Have I Been Pwned (HIBP) Bridge

In November 2023, the kitchen management application KitchenPal suffered a data breach that exposed 146k lines of data. When contacted about the incident, KitchenPal advised the corpus of data came from a staging environment, although acknowledged it contained a small number of users for debugging purposes and included passwords that could not be used. Impacted data included almost 100k email addresses, names, geolocations and incomplete data on dates of birth, genders, height and weight, social media profile identifiers and bcrypt password hashes.

Breach date: 14 November 2023
Date added to HIBP: 24 November 2023
Compromised accounts: 98,726
Compromised data: Dates of birth, Email addresses, Genders, Geographic locations, Names, Passwords, Physical attributes, Social media profiles

In November 2023, over 800k user records were scraped from the Chess website and posted to a popular hacking forum. The data included email address, name, username and the geographic location of the user.

Breach date: 8 November 2023
Date added to HIBP: 10 November 2023
Compromised accounts: 827,620
Compromised data: Email addresses, Geographic locations, Names, Usernames

In November 2023, a post to a popular hacking forum alleged that millions of LinkedIn records had been scraped and leaked. On investigation, the data turned out to be a combination of legitimate data scraped from LinkedIn and email addresses constructed from impacted individuals' names.

Spam list, used for spam marketing.

Breach date: 4 November 2023
Date added to HIBP: 7 November 2023
Compromised accounts: 19,788,753
Compromised data: Email addresses, Genders, Geographic locations, Job titles, Names, Professional skills, Social media profiles

In October 2023, the Japanese consultancy firm Toumei suffered a data breach. The breach exposed over 100M lines and 10GB of data including 77k unique email addresses along with names, phone numbers and physical addresses.

Breach date: 18 October 2023
Date added to HIBP: 27 October 2023
Compromised accounts: 76,682
Compromised data: Email addresses, Names, Phone numbers, Physical addresses

In September 2023, over 1M rows of data from the educational robots company Sphero was posted to a popular hacking forum. The data contained 832k unique email addresses alongside names, usernames, dates of birth and geographic locations.

Breach date: 9 September 2023
Date added to HIBP: 20 October 2023
Compromised accounts: 832,255
Compromised data: Dates of birth, Email addresses, Geographic locations, Names, Usernames

In August 2023, the US Justice Department announced a multinational operation involving actions in the United States, France, Germany, the Netherlands, and the United Kingdom to disrupt the botnet and malware known as Qakbot and take down its infrastructure. After the takedown, 6.43M email addresses were provided to HIBP to help notify victims of the malware.

Sensitive breach, not publicly searchable.
Malware breach.

Breach date: 29 August 2023
Date added to HIBP: 29 August 2023
Compromised accounts: 6,431,319
Compromised data: Email addresses, Passwords

In August 2023, PlayCyberGames which "allows users to play any games with LAN function or games using IP address" suffered a data breach which exposed 3.7M customer records. The data included email addresses, usernames and MD5 password hashes with a constant value in the "salt" field. PlayCyberGames did not respond to multiple attempts to disclose the breach.

Breach date: 9 August 2023
Date added to HIBP: 31 August 2023
Compromised accounts: 3,681,753
Compromised data: Email addresses, Passwords, Usernames

In August 2023, the MagicDuel Adventure website suffered a data breach that exposed 138k user records. The data included player names, email and IP addresses and bcrypt password hashes.

Breach date: 2 August 2023
Date added to HIBP: 3 August 2023
Compromised accounts: 138,443
Compromised data: Email addresses, IP addresses, Nicknames, Passwords

In July 2023, Perception Point reported on a phishing operation dubbed "Manipulated Caiman". Targeting primarily the citizens of Mexico, the campaign attempted to gain access to victims' bank accounts via spear phishing attacks using malicious attachments. Researchers obtained almost 40M email addresses targeted in the campaign and provided the data to HIBP to alert potential victims.

Spam list, used for spam marketing.

Breach date: 16 July 2023
Date added to HIBP: 15 August 2023
Compromised accounts: 39,901,389
Compromised data: Email addresses

In June 2023, data belonging to the "UK's No.1 Business Marketplace" Rightbiz appeared on a popular hacking forum. Comprising of more than 18M rows of data, the breach included 65k unique email addresses along with names, phone numbers and physical address. Rightbiz didn't respond to mulitple attempts to disclose the incident. The data was provided to HIBP by a source who requested it be attributed to "https://discord.gg/gN9C9em".

Breach date: 9 July 2023
Date added to HIBP: 11 August 2023
Compromised accounts: 65,376
Compromised data: Email addresses, Names, Phone numbers, Physical addresses

In September 2023, the Australian book retailer Dymocks announced a data breach. The data dated back to June 2023 and contained 1.2M records with 836k unique email addresses. The breach also exposed names, dates of birth, genders, phone numbers and physical addresses.

Breach date: 20 June 2023
Date added to HIBP: 8 September 2023
Compromised accounts: 836,120
Compromised data: Dates of birth, Email addresses, Genders, Names, Phone numbers, Physical addresses

In June 2023, a clone of the previously shuttered popular hacking forum "BreachForums" suffered a data breach that exposed over 4k records. The breach was due to an exposed backup of the MyBB database which included email and IP addresses, usernames and Argon2 password hashes.

Breach date: 17 June 2023
Date added to HIBP: 25 June 2023
Compromised accounts: 4,204
Compromised data: Email addresses, IP addresses, Passwords, Usernames

In May 2023, the South African retailer JD Group announced a data breach affecting a number of their online assets including Bradlows, Everyshop, HiFi Corp, Incredible (Connection), Rochester, Russells, and Sleepmasters. The breach exposed over 520k unique customer records including names, email and physical addresses, phone numbers and South African ID numbers.

Breach date: 31 May 2023
Date added to HIBP: 5 June 2023
Compromised accounts: 521,878
Compromised data: Email addresses, Government issued IDs, Names, Phone numbers, Physical addresses

In May 2023, a credential stuffing list of 6.3M Polish email address and password pairs appeared on a local forum. Likely obtained by malware running on victims' machines, each record included an email address and plain text password alongside the website the credentials were used on. The data included 1.2M unique email addresses.

