In April 2024, 2.1M email addresses from the online health products store Piping Rock were publicly posted to a popular hacking forum. The data also included names, phone numbers and physical addresses. The account posting the data had previously posted multiple other data breaches which all appear to have been obtained from the Shopify service used by the respective websites.
\nBreach date: 24 April 2024
\nDate added to HIBP: 26 April 2024
\nCompromised accounts: 2,103,100
\nCompromised data: Email addresses, Names, Phone numbers, Physical addresses
html
1713304800 T2 - 94,584 breached accounts https://haveibeenpwned.com/PwnedWebsites#T2
In April 2024, 95k records from the T2 tea store were posted to a popular hacking forum. Data included email and physical addresses, names, phone numbers, dates of birth, purchases and passwords stored as scrypt hashes.
\nBreach date: 17 April 2024
\nDate added to HIBP: 22 April 2024
\nCompromised accounts: 94,584
\nCompromised data: Dates of birth, Email addresses, Names, Passwords, Phone numbers, Physical addresses, Purchases, Salutations
html
1713132000 MovieBoxPro - 6,009,014 breached accounts https://haveibeenpwned.com/PwnedWebsites#MovieBoxPro
In April 2024, over 6M records from the streaming service MovieBoxPro were scraped from a vulnerable API. Of questionable legality, the service provided no contact information to disclose the incident, although reportedly the vulnerability was rectified after being mass enumerated.
\nBreach date: 15 April 2024
\nDate added to HIBP: 30 April 2024
\nCompromised accounts: 6,009,014
\nCompromised data: Email addresses, Usernames
html
1712959200 Le Slip Français - 1,495,127 breached accounts https://haveibeenpwned.com/PwnedWebsites#LeSlipFrancais
In April 2024, the French underwear maker Le Slip Français suffered a data breach. The breach included 1.5M email addresses, physical addresses, names and phone numbers.
\nBreach date: 13 April 2024
\nDate added to HIBP: 18 April 2024
\nCompromised accounts: 1,495,127
\nCompromised data: Email addresses, Names, Phone numbers, Physical addresses
html
1712008800 Salvadoran Citizens - 946,989 breached accounts https://haveibeenpwned.com/PwnedWebsites#SalvadoranCitizens
In April 2024, nearly 6 million records of Salvadoran citizens were published to a popular hacking forum. The data included names, dates of birth, phone numbers, physical addresses and nearly 1M unique email addresses. Further, over 5M corresponding profile photos were also included in the breach.
\nBreach date: 2 April 2024
\nDate added to HIBP: 11 April 2024
\nCompromised accounts: 946,989
\nCompromised data: Dates of birth, Email addresses, Government issued IDs, Names, Phone numbers, Physical addresses, Profile photos
html
1711839600 Pandabuy - 1,348,407 breached accounts https://haveibeenpwned.com/PwnedWebsites#Pandabuy
In March 2024, 1.3M unique email addresses from the online store for purchasing goods from China, Pandabuy, were posted to a popular hacking forum. The data also included IP and physical addresses, names, phone numbers and order enquiries. The breach was alleged to be attributed to "Sanggiero" and "IntelBroker".
\nBreach date: 31 March 2024
\nDate added to HIBP: 1 April 2024
\nCompromised accounts: 1,348,407
\nCompromised data: Email addresses, IP addresses, Names, Phone numbers, Physical addresses
html
1711321200 boAt - 7,528,985 breached accounts https://haveibeenpwned.com/PwnedWebsites#boAt
In March 2024, the Indian audio and wearables brand boAt suffered a data breach that exposed 7.5M customer records. The data included physical and email address, names and phone numbers, all of which were subsequently published to a popular clear web hacking forum.
\nBreach date: 25 March 2024
\nDate added to HIBP: 8 April 2024
\nCompromised accounts: 7,528,985
\nCompromised data: Email addresses, Names, Phone numbers, Physical addresses
html
1711234800 Kaspersky Club - 55,971 breached accounts https://haveibeenpwned.com/PwnedWebsites#KasperskyClub
In March 2024, the independent fan forum Kaspersky Club suffered a data breach. The incident exposed 56k unique email addresses alongside usernames, IP addresses and passwords stored as either MD5 or bcrypt hashes.
\nBreach date: 24 March 2024
\nDate added to HIBP: 9 April 2024
\nCompromised accounts: 55,971
\nCompromised data: Email addresses, IP addresses, Passwords, Usernames
html
1711148400 England Cricket - 43,299 breached accounts https://haveibeenpwned.com/PwnedWebsites#ECB
In March 2024, English Cricket's icoachcricket website suffered a data breach that exposed over 40k records. The data included email addresses and passwords stored as either bcrypt hashes, salted MD5 hashes or both. The data was provided to HIBP by a source who requested it be attributed to "IntelBroker".
\nBreach date: 23 March 2024
\nDate added to HIBP: 29 March 2024
\nCompromised accounts: 43,299
\nCompromised data: Email addresses, Passwords
html
1709506800 Giant Tiger - 2,842,669 breached accounts https://haveibeenpwned.com/PwnedWebsites#GiantTiger
In March 2024, Canadian discount store Giant Tiger suffered a data breach that exposed 2.8M customer records. Attributed to a vendor of the retailer, the breach included physical and email addresses, names and phone numbers.
\nBreach date: 4 March 2024
\nDate added to HIBP: 13 April 2024
\nCompromised accounts: 2,842,669
\nCompromised data: Email addresses, Names, Phone numbers, Physical addresses
html
1709420400 WoTLabs - 21,994 breached accounts https://haveibeenpwned.com/PwnedWebsites#WoTLabs
In March 2024, WoTLabs (World of Tanks Statistics and Resources) suffered a data breach and website defacement attributed to "chromebook breachers". The breach exposed 22k forum members' personal data including email and IP addresses, usernames, dates of birth and time zones.
\nBreach date: 3 March 2024
\nDate added to HIBP: 7 March 2024
\nCompromised accounts: 21,994
\nCompromised data: Dates of birth, Email addresses, IP addresses, Time zones, Usernames
html
1709247600 Mr. Green Gaming - 27,123 breached accounts https://haveibeenpwned.com/PwnedWebsites#MrGreenGaming
In March 2024, the online games community Mr. Green Gaming suffered a data breach that exposed 27k user records. Acknowledged on their Discord server, the incident exposed email and IP addresses, usernames, geographic locations and dates of birth.
\nBreach date: 1 March 2024
\nDate added to HIBP: 3 March 2024
\nCompromised accounts: 27,123
\nCompromised data: Dates of birth, Email addresses, Geographic locations, IP addresses, Usernames
html
1708902000 Cutout.Pro - 19,972,829 breached accounts https://haveibeenpwned.com/PwnedWebsites#CutoutPro
In February 2024, the AI-powered visual design platform Cutout.Pro suffered a data breach that exposed 20M records. The data included email and IP addresses, names and salted MD5 password hashes which were subsequently broadly distributed on a popular hacking forum and Telegram channels.
\nBreach date: 26 February 2024
\nDate added to HIBP: 28 February 2024
\nCompromised accounts: 19,972,829
\nCompromised data: Email addresses, IP addresses, Names, Passwords
html
1708210800 Tangerine - 243,462 breached accounts https://haveibeenpwned.com/PwnedWebsites#Tangerine
In February 2024, the Australian Telco Tangerine suffered a data breach that exposed over 200k customer records. Attributed to a legacy customer database, the data included physical and email addresses, names, phone numbers and dates of birth. Whilst the Tangerine login process involves sending a one-time password after entering an email address and phone number, it previously used a traditional password which was also exposed as a bcrypt hash.
