In May 2025, hosting provider ColoCrossing identified a data breach that impacted customers of their ColoCloud virtual server product. ColoCrossing advised the incident was isolated to their cloud/VPS platform and stemmed from a single sign-on vulnerability. 7k email addresses were exposed in the incident along with names and MD5-Crypt password hashes.
\nBreach date: 24 May 2025
\nDate added to HIBP: 3 June 2025
\nCompromised accounts: 7,183
\nCompromised data: Email addresses, Names, Passwords
html
1747951200 Operation Endgame 2.0 - 15,436,844 breached accounts https://haveibeenpwned.com/PwnedWebsites#OperationEndgame2
In May 2025, a coalition of law enforcement agencies took down the criminal infrastructure behind the malware used to launch ransomware attacks in a new phase of "Operation Endgame". This followed the first Operation Endgame exercise a year earlier, with the latest action resulting in 15.3M victim email addresses being provided to HIBP by law enforcement. A further 43.8M victim passwords were also provided for HIBP's Pwned Passwords service.
Malware breach.
\nBreach date: 23 May 2025
\nDate added to HIBP: 23 May 2025
\nCompromised accounts: 15,436,844
\nCompromised data: Email addresses, Passwords
html
1746482400 Ualabee - 472,296 breached accounts https://haveibeenpwned.com/PwnedWebsites#Ualabee
In May 2025, the South American mobility services platform Ualabee had hundreds of thousands of records scraped from an interface on their platform. The data included 472k unique email addresses along with names, profile photos, dates of birth and phone numbers.
\nBreach date: 6 May 2025
\nDate added to HIBP: 13 June 2025
\nCompromised accounts: 472,296
\nCompromised data: Dates of birth, Email addresses, Names, Phone numbers, Profile photos
html
1743289200 Samsung Germany Customer Tickets - 216,333 breached accounts https://haveibeenpwned.com/PwnedWebsites#SamsungGermany
In March 2025, data from Samsung Germany was compromised in a data breach of their logistics provider, Spectos. Allegedly due to credentials being obtained by malware running on a Spectos employee's machine, the breach included 216k unique email addresses along with names, physical addresses, items purchased from Samsung Germany and related support tickets and shipping tracking numbers.
\nBreach date: 30 March 2025
\nDate added to HIBP: 13 April 2025
\nCompromised accounts: 216,333
\nCompromised data: Email addresses, Names, Physical addresses, Purchases, Salutations, Shipment tracking numbers, Support tickets
html
1743030000 German Doner Kebab - 162,373 breached accounts https://haveibeenpwned.com/PwnedWebsites#GermanDonerKebab
In March 2025, data allegedly sourced from German Doner Kebab was published on a popular hacking forum. The data included 162k unique email addresses alongside names, phone numbers and physical addresses. German Doner Kebab subsequently sent a disclosure notice to impacted individuals.
\nBreach date: 27 March 2025
\nDate added to HIBP: 30 March 2025
\nCompromised accounts: 162,373
\nCompromised data: Email addresses, Names, Phone numbers, Physical addresses
html
1742943600 TehetségKapu - 54,357 breached accounts https://haveibeenpwned.com/PwnedWebsites#TehetsegKapu
In March 2025, almost 55k records were breached from the Hungarian education office website TehetségKapu. The data was subsequently published to a popular hacking forum and included email addresses, names and usernames.
\nBreach date: 26 March 2025
\nDate added to HIBP: 1 May 2025
\nCompromised accounts: 54,357
\nCompromised data: Email addresses, Names, Usernames
html
1742857200 Troy Hunt's Mailchimp List - 16,627 breached accounts https://haveibeenpwned.com/PwnedWebsites#TroyHuntMailchimpList
In March 2025, a phishing attack successfully gained access to Troy Hunt's Mailchimp account and automatically exported a list of people who had subscribed to the newsletter for his personal blog. The exported list contained 16k email addresses and other data automatically collected by Mailchimp including IP address and a derived latitude, longitude and time zone.
\nBreach date: 25 March 2025
\nDate added to HIBP: 25 March 2025
\nCompromised accounts: 16,627
\nCompromised data: Email addresses, Geographic locations, IP addresses
html
1740351600 Orange Romania - 556,557 breached accounts https://haveibeenpwned.com/PwnedWebsites#OrangeRomania
In February 2025, the Romanian arm of telecommunications company Orange suffered a data breach which was subsequently published to a popular hacking forum. The data included 556k email addresses (of which hundreds of thousands were in the form of [phone number]@as1.romtelecom.net), phone numbers, subscription details, partial credit card data (type, last 4 digits, expiration date and issuing bank). The breach also exposed an extensive number of internal documents.
\nBreach date: 24 February 2025
\nDate added to HIBP: 27 February 2025
\nCompromised accounts: 556,557
\nCompromised data: Email addresses, Partial credit card data, Phone numbers
html
1739574000 ALIEN TXTBASE Stealer Logs - 284,132,969 breached accounts https://haveibeenpwned.com/PwnedWebsites#AlienStealerLogs
In February 2025, 23 billion rows of stealer logs were obtained from a Telegram channel known as ALIEN TXTBASE. The data contained 284M unique email addresses alongside the websites they were entered into and the passwords used. This data is now searchable in HIBP by both email domain and the domain of the target website.
\nBreach date: 15 February 2025
\nDate added to HIBP: 25 February 2025
\nCompromised accounts: 284,132,969
\nCompromised data: Email addresses, Passwords
html
1739487600 Cocospy - 1,798,059 breached accounts https://haveibeenpwned.com/PwnedWebsites#Cocospy
In February 2025, the spyware service Cocospy suffered a data breach along with sibling spyware service, Spyic. The Cocospy breach alone exposed almost 1.8M customer email addresses which were provided to HIBP, and reportedly also enabled unauthorised access to captured messages, photos, call logs, and more. The data was provided to HIBP by a source who requested it be attributed to "zathienaephi@proton.me".
Sensitive breach, not publicly searchable.
\nBreach date: 14 February 2025
\nDate added to HIBP: 20 February 2025
\nCompromised accounts: 1,798,059
\nCompromised data: Email addresses
html
1739487600 Spyic - 875,999 breached accounts https://haveibeenpwned.com/PwnedWebsites#Spyic
In February 2025, the spyware service Spyic suffered a data breach along with sibling spyware service, Cocospy. The Spyic breach alone exposed almost 876k customer email addresses which were provided to HIBP, and reportedly also enabled unauthorised access to captured messages, photos, call logs, and more. The data was provided to HIBP by a source who requested it be attributed to "zathienaephi@proton.me".
Sensitive breach, not publicly searchable.
\nBreach date: 14 February 2025
\nDate added to HIBP: 21 February 2025
\nCompromised accounts: 875,999
\nCompromised data: Email addresses
html
1739228400 Lexipol - 672,546 breached accounts https://haveibeenpwned.com/PwnedWebsites#Lexipol
In February 2025, the public safety policy management systems company Lexipol suffered a data breach. Attributed to the self-proclaimed "Puppygirl Hacker Polycule", the breach exposed an extensive number of documents and user records which were subsequently published publicly. The breach included over 670k unique email addresses in the user records, along with names, phone numbers, system-generated usernames and passwords stored as either MD5 or SHA-256 hashes.
Sensitive breach, not publicly searchable.
\nBreach date: 11 February 2025
\nDate added to HIBP: 19 March 2025
\nCompromised accounts: 672,546
\nCompromised data: Email addresses, Names, Passwords, Phone numbers, Usernames
html
1738191600 Thermomix Recipe World Forum - 3,123,439 breached accounts https://haveibeenpwned.com/PwnedWebsites#Thermomix
In January 2025, the Rezeptwelt (German for "recipe world") forum for Thermomix owners suffered a data breach. The incident exposed 3.1M registered users' details including names, email and physical addresses, phone numbers, dates of birth and bios (usually cooking related). The data was provided to HIBP by a source who requested it be attributed to "ayame@xmpp.jp".