Breach date: 29 May 2023
Date added to HIBP: 31 May 2023
Compromised accounts: 1,204,870
Compromised data: Email addresses, Passwords

In April 2023, data from the Israeli jobs website Jobzone was posted online. The data included 30k records of email addresses, names, social security numbers, genders, dates of birth, fathers' names and physical addresses.

Breach date: 15 April 2023
Date added to HIBP: 15 August 2023
Compromised accounts: 29,708
Compromised data: Dates of birth, Email addresses, Family members' names, Genders, Government issued IDs, Names, Phone numbers, Physical addresses

In April 2023, the Indian rental service RentoMojo suffered a data breach. The breach exposed over 2M unique email addresses along with names, phone, passport and Aadhaar numbers, genders, dates of birth, purchases and bcrypt password hashes.

Breach date: 15 April 2023
Date added to HIBP: 11 May 2023
Compromised accounts: 2,185,697
Compromised data: Dates of birth, Email addresses, Genders, Government issued IDs, Names, Passport numbers, Passwords, Phone numbers, Purchases, Social media profiles

In April 2023, the stolen identity marketplace Genesis Market was shut down by the FBI and a coalition of law enforcement agencies across the globe in "Operation Cookie Monster". The service traded in "browser fingerprints" which enabled criminals to impersonate victims and access their online services. As many of the impacted accounts did not include email addresses, "8M" is merely an approximation intended to indicate scale. Other personal data compromised by the service included names, addresses and credit card information, although not all individuals had each of these fields exposed.

Sensitive breach, not publicly searchable.

Breach date: 5 April 2023
Date added to HIBP: 5 April 2023
Compromised accounts: 8,000,000
Compromised data: Browser user agent details, Credit card CVV, Credit cards, Dates of birth, Email addresses, Names, Passwords, Phone numbers, Physical addresses, Usernames

In Mid-2023, 300GB of data containing over 100M records from the Chinese video chat platform "Tigo" dating back to March that year was discovered. The data contained over 700k unique names, usernames, email and IP addresses, genders, profile photos and private messages. Tigo did not respond to multiple attempts to disclose the incident.

Breach date: 31 March 2023
Date added to HIBP: 25 July 2023
Compromised accounts: 700,394
Compromised data: Device information, Email addresses, Genders, Geographic locations, IP addresses, Names, Private messages, Profile photos, Usernames

In early 2023, the "mutual masturbation" website CityJerks suffered a data breach that exposed 177k unique email addresses. The breach also included data from the TruckerSucker "dating app for REAL TRUCKERS and REAL MEN" with the combined corpus of data also exposing usernames, IP addresses, dates of birth, sexual orientations, geo locations, private messages between members and passwords stored as salted MD5 hashes. The data was listed on a public hacking site and provided to HIBP by a source who requested it be attributed to "discord.gg/gN9C9em".

Sensitive breach, not publicly searchable.

Breach date: 27 February 2023
Date added to HIBP: 27 April 2023
Compromised accounts: 177,554
Compromised data: Bios, Dates of birth, Email addresses, Geographic locations, IP addresses, Passwords, Private messages, Profile photos, Sexual orientations, Usernames

In February 2023, the grad school admissions search website TheGradCafe suffered a data breach that disclosed the personal records of 310k users. The data included email addresses, names and usernames, genders, geographic locations and passwords stored as bcrypt hashes. Some records also included physical address, phone number and date of birth. TheGradCafe did not respond to multiple attempts to disclose the breach.

Breach date: 26 February 2023
Date added to HIBP: 24 March 2023
Compromised accounts: 310,975
Compromised data: Email addresses, Genders, Geographic locations, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Usernames

In August 2023, CERT Poland observed a phishing campaign that collected credentials from 68k victims. The campaign collected email addresses and passwords via a phishing email masquerading as a purchase order confirmation. CERT Poland identified a further 202 other phishing campaigns operating on the same C2 server, which has now been dismantled.

Breach date: 25 February 2023
Date added to HIBP: 31 August 2023
Compromised accounts: 67,943
Compromised data: Email addresses, Passwords

In March 2023, the Indian non-bank lending unit HDB Financial Services suffered a data breach that disclosed over 70M customer records. Containing 1.6M unique email addresses, the breach also disclosed names, dates of birth, phone numbers, genders, post codes and loan information belonging to the customers.

Breach date: 22 February 2023
Date added to HIBP: 11 March 2023
Compromised accounts: 1,658,750
Compromised data: Dates of birth, Email addresses, Genders, Geographic locations, Loan information, Names, Phone numbers

In February 2023, The Kodi Foundation suffered a data breach that exposed more than 400k user records. Attributed to an account belonging to "a trusted but currently inactive member of the forum admin team", the breach involved the administrator account creating a database backup that was subsequently downloaded before being sold on a hacking forum. The breach exposed email and IP addresses, usernames, genders and passwords stored as MyBB salted hashes. The Kodi Foundation elected to self-submit impacted email addresses to HIBP.

Breach date: 16 February 2023
Date added to HIBP: 13 April 2023
Compromised accounts: 400,635
Compromised data: Browser user agent details, Dates of birth, Email addresses, IP addresses, Passwords, Private messages, Usernames

In February 2023, the Russian telecommunications provider Convex was hacked by "Anonymous" who subsequently released 128GB of data publicly, alleging it revealed illegal government surveillance. The leaked data contained 150k unique email, IP and physical addresses, names and phone numbers.

Breach date: 1 February 2023
Date added to HIBP: 26 February 2023
Compromised accounts: 150,129
Compromised data: Email addresses, IP addresses, Names, Phone numbers

In February 2023, the European airport transfers service Terravision suffered a data breach. The breach exposed over 2M records of customer data including names, phone numbers, email addresses, salted password hashes and in some cases, date of birth and country of origin. Terravision did not respond to multiple attempts by individuals period over a period of months to report the incident.

Breach date: 1 February 2023
Date added to HIBP: 23 April 2023
Compromised accounts: 2,075,625
Compromised data: Dates of birth, Email addresses, Geographic locations, Names, Passwords, Phone numbers

In February 2023, data alleged to have been taken from the fraud protection service Eye4Fraud was listed for sale on a popular hacking forum. Spanning tens of millions of rows with 16M unique email addresses, the data was spread across 147 tables totalling 65GB and included both direct users of the service and what appears to be individuals who'd placed orders on other services that implemented Eye4Fraud to protect their sales. The data included names and bcrypt password hashes for users, and names, phone numbers, physical addresses and partial credit card data (card type and last 4 digits) for orders placed using the service. Eye4Fraud did not respond to multiple attempts to report the incident.