\nBreach date: 18 February 2024
\nDate added to HIBP: 28 February 2024
\nCompromised accounts: 243,462
\nCompromised data: Dates of birth, Email addresses, Names, Passwords, Phone numbers, Physical addresses, Salutations
html
1706742000 SurveyLama - 4,426,879 breached accounts https://haveibeenpwned.com/PwnedWebsites#SurveyLama
In February 2024, the paid survey website SurveyLama suffered a data breach that exposed 4.4M customer email addresses. The incident also exposed names, physical and IP addresses, phone numbers, dates of birth and passwords stored as either salted SHA-1, bcrypt or argon2 hashes. When contacted about the incident, SurveyLama advised that they had already "notified the users by email".
\nBreach date: 1 February 2024
\nDate added to HIBP: 3 April 2024
\nCompromised accounts: 4,426,879
\nCompromised data: Dates of birth, Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses
html
1706655600 Spoutible - 207,114 breached accounts https://haveibeenpwned.com/PwnedWebsites#Spoutible
In January 2024, Spoutible had 207k records scraped from a misconfigured API that inadvertently returned excessive personal information. The data included names, usernames, email and IP addresses, phone numbers (where provided to the platform), genders and bcrypt password hashes. The incident also exposed 2FA secrets and backup codes along with password reset tokens.
\nBreach date: 31 January 2024
\nDate added to HIBP: 5 February 2024
\nCompromised accounts: 207,114
\nCompromised data: Email addresses, Genders, IP addresses, Names, Passwords, Phone numbers, Usernames
html
1705359600 Trello - 15,111,945 breached accounts https://haveibeenpwned.com/PwnedWebsites#Trello
In January 2024, data was scraped from Trello and posted for sale on a popular hacking forum. Containing over 15M email addresses, names and usernames, the data was obtained by enumerating a publicly accessible resource using email addresses from previous breach corpuses. Trello advised that no unauthorised access had occurred.
\nBreach date: 16 January 2024
\nDate added to HIBP: 22 January 2024
\nCompromised accounts: 15,111,945
\nCompromised data: Email addresses, Names, Usernames
html
1702767600 Hathway - 4,670,080 breached accounts https://haveibeenpwned.com/PwnedWebsites#Hathway
In December 2023, hundreds of gigabytes of data allegedly taken from Indian ISP and digital TV provider Hathway appeared on a popular hacking website. The incident exposed extensive personal information including 4.7M unique email addresses along with names, physical and IP addresses, phone numbers, password hashes and support ticket logs.
\nBreach date: 17 December 2023
\nDate added to HIBP: 12 January 2024
\nCompromised accounts: 4,670,080
\nCompromised data: Device information, Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Salutations, Support tickets
html
1702335600 InflateVids - 13,405 breached accounts https://haveibeenpwned.com/PwnedWebsites#InflateVids
In December 2023, the inflatable and balloon fetish videos website InflateVids suffered a data breach. The incident exposed over 13k unique email addresses alongside usernames, IP addresses, genders and SHA-1 password hashes.
Sensitive breach, not publicly searchable.
\nBreach date: 12 December 2023
\nDate added to HIBP: 12 December 2023
\nCompromised accounts: 13,405
\nCompromised data: Email addresses, Genders, IP addresses, Passwords, Usernames
html
1699916400 KitchenPal - 98,726 breached accounts https://haveibeenpwned.com/PwnedWebsites#KitchenPal
In November 2023, the kitchen management application KitchenPal suffered a data breach that exposed 146k lines of data. When contacted about the incident, KitchenPal advised the corpus of data came from a staging environment, although acknowledged it contained a small number of users for debugging purposes and included passwords that could not be used. Impacted data included almost 100k email addresses, names, geolocations and incomplete data on dates of birth, genders, height and weight, social media profile identifiers and bcrypt password hashes.
\nBreach date: 14 November 2023
\nDate added to HIBP: 24 November 2023
\nCompromised accounts: 98,726
\nCompromised data: Dates of birth, Email addresses, Genders, Geographic locations, Names, Passwords, Physical attributes, Social media profiles
html
1699398000 Chess - 827,620 breached accounts https://haveibeenpwned.com/PwnedWebsites#Chess
In November 2023, over 800k user records were scraped from the Chess website and posted to a popular hacking forum. The data included email address, name, username and the geographic location of the user.
\nBreach date: 8 November 2023
\nDate added to HIBP: 10 November 2023
\nCompromised accounts: 827,620
\nCompromised data: Email addresses, Geographic locations, Names, Usernames
html
1699052400 LinkedIn Scraped and Faked Data (2023) - 19,788,753 breached accounts https://haveibeenpwned.com/PwnedWebsites#LinkedInScrape2023
In November 2023, a post to a popular hacking forum alleged that millions of LinkedIn records had been scraped and leaked. On investigation, the data turned out to be a combination of legitimate data scraped from LinkedIn and email addresses constructed from impacted individuals' names.
Spam list, used for spam marketing.
\nBreach date: 4 November 2023
\nDate added to HIBP: 7 November 2023
\nCompromised accounts: 19,788,753
\nCompromised data: Email addresses, Genders, Geographic locations, Job titles, Names, Professional skills, Social media profiles
html
1697580000 Toumei - 76,682 breached accounts https://haveibeenpwned.com/PwnedWebsites#Toumei
In October 2023, the Japanese consultancy firm Toumei suffered a data breach. The breach exposed over 100M lines and 10GB of data including 77k unique email addresses along with names, phone numbers and physical addresses.
\nBreach date: 18 October 2023
\nDate added to HIBP: 27 October 2023
\nCompromised accounts: 76,682
\nCompromised data: Email addresses, Names, Phone numbers, Physical addresses
html
1696111200 Facebook Marketplace - 77,267 breached accounts https://haveibeenpwned.com/PwnedWebsites#FacebookMarketplace
In February 2024, 200k Facebook Marketplace records allegedly obtained from a Meta contractor in October 2023 were posted to a popular hacking forum. The data contained 77k unique email addresses alongside names, phone numbers, Facebook profile IDs and geographic locations. The data also contained bcrypt password hashes, although there is no indication these belong to the corresponding Facebook accounts.
\nBreach date: 1 October 2023
\nDate added to HIBP: 22 February 2024
\nCompromised accounts: 77,267
\nCompromised data: Email addresses, Geographic locations, Names, Passwords, Phone numbers, Social media profiles
html
1695160800 Naz.API - 70,840,771 breached accounts https://haveibeenpwned.com/PwnedWebsites#NazApi
In September 2023, over 100GB of stealer logs and credential stuffing lists titled "Naz.API" was posted to a popular hacking forum. The incident contained a combination of email address and plain text password pairs alongside the service they were entered into, and standalone credential pairs obtained from unnamed sources. In total, the corpus of data included 71M unique email addresses and 100M unique passwords.
\nBreach date: 20 September 2023
\nDate added to HIBP: 17 January 2024
\nCompromised accounts: 70,840,771
\nCompromised data: Email addresses, Passwords
html
1694210400 Sphero - 832,255 breached accounts https://haveibeenpwned.com/PwnedWebsites#Sphero
In September 2023, over 1M rows of data from the educational robots company Sphero was posted to a popular hacking forum. The data contained 832k unique email addresses alongside names, usernames, dates of birth and geographic locations.
\nBreach date: 9 September 2023
\nDate added to HIBP: 20 October 2023
\nCompromised accounts: 832,255
\nCompromised data: Dates of birth, Email addresses, Geographic locations, Names, Usernames
html
1693260000 Qakbot - 6,431,319 breached accounts https://haveibeenpwned.com/PwnedWebsites#Qakbot
In August 2023, the US Justice Department announced a multinational operation involving actions in the United States, France, Germany, the Netherlands, and the United Kingdom to disrupt the botnet and malware known as Qakbot and take down its infrastructure. After the takedown, 6.43M email addresses were provided to HIBP to help notify victims of the malware.
