses, Purchases, Salutations
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => f8cf5510c304dce728fc496fb7e48b5e2deed00d ) [77] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#MovieBoxPro [title] => MovieBoxPro - 6,009,014 breached accounts [timestamp] => 1713132000 [author] => [content] =>

In April 2024, over 6M records from the streaming service MovieBoxPro were scraped from a vulnerable API. Of questionable legality, the service provided no contact information to disclose the incident, although reportedly the vulnerability was rectified after being mass enumerated.

Breach date: 15 April 2024
Date added to HIBP: 30 April 2024
Compromised accounts: 6,009,014
Compromised data: Email addresses, Usernames
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => db52fdec4dddc50bddfc8d3d33bd5d4cef20e8f7 ) [78] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#NeimanMarcus [title] => Neiman Marcus - 31,152,842 breached accounts [timestamp] => 1713045600 [author] => [content] =>

In May 2024, the American luxury retailer Neiman Marcus suffered a data breach which was later posted to a popular hacking forum. The data included 31M unique email addresses, names, phone numbers, dates of birth, physical addresses and partial credit card data (note: this is insufficient to make purchases). The breach was traced back to a series of attacks against the Snowflake cloud service which impacted 165 organisations worldwide.

Breach date: 14 April 2024
Date added to HIBP: 9 July 2024
Compromised accounts: 31,152,842
Compromised data: Dates of birth, Email addresses, IP addresses, Names, Partial credit card data, Phone numbers, Physical addresses, Purchases
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => cb735b0c96ffde90fa88a5fcdb3fa6be35278311 ) [79] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#LeSlipFrancais [title] => Le Slip Français - 1,495,127 breached accounts [timestamp] => 1712959200 [author] => [content] =>

In April 2024, the French underwear maker Le Slip Français suffered a data breach. The breach included 1.5M email addresses, physical addresses, names and phone numbers.

Breach date: 13 April 2024
Date added to HIBP: 18 April 2024
Compromised accounts: 1,495,127
Compromised data: Email addresses, Names, Phone numbers, Physical addresses
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 160d9b4e21c831f57f5e178d8abfa97eb1ba1e23 ) [80] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#NationalPublicData [title] => National Public Data - 133,957,569 breached accounts [timestamp] => 1712613600 [author] => [content] =>

In April 2024, a large trove of data made headlines as having exposed "3 billion people" due to a breach of the National Public Data background check service. The initial corpus of data released in the breach contained billions of rows of personal information, including US social security numbers. Further partial data sets were later released including extensive personal information and 134M unique email addresses, although the origin and accuracy of the data remains in question. This breach has been flagged as "unverified" and a full description of the incident is in the link above.

Unverified breach, may be sourced from elsewhere.

Breach date: 9 April 2024
Date added to HIBP: 13 August 2024
Compromised accounts: 133,957,569
Compromised data: Dates of birth, Email addresses, Genders, Government issued IDs, Names, Phone numbers, Physical addresses
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 4a6bfbd98220327cf631f6a2fc031b5c01165352 ) [81] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#SalvadoranCitizens [title] => Salvadoran Citizens - 946,989 breached accounts [timestamp] => 1712008800 [author] => [content] =>

In April 2024, nearly 6 million records of Salvadoran citizens were published to a popular hacking forum. The data included names, dates of birth, phone numbers, physical addresses and nearly 1M unique email addresses. Further, over 5M corresponding profile photos were also included in the breach.

Breach date: 2 April 2024
Date added to HIBP: 11 April 2024
Compromised accounts: 946,989
Compromised data: Dates of birth, Email addresses, Government issued IDs, Names, Phone numbers, Physical addresses, Profile photos
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => c75ddc86d95415dc545a22d1df4992b798f1349e ) [82] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#Pandabuy [title] => Pandabuy - 1,348,407 breached accounts [timestamp] => 1711839600 [author] => [content] =>

In March 2024, 1.3M unique email addresses from the online store for purchasing goods from China, Pandabuy, were posted to a popular hacking forum. The data also included IP and physical addresses, names, phone numbers and order enquiries. The breach was alleged to be attributed to "Sanggiero" and "IntelBroker".