Breach date: 25 January 2023
Date added to HIBP: 6 March 2023
Compromised accounts: 16,000,591
Compromised data: Email addresses, IP addresses, Names, Partial credit card data, Passwords, Phone numbers, Physical addresses

In August 2023, 2.6M records of data scraped from Duolingo were broadly distributed on a popular hacking forum. Obtained by enumerating a vulnerable API, the data had earlier appeared for sale in January 2023 and contained email addresses, names, the languages being learned, XP (experience points), and other data related to learning progress on Duolingo. Whilst some of the data attributes are intentionally public, the ability to map private email addresses to them presents an ongoing risk to user privacy.

Breach date: 24 January 2023
Date added to HIBP: 23 August 2023
Compromised accounts: 2,676,696
Compromised data: Email addresses, Names, Spoken languages, Usernames

In January 2023, Pitt Meadows School District 42 in British Columbia suffered a data breach. The incident exposed the names and email addresses of approximately 19k students and staff which were consequently redistributed on a popular hacking forum.

Breach date: 15 January 2023
Date added to HIBP: 2 February 2023
Compromised accounts: 18,850
Compromised data: Email addresses, Names

In January 2023, the UK-based ice skating rink booking service Planet Ice suffered a data breach. The incident exposed the personal data of 240k people including email and physical addresses, phone numbers, genders, dates of birth and passwords stored as MD5 hashes. The data also included the names, genders and dates of birth of children having parties.

Breach date: 14 January 2023
Date added to HIBP: 31 January 2023
Compromised accounts: 240,488
Compromised data: Dates of birth, Email addresses, Genders, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Purchases

In January 2023, the Japanese arm of Zurich insurance suffered a data breach that exposed 2.6M customer records with over 756k unique email addresses. The data was subsequently posted to a popular hacking forum and also included names, genders, dates of birth and details of insured vehicles. The data was provided to HIBP by a source who requested it be attributed to "IntelBroker".

Breach date: 8 January 2023
Date added to HIBP: 22 January 2023
Compromised accounts: 756,737
Compromised data: Dates of birth, Email addresses, Genders, Names, Vehicle details

In January 2023, 1.4M records from the Autotrader online vehicle marketplace appeared on a popular hacking forum. Autotrader stated that the "data in question relates to aged listing data that was generally publicly available on our site at the time and open to automated collection methods". The data contained 20k unique email addresses alongside physical addresses and phone numbers of dealers and vehicle details including VIN numbers. The data was provided to HIBP by a source who requested it be attributed to "IntelBroker".

Breach date: 6 January 2023
Date added to HIBP: 23 January 2023
Compromised accounts: 20,032
Compromised data: Email addresses, Phone numbers, Physical addresses, Vehicle details, Vehicle identification numbers (VINs)

In February 2023, the tech camps for kids service iD Tech had almost 1M records posted to a popular hacking forum. The data included 415k unique email addresses, names, dates of birth and plain text passwords which appear to have been breached in the previous month. iD Tech did not respond to multiple attempts to report the incident.

Breach date: 3 January 2023
Date added to HIBP: 6 March 2023
Compromised accounts: 415,121
Compromised data: Dates of birth, Email addresses, Names, Passwords

In December 2022, India’s government-approved online travel agency RailYatri suffered a data breach. The incident impacted over 31M customers and exposed 23M unique email addresses. Also impacted were names, genders, phone numbers and tickets purchased, including travel information and fares.

Breach date: 26 December 2022
Date added to HIBP: 5 December 2023
Compromised accounts: 23,209,732
Compromised data: Email addresses, Genders, Names, Phone numbers, Purchases

In late 2022, data allegedly taken from the Gemini crypto exchange was posted to a public hacking forum. The data consisted of email addresses and partial phone numbers, which Gemini later attributed to an incident at a third-party vendor (the vendor was not named). The data was provided to HIBP by a source who requested it be attributed to "ZAN @ BF".

Breach date: 13 December 2022
Date added to HIBP: 16 December 2022
Compromised accounts: 5,274,214
Compromised data: Email addresses, Partial phone numbers

In December 2022, over 400GB of data belonging to restaurant customer management platform SevenRooms was posted for sale to a popular hacking forum. The data included 1.2M unique email addresses alongside names and purchases. SevenRooms advised that the breach was due to unauthorised access of "a file transfer interface of a third-party vendor".

Breach date: 11 December 2022
Date added to HIBP: 24 August 2023
Compromised accounts: 1,205,385
Compromised data: Email addresses, Names, Purchases

In December 2022, attackers socially engineered an Activision HR employee into disclosing information which led to the breach of almost 20k employee records. The data contained 16k unique email addresses along with names, phone numbers, job titles and the office location of the employee. Activision advised that no sensitive employee information was included in the breach.

Breach date: 4 December 2022
Date added to HIBP: 3 October 2023
Compromised accounts: 16,006
Compromised data: Email addresses, Geographic locations, Job titles, Names, Phone numbers

In December 2022, the online firearms auction website GunAuction.com suffered a data breach which was later discovered left unprotected on the hacker's server. The data included over 565k user records with extensive personal data including email, IP and physical addresses, names, phone numbers, genders, years of birth, credit card type and passwords stored in plain text. The leaked identities could subsequently be matched to firearms listed for sale on the website.

Breach date: 3 December 2022
Date added to HIBP: 2 March 2023
Compromised accounts: 565,470
Compromised data: Browser user agent details, Email addresses, Genders, IP addresses, Partial credit card data, Partial dates of birth, Passwords, Phone numbers, Physical addresses, Usernames

In December 2022, the Crypto & NFT taxes service CoinTracker reported a data breach that impacted over 1.5M of their customers. The company later attributed the breach to a compromise SendGrid in an attack that targeted multiple customers of the email provider. The breach exposed email addresses and partially redacted phone numbers, with CoinTracker advising that the later did not originate from their service.