\nBreach date: 30 January 2025
\nDate added to HIBP: 6 February 2025
\nCompromised accounts: 3,123,439
\nCompromised data: Bios, Dates of birth, Email addresses, Names, Phone numbers, Physical addresses, Usernames
html
1737673200 Doxbin Scrape - 435,784 breached accounts https://haveibeenpwned.com/PwnedWebsites#DoxbinScrape
In January 2025, 435k email addresses were scraped from the "doxing" service Doxbin. Posts to the service are usually intended to disclose the personal information of non-consensually third parties. The data was provided to HIBP by a source who requested it be attributed to "oathnet.ru".
Sensitive breach, not publicly searchable.
\nBreach date: 24 January 2025
\nDate added to HIBP: 28 January 2025
\nCompromised accounts: 435,784
\nCompromised data: Email addresses
html
1736982000 Frame & Optic - 15,678 breached accounts https://haveibeenpwned.com/PwnedWebsites#FrameAndOptic
In January 2025, the eyewear seller Frame & Optic suffered a data breach. The incident exposed almost 16k unique email addresses along with names, phone numbers and geolocation data including country, state and postcode. The data was provided to HIBP by a source who requested it be attributed to "oathnet.ru".
\nBreach date: 16 January 2025
\nDate added to HIBP: 22 January 2025
\nCompromised accounts: 15,678
\nCompromised data: Email addresses, Geographic locations, Names, Phone numbers
html
1736722800 Stealer Logs, Jan 2025 - 71,039,833 breached accounts https://haveibeenpwned.com/PwnedWebsites#StealerLogsJan2025
In January 2025, stealer logs with 71M email addresses were added to HIBP. Consisting of email address, password and the website the credentials were entered against, this breach marks the launch of a new HIBP feature enabling the retrieval of the specific websites the logs were collected against. The incident also resulted in 106M more passwords being added to the Pwned Passwords service.
\nBreach date: 13 January 2025
\nDate added to HIBP: 13 January 2025
\nCompromised accounts: 71,039,833
\nCompromised data: Email addresses, Passwords
html
1736636400 LandAirSea - 337,373 breached accounts https://haveibeenpwned.com/PwnedWebsites#LandAirSea
In January 2025, the GPS tracking service LandAirSea suffered a data breach that exposed 337k unique customer email addresses alongside names, usernames and password hashes. The breach also exposed partial credit card data (card type, last 4 digits and expiration), and GPS device identifiers and locations. LandAirSea is aware of the breach and has remediated the underlying vulnerability. The data was provided to HIBP by a source who requested it be attributed to "zathienaephi@proton.me".
\nBreach date: 12 January 2025
\nDate added to HIBP: 11 February 2025
\nCompromised accounts: 337,373
\nCompromised data: Email addresses, Names, Partial credit card data, Passwords, Physical addresses, Usernames
html
1736290800 Scholastic - 4,247,768 breached accounts https://haveibeenpwned.com/PwnedWebsites#Scholastic
In January 2025, a data breach of the publishing company Scholastic surfaced. The breach contained 4.2M unique email addresses with many of the records also including name, phone number and physical address.
\nBreach date: 8 January 2025
\nDate added to HIBP: 13 January 2025
\nCompromised accounts: 4,247,768
\nCompromised data: Email addresses, Names, Phone numbers, Physical addresses
html
1734994800 Speedio - 27,501,041 breached accounts https://haveibeenpwned.com/PwnedWebsites#Speedio
In December 2024, data alleged to have been taken from the Brazilian lead generation platform Speedio was posted for sale to a popular hacking forum. The data was allegedly obtained from an unsecured Elasticsearch instance and contained over 62M records of largely public business information including company names, phone numbers and physical addresses, along with 27M unique email addresses, predominantly from public services such as Gmail and Outlook. Speedio did not respond to multiple attempts to disclose the incident, and the origin of the data could not be independently verified. The data was provided to HIBP by a source who requested it be attributed to "ayame@xmpp.jp".
Unverified breach, may be sourced from elsewhere.
\nBreach date: 24 December 2024
\nDate added to HIBP: 30 January 2025
\nCompromised accounts: 27,501,041
\nCompromised data: Company names, Email addresses, Phone numbers, Physical addresses
html
1734130800 BitView - 63,127 breached accounts https://haveibeenpwned.com/PwnedWebsites#BitView
In December 2024, the video sharing Community BitView suffered a data breach that exposed 63k customer records. Attributed to a backup taken by a previous administrator earlier in the year, the breach exposed email and IP addresses, bcrypt password hashes, usernames, bios, private messages, video comments and for some records, gender, date of birth and country of location.
\nBreach date: 14 December 2024
\nDate added to HIBP: 19 December 2024
\nCompromised accounts: 63,127
\nCompromised data: Bios, Comments, Dates of birth, Email addresses, Genders, Geographic locations, IP addresses, Passwords, Private messages, Usernames
html
1733871600 Young Living Essential Oils - 1,128,951 breached accounts https://haveibeenpwned.com/PwnedWebsites#YoungLivingEssentialOils
In December 2024, data claimed to be breached from the multi-level marketing company Young Living Essential Oils was posted to a popular hacking forum. The data contained 1.1M unique email addresses alongside names, the country of the account and in many cases, their date of birth. The data was provided to HIBP by a source who requested it be attributed to "Threat Actor 888". Young Living Essential Oils did not respond to multiple attempts to contact them about the data.
\nBreach date: 11 December 2024
\nDate added to HIBP: 19 December 2024
\nCompromised accounts: 1,128,951
\nCompromised data: Dates of birth, Email addresses, Geographic locations, Names
html
1732316400 Senior Dating - 765,517 breached accounts https://haveibeenpwned.com/PwnedWebsites#SeniorDating
In 2024, the 40+ dating website Senior Dating suffered a data breach. Attributed to an exposed Firebase database, the breach included extensive personal information on 766k users of the service including email addresses, photos, genders, links to Facebook accounts, dates of birth and precise latitude and longitude, among other personal attributes. The website was shut down after the breach was acknowledged by the site operator in December, along with a breach of the "ladies.com" website run by the same organisation.
Sensitive breach, not publicly searchable.
\nBreach date: 23 November 2024
\nDate added to HIBP: 9 December 2024
\nCompromised accounts: 765,517
\nCompromised data: Bios, Dates of birth, Drinking habits, Education levels, Email addresses, Genders, Geographic locations, Occupations, Profile photos, Relationship statuses, Smoking habits, Social media profiles
html
1732143600 Yonéma - 35,962 breached accounts https://haveibeenpwned.com/PwnedWebsites#Yonema
In November 2024, data from the Senegalese payment platform Yonéma was posted to a popular hacking forum. The data included 36k unique email addresses alongside phone numbers, names and what appears to be encrypted passwords and dates of birth.
\nBreach date: 21 November 2024
\nDate added to HIBP: 14 December 2024
\nCompromised accounts: 35,962
\nCompromised data: Dates of birth, Device information, Email addresses, IP addresses, Names, Passwords, Phone numbers
html
1731884400 FlipaClip - 892,854 breached accounts https://haveibeenpwned.com/PwnedWebsites#FlipaClip
In November 2024, the animation app FlipaClip suffered a data breach that exposed almost 900k records due to an exposed Firebase server. The impacted data included name, email address, country and date of birth. FlipaClip advised the issue has since been rectified.
\nBreach date: 18 November 2024
\nDate added to HIBP: 20 November 2024
\nCompromised accounts: 892,854
\nCompromised data: Dates of birth, Email addresses, Geographic locations, Names
html
1731625200 The Real World - 324,382 breached accounts https://haveibeenpwned.com/PwnedWebsites#TheRealWorld
In November 2024, the online course founded by Andrew Tate known as "The Real World" (previously "Hustler's University" suffered a data breach that exposed almost 325k users of the platform. The impacted data was limited to usernames, email addresses and chat logs.