Breach date: 31 March 2024
Date added to HIBP: 1 April 2024
Compromised accounts: 1,348,407
Compromised data: Email addresses, IP addresses, Names, Phone numbers, Physical addresses
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 20967ab784395ad90a5407219eb8b3d96a340570 ) [83] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#Lookiero [title] => Lookiero - 4,981,760 breached accounts [timestamp] => 1711494000 [author] => [content] =>

In August 2024, a data breach from the online styling service Lookiero was posted to a popular hacking forum. Dating back to March 2024, the data included 5M unique email addresses, with many of the records also including name, phone number and physical address. When contacted about the incident, Lookiero advised that they would "look into it and get back to you if necessary". The data was provided to HIBP by a source who requested it be attributed to "oathnet.ru".

Breach date: 27 March 2024
Date added to HIBP: 30 August 2024
Compromised accounts: 4,981,760
Compromised data: Email addresses, Names, Phone numbers, Physical addresses
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 370aab5bb38cc7a758eb07c4869ef4e5567f9f22 ) [84] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#boAt [title] => boAt - 7,528,985 breached accounts [timestamp] => 1711321200 [author] => [content] =>

In March 2024, the Indian audio and wearables brand boAt suffered a data breach that exposed 7.5M customer records. The data included physical and email address, names and phone numbers, all of which were subsequently published to a popular clear web hacking forum.

Breach date: 25 March 2024
Date added to HIBP: 8 April 2024
Compromised accounts: 7,528,985
Compromised data: Email addresses, Names, Phone numbers, Physical addresses
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 46c3c817f6916f47a2dd35289f28335c9165b1b2 ) [85] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#KasperskyClub [title] => Kaspersky Club - 55,971 breached accounts [timestamp] => 1711234800 [author] => [content] =>

In March 2024, the independent fan forum Kaspersky Club suffered a data breach. The incident exposed 56k unique email addresses alongside usernames, IP addresses and passwords stored as either MD5 or bcrypt hashes.

Breach date: 24 March 2024
Date added to HIBP: 9 April 2024
Compromised accounts: 55,971
Compromised data: Email addresses, IP addresses, Passwords, Usernames
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => aa02a87d216379bcf74269d1af1041194d28c35c ) [86] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#ECB [title] => England Cricket - 43,299 breached accounts [timestamp] => 1711148400 [author] => [content] =>

In March 2024, English Cricket's icoachcricket website suffered a data breach that exposed over 40k records. The data included email addresses and passwords stored as either bcrypt hashes, salted MD5 hashes or both. The data was provided to HIBP by a source who requested it be attributed to "IntelBroker".

Breach date: 23 March 2024
Date added to HIBP: 29 March 2024
Compromised accounts: 43,299
Compromised data: Email addresses, Passwords
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 601f2e6dfccb9827ca507e4f4f4f72b0a822f61d ) [87] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#HuntStand [title] => HuntStand - 2,795,947 breached accounts [timestamp] => 1709852400 [author] => [content] =>

In March 2024, millions of records scraped from the hunting and land management service HuntStand were publicly posted to a popular hacking forum. The data included 2.8M unique email addresses with many records also containing name, date of birth and country.

Breach date: 8 March 2024
Date added to HIBP: 19 September 2024
Compromised accounts: 2,795,947
Compromised data: Dates of birth, Email addresses, Geographic locations, Names
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 8c5522ebf90c3c3281bc0eaf53a3eba71027f001 ) [88] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#GiantTiger [title] => Giant Tiger - 2,842,669 breached accounts [timestamp] => 1709506800 [author] => [content] =>

In March 2024, Canadian discount store Giant Tiger suffered a data breach that exposed 2.8M customer records. Attributed to a vendor of the retailer, the breach included physical and email addresses, names and phone numbers.