Breach date: 1 December 2022
Date added to HIBP: 12 December 2022
Compromised accounts: 1,557,153
Compromised data: Email addresses, Partial phone numbers

In November 2022, the well-known hacking forum "BreachForums" was itself, breached. Later the following year, the operator of the website was arrested and the site seized by law enforcement agencies. The breach exposed 212k records including usernames, IP and email addresses, private messages between site members and passwords stored as argon2 hashes. The data was provided to HIBP by a source who requested it be attributed to "breached_db_person".

Breach date: 29 November 2022
Date added to HIBP: 26 July 2023
Compromised accounts: 212,156
Compromised data: Email addresses, IP addresses, Passwords, Private messages, Usernames

In November 2022, the Moroccan e-commerce service Avito suffered a data breach that exposed the personal information of 2.7M customers. The data included name, email, phone, IP address and geographic location.

Breach date: 18 November 2022
Date added to HIBP: 14 November 2023
Compromised accounts: 2,721,835
Compromised data: Email addresses, Geographic locations, IP addresses, Names, Phone numbers

In November 2022, the gaming website dedicated to classic DOS games Abandonia suffered a data breach resulting in the exposure of 920k unique user records. This breach was in addition to another one 7 years earlier in 2015. The data contained email and IP addresses, usernames and salted MD5 hashes of passwords.

Breach date: 15 November 2022
Date added to HIBP: 7 December 2022
Compromised accounts: 919,790
Compromised data: Email addresses, IP addresses, Passwords, Usernames

In October 2022, the GTA mod menu provider RealDudesInc suffered a data breach that exposed over 100k email addresses (many of which are temporary guest account addresses). The breach also included usernames and bcrypt password hashes.

Breach date: 22 October 2022
Date added to HIBP: 19 February 2023
Compromised accounts: 101,543
Compromised data: Email addresses, Passwords, Usernames

In October 2022, the Doomworld fourm suffered a data breach that exposed 34k member records. The data included email and IP addresses, usernames and bcrypt password hashes.

Breach date: 12 October 2022
Date added to HIBP: 24 October 2022
Compromised accounts: 34,478
Compromised data: Email addresses, IP addresses, Passwords, Usernames

In October 2022, "The Industry's Leading Online-to-Offline Shopping Solution" Locally suffered a data breach. Whilst Locally acknowledged the breach privately, it's unknown whether impacted customers were subsequently notified of the incident which exposed over 362k names, phone numbers, email and physical addresses, purchases, credit card type and last four digits and bcrypt password hashes.

Breach date: 1 October 2022
Date added to HIBP: 10 July 2023
Compromised accounts: 362,619
Compromised data: Email addresses, Partial credit card data, Passwords, Phone numbers, Physical addresses, Purchases

In September 2022, the revenge website Get Revenge On Your Ex suffered a data breach that exposed almost 80k unique email addresses. The data spanned both customers and victims including names, IP and physical addresses, phone numbers, purchase histories and plain text passwords. The data was subsequently shared on a public hacking forum, Get Revenge On Your Ex did not reply when contacted.

Sensitive breach, not publicly searchable.

Breach date: 9 September 2022
Date added to HIBP: 15 November 2022
Compromised accounts: 79,195
Compromised data: Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Purchases

In August 2022, the European streaming service Wakanim suffered a data breach which was subsequently advertised and sold on a popular hacking forum. The breach exposed 6.7M customer records including email, IP and physical addresses, names and usernames.

Breach date: 28 August 2022
Date added to HIBP: 7 October 2022
Compromised accounts: 6,706,951
Compromised data: Browser user agent details, Email addresses, IP addresses, Names, Physical addresses, Usernames

In August 2022, the Portuguese airline TAP Air Portugal was the target of a ransomware attack perpetrated by the Ragnar Locker gang who later leaked the compromised data via a public dark web site. Over 5M unique email addresses were exposed alongside other personal data including names, genders, DoBs, phone numbers and physical addresses.

Breach date: 25 August 2022
Date added to HIBP: 23 September 2022
Compromised accounts: 6,083,479
Compromised data: Dates of birth, Email addresses, Genders, Names, Nationalities, Phone numbers, Physical addresses, Salutations, Spoken languages

In August 2022, the streaming website Brand New Tube suffered a data breach that exposed the personal information of almost 350k subscribers. The impacted data included email and IP addresses, usernames, genders, passwords stored as unsalted SHA-1 hashes and private messages.

Breach date: 14 August 2022
Date added to HIBP: 8 September 2022
Compromised accounts: 349,627
Compromised data: Email addresses, Genders, IP addresses, Passwords, Private messages, Usernames

In August 2022, the MMORPG website GGCorp suffered a data breach that exposed almost 2.4M unique email addresses. The data also included IP addresses, usernames and MD5 password hashes.

Breach date: 11 August 2022
Date added to HIBP: 8 November 2022
Compromised accounts: 2,376,330
Compromised data: Email addresses, IP addresses, Passwords, Usernames

In approximately late 2022, 3.4M customer records from iMenu360 ("The world's #1 most trusted online ordering platform") were exposed. The data appeared to be from ordering systems using the platform and contained email and physical addresses, latitudes and longitudes, names and phone numbers. Numerous attempts were made to contact iMenu360 about the incident between April and August 2023, but no response was received.

Breach date: 11 August 2022
Date added to HIBP: 17 August 2023
Compromised accounts: 3,425,860
Compromised data: Email addresses, Names, Phone numbers, Physical addresses

In August 2022, the online faeces delivery service Shitexpress suffered a data breach that exposed 24k unique email addresses. The addresses spanned invoices, gift cards, promotions and PayPal records. The breach also exposed the IP and email addresses of senders, physical addresses of recipients and messages accompanying the shit delivery.

Sensitive breach, not publicly searchable.

Breach date: 8 August 2022
Date added to HIBP: 17 August 2022
Compromised accounts: 23,817
Compromised data: Email addresses, IP addresses, Names, Physical addresses, Private messages, Purchases

In August 2022, the food ordering and delivery service DoorDash disclosed a data breach that impacted a portion of their customers. DoorDash attributed the breach to an unnamed "third-party vendor" they stated was the victim of a phishing campaign. The incident exposed 367k unique personal email addresses alongside names, post codes and partial card data, namely the brand, expiry data and last four digits of the card.