\nBreach date: 15 November 2024
\nDate added to HIBP: 22 November 2024
\nCompromised accounts: 324,382
\nCompromised data: Chat logs, Email addresses, Usernames
html
1731538800 PoinCampus - 89,116 breached accounts https://haveibeenpwned.com/PwnedWebsites#PoinCampus
In November 2024, the South Korean education platform PoinCampus suffered a data breach which was later published to a popular hacking forum. The data included 89k unique email addresses, names and a small number of phone numbers and dates of birth. The data was provided to HIBP by a source who requested it be attributed to "Threat Actor 888".
\nBreach date: 14 November 2024
\nDate added to HIBP: 4 February 2025
\nCompromised accounts: 89,116
\nCompromised data: Dates of birth, Email addresses, Names, Phone numbers
html
1731193200 Tibber - 50,002 breached accounts https://haveibeenpwned.com/PwnedWebsites#Tibber
In November 2024, the German electricity provider Tibber suffered a data breach that exposed the personal information of 50k customers. The data included names, email addresses, geographic locations (city and postcode) and total spend on purchases. The data was provided to HIBP by a source who requested it be attributed to "Threat Actor 888".
\nBreach date: 10 November 2024
\nDate added to HIBP: 14 December 2024
\nCompromised accounts: 50,002
\nCompromised data: Email addresses, Geographic locations, Names, Purchases
html
1730502000 1win - 96,166,543 breached accounts https://haveibeenpwned.com/PwnedWebsites#1win
In November 2024, the online betting platform 1win suffered a data breach that exposed 96M users. The exposed data included email and IP addresses, phone numbers, dates of birth, country and SHA-256 password hashes. The data was provided to HIBP by a source who requested it be attributed to "Leidhall".
\nBreach date: 2 November 2024
\nDate added to HIBP: 3 February 2025
\nCompromised accounts: 96,166,543
\nCompromised data: Dates of birth, Email addresses, Geographic locations, IP addresses, Passwords, Phone numbers
html
1729980000 SuperDraft - 300,187 breached accounts https://haveibeenpwned.com/PwnedWebsites#SuperDraft
In October 2024, the fantasy sports platform SuperDraft suffered a data breach that exposed over 300k customer records. The breach contained 24GB of data including email addresses, usernames, purchases, latitudes and longitudes, dates of birth and bcrypt password hashes.
\nBreach date: 27 October 2024
\nDate added to HIBP: 12 January 2025
\nCompromised accounts: 300,187
\nCompromised data: Dates of birth, Email addresses, Geographic locations, Passwords, Purchases, Usernames
html
1729288800 Hot Topic - 56,904,909 breached accounts https://haveibeenpwned.com/PwnedWebsites#HotTopic
In October 2024, retailer Hot Topic suffered a data breach that exposed 57 million unique email addresses. The impacted data also included physical addresses, phone numbers, purchases, genders, dates of birth and partial credit data containing card type, expiry and last 4 digits.
\nBreach date: 19 October 2024
\nDate added to HIBP: 11 November 2024
\nCompromised accounts: 56,904,909
\nCompromised data: Dates of birth, Email addresses, Genders, Names, Partial credit card data, Phone numbers, Physical addresses, Purchases, Salutations
html
1729116000 Free - 13,926,173 breached accounts https://haveibeenpwned.com/PwnedWebsites#FreeMobile
In October 2024, French ISP "Free" suffered a data breach which was subsequently posted for sale and later, leaked publicly. The data included 14M unique email addresses along with names, physical addresses, phone numbers, genders, dates of birth and for many records, IBAN bank account numbers. Free advised that the numbers were "not enough to make a direct debit from a bank".
\nBreach date: 17 October 2024
\nDate added to HIBP: 27 May 2025
\nCompromised accounts: 13,926,173
\nCompromised data: Bank account numbers, Dates of birth, Genders, Names, Phone numbers, Physical addresses
html
1729029600 Earth 2 - 420,961 breached accounts https://haveibeenpwned.com/PwnedWebsites#Earth2
In October 2024, 421k unique email addresses from the virtual earth game Earth 2 were derived from embedded Gravatar images. Appearing alongside player usernames, the root cause was related to how Gravatar presents links to avatars as MD5 hashes within consuming services, a feature Earth 2 advised has now been disabled on their platform. This incident did not expose any further personal information, passwords or financial data.
\nBreach date: 16 October 2024
\nDate added to HIBP: 7 November 2024
\nCompromised accounts: 420,961
\nCompromised data: Email addresses, Usernames
html
1728943200 Finsure - 296,124 breached accounts https://haveibeenpwned.com/PwnedWebsites#Finsure
In October 2024, almost 300k unique email addresses from Australian mortgage broking group Finsure were obtained from the ActivePipe real estate marketing platform. The impacted data also included names, phone numbers and physical addresses. The incident did not directly affect any of Finsure's systems or expose any passwords or financial data.
\nBreach date: 15 October 2024
\nDate added to HIBP: 19 November 2024
\nCompromised accounts: 296,124
\nCompromised data: Email addresses, Names, Phone numbers, Physical addresses
html
1728943200 Flat Earth Sun, Moon and Zodiac App - 33,294 breached accounts https://haveibeenpwned.com/PwnedWebsites#FlatEarthDave
In October 2024, the flat earth sun, moon and zodiac app created by Flat Earth Dave was found to be leaking extensive personal information of its users. The data included 33k unique email addresses along with usernames, latitudes and longitudes (their position on the globe) and passwords stored in plain text. A small number of profiles also contained names, dates of birth and genders.
\nBreach date: 15 October 2024
\nDate added to HIBP: 2 March 2025
\nCompromised accounts: 33,294
\nCompromised data: Dates of birth, Email addresses, Genders, Geographic locations, Names, Passwords, Usernames
html
1728856800 The Club Penguin Experience - 6,342 breached accounts https://haveibeenpwned.com/PwnedWebsites#TheClubPenguinExperience
In October 2024, The Club Penguin Experience (TCPE) suffered a data breach. The incident exposed over 6k subscribers' email addresses alongside usernames, age groups, passwords stored as bcrypt hashes and in some cases, plain text password hints. TCPE sent prompt disclosure notices to impacted customers following the breach.
\nBreach date: 14 October 2024
\nDate added to HIBP: 26 October 2024
\nCompromised accounts: 6,342
\nCompromised data: Age groups, Email addresses, Password hints, Passwords, Usernames
html
1727733600 Switch - 5,397 breached accounts https://haveibeenpwned.com/PwnedWebsites#Switch
In October 2024, the Hungarian IT headhunting service Switch inadvertently exposed thousands of customer records via a public GitHub repository. The exposed data contained job applications with names, email addresses and in some cases, commentary on the applicant.
\nBreach date: 1 October 2024
\nDate added to HIBP: 5 October 2024
\nCompromised accounts: 5,397
\nCompromised data: Email addresses, Job applications, Names, Social media profiles
html
1727560800 digiDirect - 304,337 breached accounts https://haveibeenpwned.com/PwnedWebsites#digiDirect
In September 2024, a data breach sourced from the Australian retailer digiDirect was published to a popular hacking forum. The breach exposed over 300k rows of data including email and physical address, name, phone number and date of birth. Approximately half the email addresses were on domains from external marketplaces including Amazon, eBay and Westfield.
\nBreach date: 29 September 2024
\nDate added to HIBP: 25 October 2024
\nCompromised accounts: 304,337
\nCompromised data: Dates of birth, Email addresses, Names, Phone numbers, Physical addresses
html
1727474400 Internet Archive - 31,081,179 breached accounts https://haveibeenpwned.com/PwnedWebsites#InternetArchive
In September 2024, the digital library of internet sites Internet Archive suffered a data breach that exposed 31M records. The breach exposed user records including email addresses, screen names and bcrypt password hashes.
\nBreach date: 28 September 2024
\nDate added to HIBP: 10 October 2024
\nCompromised accounts: 31,081,179
\nCompromised data: Email addresses, Passwords, Usernames
html
1727215200 French Citizens - 28,445,106 breached accounts https://haveibeenpwned.com/PwnedWebsites#FrenchCitizens
In September 2024, over 90M rows of data on French Citizens was found left exposed in a publicly facing database. Compiled from various data breaches, the corpus contained 28M unique email addresses with the various source breaches each exposing different fields including name, physical and IP address, phone number and partial credit card data including payment type and last 4 digits.