Breach date: 4 March 2024
Date added to HIBP: 13 April 2024
Compromised accounts: 2,842,669
Compromised data: Email addresses, Names, Phone numbers, Physical addresses
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 54c1d6431cd7ce1c4dd60b47f759a392d749c483 ) [89] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#WoTLabs [title] => WoTLabs - 21,994 breached accounts [timestamp] => 1709420400 [author] => [content] =>

In March 2024, WoTLabs (World of Tanks Statistics and Resources) suffered a data breach and website defacement attributed to "chromebook breachers". The breach exposed 22k forum members' personal data including email and IP addresses, usernames, dates of birth and time zones.

Breach date: 3 March 2024
Date added to HIBP: 7 March 2024
Compromised accounts: 21,994
Compromised data: Dates of birth, Email addresses, IP addresses, Time zones, Usernames
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => c35c65342e6a5e4bc09b8f03782baa0de46e6e31 ) [90] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#FairVoteCanada [title] => Fair Vote Canada - 134,336 breached accounts [timestamp] => 1709334000 [author] => [content] =>

In March 2024, the Canadian national citizens' campaign for proportional representation Fair Vote Canada suffered a data breach. The incident was attributed to "a well-meaning volunteer" who inadvertently exposed data from 2020 which included 134k unique email addresses, names, physical addresses, phone numbers and, for some individuals, date and amount of a donation.

Breach date: 2 March 2024
Date added to HIBP: 21 October 2024
Compromised accounts: 134,336
Compromised data: Email addresses, Names, Phone numbers, Physical addresses, Political donations
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => d41f93bdc2361d337d144c995a1de14124ca6ca5 ) [91] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#Life360 [title] => Life360 - 442,519 breached accounts [timestamp] => 1709247600 [author] => [content] =>

In July 2024, data scraped from a misconfigured Life360 API was posted online after being obtained several months earlier. The records included 443k unique email addresses and in most cases, corresponding names and phone numbers (some records were null or obfuscated). Life360 promptly notified impacted users after the incident was discovered.

Breach date: 1 March 2024
Date added to HIBP: 20 July 2024
Compromised accounts: 442,519
Compromised data: Email addresses, Names, Phone numbers
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 492800a46efbc8a70eebd0348cd0fe36fcc643a6 ) [92] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#MrGreenGaming [title] => Mr. Green Gaming - 27,123 breached accounts [timestamp] => 1709247600 [author] => [content] =>

In March 2024, the online games community Mr. Green Gaming suffered a data breach that exposed 27k user records. Acknowledged on their Discord server, the incident exposed email and IP addresses, usernames, geographic locations and dates of birth.

Breach date: 1 March 2024
Date added to HIBP: 3 March 2024
Compromised accounts: 27,123
Compromised data: Dates of birth, Email addresses, Geographic locations, IP addresses, Usernames
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => b904b87b5765436994a976d091c5245a50ba6816 ) [93] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#DemandScience [title] => DemandScience by Pure Incubation - 121,796,165 breached accounts [timestamp] => 1709074800 [author] => [content] =>

In early 2024, a large corpus of data from DemandScience (a company owned by Pure Incubation), appeared for sale on a popular hacking forum. Later attributed to a leak from a decommissioned legacy system, the breach contained extensive data that was largely business contact information aggregated from public sources. Specifically, the data included 122M unique corporate email addresses, physical addresses, phone numbers, employers and job titles. It also included names and for many individuals, a link to their LinkedIn profile.

Breach date: 28 February 2024
Date added to HIBP: 13 November 2024
Compromised accounts: 121,796,165
Compromised data: Email addresses, Employers, Job titles, Names, Phone numbers, Physical addresses, Social media profiles
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => b6df76bb552ed9bd372b005636a6c261185b3335 ) [94] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#LDLC [title] => LDLC - 1,266,026 breached accounts [timestamp] => 1709074800 [author] => [content] =>

In March 2024, French retailer LDLC disclosed a data breach that impacted customers of their physical stores. The data was previously listed for sale on a popular hacking forum and contained 1.26M unique email addresses along with names, phone numbers and physical addresses. The data was provided to HIBP by a source who requested it be attributed to "oathnet.ru".

Breach date: 28 February 2024
Date added to HIBP: 13 August 2024
Compromised accounts: 1,266,026
Compromised data: Email addresses, Names, Phone numbers, Physical addresses, Salutations
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 49fbc531ff96066be50274a0bda59e2a828c123a ) [95] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#CutoutPro [title] => Cutout.Pro - 19,972,829 breached accounts [timestamp] => 1708902000 [author] => [content] =>

In February 2024, the AI-powered visual design platform Cutout.Pro suffered a data breach that exposed 20M records. The data included email and IP addresses, names and salted MD5 password hashes which were subsequently broadly distributed on a popular hacking forum and Telegram channels.

Breach date: 26 February 2024
Date added to HIBP: 28 February 2024
Compromised accounts: 19,972,829
Compromised data: Email addresses, IP addresses, Names, Passwords
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 9570517c89b9c87d57d89be3638208d9586eb721 ) [96] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#Spyzie [title] => Spyzie - 518,643 breached accounts [timestamp] => 1708556400 [author] => [content] =>

In February 2025, the spyware service Spyzie suffered a data breach along with sibling spyware services, Spyic and Cocospy. The Spyzie breach alone exposed almost 519k customer email addresses which were provided to HIBP, and reportedly also enabled unauthorised access to captured messages, photos, call logs, and more. The data was provided to HIBP by a source who requested it be attributed to "zathienaephi@proton.me".

Sensitive breach, not publicly searchable.

Breach date: 22 February 2024
Date added to HIBP: 27 February 2025
Compromised accounts: 518,643
Compromised data: Email addresses
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => c7a79d0676ca3d79421728eb313ed4341a0dc548 ) [97] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#Tangerine [title] => Tangerine - 243,462 breached accounts [timestamp] => 1708210800 [author] => [content] =>

In February 2024, the Australian Telco Tangerine suffered a data breach that exposed over 200k customer records. Attributed to a legacy customer database, the data included physical and email addresses, names, phone numbers and dates of birth. Whilst the Tangerine login process involves sending a one-time password after entering an email address and phone number, it previously used a traditional password which was also exposed as a bcrypt hash.

Breach date: 18 February 2024
Date added to HIBP: 28 February 2024
Compromised accounts: 243,462
Compromised data: Dates of birth, Email addresses, Names, Passwords, Phone numbers, Physical addresses, Salutations
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 540da3c8235d6a0dd4fb058287e70d93a6ac769f ) [98] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#DoxbinTOoDA [title] => Doxbin (TOoDA) - 136,461 breached accounts [timestamp] => 1707692400 [author] => [content] =>

In February 2025, the "doxing" website Doxbin was compromised by a group calling themselves "TOoDA" and the data dumped publicly. Included in the breach were 336k unique email addresses alongside usernames. The data was provided to HIBP by a source who requested it be attributed to "emo.rip".

Sensitive breach, not publicly searchable.

Breach date: 12 February 2024
Date added to HIBP: 13 February 2025
Compromised accounts: 136,461
Compromised data: Email addresses, Usernames
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 28f2ab1d20e6e9c2dba99cdf8446060e53d1018a ) [99] => Array ( [uri] => https://haveibeenpwned.com/PwnedWebsites#SurveyLama [title] => SurveyLama - 4,426,879 breached accounts [timestamp] => 1706742000 [author] => [content] =>

In February 2024, the paid survey website SurveyLama suffered a data breach that exposed 4.4M customer email addresses. The incident also exposed names, physical and IP addresses, phone numbers, dates of birth and passwords stored as either salted SHA-1, bcrypt or argon2 hashes. When contacted about the incident, SurveyLama advised that they had already "notified the users by email".

Breach date: 1 February 2024
Date added to HIBP: 3 April 2024
Compromised accounts: 4,426,879
Compromised data: Dates of birth, Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses
[enclosures] => Array ( ) [categories] => Array ( ) [uid] => 1c4e2592afc5e6d7342c1138216bc108d68a0f98 ) ) )