Breach date: 2 August 2022
Date added to HIBP: 7 January 2023
Compromised accounts: 367,476
Compromised data: Email addresses, Geographic locations, Names, Partial credit card data

In July 2022, the Chinese adult website Hjedd was found to be leaking more than 13M customer records which subsequently appeared on a popular hacking forum. The exposed data included email and IP addresses, usernames and passwords stored as bcrypt hashes.

Sensitive breach, not publicly searchable.

Breach date: 18 July 2022
Date added to HIBP: 5 October 2023
Compromised accounts: 13,204,029
Compromised data: Email addresses, IP addresses, Passwords, Usernames

In July 2022, the account hijacking and SIM swapping forum OGusers suffered a data breach, the fifth since December 2018. The breach contained usernames, email and IP addresses and passwords stored as argon2 hashes. A total of 529k unique email addresses appeared in the breach.

Breach date: 13 July 2022
Date added to HIBP: 14 April 2023
Compromised accounts: 529,020
Compromised data: Email addresses, IP addresses, Passwords, Usernames

In February 2023, data belonging to the Asian and Hispanic food delivery service Weee appeared on a popular hacking forum. Dating back to mid-2022, the data included 1.1M unique email addresses from 11M rows of orders containing names, phone numbers and delivery instructions.

Breach date: 11 July 2022
Date added to HIBP: 9 February 2023
Compromised accounts: 1,117,405
Compromised data: Delivery instructions, Email addresses, Names, Phone numbers, Purchases

In July 2022, the French telecommunications company La Poste Mobile was the target of an attack by the LockBit ransomware which resulted in company data being published publicly. The impacted data included 533k unique email addresses along with names, physical addresses, phone numbers, dates of births, genders and banking information. 10 days after the attack, the La Poste Mobile website remained offline.

Breach date: 4 July 2022
Date added to HIBP: 14 July 2022
Compromised accounts: 533,886
Compromised data: Bank account numbers, Dates of birth, Email addresses, Genders, Names, Phone numbers, Physical addresses

In mid-2022, "the ultimate hub of memes" MemeChat suffered a data breach that exposed 7.4M records. Alleged to be due to a misconfigured Elasticsearch instance, the data contained 4.3M unique email addresses alongside usernames.

Breach date: 1 June 2022
Date added to HIBP: 29 October 2023
Compromised accounts: 4,348,570
Compromised data: Email addresses, Usernames

In May 2022, the survey website QuestionPro was the target of an extortion attempt relating to an alleged data breach. Over 100GB of data containing 22M unique email addresses (some of which appear to be generated by the platform), are alleged to have been extracted from the service along with IP addresses, browser user agents and results relating to surveys. QuestionPro would not confirm whether a breach had occurred (although they did confirm they were the target of an extortion attempt), so the data was initially flagged as "unverified". Subsequent verification by impacted HIBP subscribers later led to the removal of the unverified flag.

Breach date: 21 May 2022
Date added to HIBP: 5 August 2022
Compromised accounts: 22,229,637
Compromised data: Browser user agent details, Email addresses, IP addresses, Survey results

In May 2022, the Australian retailer Amart Furniture advised that their warranty claims database hosted on Amazon Web Services had been the target of a cyber attack. Over 100k records containing email and physical address, names, phone numbers and passwords stored as bcrypt hashes were exposed and shared online by the attacker.

Breach date: 16 May 2022
Date added to HIBP: 26 May 2022
Compromised accounts: 108,940
Compromised data: Email addresses, Names, Passwords, Phone numbers, Physical addresses

In May 2022, the Hong Kong based Manga service Mangatoon suffered a data breach that exposed 23M subscriber records. The breach exposed names, email addresses, genders, social media account identities, auth tokens from social logins and passwords stored as salted MD5 hashes. Mangatoon did not respond to multiple attempts to make contact regarding the breach.

Breach date: 13 May 2022
Date added to HIBP: 6 July 2022
Compromised accounts: 23,040,238
Compromised data: Auth tokens, Avatars, Email addresses, Genders, Names, Passwords, Social media profiles, Usernames

In May 2022, the Chinese BlackBerry enthusiasts website BlackBerry Fans suffered a data breach that exposed 174k member records. The impacted data included usernames, email and IP addresses and passwords stored as salted MD5 hashes.

Breach date: 6 May 2022
Date added to HIBP: 16 May 2022
Compromised accounts: 174,168
Compromised data: Email addresses, IP addresses, Passwords, Usernames

In April 2022, the UK based website for buying and selling soccer tickets Fanpass suffered a data breach which exposed 112k customer records. Impacted data includes names, phone numbers, physical addresses, purchase histories and salted password hashes. The data was provided to HIBP by a source who requested it be attributed to "breaches.net".

Breach date: 30 April 2022
Date added to HIBP: 24 May 2022
Compromised accounts: 112,251
Compromised data: Email addresses, Genders, Names, Partial dates of birth, Passwords, Phone numbers, Physical addresses, Purchases, Social media profiles

In mid-2022, data alleged to have been sourced from the Russian payment provider PaySystem.tech appeared in hacking circles where it was made publicly available for download. Consisting of 16M rows with 1.4M unique email addresses, the data also included purchases and full credit card numbers and expiry dates. The data could not be independently attributed back to PaySystem.tech and the breach has been flagged as "unverified".

Unverified breach, may be sourced from elsewhere.

Breach date: 29 April 2022
Date added to HIBP: 9 October 2023
Compromised accounts: 1,410,764
Compromised data: Credit cards, Email addresses, Purchases

In October 2022, the service dedicated to finding friends on Discord known as E-Pal disclosed a data breach. The compromised data included over 100k unique email addresses and usernames spanning approximately 1M orders. The data was subsequently distributed via a popular hacking forum.

Breach date: 15 April 2022
Date added to HIBP: 24 October 2022
Compromised accounts: 108,887
Compromised data: Email addresses, Purchases, Usernames

In late March 2022, the Sri Lankan payment gateway PayHere suffered a data breach that exposed more than 65GB of payment records including over 1.5M unique email addresses. The data also included IP and physical addresses, names, phone numbers, purchase histories and partially obfuscated credit card data (card type, first 6 and last 4 digits plus expiry date). A month later, PayHere published a blog on the incident titled Ensuring Integrity on PayHere Cybersecurity Incident.