\nBreach date: 25 September 2024
\nDate added to HIBP: 20 December 2024
\nCompromised accounts: 28,445,106
\nCompromised data: Device information, Email addresses, IP addresses, Names, Partial credit card data, Phone numbers, Physical addresses
html
1726524000 Muah.AI - 1,910,261 breached accounts https://haveibeenpwned.com/PwnedWebsites#Muah
In September 2024, the "AI girlfriend" website Muah.AI suffered a data breach. The breach exposed 1.9M email addresses alongside prompts to generate AI-based images. Many of the prompts were highly sexual in nature, with many also describing child exploitation scenarios.
Sensitive breach, not publicly searchable.
\nBreach date: 17 September 2024
\nDate added to HIBP: 9 October 2024
\nCompromised accounts: 1,910,261
\nCompromised data: Email addresses, Sexual fetishes
html
1726092000 Instituto Nacional de Deportes de Chile - 319,613 breached accounts https://haveibeenpwned.com/PwnedWebsites#InstitutoNacionalDeDeportesDeChile
In September 2024, the Instituto Nacional de Deportes de Chile (Chile's National Sports Institute) suffered a data breach. The incident exposed 1.7M rows of data with 320k unique email addresses alongside names, dates of birth, genders and bcrypt password hashes. The newest records in the data date back to August 2022, suggesting the breach may be of an older data set.
\nBreach date: 12 September 2024
\nDate added to HIBP: 17 September 2024
\nCompromised accounts: 319,613
\nCompromised data: Dates of birth, Email addresses, Genders, Names, Passwords, Usernames
html
1725573600 Boulanger - 2,077,078 breached accounts https://haveibeenpwned.com/PwnedWebsites#Boulanger
In September 2024, French electronics retailer Boulanger suffered a data breach that exposed over 27M rows of data. The data included 2M unique email addresses along with names, physical addresses, phone numbers and latitude and longitude. The data was later publicly published to a popular hacking forum. The data was provided to HIBP by a source who requested it be attributed to "leidhall".
\nBreach date: 6 September 2024
\nDate added to HIBP: 8 April 2025
\nCompromised accounts: 2,077,078
\nCompromised data: Email addresses, Geographic locations, Names, Phone numbers, Physical addresses
html
1723932000 MC2 Data - 2,122,280 breached accounts https://haveibeenpwned.com/PwnedWebsites#MC2Data
In August 2024, data aggregator MC2 Data left a database publicly accessible without a password which was subsequently discovered by a security researcher. The breach exposed the personal information of 2.1M subscribers to the service which was marketed under a series of different brand names. The data included email addresses, names and salted SHA-256 password hashes.
\nBreach date: 18 August 2024
\nDate added to HIBP: 15 December 2024
\nCompromised accounts: 2,122,280
\nCompromised data: Email addresses, Names, Passwords
html
1723672800 Explore Talent (August 2024) - 8,929,384 breached accounts https://haveibeenpwned.com/PwnedWebsites#ExploreTalentAug2024
In August 2024, a slew of security vulnerabilities were identified with a conglomerate of online services which included the talent network Explore Talent. A vulnerable API exposed the personal records of 11.4M users of the service of which 8.9M unique email addresses were provided to HIBP. This incident is separate to the Explore Talent breach which occurred in 2022 and was loaded into HIBP in July 2024.
\nBreach date: 15 August 2024
\nDate added to HIBP: 19 August 2024
\nCompromised accounts: 8,929,384
\nCompromised data: Email addresses
html
1723672800 Tracki - 372,557 breached accounts https://haveibeenpwned.com/PwnedWebsites#Tracki
In August 2024, a slew of security vulnerabilities were identified with a conglomerate of online services which included the GPS tracking service Tracki. Multiple vulnerabilities exposed the personal records of 372k users of the service including names and email addresses.
\nBreach date: 15 August 2024
\nDate added to HIBP: 19 August 2024
\nCompromised accounts: 372,557
\nCompromised data: Email addresses, Names
html
1723672800 schenkYOU - 237,349 breached accounts https://haveibeenpwned.com/PwnedWebsites#schenkYOU
In September 2024, data from the online German gift store schenkYOU was put up for sale on a popular hacking forum. Obtained the month before, the data included 237k unique email addresses alongside names, dates of birth and salted SHA-256 password hashes. The standalone store was subsequently shut down with all traffic redirected to their Amazon store.
\nBreach date: 15 August 2024
\nDate added to HIBP: 19 December 2024
\nCompromised accounts: 237,349
\nCompromised data: Dates of birth, Email addresses, Names, Passwords
html
1723240800 Chris Leong - 27,096 breached accounts https://haveibeenpwned.com/PwnedWebsites#ChrisLeong
In August 2024, the website of Master Chris Leong "a leading Tit Tar practitioner in Malaysia" suffered a data breach. The incident exposed 27k unique email addresses along with names, physical addresses, dates of birth, genders, nationalities and in many cases, links to Facebook profiles. The company did not respond when contacted about the breach.
\nBreach date: 10 August 2024
\nDate added to HIBP: 14 August 2024
\nCompromised accounts: 27,096
\nCompromised data: Dates of birth, Email addresses, Genders, Names, Nationalities, Phone numbers, Physical addresses, Purchases, Social media profiles
html
1722636000 Not SOCRadar - 282,478,425 breached accounts https://haveibeenpwned.com/PwnedWebsites#NotSOCRadar
In August 2024, over 332M rows of email addresses were posted to a popular hacking forum. The post alleged the addresses were scraped from cybersecurity firm SOCRadar, however an investigation on their behalf concluded that "the actor merely utilised functionalities inherent in the platform's standard offerings, designed to gather information from publicly available sources". There is no suggestion the incident compromised SOCRadar's security or posed any risk to their customers. In total, the data set contained 282M unique addresses of valid email address format.
\nBreach date: 3 August 2024
\nDate added to HIBP: 9 August 2024
\nCompromised accounts: 282,478,425
\nCompromised data: Email addresses
html
1722117600 Ubook - 699,908 breached accounts https://haveibeenpwned.com/PwnedWebsites#Ubook
In July 2024, 700k unique email addresses from the audiobook platform Ubook were posted to a popular hacking forum. Allegedly scraped from the service, the data appears to be sourced from the Ubook Exchange (UBX) and also includes names, genders, dates of birth and links to profile photos.
\nBreach date: 28 July 2024
\nDate added to HIBP: 31 July 2024
\nCompromised accounts: 699,908
\nCompromised data: Dates of birth, Email addresses, Genders, Names, Profile photos
html
1721253600 Stealer Logs Posted to Telegram - 26,105,473 breached accounts https://haveibeenpwned.com/PwnedWebsites#TelegramStealerLogs
In July 2024, info stealer logs with 26M unique email addresses were collated from malicious Telegram channels. The data contained 22GB of logs consisting of email addresses, passwords and the websites they were used on, all obtained by malware running on infected machines.
\nBreach date: 18 July 2024
\nDate added to HIBP: 1 August 2024
\nCompromised accounts: 26,105,473
\nCompromised data: Email addresses, Passwords
html
1720476000 The Heritage Foundation - 72,004 breached accounts https://haveibeenpwned.com/PwnedWebsites#TheHeritageFoundation
In July 2024, hacktivists published almost 2GB of data taken from The Heritage Foundation and their media arm, The Daily Signal. The data contained 72k unique email addresses, primarily used for commenting on articles (along with names, IP addresses and the comments left) and by content contributors (along with usernames and passwords stored as either MD5 or phpass hashes).