Sensitive breach, not publicly searchable.
Malware breach.
\nBreach date: 29 August 2023
\nDate added to HIBP: 29 August 2023
\nCompromised accounts: 6,431,319
\nCompromised data: Email addresses, Passwords
html
1691532000 PlayCyberGames - 3,681,753 breached accounts https://haveibeenpwned.com/PwnedWebsites#PlayCyberGames
In August 2023, PlayCyberGames which "allows users to play any games with LAN function or games using IP address" suffered a data breach which exposed 3.7M customer records. The data included email addresses, usernames and MD5 password hashes with a constant value in the "salt" field. PlayCyberGames did not respond to multiple attempts to disclose the breach.
\nBreach date: 9 August 2023
\nDate added to HIBP: 31 August 2023
\nCompromised accounts: 3,681,753
\nCompromised data: Email addresses, Passwords, Usernames
html
1690927200 MagicDuel - 138,443 breached accounts https://haveibeenpwned.com/PwnedWebsites#MagicDuel
In August 2023, the MagicDuel Adventure website suffered a data breach that exposed 138k user records. The data included player names, email and IP addresses and bcrypt password hashes.
\nBreach date: 2 August 2023
\nDate added to HIBP: 3 August 2023
\nCompromised accounts: 138,443
\nCompromised data: Email addresses, IP addresses, Nicknames, Passwords
html
1689458400 Manipulated Caiman - 39,901,389 breached accounts https://haveibeenpwned.com/PwnedWebsites#ManipulatedCaiman
In July 2023, Perception Point reported on a phishing operation dubbed "Manipulated Caiman". Targeting primarily the citizens of Mexico, the campaign attempted to gain access to victims' bank accounts via spear phishing attacks using malicious attachments. Researchers obtained almost 40M email addresses targeted in the campaign and provided the data to HIBP to alert potential victims.
Spam list, used for spam marketing.
\nBreach date: 16 July 2023
\nDate added to HIBP: 15 August 2023
\nCompromised accounts: 39,901,389
\nCompromised data: Email addresses
html
1688853600 Rightbiz - 65,376 breached accounts https://haveibeenpwned.com/PwnedWebsites#Rightbiz
In June 2023, data belonging to the "UK's No.1 Business Marketplace" Rightbiz appeared on a popular hacking forum. Comprising of more than 18M rows of data, the breach included 65k unique email addresses along with names, phone numbers and physical address. Rightbiz didn't respond to mulitple attempts to disclose the incident. The data was provided to HIBP by a source who requested it be attributed to "https://discord.gg/gN9C9em".
\nBreach date: 9 July 2023
\nDate added to HIBP: 11 August 2023
\nCompromised accounts: 65,376
\nCompromised data: Email addresses, Names, Phone numbers, Physical addresses
html
1687212000 Dymocks - 836,120 breached accounts https://haveibeenpwned.com/PwnedWebsites#Dymocks
In September 2023, the Australian book retailer Dymocks announced a data breach. The data dated back to June 2023 and contained 1.2M records with 836k unique email addresses. The breach also exposed names, dates of birth, genders, phone numbers and physical addresses.
\nBreach date: 20 June 2023
\nDate added to HIBP: 8 September 2023
\nCompromised accounts: 836,120
\nCompromised data: Dates of birth, Email addresses, Genders, Names, Phone numbers, Physical addresses
html
1686952800 BreachForums Clone - 4,204 breached accounts https://haveibeenpwned.com/PwnedWebsites#BreachForumsClone
In June 2023, a clone of the previously shuttered popular hacking forum "BreachForums" suffered a data breach that exposed over 4k records. The breach was due to an exposed backup of the MyBB database which included email and IP addresses, usernames and Argon2 password hashes.
\nBreach date: 17 June 2023
\nDate added to HIBP: 25 June 2023
\nCompromised accounts: 4,204
\nCompromised data: Email addresses, IP addresses, Passwords, Usernames
html
1685484000 JD Group - 521,878 breached accounts https://haveibeenpwned.com/PwnedWebsites#JDGroup
In May 2023, the South African retailer JD Group announced a data breach affecting a number of their online assets including Bradlows, Everyshop, HiFi Corp, Incredible (Connection), Rochester, Russells, and Sleepmasters. The breach exposed over 520k unique customer records including names, email and physical addresses, phone numbers and South African ID numbers.
\nBreach date: 31 May 2023
\nDate added to HIBP: 5 June 2023
\nCompromised accounts: 521,878
\nCompromised data: Email addresses, Government issued IDs, Names, Phone numbers, Physical addresses
html
1685311200 Polish Credentials - 1,204,870 breached accounts https://haveibeenpwned.com/PwnedWebsites#PolishCredentials
In May 2023, a credential stuffing list of 6.3M Polish email address and password pairs appeared on a local forum. Likely obtained by malware running on victims' machines, each record included an email address and plain text password alongside the website the credentials were used on. The data included 1.2M unique email addresses.
\nBreach date: 29 May 2023
\nDate added to HIBP: 31 May 2023
\nCompromised accounts: 1,204,870
\nCompromised data: Email addresses, Passwords
html
1681509600 Jobzone - 29,708 breached accounts https://haveibeenpwned.com/PwnedWebsites#Jobzone
In April 2023, data from the Israeli jobs website Jobzone was posted online. The data included 30k records of email addresses, names, social security numbers, genders, dates of birth, fathers' names and physical addresses.
\nBreach date: 15 April 2023
\nDate added to HIBP: 15 August 2023
\nCompromised accounts: 29,708
\nCompromised data: Dates of birth, Email addresses, Family members' names, Genders, Government issued IDs, Names, Phone numbers, Physical addresses
html
1681509600 RentoMojo - 2,185,697 breached accounts https://haveibeenpwned.com/PwnedWebsites#RentoMojo
In April 2023, the Indian rental service RentoMojo suffered a data breach. The breach exposed over 2M unique email addresses along with names, phone, passport and Aadhaar numbers, genders, dates of birth, purchases and bcrypt password hashes.
\nBreach date: 15 April 2023
\nDate added to HIBP: 11 May 2023
\nCompromised accounts: 2,185,697
\nCompromised data: Dates of birth, Email addresses, Genders, Government issued IDs, Names, Passport numbers, Passwords, Phone numbers, Purchases, Social media profiles
html
1680645600 Genesis Market - 8,000,000 breached accounts https://haveibeenpwned.com/PwnedWebsites#GenesisMarket
In April 2023, the stolen identity marketplace Genesis Market was shut down by the FBI and a coalition of law enforcement agencies across the globe in "Operation Cookie Monster". The service traded in "browser fingerprints" which enabled criminals to impersonate victims and access their online services. As many of the impacted accounts did not include email addresses, "8M" is merely an approximation intended to indicate scale. Other personal data compromised by the service included names, addresses and credit card information, although not all individuals had each of these fields exposed.
Sensitive breach, not publicly searchable.
\nBreach date: 5 April 2023
\nDate added to HIBP: 5 April 2023
\nCompromised accounts: 8,000,000
\nCompromised data: Browser user agent details, Credit card CVV, Credit cards, Dates of birth, Email addresses, Names, Passwords, Phone numbers, Physical addresses, Usernames
html
1680213600 Tigo - 700,394 breached accounts https://haveibeenpwned.com/PwnedWebsites#Tigo
In Mid-2023, 300GB of data containing over 100M records from the Chinese video chat platform "Tigo" dating back to March that year was discovered. The data contained over 700k unique names, usernames, email and IP addresses, genders, profile photos and private messages. Tigo did not respond to multiple attempts to disclose the incident.
\nBreach date: 31 March 2023
\nDate added to HIBP: 25 July 2023
\nCompromised accounts: 700,394
\nCompromised data: Device information, Email addresses, Genders, Geographic locations, IP addresses, Names, Private messages, Profile photos, Usernames
html
1678834800 MediaWorks - 162,710 breached accounts https://haveibeenpwned.com/PwnedWebsites#MediaWorks
In March 2024, millions of rows of data from the New Zealand media company MediaWorks was publicly posted to a popular hacking forum. The incident exposed 163k unique email addresses provided by visitors who filled out online competitions and included names, physical addresses, phone numbers, dates of birth, genders and the responses to questions in the competition. Some victims of the breach subsequently received ransom demands requesting payment to have their data deleted.
\nBreach date: 15 March 2023
\nDate added to HIBP: 22 March 2024
\nCompromised accounts: 162,710
\nCompromised data: Dates of birth, Email addresses, Genders, Phone numbers, Physical addresses
html
1678057200 DC Health Link - 48,145 breached accounts https://haveibeenpwned.com/PwnedWebsites#DCHealth
In March 2023, DC Health Link discovered a data breach that was later publicly posted to a popular data breach forum. The impacted data included 48k unique email addresses alongside names, genders, dates of birth, home addresses, phone numbers and social security numbers. The data was provided to HIBP by a source who requested it be attributed to "Aegis" and "IntelBroker".
Sensitive breach, not publicly searchable.
\nBreach date: 6 March 2023
\nDate added to HIBP: 14 December 2023
\nCompromised accounts: 48,145
\nCompromised data: Citizenship statuses, Dates of birth, Email addresses, Employers, Ethnicities, Genders, Names, Phone numbers, Physical addresses, Purchases, Social security numbers
html
1677452400 CityJerks - 177,554 breached accounts https://haveibeenpwned.com/PwnedWebsites#CityJerks
In early 2023, the "mutual masturbation" website CityJerks suffered a data breach that exposed 177k unique email addresses. The breach also included data from the TruckerSucker "dating app for REAL TRUCKERS and REAL MEN" with the combined corpus of data also exposing usernames, IP addresses, dates of birth, sexual orientations, geo locations, private messages between members and passwords stored as salted MD5 hashes. The data was listed on a public hacking site and provided to HIBP by a source who requested it be attributed to "discord.gg/gN9C9em".
Sensitive breach, not publicly searchable.
\nBreach date: 27 February 2023
\nDate added to HIBP: 27 April 2023
\nCompromised accounts: 177,554
\nCompromised data: Bios, Dates of birth, Email addresses, Geographic locations, IP addresses, Passwords, Private messages, Profile photos, Sexual orientations, Usernames
html
1677366000 TheGradCafe - 310,975 breached accounts https://haveibeenpwned.com/PwnedWebsites#TheGradCafe
In February 2023, the grad school admissions search website TheGradCafe suffered a data breach that disclosed the personal records of 310k users. The data included email addresses, names and usernames, genders, geographic locations and passwords stored as bcrypt hashes. Some records also included physical address, phone number and date of birth. TheGradCafe did not respond to multiple attempts to disclose the breach.
\nBreach date: 26 February 2023
\nDate added to HIBP: 24 March 2023
\nCompromised accounts: 310,975
\nCompromised data: Email addresses, Genders, Geographic locations, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Usernames
html
1677279600 Phished Data via CERT Poland - 67,943 breached accounts https://haveibeenpwned.com/PwnedWebsites#CERTPolandPhish
In August 2023, CERT Poland observed a phishing campaign that collected credentials from 68k victims. The campaign collected email addresses and passwords via a phishing email masquerading as a purchase order confirmation. CERT Poland identified a further 202 other phishing campaigns operating on the same C2 server, which has now been dismantled.
\nBreach date: 25 February 2023
\nDate added to HIBP: 31 August 2023
\nCompromised accounts: 67,943
\nCompromised data: Email addresses, Passwords
html
1677020400 HDB Financial Services - 1,658,750 breached accounts https://haveibeenpwned.com/PwnedWebsites#HDBFinancialServices
In March 2023, the Indian non-bank lending unit HDB Financial Services suffered a data breach that disclosed over 70M customer records. Containing 1.6M unique email addresses, the breach also disclosed names, dates of birth, phone numbers, genders, post codes and loan information belonging to the customers.
\nBreach date: 22 February 2023
\nDate added to HIBP: 11 March 2023
\nCompromised accounts: 1,658,750
\nCompromised data: Dates of birth, Email addresses, Genders, Geographic locations, Loan information, Names, Phone numbers
html
1676502000 The Kodi Foundation - 400,635 breached accounts https://haveibeenpwned.com/PwnedWebsites#KodiFoundation
In February 2023, The Kodi Foundation suffered a data breach that exposed more than 400k user records. Attributed to an account belonging to "a trusted but currently inactive member of the forum admin team", the breach involved the administrator account creating a database backup that was subsequently downloaded before being sold on a hacking forum. The breach exposed email and IP addresses, usernames, genders and passwords stored as MyBB salted hashes. The Kodi Foundation elected to self-submit impacted email addresses to HIBP.
\nBreach date: 16 February 2023
\nDate added to HIBP: 13 April 2023
\nCompromised accounts: 400,635
\nCompromised data: Browser user agent details, Dates of birth, Email addresses, IP addresses, Passwords, Private messages, Usernames
html
1675206000 Convex - 150,129 breached accounts https://haveibeenpwned.com/PwnedWebsites#Convex
In February 2023, the Russian telecommunications provider Convex was hacked by "Anonymous" who subsequently released 128GB of data publicly, alleging it revealed illegal government surveillance. The leaked data contained 150k unique email, IP and physical addresses, names and phone numbers.
\nBreach date: 1 February 2023
\nDate added to HIBP: 26 February 2023
\nCompromised accounts: 150,129
\nCompromised data: Email addresses, IP addresses, Names, Phone numbers
html
1675206000 Terravision - 2,075,625 breached accounts https://haveibeenpwned.com/PwnedWebsites#Terravision
In February 2023, the European airport transfers service Terravision suffered a data breach. The breach exposed over 2M records of customer data including names, phone numbers, email addresses, salted password hashes and in some cases, date of birth and country of origin. Terravision did not respond to multiple attempts by individuals period over a period of months to report the incident.
\nBreach date: 1 February 2023
\nDate added to HIBP: 23 April 2023
\nCompromised accounts: 2,075,625
\nCompromised data: Dates of birth, Email addresses, Geographic locations, Names, Passwords, Phone numbers
html
1674601200 Eye4Fraud - 16,000,591 breached accounts https://haveibeenpwned.com/PwnedWebsites#Eye4Fraud
In February 2023, data alleged to have been taken from the fraud protection service Eye4Fraud was listed for sale on a popular hacking forum. Spanning tens of millions of rows with 16M unique email addresses, the data was spread across 147 tables totalling 65GB and included both direct users of the service and what appears to be individuals who'd placed orders on other services that implemented Eye4Fraud to protect their sales. The data included names and bcrypt password hashes for users, and names, phone numbers, physical addresses and partial credit card data (card type and last 4 digits) for orders placed using the service. Eye4Fraud did not respond to multiple attempts to report the incident.
\nBreach date: 25 January 2023
\nDate added to HIBP: 6 March 2023
\nCompromised accounts: 16,000,591
\nCompromised data: Email addresses, IP addresses, Names, Partial credit card data, Passwords, Phone numbers, Physical addresses
html
1674514800 Duolingo - 2,676,696 breached accounts https://haveibeenpwned.com/PwnedWebsites#Duolingo
In August 2023, 2.6M records of data scraped from Duolingo were broadly distributed on a popular hacking forum. Obtained by enumerating a vulnerable API, the data had earlier appeared for sale in January 2023 and contained email addresses, names, the languages being learned, XP (experience points), and other data related to learning progress on Duolingo. Whilst some of the data attributes are intentionally public, the ability to map private email addresses to them presents an ongoing risk to user privacy.
\nBreach date: 24 January 2023
\nDate added to HIBP: 23 August 2023
\nCompromised accounts: 2,676,696
\nCompromised data: Email addresses, Names, Spoken languages, Usernames
html
1673737200 School District 42 - 18,850 breached accounts https://haveibeenpwned.com/PwnedWebsites#SchoolDistrict42
In January 2023, Pitt Meadows School District 42 in British Columbia suffered a data breach. The incident exposed the names and email addresses of approximately 19k students and staff which were consequently redistributed on a popular hacking forum.
\nBreach date: 15 January 2023
\nDate added to HIBP: 2 February 2023
\nCompromised accounts: 18,850
\nCompromised data: Email addresses, Names
html
1673650800 Planet Ice - 240,488 breached accounts https://haveibeenpwned.com/PwnedWebsites#PlanetIce
In January 2023, the UK-based ice skating rink booking service Planet Ice suffered a data breach. The incident exposed the personal data of 240k people including email and physical addresses, phone numbers, genders, dates of birth and passwords stored as MD5 hashes. The data also included the names, genders and dates of birth of children having parties.
\nBreach date: 14 January 2023
\nDate added to HIBP: 31 January 2023
\nCompromised accounts: 240,488
\nCompromised data: Dates of birth, Email addresses, Genders, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Purchases
html
1673132400 Zurich - 756,737 breached accounts https://haveibeenpwned.com/PwnedWebsites#Zurich
In January 2023, the Japanese arm of Zurich insurance suffered a data breach that exposed 2.6M customer records with over 756k unique email addresses. The data was subsequently posted to a popular hacking forum and also included names, genders, dates of birth and details of insured vehicles. The data was provided to HIBP by a source who requested it be attributed to "IntelBroker".
\nBreach date: 8 January 2023
\nDate added to HIBP: 22 January 2023
\nCompromised accounts: 756,737
\nCompromised data: Dates of birth, Email addresses, Genders, Names, Vehicle details
html
1672959600 Autotrader - 20,032 breached accounts https://haveibeenpwned.com/PwnedWebsites#Autotrader
In January 2023, 1.4M records from the Autotrader online vehicle marketplace appeared on a popular hacking forum. Autotrader stated that the "data in question relates to aged listing data that was generally publicly available on our site at the time and open to automated collection methods". The data contained 20k unique email addresses alongside physical addresses and phone numbers of dealers and vehicle details including VIN numbers. The data was provided to HIBP by a source who requested it be attributed to "IntelBroker".
\nBreach date: 6 January 2023
\nDate added to HIBP: 23 January 2023
\nCompromised accounts: 20,032
\nCompromised data: Email addresses, Phone numbers, Physical addresses, Vehicle details, Vehicle identification numbers (VINs)
html
1672700400 iD Tech - 415,121 breached accounts https://haveibeenpwned.com/PwnedWebsites#iDTech
In February 2023, the tech camps for kids service iD Tech had almost 1M records posted to a popular hacking forum. The data included 415k unique email addresses, names, dates of birth and plain text passwords which appear to have been breached in the previous month. iD Tech did not respond to multiple attempts to report the incident.
\nBreach date: 3 January 2023
\nDate added to HIBP: 6 March 2023
\nCompromised accounts: 415,121
\nCompromised data: Dates of birth, Email addresses, Names, Passwords
html
1672009200 RailYatri - 23,209,732 breached accounts https://haveibeenpwned.com/PwnedWebsites#RailYatri
In December 2022, India’s government-approved online travel agency RailYatri suffered a data breach. The incident impacted over 31M customers and exposed 23M unique email addresses. Also impacted were names, genders, phone numbers and tickets purchased, including travel information and fares.
\nBreach date: 26 December 2022
\nDate added to HIBP: 5 December 2023
\nCompromised accounts: 23,209,732
\nCompromised data: Email addresses, Genders, Names, Phone numbers, Purchases
html
1670886000 Gemini - 5,274,214 breached accounts https://haveibeenpwned.com/PwnedWebsites#Gemini
In late 2022, data allegedly taken from the Gemini crypto exchange was posted to a public hacking forum. The data consisted of email addresses and partial phone numbers, which Gemini later attributed to an incident at a third-party vendor (the vendor was not named). The data was provided to HIBP by a source who requested it be attributed to "ZAN @ BF".
\nBreach date: 13 December 2022
\nDate added to HIBP: 16 December 2022
\nCompromised accounts: 5,274,214
\nCompromised data: Email addresses, Partial phone numbers
html
1670713200 SevenRooms - 1,205,385 breached accounts https://haveibeenpwned.com/PwnedWebsites#SevenRooms
In December 2022, over 400GB of data belonging to restaurant customer management platform SevenRooms was posted for sale to a popular hacking forum. The data included 1.2M unique email addresses alongside names and purchases. SevenRooms advised that the breach was due to unauthorised access of "a file transfer interface of a third-party vendor".
\nBreach date: 11 December 2022
\nDate added to HIBP: 24 August 2023
\nCompromised accounts: 1,205,385
\nCompromised data: Email addresses, Names, Purchases
html
1670108400 Activision - 16,006 breached accounts https://haveibeenpwned.com/PwnedWebsites#Activision
In December 2022, attackers socially engineered an Activision HR employee into disclosing information which led to the breach of almost 20k employee records. The data contained 16k unique email addresses along with names, phone numbers, job titles and the office location of the employee. Activision advised that no sensitive employee information was included in the breach.
\nBreach date: 4 December 2022
\nDate added to HIBP: 3 October 2023
\nCompromised accounts: 16,006
\nCompromised data: Email addresses, Geographic locations, Job titles, Names, Phone numbers
html
1670022000 GunAuction.com - 565,470 breached accounts https://haveibeenpwned.com/PwnedWebsites#GunAuction
In December 2022, the online firearms auction website GunAuction.com suffered a data breach which was later discovered left unprotected on the hacker's server. The data included over 565k user records with extensive personal data including email, IP and physical addresses, names, phone numbers, genders, years of birth, credit card type and passwords stored in plain text. The leaked identities could subsequently be matched to firearms listed for sale on the website.
\nBreach date: 3 December 2022
\nDate added to HIBP: 2 March 2023
\nCompromised accounts: 565,470
\nCompromised data: Browser user agent details, Email addresses, Genders, IP addresses, Partial credit card data, Partial dates of birth, Passwords, Phone numbers, Physical addresses, Usernames
html
1669849200 CoinTracker - 1,557,153 breached accounts https://haveibeenpwned.com/PwnedWebsites#CoinTracker
In December 2022, the Crypto & NFT taxes service CoinTracker reported a data breach that impacted over 1.5M of their customers. The company later attributed the breach to a compromise SendGrid in an attack that targeted multiple customers of the email provider. The breach exposed email addresses and partially redacted phone numbers, with CoinTracker advising that the later did not originate from their service.
\nBreach date: 1 December 2022
\nDate added to HIBP: 12 December 2022
\nCompromised accounts: 1,557,153
\nCompromised data: Email addresses, Partial phone numbers
html
1669676400 BreachForums - 212,156 breached accounts https://haveibeenpwned.com/PwnedWebsites#BreachForums
In November 2022, the well-known hacking forum "BreachForums" was itself, breached. Later the following year, the operator of the website was arrested and the site seized by law enforcement agencies. The breach exposed 212k records including usernames, IP and email addresses, private messages between site members and passwords stored as argon2 hashes. The data was provided to HIBP by a source who requested it be attributed to "breached_db_person".
\nBreach date: 29 November 2022
\nDate added to HIBP: 26 July 2023
\nCompromised accounts: 212,156
\nCompromised data: Email addresses, IP addresses, Passwords, Private messages, Usernames
html
1669244400 Movie Forums - 39,914 breached accounts https://haveibeenpwned.com/PwnedWebsites#MovieForums
In December 2022, the Movie Forums website suffered a data breach that affected 40k users. The breach exposed email and IP addresses, usernames, dates of birth and passwords stored as easily crackable salted MD5 hashes. The data was subsequently posted a popular clear web hacking forum.
\nBreach date: 24 November 2022
\nDate added to HIBP: 8 December 2023
\nCompromised accounts: 39,914
\nCompromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames
html
1668726000 Avito - 2,721,835 breached accounts https://haveibeenpwned.com/PwnedWebsites#Avito
In November 2022, the Moroccan e-commerce service Avito suffered a data breach that exposed the personal information of 2.7M customers. The data included name, email, phone, IP address and geographic location.
\nBreach date: 18 November 2022
\nDate added to HIBP: 14 November 2023
\nCompromised accounts: 2,721,835
\nCompromised data: Email addresses, Geographic locations, IP addresses, Names, Phone numbers
html
1668639600 Washington State Food Worker Card - 1,594,305 breached accounts https://haveibeenpwned.com/PwnedWebsites#WashingtonStateFoodWorkerCard
In June 2023, the Tacoma-Pierce County Health Department announced a data breach of their Washington State Food Worker Card online training system. The breach was published to a popular hacking forum the year before and dated back to a 2018 database backup. Included in the data were 1.6M unique email addresses along with names, post codes, dates of birth and approximately 9.5k driver's licence numbers.
\nBreach date: 17 November 2022
\nDate added to HIBP: 31 March 2024
\nCompromised accounts: 1,594,305
\nCompromised data: Dates of birth, Driver's licenses, Email addresses, Geographic locations, Names
html
1668466800 Abandonia (2022) - 919,790 breached accounts https://haveibeenpwned.com/PwnedWebsites#Abandonia2022
In November 2022, the gaming website dedicated to classic DOS games Abandonia suffered a data breach resulting in the exposure of 920k unique user records. This breach was in addition to another one 7 years earlier in 2015. The data contained email and IP addresses, usernames and salted MD5 hashes of passwords.
\nBreach date: 15 November 2022
\nDate added to HIBP: 7 December 2022
\nCompromised accounts: 919,790
\nCompromised data: Email addresses, IP addresses, Passwords, Usernames
html
1667257200 MyPertamina - 5,970,416 breached accounts https://haveibeenpwned.com/PwnedWebsites#MyPertamina
In November 2022, the Indonesian oil and gas company Pertamina suffered a data breach of their MyPertamina service. The incident exposed 44M records with 6M unique email addresses along with names, dates of birth, genders, physical addresses and purchases.
\nBreach date: 1 November 2022
\nDate added to HIBP: 27 January 2024
\nCompromised accounts: 5,970,416
\nCompromised data: Dates of birth, Email addresses, Genders, Names, Phone numbers, Physical addresses, Purchases
html
1666389600 RealDudesInc - 101,543 breached accounts https://haveibeenpwned.com/PwnedWebsites#RealDudesInc
In October 2022, the GTA mod menu provider RealDudesInc suffered a data breach that exposed over 100k email addresses (many of which are temporary guest account addresses). The breach also included usernames and bcrypt password hashes.
\nBreach date: 22 October 2022
\nDate added to HIBP: 19 February 2023
\nCompromised accounts: 101,543
\nCompromised data: Email addresses, Passwords, Usernames
html
1665525600 Doomworld - 34,478 breached accounts https://haveibeenpwned.com/PwnedWebsites#Doomworld
In October 2022, the Doomworld fourm suffered a data breach that exposed 34k member records. The data included email and IP addresses, usernames and bcrypt password hashes.
\nBreach date: 12 October 2022
\nDate added to HIBP: 24 October 2022
\nCompromised accounts: 34,478
\nCompromised data: Email addresses, IP addresses, Passwords, Usernames
html
1664575200 Locally - 362,619 breached accounts https://haveibeenpwned.com/PwnedWebsites#Locally
In October 2022, "The Industry's Leading Online-to-Offline Shopping Solution" Locally suffered a data breach. Whilst Locally acknowledged the breach privately, it's unknown whether impacted customers were subsequently notified of the incident which exposed over 362k names, phone numbers, email and physical addresses, purchases, credit card type and last four digits and bcrypt password hashes.
\nBreach date: 1 October 2022
\nDate added to HIBP: 10 July 2023
\nCompromised accounts: 362,619
\nCompromised data: Email addresses, Partial credit card data, Passwords, Phone numbers, Physical addresses, Purchases
html
1663970400 ClickASnap - 3,262,980 breached accounts https://haveibeenpwned.com/PwnedWebsites#ClickASnap
In September 2022, the online photo sharing platform ClickASnap suffered a data breach. The incident exposed almost 3.3M personal records including email addresses, usernames and passwords stored as SHA-512 hashes. Further, a collection of paid subscriptions were also included and contained names, physical addresses and amounts paid.
\nBreach date: 24 September 2022
\nDate added to HIBP: 13 March 2024
\nCompromised accounts: 3,262,980
\nCompromised data: Email addresses, Names, Passwords, Physical addresses, Purchases, Social media profiles, Usernames
html
1663538400 Online Trade (Онлайн Трейд) - 3,805,265 breached accounts https://haveibeenpwned.com/PwnedWebsites#OnlineTrade
In September 2022, the Russian e-commerce website Online Trade (Онлайн Трейд) suffered a data breach that exposed 3.8M customer records. The data included email and IP addresses, names, phone numbers, dates of birth and MD5 password hashes.
\nBreach date: 19 September 2022
\nDate added to HIBP: 7 March 2024
\nCompromised accounts: 3,805,265
\nCompromised data: Dates of birth, Email addresses, IP addresses, Names, Passwords, Phone numbers
html
1662674400 Get Revenge On Your Ex - 79,195 breached accounts https://haveibeenpwned.com/PwnedWebsites#GetRevengeOnYourEx
In September 2022, the revenge website Get Revenge On Your Ex suffered a data breach that exposed almost 80k unique email addresses. The data spanned both customers and victims including names, IP and physical addresses, phone numbers, purchase histories and plain text passwords. The data was subsequently shared on a public hacking forum, Get Revenge On Your Ex did not reply when contacted.
Sensitive breach, not publicly searchable.
\nBreach date: 9 September 2022
\nDate added to HIBP: 15 November 2022
\nCompromised accounts: 79,195
\nCompromised data: Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Purchases
html
1662156000 APK.TW - 2,451,197 breached accounts https://haveibeenpwned.com/PwnedWebsites#APKTW
In September 2022, the Taiwanese Android forum APK.TW suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 2.5M unique email addresses along with IP addresses, usernames and salted MD5 password hashes.
\nBreach date: 3 September 2022
\nDate added to HIBP: 9 March 2024
\nCompromised accounts: 2,451,197
\nCompromised data: Email addresses, IP addresses, Passwords, Usernames
html
1662069600 Flipkart - 552,094 breached accounts https://haveibeenpwned.com/PwnedWebsites#Flipkart
In September 2022, over 500k customer records from the Indian e-commerce service Flipkart appeared on a popular hacking forum. The breach exposed email addresses, latitudes and longitudes, names and phone numbers.
\nBreach date: 2 September 2022
\nDate added to HIBP: 12 March 2024
\nCompromised accounts: 552,094
\nCompromised data: Email addresses, Geographic locations, Names, Phone numbers
html
1661637600 Wakanim - 6,706,951 breached accounts https://haveibeenpwned.com/PwnedWebsites#Wakanim
In August 2022, the European streaming service Wakanim suffered a data breach which was subsequently advertised and sold on a popular hacking forum. The breach exposed 6.7M customer records including email, IP and physical addresses, names and usernames.
\nBreach date: 28 August 2022
\nDate added to HIBP: 7 October 2022
\nCompromised accounts: 6,706,951
\nCompromised data: Browser user agent details, Email addresses, IP addresses, Names, Physical addresses, Usernames
html
1661378400 TAP Air Portugal - 6,083,479 breached accounts https://haveibeenpwned.com/PwnedWebsites#TAPAirPortugal
In August 2022, the Portuguese airline TAP Air Portugal was the target of a ransomware attack perpetrated by the Ragnar Locker gang who later leaked the compromised data via a public dark web site. Over 5M unique email addresses were exposed alongside other personal data including names, genders, DoBs, phone numbers and physical addresses.
\nBreach date: 25 August 2022
\nDate added to HIBP: 23 September 2022
\nCompromised accounts: 6,083,479
\nCompromised data: Dates of birth, Email addresses, Genders, Names, Nationalities, Phone numbers, Physical addresses, Salutations, Spoken languages
html
1660428000 Brand New Tube - 349,627 breached accounts https://haveibeenpwned.com/PwnedWebsites#BrandNewTube
In August 2022, the streaming website Brand New Tube suffered a data breach that exposed the personal information of almost 350k subscribers. The impacted data included email and IP addresses, usernames, genders, passwords stored as unsalted SHA-1 hashes and private messages.
\nBreach date: 14 August 2022
\nDate added to HIBP: 8 September 2022
\nCompromised accounts: 349,627
\nCompromised data: Email addresses, Genders, IP addresses, Passwords, Private messages, Usernames
html
1660168800 GGCorp - 2,376,330 breached accounts https://haveibeenpwned.com/PwnedWebsites#GGCorp
In August 2022, the MMORPG website GGCorp suffered a data breach that exposed almost 2.4M unique email addresses. The data also included IP addresses, usernames and MD5 password hashes.
\nBreach date: 11 August 2022
\nDate added to HIBP: 8 November 2022
\nCompromised accounts: 2,376,330
\nCompromised data: Email addresses, IP addresses, Passwords, Usernames
html
1660168800 iMenu360 - 3,425,860 breached accounts https://haveibeenpwned.com/PwnedWebsites#iMenu360
In approximately late 2022, 3.4M customer records from iMenu360 ("The world's #1 most trusted online ordering platform") were exposed. The data appeared to be from ordering systems using the platform and contained email and physical addresses, latitudes and longitudes, names and phone numbers. Numerous attempts were made to contact iMenu360 about the incident between April and August 2023, but no response was received.
\nBreach date: 11 August 2022
\nDate added to HIBP: 17 August 2023
\nCompromised accounts: 3,425,860
\nCompromised data: Email addresses, Names, Phone numbers, Physical addresses
html
1659909600 Shitexpress - 23,817 breached accounts https://haveibeenpwned.com/PwnedWebsites#Shitexpress
In August 2022, the online faeces delivery service Shitexpress suffered a data breach that exposed 24k unique email addresses. The addresses spanned invoices, gift cards, promotions and PayPal records. The breach also exposed the IP and email addresses of senders, physical addresses of recipients and messages accompanying the shit delivery.
Sensitive breach, not publicly searchable.
\nBreach date: 8 August 2022
\nDate added to HIBP: 17 August 2022
\nCompromised accounts: 23,817
\nCompromised data: Email addresses, IP addresses, Names, Physical addresses, Private messages, Purchases
html
1659391200 DoorDash - 367,476 breached accounts https://haveibeenpwned.com/PwnedWebsites#DoorDash
In August 2022, the food ordering and delivery service DoorDash disclosed a data breach that impacted a portion of their customers. DoorDash attributed the breach to an unnamed "third-party vendor" they stated was the victim of a phishing campaign. The incident exposed 367k unique personal email addresses alongside names, post codes and partial card data, namely the brand, expiry data and last four digits of the card.
\nBreach date: 2 August 2022
\nDate added to HIBP: 7 January 2023
\nCompromised accounts: 367,476
\nCompromised data: Email addresses, Geographic locations, Names, Partial credit card data
html
1658354400 Exvagos - 2,121,789 breached accounts https://haveibeenpwned.com/PwnedWebsites#Exvagos
In July 2022, the direct download website Exvagos suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 2.1M unique email addresses along with IP addresses, usernames, dates of birth and MD5 password hashes.
\nBreach date: 21 July 2022
\nDate added to HIBP: 28 March 2024
\nCompromised accounts: 2,121,789
\nCompromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames
html
1658095200 Hjedd - 13,204,029 breached accounts https://haveibeenpwned.com/PwnedWebsites#Hjedd
In July 2022, the Chinese adult website Hjedd was found to be leaking more than 13M customer records which subsequently appeared on a popular hacking forum. The exposed data included email and IP addresses, usernames and passwords stored as bcrypt hashes.
Sensitive breach, not publicly searchable.
\nBreach date: 18 July 2022
\nDate added to HIBP: 5 October 2023
\nCompromised accounts: 13,204,029
\nCompromised data: Email addresses, IP addresses, Passwords, Usernames
html
1657663200 OGUsers (2022 breach) - 529,020 breached accounts https://haveibeenpwned.com/PwnedWebsites#OGUsers2022
In July 2022, the account hijacking and SIM swapping forum OGusers suffered a data breach, the fifth since December 2018. The breach contained usernames, email and IP addresses and passwords stored as argon2 hashes. A total of 529k unique email addresses appeared in the breach.
\nBreach date: 13 July 2022
\nDate added to HIBP: 14 April 2023
\nCompromised accounts: 529,020
\nCompromised data: Email addresses, IP addresses, Passwords, Usernames
html
1657490400 Weee - 1,117,405 breached accounts https://haveibeenpwned.com/PwnedWebsites#Weee
In February 2023, data belonging to the Asian and Hispanic food delivery service Weee appeared on a popular hacking forum. Dating back to mid-2022, the data included 1.1M unique email addresses from 11M rows of orders containing names, phone numbers and delivery instructions.
\nBreach date: 11 July 2022
\nDate added to HIBP: 9 February 2023
\nCompromised accounts: 1,117,405
\nCompromised data: Delivery instructions, Email addresses, Names, Phone numbers, Purchases
html
1656885600 La Poste Mobile - 533,886 breached accounts https://haveibeenpwned.com/PwnedWebsites#LaPosteMobile
In July 2022, the French telecommunications company La Poste Mobile was the target of an attack by the LockBit ransomware which resulted in company data being published publicly. The impacted data included 533k unique email addresses along with names, physical addresses, phone numbers, dates of births, genders and banking information. 10 days after the attack, the La Poste Mobile website remained offline.
\nBreach date: 4 July 2022
\nDate added to HIBP: 14 July 2022
\nCompromised accounts: 533,886
\nCompromised data: Bank account numbers, Dates of birth, Email addresses, Genders, Names, Phone numbers, Physical addresses
html
1654034400 MemeChat - 4,348,570 breached accounts https://haveibeenpwned.com/PwnedWebsites#MemeChat
In mid-2022, "the ultimate hub of memes" MemeChat suffered a data breach that exposed 7.4M records. Alleged to be due to a misconfigured Elasticsearch instance, the data contained 4.3M unique email addresses alongside usernames.
\nBreach date: 1 June 2022
\nDate added to HIBP: 29 October 2023
\nCompromised accounts: 4,348,570
\nCompromised data: Email addresses, Usernames
html
1653084000 QuestionPro - 22,229,637 breached accounts https://haveibeenpwned.com/PwnedWebsites#QuestionPro
In May 2022, the survey website QuestionPro was the target of an extortion attempt relating to an alleged data breach. Over 100GB of data containing 22M unique email addresses (some of which appear to be generated by the platform), are alleged to have been extracted from the service along with IP addresses, browser user agents and results relating to surveys. QuestionPro would not confirm whether a breach had occurred (although they did confirm they were the target of an extortion attempt), so the data was initially flagged as "unverified". Subsequent verification by impacted HIBP subscribers later led to the removal of the unverified flag.
\nBreach date: 21 May 2022
\nDate added to HIBP: 5 August 2022
\nCompromised accounts: 22,229,637
\nCompromised data: Browser user agent details, Email addresses, IP addresses, Survey results
html
1652652000 Amart Furniture - 108,940 breached accounts https://haveibeenpwned.com/PwnedWebsites#AmartFurniture
In May 2022, the Australian retailer Amart Furniture advised that their warranty claims database hosted on Amazon Web Services had been the target of a cyber attack. Over 100k records containing email and physical address, names, phone numbers and passwords stored as bcrypt hashes were exposed and shared online by the attacker.
\nBreach date: 16 May 2022
\nDate added to HIBP: 26 May 2022
\nCompromised accounts: 108,940
\nCompromised data: Email addresses, Names, Passwords, Phone numbers, Physical addresses
html
1652392800 Mangatoon - 23,040,238 breached accounts https://haveibeenpwned.com/PwnedWebsites#Mangatoon
In May 2022, the Hong Kong based Manga service Mangatoon suffered a data breach that exposed 23M subscriber records. The breach exposed names, email addresses, genders, social media account identities, auth tokens from social logins and passwords stored as salted MD5 hashes. Mangatoon did not respond to multiple attempts to make contact regarding the breach.
\nBreach date: 13 May 2022
\nDate added to HIBP: 6 July 2022
\nCompromised accounts: 23,040,238
\nCompromised data: Auth tokens, Avatars, Email addresses, Genders, Names, Passwords, Social media profiles, Usernames
html
1651788000 BlackBerry Fans - 174,168 breached accounts https://haveibeenpwned.com/PwnedWebsites#BlackBerryFans
In May 2022, the Chinese BlackBerry enthusiasts website BlackBerry Fans suffered a data breach that exposed 174k member records. The impacted data included usernames, email and IP addresses and passwords stored as salted MD5 hashes.
\nBreach date: 6 May 2022
\nDate added to HIBP: 16 May 2022
\nCompromised accounts: 174,168
\nCompromised data: Email addresses, IP addresses, Passwords, Usernames
html
1651269600 Fanpass - 112,251 breached accounts https://haveibeenpwned.com/PwnedWebsites#Fanpass
In April 2022, the UK based website for buying and selling soccer tickets Fanpass suffered a data breach which exposed 112k customer records. Impacted data includes names, phone numbers, physical addresses, purchase histories and salted password hashes. The data was provided to HIBP by a source who requested it be attributed to "breaches.net".
\nBreach date: 30 April 2022
\nDate added to HIBP: 24 May 2022
\nCompromised accounts: 112,251
\nCompromised data: Email addresses, Genders, Names, Partial dates of birth, Passwords, Phone numbers, Physical addresses, Purchases, Social media profiles
html
1651183200 PaySystem.tech - 1,410,764 breached accounts https://haveibeenpwned.com/PwnedWebsites#PaySystemTech
In mid-2022, data alleged to have been sourced from the Russian payment provider PaySystem.tech appeared in hacking circles where it was made publicly available for download. Consisting of 16M rows with 1.4M unique email addresses, the data also included purchases and full credit card numbers and expiry dates. The data could not be independently attributed back to PaySystem.tech and the breach has been flagged as "unverified".
Unverified breach, may be sourced from elsewhere.
\nBreach date: 29 April 2022
\nDate added to HIBP: 9 October 2023
\nCompromised accounts: 1,410,764
\nCompromised data: Credit cards, Email addresses, Purchases
html
1649973600 E-Pal - 108,887 breached accounts https://haveibeenpwned.com/PwnedWebsites#EPal
In October 2022, the service dedicated to finding friends on Discord known as E-Pal disclosed a data breach. The compromised data included over 100k unique email addresses and usernames spanning approximately 1M orders. The data was subsequently distributed via a popular hacking forum.
\nBreach date: 15 April 2022
\nDate added to HIBP: 24 October 2022
\nCompromised accounts: 108,887
\nCompromised data: Email addresses, Purchases, Usernames
html
1648335600 PayHere - 1,580,249 breached accounts https://haveibeenpwned.com/PwnedWebsites#PayHere
In late March 2022, the Sri Lankan payment gateway PayHere suffered a data breach that exposed more than 65GB of payment records including over 1.5M unique email addresses. The data also included IP and physical addresses, names, phone numbers, purchase histories and partially obfuscated credit card data (card type, first 6 and last 4 digits plus expiry date). A month later, PayHere published a blog on the incident titled Ensuring Integrity on PayHere Cybersecurity Incident.
\nBreach date: 27 March 2022
\nDate added to HIBP: 2 May 2022
\nCompromised accounts: 1,580,249
\nCompromised data: Email addresses, IP addresses, Names, Partial credit card data, Phone numbers, Physical addresses, Purchases
html
1647212400 Viva Air - 932,232 breached accounts https://haveibeenpwned.com/PwnedWebsites#VivaAir
In March 2022, the now defunct Columbian airline Viva Air suffered a data breach and subsequent ransomware attack. Among a trove of other ransomed data, the incident exposed a log of 2.6M transactions with 932k unique email addresses, physical and IP addresses, names, phone numbers and partial credit card data (last 4 digits).
\nBreach date: 14 March 2022
\nDate added to HIBP: 11 September 2023
\nCompromised accounts: 932,232
\nCompromised data: Email addresses, IP addresses, Names, Partial credit card data, Phone numbers, Physical addresses, Purchases
html
1646780400 CDEK - 19,218,203 breached accounts https://haveibeenpwned.com/PwnedWebsites#CDEK
In early 2022, a collective known as IT Army whose stated goal is to "completely de-anonymise most Russian users by leaking hundreds of gigabytes of databases" published over 30GB of data allegedly sourced from Russian courier service CDEK. The data contained over 19M unique email addresses along with names and phone numbers. The authenticity of the breach could not be independently established and has been flagged as "unverfieid".
Unverified breach, may be sourced from elsewhere.
\nBreach date: 9 March 2022
\nDate added to HIBP: 17 March 2022
\nCompromised accounts: 19,218,203
\nCompromised data: Email addresses, Names, Phone numbers
html
1646434800 CraftRise - 2,532,527 breached accounts https://haveibeenpwned.com/PwnedWebsites#CraftRise
In May 2023, news broke of a data breach of the Turkish Minecraft server known as CraftRise. The data of over 2.5M users was subsequently shared on a popular hacking forum and included email addresses, usernames, geographic locations and plain text passwords. The newest records indicate the data was obtained in March 2022.
\nBreach date: 5 March 2022
\nDate added to HIBP: 8 August 2023
\nCompromised accounts: 2,532,527
\nCompromised data: Email addresses, Geographic locations, Passwords, Usernames
html
1645570800 NVIDIA - 71,335 breached accounts https://haveibeenpwned.com/PwnedWebsites#NVIDIA
In February 2022, microchip company NVIDIA suffered a data breach that exposed employee credentials and proprietary code. Impacted data included over 70k employee email addresses and NTLM password hashes, many of which were subsequently cracked and circulated within the hacking community.
\nBreach date: 23 February 2022
\nDate added to HIBP: 3 March 2022
\nCompromised accounts: 71,335
\nCompromised data: Email addresses, Passwords
html