Breach date: 27 March 2022
Date added to HIBP: 2 May 2022
Compromised accounts: 1,580,249
Compromised data: Email addresses, IP addresses, Names, Partial credit card data, Phone numbers, Physical addresses, Purchases

In March 2022, the now defunct Columbian airline Viva Air suffered a data breach and subsequent ransomware attack. Among a trove of other ransomed data, the incident exposed a log of 2.6M transactions with 932k unique email addresses, physical and IP addresses, names, phone numbers and partial credit card data (last 4 digits).

Breach date: 14 March 2022
Date added to HIBP: 11 September 2023
Compromised accounts: 932,232
Compromised data: Email addresses, IP addresses, Names, Partial credit card data, Phone numbers, Physical addresses, Purchases

In early 2022, a collective known as IT Army whose stated goal is to "completely de-anonymise most Russian users by leaking hundreds of gigabytes of databases" published over 30GB of data allegedly sourced from Russian courier service CDEK. The data contained over 19M unique email addresses along with names and phone numbers. The authenticity of the breach could not be independently established and has been flagged as "unverfieid".

Unverified breach, may be sourced from elsewhere.

Breach date: 9 March 2022
Date added to HIBP: 17 March 2022
Compromised accounts: 19,218,203
Compromised data: Email addresses, Names, Phone numbers

In May 2023, news broke of a data breach of the Turkish Minecraft server known as CraftRise. The data of over 2.5M users was subsequently shared on a popular hacking forum and included email addresses, usernames, geographic locations and plain text passwords. The newest records indicate the data was obtained in March 2022.

Breach date: 5 March 2022
Date added to HIBP: 8 August 2023
Compromised accounts: 2,532,527
Compromised data: Email addresses, Geographic locations, Passwords, Usernames

In February 2022, microchip company NVIDIA suffered a data breach that exposed employee credentials and proprietary code. Impacted data included over 70k employee email addresses and NTLM password hashes, many of which were subsequently cracked and circulated within the hacking community.

Breach date: 23 February 2022
Date added to HIBP: 3 March 2022
Compromised accounts: 71,335
Compromised data: Email addresses, Passwords

In February 2022, the Christian fundraising service GiveSendGo suffered a data breach which exposed the personal data of 90k donors to the Canadian "Freedom Convoy" protest against vaccine mandates. The breach exposed names, email addresses, post codes, donation amount and comments left at the time of donation.

Breach date: 7 February 2022
Date added to HIBP: 15 February 2022
Compromised accounts: 89,966
Compromised data: Email addresses, Geographic locations, Names, Purchases

In January 2022, the now defunct uncensored video website Leaked Reality suffered a data breach that exposed 115k unique email addresses. The data also included usernames, IP addresses and passwords stored as either MD5 or phpass hashes.

Breach date: 31 January 2022
Date added to HIBP: 31 March 2023
Compromised accounts: 114,907
Compromised data: Email addresses, IP addresses, Passwords, Usernames

In January 2022, the French Apple news website MacGeneration suffered a data breach. The incident exposed over 100k usernames, email addresses and passwords stored as salted SHA-512 hashes. After discovering the incident, MacGeneration self-submitted data to HIBP.

Breach date: 29 January 2022
Date added to HIBP: 3 March 2022
Compromised accounts: 101,004
Compromised data: Email addresses, Passwords, Usernames

In January 2022, the now defunct file upload service Sundry Files suffered a data breach that exposed 274k unique email addresses. The data also included usernames, IP addresses and passwords stored as salted SHA-256 hashes.

Breach date: 21 January 2022
Date added to HIBP: 31 March 2023
Compromised accounts: 274,461
Compromised data: Email addresses, IP addresses, Passwords, Usernames

In January 2022, the "doxing" website designed to disclose the personal information of targeted individuals ("doxes") Doxbin suffered a data breach. The breach was subsequently leaked online and included over 370k unique email addresses across user accounts and doxes. User accounts also included usernames, password hashes and browser user agents. The personal information disclosed in the doxes was often extensive including names, physical addresses, phone numbers and more.

Sensitive breach, not publicly searchable.

Breach date: 5 January 2022
Date added to HIBP: 8 January 2022
Compromised accounts: 370,794
Compromised data: Browser user agent details, Email addresses, Passwords, Usernames

In January 2022, a vulnerability in Twitter's platform allowed an attacker to build a database of the email addresses and phone numbers of millions of users of the social platform. In a disclosure notice later shared in August 2022, Twitter advised that the vulnerability was related to a bug introduced in June 2021 and that they are directly notifying impacted customers. The impacted data included either email address or phone number alongside other public information including the username, display name, bio, location and profile photo. The data included 6.7M unique email addresses across both active and suspended accounts, the latter appearing in a separate list of 1.4M addresses.

Breach date: 1 January 2022
Date added to HIBP: 13 August 2022
Compromised accounts: 6,682,453
Compromised data: Bios, Email addresses, Geographic locations, Names, Phone numbers, Profile photos, Usernames

In December 2021, the Carding Mafia forum suffered a data breach that exposed over 300k members' email addresses. Dedicated to the theft and trading of stolen credit cards, the forum breach also exposed usernames, IP addresses and passwords stored as salted MD5 hashes. This breach came only 9 months after another breach of the forum in March 2021.

Sensitive breach, not publicly searchable.

Breach date: 28 December 2021
Date added to HIBP: 16 January 2022
Compromised accounts: 303,877
Compromised data: Email addresses, IP addresses, Passwords, Usernames

In December 2021, the online booking service FlexBooker suffered a data breach that exposed 3.7 million accounts. The data included email addresses, names, phone numbers and for a small number of accounts, password hashes and partial credit card data. FlexBooker has identified the breach as originating from a compromised account within their AWS infrastructure. The data was found being actively traded on a popular hacking forum and was provided to HIBP by a source who requested it be attributed to "white_peacock@riseup.net".