\nBreach date: 9 July 2024
\nDate added to HIBP: 10 July 2024
\nCompromised accounts: 72,004
\nCompromised data: Email addresses, IP addresses, Names, Passwords, Usernames
html
1720303200 MSI - 249,990 breached accounts https://haveibeenpwned.com/PwnedWebsites#MSI
In July 2024, MSI inadvertently exposed hundreds of thousands of customer records related to RMA claims that were subsequently found to be publicly accessible. The data included 250k unique email addresses alongside names, phone numbers, physical addresses and warranty claims. When contacted about the incident, MSI advised that "there is no evidence the information was ever accessed" and that "the security incident we had did not trigger state data breach notification obligations" due to the absence of "(social security number, driver's license number….etc)".
\nBreach date: 7 July 2024
\nDate added to HIBP: 17 January 2025
\nCompromised accounts: 249,990
\nCompromised data: Email addresses, Names, Phone numbers, Physical addresses, Warranty claims
html
1720216800 LuLu - 2,796,835 breached accounts https://haveibeenpwned.com/PwnedWebsites#LuLu
In July 2024, the Emirati-based LuLu retail store suffered a data breach. The impacted data included 190k email addresses and associated phone numbers which were subsequently shared on a popular hacking forum. The data was provided to HIBP by a source who requested it be attributed to "IntelBroker". The following month, the threat of leaking the full database was carried out and a backup from October 2022 with a further 2.6M unique email addresses appeared. This data also included names, physical addresses, orders and PBKDF2 password hashes.
\nBreach date: 6 July 2024
\nDate added to HIBP: 2 August 2024
\nCompromised accounts: 2,796,835
\nCompromised data: Email addresses, Names, Passwords, Phone numbers, Physical addresses, Purchases
html
1720044000 AnimeLeague - 192,134 breached accounts https://haveibeenpwned.com/PwnedWebsites#AnimeLeague
In July 2024, AnimeLeague disclosed a data breach of their services. The data was posted for sale on a popular hacking forum and included 2 databases covering both event registration records and a dump of the phpBB bulletin board. The impacted data included passwords in various hashed formats including SHA-1, salted md5 and bcrypt, as well as usernames, private messages, dates of birth, purchases and 192k unique email addresses.
\nBreach date: 4 July 2024
\nDate added to HIBP: 31 July 2024
\nCompromised accounts: 192,134
\nCompromised data: Dates of birth, Email addresses, IP addresses, Passwords, Phone numbers, Private messages, Purchases, Usernames
html
1720044000 FNTECH - 10,386 breached accounts https://haveibeenpwned.com/PwnedWebsites#RobloxDeveloperConference2024
In July 2024, the events management platform FNTECH suffered a data breach that exposed 10k unique email addresses. The data contained registrants from various events, including participants of the Roblox Developer Conference registration list. The data also included names and IP addresses.
\nBreach date: 4 July 2024
\nDate added to HIBP: 6 July 2024
\nCompromised accounts: 10,386
\nCompromised data: Email addresses, IP addresses, Names
html
1720044000 Husky Owners - 16,502 breached accounts https://haveibeenpwned.com/PwnedWebsites#HuskyOwners
In July 2024, the Husky Owners forum website was defaced and linked to a breach of user data containing 16k records. The exposed data included usernames, email addresses, dates of birth and time zones.
\nBreach date: 4 July 2024
\nDate added to HIBP: 7 July 2024
\nCompromised accounts: 16,502
\nCompromised data: Dates of birth, Email addresses, Time zones, Usernames
html
1719957600 Ladies.com - 118,809 breached accounts https://haveibeenpwned.com/PwnedWebsites#Ladies
In 2024, the lesbian dating website ladies.com suffered a data breach. Attributed to an exposed Firebase database, the breach included extensive personal information on 119k users of the service including email addresses, photos, sexual orientation, genders, dates of birth and precise latitude and longitude, among other personal attributes. The website was shut down in mid-2024 and the breach later acknowledged by the site operator in December, along with a breach of the "Senior Dating" website run by the same organisation.
Sensitive breach, not publicly searchable.
\nBreach date: 3 July 2024
\nDate added to HIBP: 9 December 2024
\nCompromised accounts: 118,809
\nCompromised data: Bios, Dates of birth, Drinking habits, Education levels, Email addresses, Family structure, Genders, Geographic locations, Photos, Profile photos, Relationship statuses, Sexual orientations, Smoking habits, Tattoo status, Usernames
html
1719784800 Central Tickets - 722,860 breached accounts https://haveibeenpwned.com/PwnedWebsites#CentralTickets
In September 2024, data from the ticketing service Central Tickets was publicly posted to a hacking forum. The data suggests the breach occurred several months earlier and exposed 723k unique email addresses alongside names, phone numbers, IP addresses, purchases and passwords stored as unsalted SHA-1 hashes.
\nBreach date: 1 July 2024
\nDate added to HIBP: 30 September 2024
\nCompromised accounts: 722,860
\nCompromised data: Device information, Email addresses, IP addresses, Names, Passwords, Phone numbers, Purchases
html
1719784800 Otelier - 436,855 breached accounts https://haveibeenpwned.com/PwnedWebsites#Otelier
In July 2024, a threat actor gained access to the hotel management platform Otelier and retrieved customer data from well-known hotel brands including Marriott, Hilton, and Hyatt. The data included 437k customer email addresses (a further 868k generated email addresses from the booking.com and Expedia platforms were not loaded into HIBP), names, physical addresses, phone numbers, booking information related to travel plans, purchases recorded by the platform and in a small number of cases, partial credit card data. The data was provided to HIBP by a source who requested it be attributed to "ayame@xmpp.jp".
\nBreach date: 1 July 2024
\nDate added to HIBP: 18 January 2025
\nCompromised accounts: 436,855
\nCompromised data: Email addresses, Names, Partial credit card data, Phone numbers, Physical addresses, Purchases, Travel plans
html
1719525600 Shoe Zone - 46,140 breached accounts https://haveibeenpwned.com/PwnedWebsites#ShoeZone
In June 2024, the UK footwear chain Shoe Zone disclosed a data breach that was subsequently posted for sale on a popular hacking forum. The data included over 100k orders containing names, addresses, partial credit card numbers (card type and last 4 digits), and 46k unique email addresses. The data was provided to HIBP by a source who requested it be attributed to "IntelBroker".
\nBreach date: 28 June 2024
\nDate added to HIBP: 6 August 2024
\nCompromised accounts: 46,140
\nCompromised data: Email addresses, Names, Partial credit card data, Physical addresses, Purchases
html
1719439200 BudTrader - 2,721,185 breached accounts https://haveibeenpwned.com/PwnedWebsites#BudTrader
In July 2024, a data breach of the now defunct cannabis social platform BudTrader was posted for sale on a hacking forum. Dating back to the previous month, the breach of the website exposed 2.7M email addresses, usernames and WordPress password hashes.
Sensitive breach, not publicly searchable.
\nBreach date: 27 June 2024
\nDate added to HIBP: 1 October 2024
\nCompromised accounts: 2,721,185
\nCompromised data: Email addresses, Passwords, Usernames
html
1719180000 SpyX - 1,977,011 breached accounts https://haveibeenpwned.com/PwnedWebsites#SpyX
In June 2024, spyware maker SpyX suffered a data breach that exposed almost 2M unique email addresses. The breach also exposed IP addresses, countries of residence, device information and 6-digit PINs in the password field. Further, a collection of iCloud credentials likely used to monitor targets directly via the cloud were also in the breach and contained the target's email address and plain text Apple password.
Sensitive breach, not publicly searchable.
\nBreach date: 24 June 2024
\nDate added to HIBP: 19 March 2025
\nCompromised accounts: 1,977,011
\nCompromised data: Device information, Email addresses, Geographic locations, IP addresses, Passwords
html
1719007200 Zacks (2024) - 11,994,223 breached accounts https://haveibeenpwned.com/PwnedWebsites#Zacks2024
In June 2024, the investment research company Zacks was allegedly breached, and data was later published to a popular hacking forum. This comes after a separate Zacks data breach confirmed by the organisation in 2023 with the subsequent breach disclosing millions of additional records representing a superset of data from the first incident. The 2024 breach included 12M unique email addresses along with IP and physical addresses, names, usernames, phone numbers and unsalted SHA-256 password hashes. Zacks did not respond to multiple attempts to contact them about the incident.
\nBreach date: 22 June 2024
\nDate added to HIBP: 13 February 2025
\nCompromised accounts: 11,994,223
\nCompromised data: Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Usernames
html
1718834400 Z-lib - 9,737,374 breached accounts https://haveibeenpwned.com/PwnedWebsites#ZLib
In June 2024, almost 10M user records from Z-lib were discovered exposed online. Now defunct, Z-lib was a malicious clone of Z-Library, a well-known shadow online platform for pirating books and academic papers. The exposed data included usernames, email addresses, countries of residence, Bitcoin and Monero cryptocurrency wallet addresses, purchases and bcrypt password hashes.
\nBreach date: 20 June 2024
\nDate added to HIBP: 4 November 2024
\nCompromised accounts: 9,737,374
\nCompromised data: Cryptocurrency wallet addresses, Email addresses, Geographic locations, Passwords, Purchases, Usernames
html
1717884000 mSpy (2024) - 2,394,179 breached accounts https://haveibeenpwned.com/PwnedWebsites#mSpy2024
In June 2024, a huge trove of data from spyware maker mSpy was obtained by hacktivists and published online. Comprising of 142GB of user data and support tickets along with 176GB of more than half a million attachments, the data contained 2.4M unique email addresses, IP addresses names and photos. The data was predominantly support tickets seeking help to install the spyware on target devices, whilst the attachments contained various data including screen grans of financial transactions, photos of credit cards and nude selfies.
Sensitive breach, not publicly searchable.
\nBreach date: 9 June 2024
\nDate added to HIBP: 11 July 2024
\nCompromised accounts: 2,394,179
\nCompromised data: Email addresses, IP addresses, Names, Photos
html
1717538400 Advance Auto Parts - 79,243,727 breached accounts https://haveibeenpwned.com/PwnedWebsites#AdvanceAutoParts
In June 2024, Advance Auto Parts confirmed they had suffered a data breach which was posted for sale to a popular hacking forum. Linked to unauthorised access to Snowflake cloud services, the breach exposed a large number of records related to both customers and employees. In total, 79M unique email addresses were included in the breach, alongside names, phone numbers, addresses and further data attributes related to company employees.
\nBreach date: 5 June 2024
\nDate added to HIBP: 24 June 2024
\nCompromised accounts: 79,243,727
\nCompromised data: Email addresses, Names, Phone numbers, Physical addresses
html
1717452000 Spytech - 5,645 breached accounts https://haveibeenpwned.com/PwnedWebsites#Spytech
In July 2024, spyware maker Spytech suffered a data breach that exposed data collected as recently as the previous month. Designed to "invisibly record everything users do", the breach exposed information related to both purchasers and targets of the product. Target data collection (and subsequent exposure) included the infected computer name, browsing history, applications used, usernames of authenticated users, keywords being monitored, file operations (creation and deletion), computer usage times and email addresses, often captured within the spyware's logs. The data also included the names, purchases and md5 password hashes of purchasers.
Sensitive breach, not publicly searchable.
\nBreach date: 4 June 2024
\nDate added to HIBP: 30 July 2024
\nCompromised accounts: 5,645
\nCompromised data: Browsing histories, Device information, Email addresses, Names, Passwords, Purchases, Usernames
html
1717192800 Robinsons Malls - 195,597 breached accounts https://haveibeenpwned.com/PwnedWebsites#RobinsonsMalls
In June 2024, the Philippines' largest shopping-mall operators Robinsons Malls suffered a data breach stemming from their mobile app. The incident exposed 195k unique email addresses along with names, phone numbers, dates of birth, genders and the user's city and province.
\nBreach date: 1 June 2024
\nDate added to HIBP: 25 June 2025
\nCompromised accounts: 195,597
\nCompromised data: Dates of birth, Email addresses, Genders, Geographic locations, Names, Phone numbers
html
1717106400 Ticketek - 17,643,173 breached accounts https://haveibeenpwned.com/PwnedWebsites#Ticketek
In May 2024, the Australian event ticketing company Ticketek reported a data breach linked to a third party cloud-based platform. The following month, the data appeared for sale on a popular hacking forum and was later linked to a series of breaches of the Snowflake cloud storage service. The data contained almost 30M rows with 17.6M unique email addresses alongside names, genders, dates of birth and hashed passwords.
Retired breach, removed from system.
\nBreach date: 31 May 2024
\nDate added to HIBP: 28 June 2024
\nCompromised accounts: 17,643,173
\nCompromised data: Dates of birth, Email addresses, Genders, Names, Passwords, Salutations
html
1717020000 Operation Endgame - 16,466,858 breached accounts https://haveibeenpwned.com/PwnedWebsites#OperationEndgame
In May 2024, a coalition of international law enforcement agencies took down a series of botnets in a campaign they coined "Operation Endgame". Data seized in the operation included impacted email addresses and passwords which were provided to HIBP to help victims learn of their exposure.
Malware breach.
\nBreach date: 30 May 2024
\nDate added to HIBP: 30 May 2024
\nCompromised accounts: 16,466,858
\nCompromised data: Email addresses, Passwords
html
1716847200 Combolists Posted to Telegram - 361,468,099 breached accounts https://haveibeenpwned.com/PwnedWebsites#TelegramCombolists
In May 2024, 2B rows of data with 361M unique email addresses were collated from malicious Telegram channels. The data contained 122GB across 1.7k files with email addresses, usernames, passwords and in many cases, the website they were entered into. The data appears to have been sourced from a combination of existing combolists and info stealer malware.
\nBreach date: 28 May 2024
\nDate added to HIBP: 3 June 2024
\nCompromised accounts: 361,468,099
\nCompromised data: Email addresses, Passwords, Usernames
html
1716588000 pcTattletale - 138,751 breached accounts https://haveibeenpwned.com/PwnedWebsites#pcTattletale
In May 2024, the spyware service pcTattletale suffered a data breach that defaced the website and posted tens of gigabytes of data to the homepage, allegedly due to pcTattletale not responding to a previous security vulnerability report. The breach exposed data including membership records, infected PC names, captured messages and extensive logs of IP addresses and device information.
Sensitive breach, not publicly searchable.
\nBreach date: 25 May 2024
\nDate added to HIBP: 25 May 2024
\nCompromised accounts: 138,751
\nCompromised data: Device information, Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses, SMS messages, Usernames
html
1714600800 The Post Millennial - 56,973,345 breached accounts https://haveibeenpwned.com/PwnedWebsites#ThePostMillennial
In May 2024, the conservative news website The Post Millennial suffered a data breach. The breach resulted in the defacement of the website and links posted to 3 different corpuses of data including hundreds of writers and editors (IP, physical address and email exposed), tens of thousands of subscribers to the site (name, email, username, phone and plain text password exposed), and tens of millions of email addresses from thousands of mailing lists alleged to have been used by The Post Millennial (this has not been independently verified). The mailing lists appear to be sourced from various campaigns not necessarily run by The Post Millennial and contain a variety of different personal attributes including name, phone and physical address (depending on the campaign). The data was subsequently posted to a popular hacking forum and extensively torrented.
\nBreach date: 2 May 2024
\nDate added to HIBP: 10 May 2024
\nCompromised accounts: 56,973,345
\nCompromised data: Email addresses, Genders, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Usernames
html
1713909600 Piping Rock - 2,103,100 breached accounts https://haveibeenpwned.com/PwnedWebsites#PipingRock
In April 2024, 2.1M email addresses from the online health products store Piping Rock were publicly posted to a popular hacking forum. The data also included names, phone numbers and physical addresses. The account posting the data had previously posted multiple other data breaches which all appear to have been obtained from the Shopify service used by the respective websites.
\nBreach date: 24 April 2024
\nDate added to HIBP: 26 April 2024
\nCompromised accounts: 2,103,100
\nCompromised data: Email addresses, Names, Phone numbers, Physical addresses
html
1713823200 Tappware - 94,734 breached accounts https://haveibeenpwned.com/PwnedWebsites#Tappware
In April 2024, a substantial volume of data was taken from the Bangladeshi IT services provider Tappware and published to a popular hacking forum. Comprising of 95k unique email addresses, the data also included extensive labour information on local citizens including names, physical addresses, job titles, dates of birth, genders and scans of government issued national identity (NID) cards.
\nBreach date: 23 April 2024
\nDate added to HIBP: 9 May 2024
\nCompromised accounts: 94,734
\nCompromised data: Dates of birth, Email addresses, Genders, Government issued IDs, Job titles, Names, Phone numbers, Physical addresses, Religions
html
1713391200 Sport 2000 - 3,189,643 breached accounts https://haveibeenpwned.com/PwnedWebsites#Sport2000
In April 2024, the French sporting equipment manufacturer Sport 2000 announced it had suffered a data breach. The data was subsequently put up for sale on a popular hacking forum and included 4.4M rows with 3.2M unique email addresses alongside names, physical addresses, phone numbers, dates of birth and purchases made by store name. The data was provided to HIBP by a source who requested it be attributed to "oathnet.ru".
\nBreach date: 18 April 2024
\nDate added to HIBP: 28 August 2024
\nCompromised accounts: 3,189,643
\nCompromised data: Dates of birth, Email addresses, Names, Phone numbers, Physical addresses, Purchases, Salutations
html
1713304800 T2 - 94,584 breached accounts https://haveibeenpwned.com/PwnedWebsites#T2
In April 2024, 95k records from the T2 tea store were posted to a popular hacking forum. Data included email and physical addresses, names, phone numbers, dates of birth, purchases and passwords stored as scrypt hashes.
\nBreach date: 17 April 2024
\nDate added to HIBP: 22 April 2024
\nCompromised accounts: 94,584
\nCompromised data: Dates of birth, Email addresses, Names, Passwords, Phone numbers, Physical addresses, Purchases, Salutations
html
1713132000 MovieBoxPro - 6,009,014 breached accounts https://haveibeenpwned.com/PwnedWebsites#MovieBoxPro
In April 2024, over 6M records from the streaming service MovieBoxPro were scraped from a vulnerable API. Of questionable legality, the service provided no contact information to disclose the incident, although reportedly the vulnerability was rectified after being mass enumerated.
\nBreach date: 15 April 2024
\nDate added to HIBP: 30 April 2024
\nCompromised accounts: 6,009,014
\nCompromised data: Email addresses, Usernames
html
1713045600 Neiman Marcus - 31,152,842 breached accounts https://haveibeenpwned.com/PwnedWebsites#NeimanMarcus
In May 2024, the American luxury retailer Neiman Marcus suffered a data breach which was later posted to a popular hacking forum. The data included 31M unique email addresses, names, phone numbers, dates of birth, physical addresses and partial credit card data (note: this is insufficient to make purchases). The breach was traced back to a series of attacks against the Snowflake cloud service which impacted 165 organisations worldwide.
\nBreach date: 14 April 2024
\nDate added to HIBP: 9 July 2024
\nCompromised accounts: 31,152,842
\nCompromised data: Dates of birth, Email addresses, IP addresses, Names, Partial credit card data, Phone numbers, Physical addresses, Purchases
html
1712959200 Le Slip Français - 1,495,127 breached accounts https://haveibeenpwned.com/PwnedWebsites#LeSlipFrancais
In April 2024, the French underwear maker Le Slip Français suffered a data breach. The breach included 1.5M email addresses, physical addresses, names and phone numbers.
\nBreach date: 13 April 2024
\nDate added to HIBP: 18 April 2024
\nCompromised accounts: 1,495,127
\nCompromised data: Email addresses, Names, Phone numbers, Physical addresses
html
1712613600 National Public Data - 133,957,569 breached accounts https://haveibeenpwned.com/PwnedWebsites#NationalPublicData
In April 2024, a large trove of data made headlines as having exposed "3 billion people" due to a breach of the National Public Data background check service. The initial corpus of data released in the breach contained billions of rows of personal information, including US social security numbers. Further partial data sets were later released including extensive personal information and 134M unique email addresses, although the origin and accuracy of the data remains in question. This breach has been flagged as "unverified" and a full description of the incident is in the link above.
Unverified breach, may be sourced from elsewhere.
\nBreach date: 9 April 2024
\nDate added to HIBP: 13 August 2024
\nCompromised accounts: 133,957,569
\nCompromised data: Dates of birth, Email addresses, Genders, Government issued IDs, Names, Phone numbers, Physical addresses
html
1712008800 Salvadoran Citizens - 946,989 breached accounts https://haveibeenpwned.com/PwnedWebsites#SalvadoranCitizens
In April 2024, nearly 6 million records of Salvadoran citizens were published to a popular hacking forum. The data included names, dates of birth, phone numbers, physical addresses and nearly 1M unique email addresses. Further, over 5M corresponding profile photos were also included in the breach.
\nBreach date: 2 April 2024
\nDate added to HIBP: 11 April 2024
\nCompromised accounts: 946,989
\nCompromised data: Dates of birth, Email addresses, Government issued IDs, Names, Phone numbers, Physical addresses, Profile photos
html
1711839600 Pandabuy - 1,348,407 breached accounts https://haveibeenpwned.com/PwnedWebsites#Pandabuy
In March 2024, 1.3M unique email addresses from the online store for purchasing goods from China, Pandabuy, were posted to a popular hacking forum. The data also included IP and physical addresses, names, phone numbers and order enquiries. The breach was alleged to be attributed to "Sanggiero" and "IntelBroker".
\nBreach date: 31 March 2024
\nDate added to HIBP: 1 April 2024
\nCompromised accounts: 1,348,407
\nCompromised data: Email addresses, IP addresses, Names, Phone numbers, Physical addresses
html
1711494000 Lookiero - 4,981,760 breached accounts https://haveibeenpwned.com/PwnedWebsites#Lookiero
In August 2024, a data breach from the online styling service Lookiero was posted to a popular hacking forum. Dating back to March 2024, the data included 5M unique email addresses, with many of the records also including name, phone number and physical address. When contacted about the incident, Lookiero advised that they would "look into it and get back to you if necessary". The data was provided to HIBP by a source who requested it be attributed to "oathnet.ru".
\nBreach date: 27 March 2024
\nDate added to HIBP: 30 August 2024
\nCompromised accounts: 4,981,760
\nCompromised data: Email addresses, Names, Phone numbers, Physical addresses
html
1711321200 boAt - 7,528,985 breached accounts https://haveibeenpwned.com/PwnedWebsites#boAt
In March 2024, the Indian audio and wearables brand boAt suffered a data breach that exposed 7.5M customer records. The data included physical and email address, names and phone numbers, all of which were subsequently published to a popular clear web hacking forum.
\nBreach date: 25 March 2024
\nDate added to HIBP: 8 April 2024
\nCompromised accounts: 7,528,985
\nCompromised data: Email addresses, Names, Phone numbers, Physical addresses
html
1711234800 Kaspersky Club - 55,971 breached accounts https://haveibeenpwned.com/PwnedWebsites#KasperskyClub
In March 2024, the independent fan forum Kaspersky Club suffered a data breach. The incident exposed 56k unique email addresses alongside usernames, IP addresses and passwords stored as either MD5 or bcrypt hashes.
\nBreach date: 24 March 2024
\nDate added to HIBP: 9 April 2024
\nCompromised accounts: 55,971
\nCompromised data: Email addresses, IP addresses, Passwords, Usernames
html
1711148400 England Cricket - 43,299 breached accounts https://haveibeenpwned.com/PwnedWebsites#ECB
In March 2024, English Cricket's icoachcricket website suffered a data breach that exposed over 40k records. The data included email addresses and passwords stored as either bcrypt hashes, salted MD5 hashes or both. The data was provided to HIBP by a source who requested it be attributed to "IntelBroker".
\nBreach date: 23 March 2024
\nDate added to HIBP: 29 March 2024
\nCompromised accounts: 43,299
\nCompromised data: Email addresses, Passwords
html
1709852400 HuntStand - 2,795,947 breached accounts https://haveibeenpwned.com/PwnedWebsites#HuntStand
In March 2024, millions of records scraped from the hunting and land management service HuntStand were publicly posted to a popular hacking forum. The data included 2.8M unique email addresses with many records also containing name, date of birth and country.
\nBreach date: 8 March 2024
\nDate added to HIBP: 19 September 2024
\nCompromised accounts: 2,795,947
\nCompromised data: Dates of birth, Email addresses, Geographic locations, Names
html
1709506800 Giant Tiger - 2,842,669 breached accounts https://haveibeenpwned.com/PwnedWebsites#GiantTiger
In March 2024, Canadian discount store Giant Tiger suffered a data breach that exposed 2.8M customer records. Attributed to a vendor of the retailer, the breach included physical and email addresses, names and phone numbers.
\nBreach date: 4 March 2024
\nDate added to HIBP: 13 April 2024
\nCompromised accounts: 2,842,669
\nCompromised data: Email addresses, Names, Phone numbers, Physical addresses
html
1709420400 WoTLabs - 21,994 breached accounts https://haveibeenpwned.com/PwnedWebsites#WoTLabs
In March 2024, WoTLabs (World of Tanks Statistics and Resources) suffered a data breach and website defacement attributed to "chromebook breachers". The breach exposed 22k forum members' personal data including email and IP addresses, usernames, dates of birth and time zones.
\nBreach date: 3 March 2024
\nDate added to HIBP: 7 March 2024
\nCompromised accounts: 21,994
\nCompromised data: Dates of birth, Email addresses, IP addresses, Time zones, Usernames
html
1709334000 Fair Vote Canada - 134,336 breached accounts https://haveibeenpwned.com/PwnedWebsites#FairVoteCanada
In March 2024, the Canadian national citizens' campaign for proportional representation Fair Vote Canada suffered a data breach. The incident was attributed to "a well-meaning volunteer" who inadvertently exposed data from 2020 which included 134k unique email addresses, names, physical addresses, phone numbers and, for some individuals, date and amount of a donation.
\nBreach date: 2 March 2024
\nDate added to HIBP: 21 October 2024
\nCompromised accounts: 134,336
\nCompromised data: Email addresses, Names, Phone numbers, Physical addresses, Political donations
html
1709247600 Life360 - 442,519 breached accounts https://haveibeenpwned.com/PwnedWebsites#Life360
In July 2024, data scraped from a misconfigured Life360 API was posted online after being obtained several months earlier. The records included 443k unique email addresses and in most cases, corresponding names and phone numbers (some records were null or obfuscated). Life360 promptly notified impacted users after the incident was discovered.
\nBreach date: 1 March 2024
\nDate added to HIBP: 20 July 2024
\nCompromised accounts: 442,519
\nCompromised data: Email addresses, Names, Phone numbers
html
1709247600 Mr. Green Gaming - 27,123 breached accounts https://haveibeenpwned.com/PwnedWebsites#MrGreenGaming
In March 2024, the online games community Mr. Green Gaming suffered a data breach that exposed 27k user records. Acknowledged on their Discord server, the incident exposed email and IP addresses, usernames, geographic locations and dates of birth.
\nBreach date: 1 March 2024
\nDate added to HIBP: 3 March 2024
\nCompromised accounts: 27,123
\nCompromised data: Dates of birth, Email addresses, Geographic locations, IP addresses, Usernames
html
1709074800 DemandScience by Pure Incubation - 121,796,165 breached accounts https://haveibeenpwned.com/PwnedWebsites#DemandScience
In early 2024, a large corpus of data from DemandScience (a company owned by Pure Incubation), appeared for sale on a popular hacking forum. Later attributed to a leak from a decommissioned legacy system, the breach contained extensive data that was largely business contact information aggregated from public sources. Specifically, the data included 122M unique corporate email addresses, physical addresses, phone numbers, employers and job titles. It also included names and for many individuals, a link to their LinkedIn profile.
\nBreach date: 28 February 2024
\nDate added to HIBP: 13 November 2024
\nCompromised accounts: 121,796,165
\nCompromised data: Email addresses, Employers, Job titles, Names, Phone numbers, Physical addresses, Social media profiles
html
1709074800 LDLC - 1,266,026 breached accounts https://haveibeenpwned.com/PwnedWebsites#LDLC
In March 2024, French retailer LDLC disclosed a data breach that impacted customers of their physical stores. The data was previously listed for sale on a popular hacking forum and contained 1.26M unique email addresses along with names, phone numbers and physical addresses. The data was provided to HIBP by a source who requested it be attributed to "oathnet.ru".
\nBreach date: 28 February 2024
\nDate added to HIBP: 13 August 2024
\nCompromised accounts: 1,266,026
\nCompromised data: Email addresses, Names, Phone numbers, Physical addresses, Salutations
html
1708902000 Cutout.Pro - 19,972,829 breached accounts https://haveibeenpwned.com/PwnedWebsites#CutoutPro
In February 2024, the AI-powered visual design platform Cutout.Pro suffered a data breach that exposed 20M records. The data included email and IP addresses, names and salted MD5 password hashes which were subsequently broadly distributed on a popular hacking forum and Telegram channels.
\nBreach date: 26 February 2024
\nDate added to HIBP: 28 February 2024
\nCompromised accounts: 19,972,829
\nCompromised data: Email addresses, IP addresses, Names, Passwords
html
1708556400 Spyzie - 518,643 breached accounts https://haveibeenpwned.com/PwnedWebsites#Spyzie
In February 2025, the spyware service Spyzie suffered a data breach along with sibling spyware services, Spyic and Cocospy. The Spyzie breach alone exposed almost 519k customer email addresses which were provided to HIBP, and reportedly also enabled unauthorised access to captured messages, photos, call logs, and more. The data was provided to HIBP by a source who requested it be attributed to "zathienaephi@proton.me".
Sensitive breach, not publicly searchable.
\nBreach date: 22 February 2024
\nDate added to HIBP: 27 February 2025
\nCompromised accounts: 518,643
\nCompromised data: Email addresses
html
1708210800 Tangerine - 243,462 breached accounts https://haveibeenpwned.com/PwnedWebsites#Tangerine
In February 2024, the Australian Telco Tangerine suffered a data breach that exposed over 200k customer records. Attributed to a legacy customer database, the data included physical and email addresses, names, phone numbers and dates of birth. Whilst the Tangerine login process involves sending a one-time password after entering an email address and phone number, it previously used a traditional password which was also exposed as a bcrypt hash.
\nBreach date: 18 February 2024
\nDate added to HIBP: 28 February 2024
\nCompromised accounts: 243,462
\nCompromised data: Dates of birth, Email addresses, Names, Passwords, Phone numbers, Physical addresses, Salutations
html
1707692400 Doxbin (TOoDA) - 136,461 breached accounts https://haveibeenpwned.com/PwnedWebsites#DoxbinTOoDA
In February 2025, the "doxing" website Doxbin was compromised by a group calling themselves "TOoDA" and the data dumped publicly. Included in the breach were 336k unique email addresses alongside usernames. The data was provided to HIBP by a source who requested it be attributed to "emo.rip".
Sensitive breach, not publicly searchable.
\nBreach date: 12 February 2024
\nDate added to HIBP: 13 February 2025
\nCompromised accounts: 136,461
\nCompromised data: Email addresses, Usernames
html
1706742000 SurveyLama - 4,426,879 breached accounts https://haveibeenpwned.com/PwnedWebsites#SurveyLama
In February 2024, the paid survey website SurveyLama suffered a data breach that exposed 4.4M customer email addresses. The incident also exposed names, physical and IP addresses, phone numbers, dates of birth and passwords stored as either salted SHA-1, bcrypt or argon2 hashes. When contacted about the incident, SurveyLama advised that they had already "notified the users by email".
\nBreach date: 1 February 2024
\nDate added to HIBP: 3 April 2024
\nCompromised accounts: 4,426,879
\nCompromised data: Dates of birth, Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses
html