Breach date: 23 December 2021
Date added to HIBP: 6 January 2022
Compromised accounts: 3,756,794
Compromised data: Email addresses, Names, Partial credit card data, Passwords, Phone numbers

In December 2021, logs from the RedLine Stealer malware were left publicly exposed and were then obtained by security researcher Bob Diachenko. The data included 441 thousand unique email addresses, usernames and plain text passwords.

Malware breach.

Breach date: 5 December 2021
Date added to HIBP: 30 December 2021
Compromised accounts: 441,657
Compromised data: Email addresses, Passwords, Usernames

In December 2021, Indian retailer Aditya Birla Fashion and Retail Ltd was breached and ransomed. The ransom demand was allegedly rejected and data containing 5.4M unique email addresses was subsequently dumped publicly on a popular hacking forum the next month. The data contained extensive personal customer information including names, phone numbers, physical addresses, DoBs, order histories and passwords stored as MD5 hashes. Employee data was also dumped publicly and included salary grades, marital statuses and religions. The data was provided to HIBP by a source who requested it be attributed to "white_peacock@riseup.net".

Breach date: 1 December 2021
Date added to HIBP: 15 January 2022
Compromised accounts: 5,470,063
Compromised data: Email addresses, Genders, Income levels, Job titles, Marital statuses, Names, Passwords, Phone numbers, Physical addresses, Purchases, Religions, Salutations

In November 2021, the Indonesian real estate website Travelio suffered a data breach that exposed over 470k customer accounts. The data included email addresses, names, password hashes, phone numbers and for some accounts, dates of birth, physical address and Facebook auth tokens. The data was provided to HIBP by a source who requested it be attributed to "white_peacock@riseup.net".

Breach date: 23 November 2021
Date added to HIBP: 8 April 2022
Compromised accounts: 471,376
Compromised data: Auth tokens, Dates of birth, Email addresses, Names, Passwords, Phone numbers, Physical addresses

In November 2021, web host ZAP-Hosting suffered a data breach that exposed over 60GB of data containing 746k unique email addresses. The breach also contained support chat logs, IP addresses, names, purchases, physical addresses and phone numbers.

Breach date: 22 November 2021
Date added to HIBP: 20 March 2022
Compromised accounts: 746,682
Compromised data: Browser user agent details, Chat logs, Email addresses, IP addresses, Names, Phone numbers, Physical addresses, Purchases

In November 2021, the live sex cams and adult chat website Stripchat left several databases exposed and unsecured. In June the following year, over 10M Stripchat records appeared on a popular hacking forum. The exposed data included usernames, email addresses and IP addresses.

Sensitive breach, not publicly searchable.

Breach date: 5 November 2021
Date added to HIBP: 31 August 2022
Compromised accounts: 10,001,355
Compromised data: Email addresses, IP addresses, Usernames

In November 2021, the online trading platform Robinhood suffered a data breach after a customer service representative was socially engineered. The incident exposed over 5M customer email addresses and 2M customer names. The data was provided to HIBP by a source who requested it be attributed to "Jarand Moen Romtviet".

Breach date: 3 November 2021
Date added to HIBP: 3 March 2022
Compromised accounts: 5,003,937
Compromised data: Email addresses

In November 2021, the crypto exchange platform BTC-Alpha suffered a ransomware attack data breach after which customer data was publicly dumped. The impacted data included 362k email and IP addresses, usernames and passwords stored as PBKDF2 hashes. The data was provided to HIBP by a source who requested it be attributed to "white_peacock@riseup.net".

Breach date: 2 November 2021
Date added to HIBP: 28 January 2022
Compromised accounts: 362,426
Compromised data: Email addresses, IP addresses, Passwords, Usernames

In October 2021, the Israeli hosting provider CyberServe was breached and ransomed before having a substantial amount of their customer data leaked publicly by a group known as "Black Shadow". Amongst the data was the LGBTQ dating site Atraf and the Machon Mor medical institute. Due to multiple different sites being compromised, the impacted data is broad and ranges from relationship information to medical data to email addresses and passwords stored in plain text. The data was made available to HIBP with support from May Brooks-Kempler, founder of the Think Safe Cyber community in Israel.

Sensitive breach, not publicly searchable.

Breach date: 29 October 2021
Date added to HIBP: 4 November 2021
Compromised accounts: 1,107,034
Compromised data: Dates of birth, Drinking habits, Email addresses, Family structure, Genders, Geographic locations, HIV statuses, IP addresses, Names, Passwords, Personal health data, Phone numbers, Physical attributes, Private messages, Profile photos, Religions, Sexual orientations, Smoking habits, Usernames

In October 2021, the "global leader in user-generated entertainment" Jukin Media suffered a data breach. The breach exposed 13GB of code, configuration and data consisting of 314k unique email addresses along with names, phone numbers, IP addresses and bcrypt password hashes.

Breach date: 28 October 2021
Date added to HIBP: 17 July 2022
Compromised accounts: 314,290
Compromised data: Email addresses, Employers, IP addresses, Names, Occupations, Passwords, Phone numbers

During October 2021, 3.1 million email addresses with accounts on the cryptocurrency market capitalisation website CoinMarketCap were discovered being traded on hacking forums. Whilst the email addresses were found to correlate with CoinMarketCap accounts, it's unclear precisely how they were obtained. CoinMarketCap has provided the following statement on the data: "CoinMarketCap has become aware that batches of data have shown up online purporting to be a list of user accounts. While the data lists we have seen are only email addresses (no passwords), we have found a correlation with our subscriber base. We have not found any evidence of a data leak from our own servers — we are actively investigating this issue and will update our subscribers as soon as we have any new information."

Breach date: 12 October 2021
Date added to HIBP: 22 October 2021
Compromised accounts: 3,117,548
Compromised data: Email addresses

In October 2021, security researcher Bob Diachenko discovered an exposed database he attributed to ActMobile, the operators of Dash VPN and FreeVPN. The exposed data included 1.6 million unique email addresses along with IP addresses and password hashes, all of which were subsequently leaked on a popular hacking forum. Although usage of the service was verified by HIBP subscribers, ActMobile denied the data was sourced from them and the breach has subsequently been flagged as "unverified".

Unverified breach, may be sourced from elsewhere.

Breach date: 8 October 2021
Date added to HIBP: 9 November 2021
Compromised accounts: 1,583,193
Compromised data: Email addresses, IP addresses

In October 2021, the Singaporean recruitment website Protemps suffered a data breach that exposed almost 50,000 unique email addresses. The impacted data includes names, email and physical addresses, phone numbers, passport numbers and passwords stored as unsalted MD5 hashes, among troves of other jobseeker data. The data was provided to HIBP by a source who requested it be attributed to "white_peacock@riseup.net".

Breach date: 4 October 2021
Date added to HIBP: 20 December 2021
Compromised accounts: 49,591
Compromised data: Email addresses, Genders, Job applications, Marital statuses, Names, Nationalities, Passport numbers, Passwords, Phone numbers, Physical addresses, Religions, Salutations

In October 2021, the fantasy premier league (soccer) website Fantasy Football Hub suffered a data breach that exposed 66 thousand unique email addresses. The data included names, usernames, IP addresses, transactions and passwords stored as WordPress MD5 hashes.

Breach date: 2 October 2021
Date added to HIBP: 7 October 2021
Compromised accounts: 66,479
Compromised data: Email addresses, IP addresses, Names, Passwords, Purchases, Usernames

In October 2021, data from the German fitness supplies store Fitmart was obtained and later redistributed online. The data included 214k unique email addresses accompanied by plain text passwords, allegedly "dehashed" from the original stored version.

Breach date: 1 October 2021
Date added to HIBP: 3 November 2023
Compromised accounts: 214,492
Compromised data: Email addresses, Passwords

In September 2021, the domain registrar and web host Epik suffered a significant data breach, allegedly in retaliation for hosting alt-right websites. The breach exposed a huge volume of data not just of Epik customers, but also scraped WHOIS records belonging to individuals and organisations who were not Epik customers. The data included over 15 million unique email addresses (including anonymised versions for domain privacy), names, phone numbers, physical addresses, purchases and passwords stored in various formats.

Breach date: 13 September 2021
Date added to HIBP: 19 September 2021
Compromised accounts: 15,003,961
Compromised data: Email addresses, Names, Phone numbers, Physical addresses, Purchases

In September 2021, the Republican Party of Texas was hacked by a group claiming to be "Anonymous" in retaliation for the state's controversial abortion ban. The September defacement was followed by a leak of data and documents which included material from the hosting provider Epik. Impacted data included over 72 thousand unique email addresses across various tables, some also including names, geographic location data, IP addresses and browser user agents.

Breach date: 11 September 2021
Date added to HIBP: 6 October 2021
Compromised accounts: 72,596
Compromised data: Browser user agent details, Email addresses, Geographic locations, IP addresses, Names

In late 2021, email address and plain text password pairs from the rap mixtape website DatPiff appeared for sale on a popular hacking forum. The data allegedly dated back to an earlier breach and in total, contained almost 7.5M email addresses and cracked password pairs. The original data source allegedly contained usernames, security questions and answers and passwords stored as MD5 hashes with a static salt.

Breach date: 25 August 2021
Date added to HIBP: 4 January 2022
Compromised accounts: 7,476,940
Compromised data: Email addresses, Passwords, Security questions and answers, Usernames

In August 2021, the website development company Imavex suffered a data breach that exposed 878 thousand unique email addresses. The data included user records containing names, usernames and password material with some records also containing genders and partial credit card data, including the last 4 digits of the card and expiry date. Hundreds of thousands of form submissions and orders via Imavex customers were also exposed and contained further personal information of submitters and the contents of the form.

Breach date: 20 August 2021
Date added to HIBP: 26 August 2021
Compromised accounts: 878,209
Compromised data: Email addresses, Genders, Names, Partial credit card data, Passwords, Phone numbers, Physical addresses, Purchases, Usernames

In approximately August 2021, hundreds of gigabytes of business data collated from public sources was obtained and later published to a popular hacking forum. Sourced from a customer of Bureau van Dijk's (BvD) "Orbis" product, the corpus of data released contained hundreds of millions of lines about corporations and individuals, including personal information such as names and dates of birth. The data also included 28M unique email addresses along with physical addresses (presumedly corporate locations), phone numbers and job titles. There was no unauthorised access to BvD's systems, nor did the incident expose any of their or parent company's Moody's clients.

Breach date: 19 August 2021
Date added to HIBP: 9 October 2023
Compromised accounts: 27,917,714
Compromised data: Dates of birth, Email addresses, Job titles, Names, Phone numbers, Physical addresses

In August 2021, the subtitling website Open Subtitles suffered a data breach and subsequent ransom demand. The breach exposed almost 7M subscribers' personal data including email and IP addresses, usernames, the country of the user and passwords stored as unsalted MD5 hashes.

Breach date: 1 August 2021
Date added to HIBP: 19 January 2022
Compromised accounts: 6,783,158
Compromised data: Email addresses, Geographic locations, IP addresses, Passwords, Usernames

In July 2021, the Android applications and games review site AndroidLista suffered a data breach. The incident exposed 6.6M user records containing email addresses, names, usernames and passwords stored as salted SHA-1 hashes, all of which were subsequently posted to a popular hacking forum. AndroidLista did not respond when contacted about the breach.

Breach date: 28 July 2021
Date added to HIBP: 17 October 2023
Compromised accounts: 6,640,643
Compromised data: Email addresses, Names, Passwords, Usernames

In July 2021, the United Kingdom based website Guntrader suffered a data breach that exposed 112k unique email addresses. Extensive personal information was also exposed including names, phone numbers, geolocation data, IP addresses and various physical address attributes (cities for all users, complete addresses for some). Passwords stored as bcrypt hashes were also exposed.

Breach date: 17 July 2021
Date added to HIBP: 21 July 2021
Compromised accounts: 112,031
Compromised data: Browser user agent details, Email addresses, Geographic locations, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Salutations

In July 2021, the online Indonesian watch store, Jam Tangan (AKA Machtwatch), suffered a data breach that exposed over 400k customer records which were subsequently posted to a popular hacking forum. The data included email and IP addresses, names, phone numbers, physical addresses and passwords stored as either unsalted MD5 or bcrypt hashes.

Breach date: 6 July 2021
Date added to HIBP: 27 November 2023
Compromised accounts: 434,784
Compromised data: Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses