sonostatohackerato.it

Oh no! Sei stato hackerato? Verifica se il tuo account o la tua password sono stati compromessi.

verified_user Diffidente da questo sito web? Scopri di più

turned_in Verifica il tuo account

Inserendo un tuo indirizzo email nel box sottostante e cliccando sul tasto "AVVIA VERIFICA" viene verificato se il tuo indirizzo email risulta fra quelli compromessi. Ricorda che noi non salviamo nessuna tua informazione nei nostri server.

turned_in Verifica la tua password

Inserendo la tua password nel box sottostante e cliccando sul tasto "AVVIA VERIFICA" viene verificato se la tua password risulta fra quelle compromesse. Ricorda che noi non salviamo nessuna tua informazione nei nostri server.

Attacchi hacker

Accounts compromessi

Archivi pubblici

Accounts pubblici


Attacchi verificati

Passwords compromesse

Accounts verificati

Passwords verificate

Siti web compromessi

Qui di seguito la lista dei siti web dove è stato intercettato il tuo account.

Archivi online pubblicati

Qui di seguito i link ai siti web dove sono stati pubblicati archivi di informazioni private rese pubblihe. Alcuni link potrebbero non funzionare, poichè sono stati eliminati dal sito come prevenzione.

Nome file Risorsa Data pubblicazione Emails

Siti web compromessi.

Qui di seguito la lista dei siti web che hanno subito un attacco hacker.

000webhost

In approximately March 2015, the free web hosting provider 000webhost suffered a major data breach that exposed almost 15 million customer records. The data was sold and traded before 000webhost was alerted in October. The breach included names, email addresses and plain text passwords.

Dati compromessi

Email addressesIP addressesNamesPasswords

Sito web 000webhost.com

Accounts 14.936.670

Stato Verificato

Attacco 01/03/2015

Inserimento 27/10/2015 - 00:35:45

Modifica 10/12/2017 - 22:44:27

126

In approximately 2012, it's alleged that the Chinese email service known as 126 suffered a data breach that impacted 6.4 million subscribers. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified". The data in the breach contains email addresses and plain text passwords. Read more about Chinese data breaches in Have I Been Pwned.

Dati compromessi

Email addressesPasswords

Sito web 126.com

Accounts 6.414.191

Stato Non verificato

Attacco 01/01/2012

Inserimento 08/10/2016 - 09:46:05

Modifica 08/10/2016 - 09:46:05

17Media

In April 2016, customer data obtained from the streaming app known as "17" appeared listed for sale on a Tor hidden service marketplace. The data contained over 4 million unique email addresses along with IP addresses, usernames and passwords stored as unsalted MD5 hashes.

Dati compromessi

Device informationEmail addressesIP addressesPasswordsUsernames

Sito web 17app.co

Accounts 4.009.640

Stato Verificato

Attacco 19/04/2016

Inserimento 08/07/2016 - 03:55:03

Modifica 08/07/2016 - 03:55:03

17173

In late 2011, a series of data breaches in China affected up to 100 million users, including 7.5 million from the gaming site known as 17173. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified". The data in the breach contains usernames, email addresses and salted MD5 password hashes and was provided with support from dehashed.com. Read more about Chinese data breaches in Have I Been Pwned.

Dati compromessi

Email addressesPasswordsUsernames

Sito web 17173.com

Accounts 7.485.802

Stato Non verificato

Attacco 28/12/2011

Inserimento 28/04/2018 - 06:53:15

Modifica 28/04/2018 - 06:53:15

2844Breaches

In February 2018, a massive collection of almost 3,000 alleged data breaches was found online. Whilst some of the data had previously been seen in Have I Been Pwned, 2,844 of the files consisting of more than 80 million unique email addresses had not previously been seen. Each file contained both an email address and plain text password and were consequently loaded as a single "unverified" data breach.

Dati compromessi

Email addressesPasswords

Sito web

Accounts 80.115.532

Stato Non verificato

Attacco 19/02/2018

Inserimento 26/02/2018 - 11:06:02

Modifica 26/02/2018 - 11:06:02

2fast4u

In December 2017, the Belgian motorcycle forum 2fast4u discovered a data breach of their system. The breach of the vBulletin message board impacted over 17k individual users and exposed email addresses, usersnames and salted MD5 passwords.

Dati compromessi

Email addressesPasswordsUsernames

Sito web 2fast4u.be

Accounts 17.706

Stato Verificato

Attacco 20/12/2017

Inserimento 07/01/2018 - 09:19:39

Modifica 07/01/2018 - 09:19:39

500px

In mid-2018, the online photography community 500px suffered a data breach. The incident exposed almost 15 million unique email addresses alongside names, usernames, genders, dates of birth and either an MD5 or bcrypt password hash. In 2019, the data appeared listed for sale on a dark web marketplace (along with several other large breaches) and subsequently began circulating more broadly. The data was provided to HIBP by a source who requested it to be attributed to "BenjaminBlue@exploit.im".

Dati compromessi

Dates of birthEmail addressesGendersGeographic locationsNamesPasswordsUsernames

Sito web 500px.com

Accounts 14.867.999

Stato Verificato

Attacco 05/07/2018

Inserimento 25/03/2019 - 09:01:09

Modifica 25/03/2019 - 09:01:09

7k7k

In approximately 2011, it's alleged that the Chinese gaming site known as 7k7k suffered a data breach that impacted 9.1 million subscribers. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified". The data in the breach contains usernames, email addresses and plain text passwords. Read more about Chinese data breaches in Have I Been Pwned.

Dati compromessi

Email addressesPasswordsUsernames

Sito web 7k7k.com

Accounts 9.121.434

Stato Non verificato

Attacco 01/01/2011

Inserimento 26/09/2017 - 23:54:01

Modifica 26/09/2017 - 23:54:01

8fit

In July 2018, the health and fitness service 8fit suffered a data breach. The data subsequently appeared for sale on a dark web marketplace in February 2019 and included over 15M unique email addresses alongside names, genders, IP addresses and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.

Dati compromessi

Email addressesGendersGeographic locationsIP addressesNamesPasswords

Sito web 8fit.com

Accounts 15.025.407

Stato Verificato

Attacco 01/07/2018

Inserimento 21/03/2019 - 19:50:00

Modifica 21/03/2019 - 19:50:00

8tracks

In June 2017, the online playlists service known as 8Tracks suffered a data breach which impacted 18 million accounts. In their disclosure, 8Tracks advised that "the vector for the attack was an employee’s GitHub account, which was not secured using two-factor authentication". Salted SHA-1 password hashes for users who didn't sign up with either Google or Facebook authentication were also included. The data was provided to HIBP by whitehat security researcher and data analyst Adam Davies and contained almost 8 million unique email addresses. The complete set of 18M records was later provided by JimScott.Sec@protonmail.com and updated in HIBP accordingly.

Dati compromessi

Email addressesPasswords

Sito web 8tracks.com

Accounts 17.979.961

Stato Verificato

Attacco 27/06/2017

Inserimento 16/02/2018 - 08:09:30

Modifica 25/08/2019 - 10:52:21

Abandonia

In November 2015, the gaming website dedicated to classic DOS games Abandonia suffered a data breach resulting in the exposure of 776k unique user records. The data contained email and IP addresses, usernames and salted MD5 hashes of passwords.

Dati compromessi

Email addressesIP addressesPasswordsUsernames

Sito web abandonia.com

Accounts 776.125

Stato Verificato

Attacco 01/11/2015

Inserimento 05/06/2017 - 07:56:47

Modifica 05/06/2017 - 07:56:47

AbuseWithUs

In 2016, the site dedicated to helping people hack email and online gaming accounts known as Abusewith.us suffered multiple data breaches. The site allegedly had an administrator in common with the nefarious LeakedSource site, both of which have since been shut down. The exposed data included more than 1.3 million unique email addresses, often accompanied by usernames, IP addresses and plain text or hashed passwords retrieved from various sources and intended to be used to compromise the victims' accounts.

Dati compromessi

Email addressesIP addressesPasswordsUsernames

Sito web abusewith.us

Accounts 1.372.550

Stato Verificato

Attacco 01/07/2016

Inserimento 09/10/2017 - 13:08:45

Modifica 09/10/2017 - 13:08:45

AcneOrg

In November 2014, the acne website acne.org suffered a data breach that exposed over 430k forum members' accounts. The data was being actively traded on underground forums and included email addresses, birth dates and passwords.

Dati compromessi

Dates of birthEmail addressesIP addressesPasswordsUsernames

Sito web acne.org

Accounts 432.943

Stato Verificato

Attacco 25/11/2014

Inserimento 06/03/2016 - 12:07:41

Modifica 06/03/2016 - 12:07:41

Adapt

In November 2018, security researcher Bob Diachenko identified an unprotected database hosted by data aggregator "Adapt". A provider of "Fresh Quality Contacts", the service exposed over 9.3M unique records of individuals and employer information including their names, employers, job titles, contact information and data relating to the employer including organisation description, size and revenue. No response was received from Adapt when contacted.

Dati compromessi

Email addressesEmployersJob titlesNamesPhone numbersPhysical addressesSocial media profiles

Sito web adapt.io

Accounts 9.363.740

Stato Verificato

Attacco 05/11/2018

Inserimento 22/11/2018 - 20:43:06

Modifica 22/11/2018 - 20:43:06

Adobe

In October 2013, 153 million Adobe accounts were breached with each containing an internal ID, username, email, encrypted password and a password hint in plain text. The password cryptography was poorly done and many were quickly resolved back to plain text. The unencrypted hints also disclosed much about the passwords adding further to the risk that hundreds of millions of Adobe customers already faced.

Dati compromessi

Email addressesPassword hintsPasswordsUsernames

Sito web adobe.com

Accounts 152.445.165

Stato Verificato

Attacco 04/10/2013

Inserimento 04/12/2013 - 01:00:00

Modifica 04/12/2013 - 01:00:00

AdultFriendFinder

In May 2015, the adult hookup site Adult Friend Finder was hacked and nearly 4 million records dumped publicly. The data dump included extremely sensitive personal information about individuals and their relationship statuses and sexual preferences combined with personally identifiable information.

Dati compromessi

Dates of birthEmail addressesGendersGeographic locationsIP addressesRacesRelationship statusesSexual orientationsSpoken languagesUsernames

Sito web adultfriendfinder.com

Accounts 3.867.997

Stato Verificato

Attacco 21/05/2015

Inserimento 22/05/2015 - 08:03:44

Modifica 22/05/2015 - 08:03:44

AdultFanFiction

In May 2018, the website for sharing adult-orientated works of fiction known as Adult-FanFiction.Org had 186k records exposed in a data breach. The data contained names, email addresses, dates of birth and passwords stored as both MD5 hashes and plain text. AFF did not respond when contacted about the breach and the site was previously reported as compromised on the Vigilante.pw breached database directory.

Dati compromessi

Dates of birthEmail addressesNamesPasswords

Sito web adult-fanfiction.org

Accounts 186.082

Stato Verificato

Attacco 30/05/2018

Inserimento 06/08/2018 - 10:56:03

Modifica 06/08/2018 - 10:56:03

AerServ

In April 2018, the ad management platform known as AerServ suffered a data breach. Acquired by InMobi earlier in the year, the AerServ breach impacted over 66k unique email addresses and also included contact information and passwords stored as salted SHA-512 hashes. The data was publicly posted to Twitter later in 2018 after which InMobi was notified and advised they were aware of the incident.

Dati compromessi

Email addressesEmployersJob titlesNamesPasswordsPhone numbersPhysical addresses

Sito web aerserv.com

Accounts 66.308

Stato Verificato

Attacco 01/04/2018

Inserimento 06/12/2018 - 03:58:12

Modifica 06/12/2018 - 03:58:12

AhaShare

In May 2013, the torrent site AhaShare.com suffered a breach which resulted in more than 180k user accounts being published publicly. The breach included a raft of personal information on registered users plus despite assertions of not distributing personally identifiable information, the site also leaked the IP addresses used by the registered identities.

Dati compromessi

Email addressesGendersGeographic locationsIP addressesPasswordsUsernamesWebsite activityYears of birth

Sito web ahashare.com

Accounts 180.468

Stato Verificato

Attacco 30/05/2013

Inserimento 06/11/2014 - 22:47:52

Modifica 06/11/2014 - 22:47:52

AIType

In December 2017, the virtual keyboard application ai.type was found to have left a huge amount of data publicly facing in an unsecured MongoDB instance. Discovered by researchers at The Kromtech Security Center, the 577GB data set included extensive personal information including over 20 million unique email addresses, social media profiles and address book contacts. The email addresses alone were provided to HIBP to enable impacted users to assess their exposure.

Dati compromessi

Address book contactsApps installed on devicesCellular network namesDates of birthDevice informationEmail addressesGendersGeographic locationsIMEI numbersIMSI numbersIP addressesNamesPhone numbersProfile photosSocial media profiles

Sito web aitype.com

Accounts 20.580.060

Stato Verificato

Attacco 05/12/2017

Inserimento 08/12/2017 - 22:31:25

Modifica 08/12/2017 - 22:31:25

Aipai

In September 2016, data allegedly obtained from the Chinese gaming website known as Aipai.com and containing 6.5M accounts was leaked online. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified". The data in the breach contains email addresses and MD5 password hashes. Read more about Chinese data breaches in Have I Been Pwned.

Dati compromessi

Email addressesPasswords

Sito web aipai.com

Accounts 6.496.778

Stato Non verificato

Attacco 27/09/2016

Inserimento 07/11/2016 - 22:55:29

Modifica 07/11/2016 - 22:55:29

AKP

In July 2016, a hacker known as Phineas Fisher hacked Turkey's ruling party (Justice and Development Party or "AKP") and gained access to 300k emails. The full contents of the emails were subsequently published by WikiLeaks and made searchable. HIBP identified over 917k unique email address patterns in the data set, including message IDs and a number of other non-user addresses.

Dati compromessi

Email addressesEmail messages

Sito web akparti.org.tr

Accounts 917.461

Stato Verificato

Attacco 19/07/2016

Inserimento 01/10/2017 - 05:52:37

Modifica 01/10/2017 - 05:52:37

Ancestry

In November 2015, an Ancestry service known as RootsWeb suffered a data breach. The breach was not discovered until late 2017 when a file containing almost 300k email addresses and plain text passwords was identified.

Dati compromessi

Email addressesPasswords

Sito web ancestry.com

Accounts 297.806

Stato Verificato

Attacco 07/11/2015

Inserimento 24/12/2017 - 05:28:45

Modifica 24/12/2017 - 05:28:45

AnimePlanet

In approximately 2016, the anime website Anime-Planet suffered a data breach that impacted 369k subscribers. The exposed data included usernames, IP and email addresses, dates of birth and passwords stored as unsalted MD5 hashes and for newer accounts, bcrypt hashes. The data was provided to HIBP by dehashed.com.

Dati compromessi

Dates of birthEmail addressesIP addressesPasswordsUsernames

Sito web anime-planet.com

Accounts 368.507

Stato Verificato

Attacco 01/01/2016

Inserimento 28/07/2019 - 02:35:07

Modifica 28/07/2019 - 02:35:07

Animoto

In July 2018, the cloud-based video making service Animoto suffered a data breach. The breach exposed 22 million unique email addresses alongside names, dates of birth, country of origin and salted password hashes. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".

Dati compromessi

Dates of birthEmail addressesGeographic locationsNamesPasswords

Sito web animoto.com

Accounts 22.437.749

Stato Verificato

Attacco 10/07/2018

Inserimento 18/07/2019 - 07:04:08

Modifica 18/07/2019 - 07:04:08

AntiPublic

In December 2016, a huge list of email address and password pairs appeared in a "combo list" referred to as "Anti Public". The list contained 458 million unique email addresses, many with multiple different passwords hacked from various online systems. The list was broadly circulated and used for "credential stuffing", that is attackers employ it in an attempt to identify other online systems where the account owner had reused their password. For detailed background on this incident, read Password reuse, credential stuffing and another billion records in Have I Been Pwned.

Dati compromessi

Email addressesPasswords

Sito web

Accounts 457.962.538

Stato Non verificato

Attacco 16/12/2016

Inserimento 05/05/2017 - 00:07:38

Modifica 05/05/2017 - 00:07:38

Apollo

In July 2018, the sales engagement startup Apollo left a database containing billions of data points publicly exposed without a password. The data was discovered by security researcher Vinny Troia who subsequently sent a subset of the data containing 126 million unique email addresses to Have I Been Pwned. The data left exposed by Apollo was used in their "revenue acceleration platform" and included personal information such as names and email addresses as well as professional information including places of employment, the roles people hold and where they're located. Apollo stressed that the exposed data did not include sensitive information such as passwords, social security numbers or financial data. The Apollo website has a contact form for those looking to get in touch with the organisation.

Dati compromessi

Email addressesEmployersGeographic locationsJob titlesNamesPhone numbersSalutationsSocial media profiles

Sito web apollo.io

Accounts 125.929.660

Stato Verificato

Attacco 23/07/2018

Inserimento 05/10/2018 - 21:14:11

Modifica 23/10/2018 - 06:01:48

Appartoo

In March 2017, the French Flatsharing site known as Appartoo suffered a data breach. The incident exposed an extensive amount of personal information on almost 50k members including email addresses, genders, ages, private messages sent between users of the service and passwords stored as SHA-256 hashes. Appartoo advised that all subscribers were notified of the incident in early 2017.

Dati compromessi

AgesAuth tokensEmail addressesEmployment statusesGendersIP addressesMarital statusesNamesPasswordsPhysical addressesPrivate messagesSocial media profiles

Sito web appartoo.com

Accounts 49.681

Stato Verificato

Attacco 25/03/2017

Inserimento 02/05/2019 - 09:07:24

Modifica 02/05/2019 - 09:07:24

ArmorGames

In January 2019, the game portal website website Armor Games suffered a data breach. A total of 10.6 million email addresses were impacted by the breach which also exposed usernames, IP addresses, birthdays of administrator accounts and passwords stored as salted SHA-1 hashes. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".

Dati compromessi

BiosDates of birthEmail addressesGendersGeographic locationsIP addressesPasswordsUsernames

Sito web armorgames.com

Accounts 10.604.307

Stato Verificato

Attacco 01/01/2019

Inserimento 20/07/2019 - 08:03:31

Modifica 20/07/2019 - 08:03:31

ArmyForceOnline

In May 2016, the the online gaming site Army Force Online suffered a data breach that exposed 1.5M accounts. The breached data was found being regularly traded online and included usernames, email and IP addresses and MD5 passwords.

Dati compromessi

AvatarsEmail addressesGeographic locationsIP addressesNamesPasswordsUsernamesWebsite activity

Sito web armyforceonline.com

Accounts 1.531.235

Stato Verificato

Attacco 18/05/2016

Inserimento 10/11/2016 - 04:24:38

Modifica 10/11/2016 - 04:24:38

Artvalue

In June 2019, the France-based art valuation website Artvalue.com left their 158k member subscriber base publicly exposed in a text file on their website. The exposed data included names, usernames, email addresses and passwords stored as MD5 hashes. The site operator did not respond when contacted about the incident, although the exposed file was subsequently removed.

Dati compromessi

Email addressesNamesPasswordsSalutationsUsernames

Sito web artvalue.com

Accounts 157.692

Stato Verificato

Attacco 19/06/2019

Inserimento 19/07/2019 - 15:16:52

Modifica 19/07/2019 - 15:35:22

AshleyMadison

In July 2015, the infidelity website Ashley Madison suffered a serious data breach. The attackers threatened Ashley Madison with the full disclosure of the breach unless the service was shut down. One month later, the database was dumped including more than 30M unique email addresses. This breach has been classed as "sensitive" and is not publicly searchable, although individuals may discover if they've been impacted by registering for notifications. Read about this approach in detail.

Dati compromessi

Dates of birthEmail addressesEthnicitiesGendersNamesPasswordsPayment historiesPhone numbersPhysical addressesSecurity questions and answersSexual orientationsUsernamesWebsite activity

Sito web ashleymadison.com

Accounts 30.811.934

Stato Verificato

Attacco 19/07/2015

Inserimento 18/08/2015 - 22:55:05

Modifica 18/08/2015 - 22:55:05

AstroPID

In December 2013, the vBulletin forum for the social engineering site known as "AstroPID" was breached and leaked publicly. The site provided tips on fraudulently obtaining goods and services, often by providing a legitimate "PID" or Product Information Description. The breach resulted in nearly 6k user accounts and over 220k private messages between forum members being exposed.

Dati compromessi

Email addressesInstant messenger identitiesIP addressesNamesPasswordsPrivate messagesUsernamesWebsite activity

Sito web astropid.com

Accounts 5.788

Stato Verificato

Attacco 19/12/2013

Inserimento 06/07/2014 - 05:49:45

Modifica 06/07/2014 - 05:49:45

Aternos

In December 2015, the service for creating and running free Minecraft servers known as Aternos suffered a data breach that impacted 1.4 million subscribers. The data included usernames, email and IP addresses and hashed passwords.

Dati compromessi

Email addressesIP addressesPasswordsUsernamesWebsite activity

Sito web aternos.org

Accounts 1.436.486

Stato Verificato

Attacco 06/12/2015

Inserimento 02/10/2016 - 01:42:56

Modifica 02/10/2016 - 01:42:56

AtlasQuantum

In August 2018, the cryptocurrency investment platform Atlas Quantum suffered a data breach. The breach leaked the personal data of 261k investors on the platform including their names, phone numbers, email addresses and account balances.

Dati compromessi

Account balancesEmail addressesNamesPhone numbers

Sito web atlasquantum.com

Accounts 261.463

Stato Verificato

Attacco 25/08/2018

Inserimento 27/08/2018 - 03:42:34

Modifica 28/08/2018 - 23:17:47

Autocentrum

In February 2018, data belonging to the Polish motoring website autocentrum.pl was found online. The data contained 144k email addresses and plain text passwords.

Dati compromessi

Email addressesPasswords

Sito web autocentrum.pl

Accounts 143.717

Stato Verificato

Attacco 04/02/2018

Inserimento 09/02/2018 - 01:55:26

Modifica 09/02/2018 - 01:55:26

Avast

In May 2014, the Avast anti-virus forum was hacked and 423k member records were exposed. The Simple Machines Based forum included usernames, emails and password hashes.

Dati compromessi

Email addressesPasswordsUsernames

Sito web avast.com

Accounts 422.959

Stato Verificato

Attacco 26/05/2014

Inserimento 12/03/2016 - 23:08:58

Modifica 12/03/2016 - 23:08:58

B2BUSABusinesses

In mid-2017, a spam list of over 105 million individuals in corporate America was discovered online. Referred to as "B2B USA Businesses", the list categorised email addresses by employer, providing information on individuals' job titles plus their work phone numbers and physical addresses. Read more about spam lists in HIBP.

Dati compromessi

Email addressesEmployersJob titlesNamesPhone numbersPhysical addresses

Sito web

Accounts 105.059.554

Stato Verificato

Attacco 18/07/2017

Inserimento 18/07/2017 - 09:38:04

Modifica 18/07/2017 - 09:38:04

BabyNames

In approximately 2008, the site to help parents name their children known as Baby Names suffered a data breach. The incident exposed 846k email addresses and passwords stored as salted MD5 hashes. When contacted in October 2018, Baby Names advised that "the breach happened at least ten years ago" and that members were notified at the time.

Dati compromessi

Email addressesPasswords

Sito web babynames.com

Accounts 846.742

Stato Verificato

Attacco 24/10/2008

Inserimento 24/10/2018 - 08:27:03

Modifica 24/10/2018 - 08:27:30

Badoo

In June 2016, a data breach allegedly originating from the social website Badoo was found to be circulating amongst traders. Likely obtained several years earlier, the data contained 112 million unique email addresses with personal data including names, birthdates and passwords stored as MD5 hashes. Whilst there are many indicators suggesting Badoo did indeed suffer a data breach, the legitimacy of the data could not be emphatically proven so this breach has been categorised as "unverified".

Dati compromessi

Dates of birthEmail addressesGendersNamesPasswordsUsernames

Sito web badoo.com

Accounts 112.005.531

Stato Non verificato

Attacco 01/06/2013

Inserimento 06/07/2016 - 10:16:03

Modifica 06/07/2016 - 10:16:03

BannerBit

In approximately December 2018, the online ad platform BannerBit suffered a data breach. Containing 213k unique email addresses and plain text passwords, the data was provided to HIBP by a third party. Multiple attempts were made to contact BannerBit, but no response was received.

Dati compromessi

Email addressesPasswords

Sito web bannerbit.com

Accounts 213.415

Stato Verificato

Attacco 29/12/2018

Inserimento 08/01/2019 - 11:56:34

Modifica 08/01/2019 - 11:56:34

BattlefieldHeroes

In June 2011 as part of a final breached data dump, the hacker collective "LulzSec" obtained and released over half a million usernames and passwords from the game Battlefield Heroes. The passwords were stored as MD5 hashes with no salt and many were easily converted back to their plain text versions.

Dati compromessi

PasswordsUsernames

Sito web battlefieldheroes.com

Accounts 530.270

Stato Verificato

Attacco 26/06/2011

Inserimento 23/01/2014 - 14:10:29

Modifica 23/01/2014 - 14:10:29

BeautifulPeople

In November 2015, the dating website Beautiful People was hacked and over 1.1M accounts were leaked. The data was being traded in underground circles and included a huge amount of personal information related to dating.

Dati compromessi

Beauty ratingsCar ownership statusesDates of birthDrinking habitsEducation levelsEmail addressesGendersGeographic locationsHome ownership statusesIncome levelsIP addressesJob titlesNamesPasswordsPersonal descriptionsPersonal interestsPhysical attributesSexual orientationsSmoking habitsWebsite activity

Sito web beautifulpeople.com

Accounts 1.100.089

Stato Verificato

Attacco 11/11/2015

Inserimento 25/04/2016 - 12:05:34

Modifica 25/04/2016 - 12:05:34

Bell

In February 2014, Bell Canada suffered a data breach via the hacker collective known as NullCrew. The breach included data from multiple locations within Bell and exposed email addresses, usernames, user preferences and a number of unencrypted passwords and credit card data from 40,000 records containing just over 20,000 unique email addresses and usernames.

Dati compromessi

Credit cardsGendersPasswordsUsernames

Sito web bell.ca

Accounts 20.902

Stato Verificato

Attacco 01/02/2014

Inserimento 02/02/2014 - 00:57:10

Modifica 02/02/2014 - 00:57:10

Bell2017

In May 2017, the Bell telecommunications company in Canada suffered a data breach resulting in the exposure of millions of customer records. The data was consequently leaked online with a message from the attacker stating that they were "releasing a significant portion of Bell.ca's data due to the fact that they have failed to cooperate with us" and included a threat to leak more. The impacted data included over 2 million unique email addresses and 153k survey results dating back to 2011 and 2012. There were also 162 Bell employee records with more comprehensive personal data including names, phone numbers and plain text "passcodes". Bell suffered another breach in 2014 which exposed 40k records.

Dati compromessi

Email addressesGeographic locationsIP addressesJob titlesNamesPasswordsPhone numbersSpoken languagesSurvey resultsUsernames

Sito web bell.ca

Accounts 2.231.256

Stato Verificato

Attacco 15/05/2017

Inserimento 16/05/2017 - 03:49:31

Modifica 16/05/2017 - 03:49:31

Bestialitysextaboo

In March 2018, the animal bestiality website known as Bestialitysextaboo was hacked. A collection of various sites running on the same service were also compromised and details of the hack (including links to the data) were posted on a popular forum. In all, more than 3.2k unique email addresses were included alongside usernames, IP addresses, dates of birth, genders and bcrypt hashes of passwords.

Dati compromessi

Dates of birthEmail addressesGendersGeographic locationsIP addressesPasswordsPrivate messagesUsernames

Sito web bestialitysextaboo.com

Accounts 3.204

Stato Verificato

Attacco 19/03/2018

Inserimento 29/03/2018 - 08:10:06

Modifica 29/03/2018 - 08:10:06

BigMoneyJobs

In April 2014, the job site bigmoneyjobs.com was hacked by an attacker known as "ProbablyOnion". The attack resulted in the exposure of over 36,000 user accounts including email addresses, usernames and passwords which were stored in plain text. The attack was allegedly mounted by exploiting a SQL injection vulnerability.

Dati compromessi

Career levelsEducation levelsEmail addressesNamesPasswordsPhone numbersPhysical addressesSalutationsUser website URLsWebsite activity

Sito web bigmoneyjobs.com

Accounts 36.789

Stato Verificato

Attacco 03/04/2014

Inserimento 08/04/2014 - 07:44:10

Modifica 08/04/2014 - 07:44:10

BinWeevils

In September 2014, the online game Bin Weevils suffered a data breach. Whilst originally stating that only usernames and passwords had been exposed, a subsequent story on DataBreaches.net indicated that a more extensive set of personal attributes were impacted (comments there also suggest the data may have come from a later breach). Data matching that pattern was later provided to Have I Been Pwned by @akshayindia6 and included almost 1.3m unique email addresses, genders, ages and plain text passwords.

Dati compromessi

AgesEmail addressesGendersIP addressesPasswordsUsernames

Sito web binweevils.com

Accounts 1.287.073

Stato Verificato

Attacco 01/09/2014

Inserimento 18/08/2017 - 09:10:57

Modifica 18/08/2017 - 09:10:57

BiohackMe

In December 2016, the forum for the biohacking website Biohack.me suffered a data breach that exposed 3.4k accounts. The data included usernames, email addresses and hashed passwords along with the private messages of forum members. The data was self-submitted to HIBP by the Biohack.me operators.

Dati compromessi

Email addressesPasswordsPrivate messagesUsernames

Sito web biohack.me

Accounts 3.402

Stato Verificato

Attacco 02/12/2016

Inserimento 23/08/2017 - 22:47:39

Modifica 23/08/2017 - 22:47:39

BTSec

In September 2014, a large dump of nearly 5M usernames and passwords was posted to a Russian Bitcoin forum. Whilst commonly reported as 5M "Gmail passwords", the dump also contained 123k yandex.ru addresses. Whilst the origin of the breach remains unclear, the breached credentials were confirmed by multiple source as correct, albeit a number of years old.

Dati compromessi

Email addressesPasswords

Sito web forum.btcsec.com

Accounts 4.789.599

Stato Verificato

Attacco 09/01/2014

Inserimento 10/09/2014 - 22:30:11

Modifica 10/09/2014 - 22:30:11

BitcoinTalk

In May 2015, the Bitcoin forum Bitcoin Talk was hacked and over 500k unique email addresses were exposed. The attack led to the exposure of a raft of personal data including usernames, email and IP addresses, genders, birth dates, security questions and MD5 hashes of their answers plus hashes of the passwords themselves.

Dati compromessi

Dates of birthEmail addressesGendersIP addressesPasswordsSecurity questions and answersUsernamesWebsite activity

Sito web bitcointalk.org

Accounts 501.407

Stato Verificato

Attacco 22/05/2015

Inserimento 28/03/2017 - 01:45:41

Modifica 28/03/2017 - 01:45:41

Bitly

In May 2014, the link management company Bitly announced they'd suffered a data breach. The breach contained over 9.3 million unique email addresses, usernames and hashed passwords, most using SHA1 with a small number using bcrypt.

Dati compromessi

Email addressesPasswordsUsernames

Sito web bitly.com

Accounts 9.313.136

Stato Verificato

Attacco 08/05/2014

Inserimento 06/10/2017 - 08:31:50

Modifica 06/10/2017 - 10:05:10

BitTorrent

In January 2016, the forum for the popular torrent software BitTorrent was hacked. The IP.Board based forum stored passwords as weak SHA1 salted hashes and the breached data also included usernames, email and IP addresses.

Dati compromessi

Email addressesIP addressesPasswordsUsernames

Sito web bittorrent.com

Accounts 34.235

Stato Verificato

Attacco 01/01/2016

Inserimento 08/06/2016 - 12:49:24

Modifica 08/06/2016 - 12:49:24

BlackHatWorld

In June 2014, the search engine optimisation forum Black Hat World had three quarters of a million accounts breached from their system. The breach included various personally identifiable attributes which were publicly released in a MySQL database script.

Dati compromessi

Dates of birthEmail addressesInstant messenger identitiesIP addressesPasswordsUsernamesWebsite activity

Sito web blackhatworld.com

Accounts 777.387

Stato Verificato

Attacco 23/06/2014

Inserimento 03/11/2015 - 23:20:17

Modifica 03/11/2015 - 23:20:17

BlackSpigotMC

In July 2019, the hacking website BlackSpigotMC suffered a data breach. The XenForo forum based site was allegedly compromised by a rival hacking website and resulted in 8.5GB of data being leaked including the database and website itself. The exposed data included 140k unique email addresses, usernames, IP addresses, genders, geographic locations and passwords stored as bcrypt hashes.

Dati compromessi

Device informationEmail addressesGendersGeographic locationsIP addressesPasswordsUsernames

Sito web blackspigot.com

Accounts 140.029

Stato Verificato

Attacco 14/07/2019

Inserimento 17/07/2019 - 20:44:17

Modifica 17/07/2019 - 20:44:17

BlankMediaGames

In December 2018, the Town of Salem website produced by BlankMediaGames suffered a data breach. Reported to HIBP by DeHashed, the data contained 7.6M unique user email addresses alongside usernames, IP addresses, purchase histories and passwords stored as phpass hashes. DeHashed made multiple attempts to contact BlankMediaGames over various channels and many days but had yet to receive a response at the time of publishing.

Dati compromessi

Browser user agent detailsEmail addressesIP addressesPasswordsPurchasesUsernamesWebsite activity

Sito web blankmediagames.com

Accounts 7.633.234

Stato Verificato

Attacco 28/12/2018

Inserimento 02/01/2019 - 06:52:56

Modifica 02/01/2019 - 07:03:19

Bolt

In approximately March 2017, the file sharing website Bolt suffered a data breach resulting in the exposure of 995k unique user records. The data was sourced from their vBulletin forum and contained email and IP addresses, usernames and salted MD5 password hashes. The site was previously reported as compromised on the Vigilante.pw breached database directory.

Dati compromessi

Email addressesIP addressesPasswordsUsernames

Sito web bolt.cd

Accounts 995.274

Stato Verificato

Attacco 01/03/2017

Inserimento 24/11/2017 - 09:15:24

Modifica 24/11/2017 - 09:16:45

BombujEu

In December 2018, the Slovak website for watching movies online for free Bombuj.eu suffered a data breach. The incident exposed over 575k unique email addresses and passwords stored as unsalted MD5 hashes. No response was received from Bombuj.eu when contacted about the incident.

Dati compromessi

Email addressesPasswords

Sito web bombuj.eu

Accounts 575.437

Stato Verificato

Attacco 07/12/2018

Inserimento 10/12/2018 - 15:04:47

Modifica 10/12/2018 - 15:04:47

Bookmate

In mid-2018, the social ebook subscription service Bookmate was among a raft of sites that were breached and their data then sold in early-2019. The data included almost 4 million unique email addresses alongside names, genders, dates of birth and passwords stored as salted SHA-512 hashes. The data was provided to HIBP by a source who requested it to be attributed to "BenjaminBlue@exploit.im".

Dati compromessi

Dates of birthEmail addressesGendersGeographic locationsNamesPasswordsUsernames

Sito web bookmate.com

Accounts 3.830.916

Stato Verificato

Attacco 08/07/2018

Inserimento 22/03/2019 - 17:25:58

Modifica 22/03/2019 - 17:25:58

BotOfLegends

In November 2014, the forum for Bot of Legends suffered a data breach. The IP.Board forum contained 238k accounts including usernames, email and IP addresses and passwords stored as salted MD5 hashes.

Dati compromessi

Email addressesIP addressesPasswordsUsernamesWebsite activity

Sito web botoflegends.com

Accounts 238.373

Stato Verificato

Attacco 13/11/2014

Inserimento 27/12/2016 - 09:24:52

Modifica 27/12/2016 - 09:24:52

Boxee

In March 2014, the home theatre PC software maker Boxee had their forums compromised in an attack. The attackers obtained the entire vBulletin MySQL database and promptly posted it for download on the Boxee forum itself. The data included 160k users, password histories, private messages and a variety of other data exposed across nearly 200 publicly exposed tables.

Dati compromessi

Dates of birthEmail addressesGeographic locationsHistorical passwordsInstant messenger identitiesIP addressesPasswordsPrivate messagesUser website URLsUsernames

Sito web forums.boxee.com

Accounts 158.093

Stato Verificato

Attacco 29/03/2014

Inserimento 30/03/2014 - 15:07:16

Modifica 30/03/2014 - 15:07:16

Brazzers

In April 2013, the adult website known as Brazzers was hacked and 790k accounts were exposed publicly. Each record included a username, email address and password stored in plain text. The breach was brought to light by the Vigilante.pw data breach reporting site in September 2016.

Dati compromessi

Email addressesPasswordsUsernames

Sito web brazzers.com

Accounts 790.724

Stato Verificato

Attacco 01/04/2013

Inserimento 05/09/2016 - 12:02:23

Modifica 05/09/2016 - 12:02:23

BTCE

In October 2014, the Bitcoin exchange BTC-E was hacked and 568k accounts were exposed. The data included email and IP addresses, wallet balances and hashed passwords.

Dati compromessi

Account balancesEmail addressesIP addressesPasswordsUsernamesWebsite activity

Sito web btc-e.com

Accounts 568.340

Stato Verificato

Attacco 01/10/2014

Inserimento 12/03/2017 - 04:21:52

Modifica 12/03/2017 - 04:21:52

Bukalapak

In March 2019, the Indonesian e-commerce website Bukalapak discovered a data breach of the organisation's backups dating back to October 2017. The incident exposed approximately 13 million unique email addresses alongside IP addresses, names and passwords stored as bcrypt and salted SHA-512 hashes. The data was provided to HIBP by a source who requested it to be attributed to "Maxime Thalet".

Dati compromessi

Email addressesIP addressesNamesPasswordsUsernames

Sito web bukalapak.com

Accounts 13.369.666

Stato Verificato

Attacco 23/10/2017

Inserimento 18/04/2019 - 03:57:35

Modifica 18/04/2019 - 04:10:15

BulgarianNationalRevenueAgency

In July 2019, a massive data breach of the Bulgarian National Revenue Agency began circulating with data on 5 million people. Allegedly obtained in June, the data was broadly shared online and included taxation information alongside names, phone numbers, physical addresses and 471 thousand unique email addresses. The breach is said to have affected "nearly all adults in Bulgaria".

Dati compromessi

Email addressesNamesPhone numbersPhysical addressesTaxation records

Sito web nap.bg

Accounts 471.167

Stato Verificato

Attacco 15/07/2019

Inserimento 18/07/2019 - 20:38:49

Modifica 18/07/2019 - 20:38:49

BusinessAcumen

In April 2014, the Australian "Business Acumen Magazine" website was hacked by an attacker known as 1337MiR. The breach resulted in over 26,000 accounts being exposed including usernames, email addresses and password stored with a weak cryptographic hashing algorithm (MD5 with no salt).

Dati compromessi

Email addressesNamesPasswordsUsernamesWebsite activity

Sito web businessacumen.biz

Accounts 26.596

Stato Verificato

Attacco 25/04/2014

Inserimento 11/05/2014 - 06:25:48

Modifica 11/05/2014 - 06:25:48

CafeMom

In 2014, the social network for mothers CafeMom suffered a data breach. The data surfaced alongside a number of other historical breaches including Kickstarter, Bitly and Disqus and contained 2.6 million email addresses and plain text passwords.

Dati compromessi

Email addressesPasswords

Sito web cafemom.com

Accounts 2.628.148

Stato Verificato

Attacco 10/04/2014

Inserimento 09/11/2017 - 20:54:20

Modifica 09/11/2017 - 20:55:00

CafePress

In February 2019, the custom merchandise retailer CafePress suffered a data breach. The exposed data included 23 million unique email addresses with some records also containing names, physical addresses, phone numbers and passwords stored as SHA-1 hashes. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".

Dati compromessi

Email addressesNamesPasswordsPhone numbersPhysical addresses

Sito web cafepress.com

Accounts 23.205.290

Stato Verificato

Attacco 20/02/2019

Inserimento 05/08/2019 - 03:18:43

Modifica 05/08/2019 - 22:02:32

CannabisForum

In February 2014, the vBulletin forum for the Marijuana site cannabis.com was breached and leaked publicly. Whilst there has been no public attribution of the breach, the leaked data included over 227k accounts and nearly 10k private messages between users of the forum.

Dati compromessi

Dates of birthEmail addressesGeographic locationsHistorical passwordsInstant messenger identitiesIP addressesPasswordsPrivate messagesUsernamesWebsite activity

Sito web cannabis.com

Accounts 227.746

Stato Verificato

Attacco 05/02/2014

Inserimento 01/06/2014 - 09:55:24

Modifica 01/06/2014 - 09:55:24

Canva

In May 2019, the graphic design tool website Canva suffered a data breach that impacted 137 million subscribers. The exposed data included email addresses, usernames, names, cities of residence and passwords stored as bcrypt hashes for users not using social logins. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".

Dati compromessi

Email addressesGeographic locationsNamesPasswordsUsernames

Sito web canva.com

Accounts 137.272.116

Stato Verificato

Attacco 24/05/2019

Inserimento 09/08/2019 - 16:24:01

Modifica 09/08/2019 - 16:24:01

CashCrate

In June 2017, news broke that CashCrate had suffered a data breach exposing 6.8 million records. The breach of the cash-for-surveys site dated back to November 2016 and exposed names, physical addresses, email addresses and passwords stored in plain text for older accounts along with weak MD5 hashes for newer ones.

Dati compromessi

Email addressesNamesPasswordsPhysical addresses

Sito web cashcrate.com

Accounts 6.844.490

Stato Verificato

Attacco 17/11/2016

Inserimento 20/04/2018 - 23:40:38

Modifica 20/04/2018 - 23:40:38

CDProjektRed

In March 2016, Polish game developer CD Projekt RED suffered a data breach. The hack of their forum led to the exposure of almost 1.9 million accounts along with usernames, email addresses and salted SHA1 passwords.

Dati compromessi

Email addressesPasswordsUsernames

Sito web cdprojektred.com

Accounts 1.871.373

Stato Verificato

Attacco 01/03/2016

Inserimento 31/01/2017 - 07:40:09

Modifica 31/01/2017 - 07:40:09

CheapAssGamer

In approximately mid-2015, the forum for CheapAssGamer.com suffered a data breach. The database from the IP.Board based forum contained 445k accounts including usernames, email and IP addresses and salted MD5 password hashes.

Dati compromessi

Email addressesIP addressesPasswordsUsernames

Sito web cheapassgamer.com

Accounts 444.767

Stato Verificato

Attacco 01/07/2015

Inserimento 08/11/2016 - 02:58:39

Modifica 08/11/2016 - 02:58:39

Chegg

In April 2018, the textbook rental service Chegg suffered a data breach that impacted 40 million subscribers. The exposed data included email addresses, usernames, names and passwords stored as unsalted MD5 hashes. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".

Dati compromessi

Email addressesNamesPasswordsUsernames

Sito web chegg.com

Accounts 39.721.127

Stato Verificato

Attacco 28/04/2018

Inserimento 16/08/2019 - 09:24:58

Modifica 16/08/2019 - 09:24:58

CivilOnline

In mid-2011, data was allegedly obtained from the Chinese engineering website known as Civil Online and contained 7.8M accounts. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified". The data in the breach contains email and IP addresses, user names and MD5 password hashes. Read more about Chinese data breaches in Have I Been Pwned.

Dati compromessi

Email addressesIP addressesPasswordsUsernamesWebsite activity

Sito web co188.com

Accounts 7.830.195

Stato Non verificato

Attacco 10/07/2011

Inserimento 07/11/2016 - 21:41:52

Modifica 07/11/2016 - 21:41:52

ClashOfKings

In July 2016, the forum for the game "Clash of Kings" suffered a data breach that impacted 1.6 million subscribers. The impacted data included usernames, IP and email addresses and passwords stored as MD5 hashes. The data was provided to HIBP by dehashed.com.

Dati compromessi

Email addressesIP addressesPasswordsUsernames

Sito web f.elex.com

Accounts 1.604.957

Stato Verificato

Attacco 14/07/2016

Inserimento 28/07/2019 - 00:03:03

Modifica 28/07/2019 - 00:03:03

ClixSense

In September 2016, the paid-to-click site ClixSense suffered a data breach which exposed 2.4 million subscriber identities. The breached data was then posted online by the attackers who claimed it was a subset of a larger data breach totalling 6.6 million records. The leaked data was extensive and included names, physical, email and IP addresses, genders and birth dates, account balances and passwords stored as plain text.

Dati compromessi

Account balancesDates of birthEmail addressesGendersIP addressesNamesPasswordsPayment historiesPayment methodsPhysical addressesUsernamesWebsite activity

Sito web clixsense.com

Accounts 2.424.784

Stato Verificato

Attacco 04/09/2016

Inserimento 11/09/2016 - 08:37:25

Modifica 11/09/2016 - 08:37:25

CloudPets

In January, the maker of teddy bears that record children's voices and sends them to family and friends via the internet CloudPets left their database publicly exposed and it was subsequently downloaded by external parties (the data was also subject to 3 different ransom demands). 583k records were provided to HIBP via a data trader and included email addresses and bcrypt hashes, but the full extent of user data exposed by the system was over 821k records and also included children's names and references to portrait photos and voice recordings.

Dati compromessi

Email addressesFamily members' namesPasswords

Sito web cloudpets.com

Accounts 583.503

Stato Verificato

Attacco 01/01/2017

Inserimento 27/02/2017 - 21:57:29

Modifica 27/02/2017 - 21:57:29

ClubPenguinRewritten

In January 2018, the children's gaming site Club Penguin Rewritten (CPRewritten) suffered a data breach (note: CPRewritten is an independent recreation of Disney's Club Penguin game). The incident exposed almost 1.7 million unique email addresses alongside IP addresses, usernames and passwords stored as bcrypt hashes. When contacted, CPRewritten advised they were aware of the breach and had "contacted affected users".

Dati compromessi

Email addressesIP addressesPasswordsUsernames

Sito web cprewritten.net

Accounts 1.688.176

Stato Verificato

Attacco 21/01/2018

Inserimento 23/04/2019 - 07:05:16

Modifica 30/07/2019 - 16:05:55

ClubPenguinRewrittenJul2019

In July 2019, the children's gaming site Club Penguin Rewritten (CPRewritten) suffered a data breach (note: CPRewritten is an independent recreation of Disney's Club Penguin game). In addition to an earlier data breach that impacted 1.7 million accounts, the subsequent breach exposed 4 million unique email addresses alongside IP addresses, usernames and passwords stored as bcrypt hashes.

Dati compromessi

Email addressesIP addressesPasswordsUsernames

Sito web cprewritten.net

Accounts 4.007.909

Stato Verificato

Attacco 27/07/2019

Inserimento 30/07/2019 - 16:05:10

Modifica 30/07/2019 - 16:05:10

Coachella

In February 2017, hundreds of thousands of records from the Coachella music festival were discovered being sold online. Allegedly taken from a combination of the main Coachella website and their vBulletin-based message board, the data included almost 600k usernames, IP and email addresses and salted hashes of passwords (MD5 in the case of the message board).

Dati compromessi

Email addressesIP addressesPasswordsUsernames

Sito web coachella.com

Accounts 599.802

Stato Verificato

Attacco 22/02/2017

Inserimento 27/06/2017 - 12:57:03

Modifica 27/06/2017 - 12:57:03

Coinmama

In August 2017, the crypto coin brokerage service Coinmama suffered a data breach that impacted 479k subscribers. The breach was discovered in February 2019 with exposed data including email addresses, usernames and passwords stored as MD5 WordPress hashes. The data was provided to HIBP by white hat security researcher and data analyst Adam Davies.

Dati compromessi

Email addressesPasswordsUsernames

Sito web coinmama.com

Accounts 478.824

Stato Verificato

Attacco 03/08/2017

Inserimento 30/08/2019 - 22:53:29

Modifica 30/08/2019 - 22:53:29

Collection1

In January 2019, a large collection of credential stuffing lists (combinations of email addresses and passwords used to hijack accounts on other services) was discovered being distributed on a popular hacking forum. The data contained almost 2.7 billion records including 773 million unique email addresses alongside passwords those addresses had used on other breached services. Full details on the incident and how to search the breached passwords are provided in the blog post The 773 Million Record "Collection #1" Data Breach.

Dati compromessi

Email addressesPasswords

Sito web

Accounts 772.904.991

Stato Non verificato

Attacco 07/01/2019

Inserimento 16/01/2019 - 22:46:07

Modifica 16/01/2019 - 22:50:21

Comcast

In November 2015, the US internet and cable TV provider Comcast suffered a data breach that exposed 590k customer email addresses and plain text passwords. A further 27k accounts appeared with home addresses with the entire data set being sold on underground forums.

Dati compromessi

Email addressesPasswordsPhysical addresses

Sito web comcast.net

Accounts 616.882

Stato Verificato

Attacco 08/11/2015

Inserimento 08/02/2016 - 22:41:43

Modifica 08/02/2016 - 22:41:43

COMELEC

In March 2016, the Philippines Commission of Elections website (COMELEC) was attacked and defaced, allegedly by Anonymous Philippines. Shortly after, data on 55 million Filipino voters was leaked publicly and included sensitive information such as genders, marital statuses, height and weight and biometric fingerprint data. The breach only included 228k email addresses.

Dati compromessi

Biometric dataDates of birthEmail addressesFamily members' namesGendersJob titlesMarital statusesNamesPassport numbersPhone numbersPhysical addressesPhysical attributes

Sito web comelec.gov.ph

Accounts 228.605

Stato Verificato

Attacco 27/03/2016

Inserimento 14/04/2016 - 04:24:32

Modifica 14/04/2016 - 04:24:32

CouponMomAndArmorGames

In 2014, a file allegedly containing data hacked from Coupon Mom was created and included 11 million email addresses and plain text passwords. On further investigation, the file was also found to contain data indicating it had been sourced from Armor Games. Subsequent verification with HIBP subscribers confirmed the passwords had previously been used and many subscribers had used either Coupon Mom or Armor Games in the past. On disclosure to both organisations, each found that the data did not represent their entire customer base and possibly includes records from other sources with common subscribers. The breach has subsequently been flagged as "unverified" as the source cannot be emphatically proven.

Dati compromessi

Email addressesPasswords

Sito web

Accounts 11.010.525

Stato Non verificato

Attacco 08/02/2014

Inserimento 10/11/2017 - 00:46:52

Modifica 10/11/2017 - 00:46:52

CrackCommunity

In late 2013, the Crack Community forum specialising in cracks for games was compromised and over 19k accounts published online. Built on the MyBB forum platform, the compromised data included email addresses, IP addresses and salted MD5 passwords.

Dati compromessi

Email addressesIP addressesPasswordsUsernamesWebsite activity

Sito web crackcommunity.com

Accounts 19.210

Stato Verificato

Attacco 09/09/2013

Inserimento 03/02/2015 - 07:30:05

Modifica 03/02/2015 - 07:30:05

CrackedTO

In July 2019, the hacking website Cracked.to suffered a data breach. There were 749k unique email addresses spread across 321k forum users and other tables in the database. A rival hacking website claimed responsibility for breaching the MyBB based forum which disclosed email and IP addresses, usernames, private messages and passwords stored as bcrypt hashes.

Dati compromessi

Email addressesIP addressesPasswordsPrivate messagesUsernames

Sito web cracked.to

Accounts 749.161

Stato Verificato

Attacco 21/07/2019

Inserimento 12/08/2019 - 13:18:56

Modifica 12/08/2019 - 13:18:56

CrackingForum

In approximately mid-2016, the cracking community forum known as CrackingForum suffered a data breach. The vBulletin based forum exposed 660k email and IP addresses, usernames and salted MD5 hashes.

Dati compromessi

Email addressesIP addressesPasswordsUsernames

Sito web crackingforum.com

Accounts 660.305

Stato Verificato

Attacco 01/07/2016

Inserimento 10/12/2017 - 21:08:30

Modifica 10/12/2017 - 21:08:30

Creative

In May 2018, the forum for Singaporean hardware company Creative Technology suffered a data breach which resulted in the disclosure of 483k unique email addresses. Running on an old version of vBulletin, the breach also disclosed usernames, IP addresses and salted MD5 password hashes. After being notified of the incident, Creative permanently shut down the forum.

Dati compromessi

Email addressesIP addressesPasswordsUsernames

Sito web creative.com

Accounts 483.015

Stato Verificato

Attacco 01/05/2018

Inserimento 07/06/2018 - 23:00:31

Modifica 07/06/2018 - 23:00:31

CrimeAgencyVBulletin

In January 2016, a large number of unpatched vBulletin forums were compromised by an actor known as "CrimeAgency". A total of 140 forums had data including usernames, email addresses and passwords (predominantly stored as salted MD5 hashes), extracted and then distributed. Refer to the complete list of the forums for further information on which sites were impacted.

Dati compromessi

Email addressesPasswordsUsernames

Sito web

Accounts 942.044

Stato Verificato

Attacco 19/01/2017

Inserimento 21/03/2017 - 04:12:40

Modifica 21/03/2017 - 04:12:40

CrossFire

In August 2016, the Russian gaming forum known as Cross Fire (or cfire.mail.ru) was hacked along with a number of other forums on the Russian mail provider, mail.ru. The vBulletin forum contained 12.8 million accounts including usernames, email addresses and passwords stored as salted MD5 hashes.

Dati compromessi

Email addressesPasswordsUsernames

Sito web cfire.mail.ru

Accounts 12.865.609

Stato Verificato

Attacco 08/08/2016

Inserimento 28/12/2016 - 01:29:28

Modifica 28/12/2016 - 01:29:28

D3scene

In January 2016, the gaming website D3Scene, suffered a data breach. The compromised vBulletin forum exposed 569k million email addresses, IP address, usernames and passwords stored as salted MD5 hashes. The data was provided to HIBP by dehashed.com.

Dati compromessi

Email addressesIP addressesPasswordsUsernames

Sito web d3scene.com

Accounts 568.827

Stato Verificato

Attacco 01/01/2016

Inserimento 15/06/2019 - 17:19:11

Modifica 15/06/2019 - 17:19:11

DaFont

In May 2017, font sharing site DaFont suffered a data breach resulting in the exposure of 637k records. Allegedly due to a SQL injection vulnerability exploited by multiple parties, the exposed data included usernames, email addresses and passwords stored as MD5 without a salt.

Dati compromessi

Email addressesPasswordsUsernames

Sito web dafont.com

Accounts 637.340

Stato Verificato

Attacco 16/05/2017

Inserimento 18/05/2017 - 22:05:28

Modifica 18/05/2017 - 22:05:28

Dailymotion

In October 2016, the video sharing platform Dailymotion suffered a data breach. The attack led to the exposure of more than 85 million user accounts and included email addresses, usernames and bcrypt hashes of passwords.

Dati compromessi

Email addressesPasswordsUsernames

Sito web dailymotion.com

Accounts 85.176.234

Stato Verificato

Attacco 20/10/2016

Inserimento 07/08/2017 - 04:51:12

Modifica 07/08/2017 - 04:51:12

Dangdang

In 2011, the Chinese e-commerce site Dangdang suffered a data breach. The incident exposed over 4.8 million unique email addresses which were subsequently traded online over the ensuing years.

Dati compromessi

Email addresses

Sito web dangdang.com

Accounts 4.848.734

Stato Verificato

Attacco 01/06/2011

Inserimento 10/01/2019 - 12:15:51

Modifica 10/01/2019 - 12:24:06

DaniWeb

In late 2015, the technology and social site DaniWeb suffered a data breach. The attack resulted in the disclosure of 1.1 million accounts including email and IP addresses which were also accompanied by salted MD5 hashes of passwords. However, DaniWeb have advised that "the breached password hashes and salts are incorrect" and that they have since switched to new infrastructure and software.

Dati compromessi

Email addressesIP addressesPasswords

Sito web daniweb.com

Accounts 1.131.636

Stato Verificato

Attacco 01/12/2015

Inserimento 29/12/2016 - 00:12:16

Modifica 29/12/2016 - 00:12:16

DataAndLeads

In November 2018, security researcher Bob Diachenko identified an unprotected database believed to be hosted by a data aggregator. Upon further investigation, the data was linked to marketing company Data & Leads. The exposed Elasticsearch instance contained over 44M unique email addresses along with names, IP and physical addresses, phone numbers and employment information. No response was received from Data & Leads when contacted by Bob and their site subsequently went offline.

Dati compromessi

Email addressesEmployersIP addressesJob titlesNamesPhone numbersPhysical addresses

Sito web datanleads.com

Accounts 44.320.330

Stato Verificato

Attacco 14/11/2018

Inserimento 28/11/2018 - 20:32:19

Modifica 28/11/2018 - 20:32:19

DataEnrichment

In December 2016, more than 200 million "data enrichment profiles" were found for sale on the darknet. The seller claimed the data was sourced from Experian and whilst that claim was rejected by the company, the data itself was found to be legitimate suggesting it may have been sourced from other legitimate locations. In total, there were more than 8 million unique email addresses in the data which also contained a raft of other personal attributes including credit ratings, home ownership status, family structure and other fields described in the story linked to above. The email addresses alone were provided to HIBP.

Dati compromessi

Buying preferencesCharitable donationsCredit status informationDates of birthEmail addressesFamily structureFinancial investmentsHome ownership statusesIncome levelsJob titlesMarital statusesNamesNet worthsPhone numbersPhysical addressesPolitical donations

Sito web

Accounts 8.176.132

Stato Non verificato

Attacco 23/12/2016

Inserimento 08/06/2017 - 18:23:07

Modifica 08/06/2017 - 18:23:07

DataCamp

In December 2018, the data science website DataCamp suffered a data breach of records dating back to January 2017. The incident exposed 760k unique email and IP addresses along with names and passwords stored as bcrypt hashes. In 2019, the data appeared listed for sale on a dark web marketplace (along with several other large breaches) and subsequently began circulating more broadly. The data was provided to HIBP by a source who requested it to be attributed to "BenjaminBlue@exploit.im".

Dati compromessi

Email addressesGeographic locationsIP addressesNamesPasswords

Sito web datacamp.com

Accounts 760.561

Stato Verificato

Attacco 30/01/2017

Inserimento 09/04/2019 - 06:29:55

Modifica 09/04/2019 - 23:12:53

DemonForums

In February 2019, the hacking forum Demon Forums suffered a data breach. The compromise of the vBulletin forum exposed 52k unique email addresses alongside usernames and passwords stored as salted MD5 hashes.

Dati compromessi

Email addressesPasswordsUsernames

Sito web demonforums.net

Accounts 52.623

Stato Verificato

Attacco 20/02/2019

Inserimento 04/04/2019 - 09:14:34

Modifica 04/04/2019 - 09:14:34

devkitPro

In February 2019, the devkitPro forum suffered a data breach. The phpBB based forum had 1,508 unique email addresses exposed in the breach alongside forum posts, private messages and passwords stored as weak salted hashes. The data breach was self-submitted to HIBP by the forum operator.

Dati compromessi

Email addressesPasswordsPrivate messages

Sito web devkitpro.org

Accounts 1.508

Stato Verificato

Attacco 03/02/2019

Inserimento 11/02/2019 - 08:21:44

Modifica 11/02/2019 - 08:21:44

DietCom

In August 2014, the diet and nutrition website diet.com suffered a data breach resulting in the exposure of 1.4 million unique user records dating back as far as 2004. The data contained email and IP addresses, usernames, plain text passwords and dietary information about the site members including eating habits, BMI and birth date. The site was previously reported as compromised on the Vigilante.pw breached database directory.

Dati compromessi

Dates of birthEating habitsEmail addressesIP addressesNamesPasswordsPhysical attributesUsernames

Sito web diet.com

Accounts 1.383.759

Stato Verificato

Attacco 10/08/2014

Inserimento 13/10/2017 - 23:37:10

Modifica 13/10/2017 - 23:37:10

Digimon

In September 2016, over 16GB of logs from a service indicated to be digimon.co.in were obtained, most likely from an unprotected Mongo DB instance. The service ceased running shortly afterwards and no information remains about the precise nature of it. Based on enquiries made via Twitter, it appears to have been a mail service possibly based on PowerMTA and used for delivering spam. The logs contained information including 7.7M unique email recipients (names and addresses), mail server IP addresses, email subjects and tracking information including mail opens and clicks.

Dati compromessi

Email addressesEmail messagesIP addressesNames

Sito web digimon.co.in

Accounts 7.687.679

Stato Verificato

Attacco 05/09/2016

Inserimento 28/09/2018 - 03:34:56

Modifica 28/09/2018 - 03:34:56

Disqus

In October 2017, the blog commenting service Disqus announced they'd suffered a data breach. The breach dated back to July 2012 but wasn't identified until years later when the data finally surfaced. The breach contained over 17.5 million unique email addresses and usernames. Users who created logins on Disqus had salted SHA1 hashes of passwords whilst users who logged in via social providers only had references to those accounts.

Dati compromessi

Email addressesPasswordsUsernames

Sito web disqus.com

Accounts 17.551.044

Stato Verificato

Attacco 01/07/2012

Inserimento 07/10/2017 - 01:03:51

Modifica 07/10/2017 - 01:03:51

DLH

In July 2016, the gaming news site DLH.net suffered a data breach which exposed 3.3M subscriber identities. Along with the keys used to redeem and activate games on the Steam platform, the breach also resulted in the exposure of email addresses, birth dates and salted MD5 password hashes. The data was donated to Have I Been Pwned by data breach monitoring service Vigilante.pw.

Dati compromessi

Dates of birthEmail addressesNamesPasswordsUsernamesWebsite activity

Sito web dlh.net

Accounts 3.264.710

Stato Verificato

Attacco 31/07/2016

Inserimento 07/09/2016 - 15:29:25

Modifica 07/09/2016 - 15:29:25

Dodonew

In late 2011, data was allegedly obtained from the Chinese website known as Dodonew.com and contained 8.7M accounts. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified". The data in the breach contains email addresses and user names. Read more about Chinese data breaches in Have I Been Pwned.

Dati compromessi

Email addressesUsernames

Sito web dodonew.com

Accounts 8.718.404

Stato Non verificato

Attacco 01/12/2011

Inserimento 10/11/2016 - 01:26:01

Modifica 10/11/2016 - 01:26:01

Dominos

In June 2014, Domino's Pizza in France and Belgium was hacked by a group going by the name "Rex Mundi" and their customer data held to ransom. Domino's refused to pay the ransom and six months later, the attackers released the data along with troves of other hacked accounts. Amongst the customer data was passwords stored with a weak MD5 hashing algorithm and no salt.

Dati compromessi

Email addressesNamesPasswordsPhone numbersPhysical addresses

Sito web pizza.dominos.be

Accounts 648.231

Stato Verificato

Attacco 13/06/2014

Inserimento 04/01/2015 - 04:03:34

Modifica 04/01/2015 - 04:03:34

Dropbox

In mid-2012, Dropbox suffered a data breach which exposed the stored credentials of tens of millions of their customers. In August 2016, they forced password resets for customers they believed may be at risk. A large volume of data totalling over 68 million records was subsequently traded online and included email addresses and salted hashes of passwords (half of them SHA1, half of them bcrypt).

Dati compromessi

Email addressesPasswords

Sito web dropbox.com

Accounts 68.648.009

Stato Verificato

Attacco 01/07/2012

Inserimento 31/08/2016 - 02:19:19

Modifica 31/08/2016 - 02:19:19

Dubsmash

In December 2018, the video messaging service Dubsmash suffered a data breach. The incident exposed 162 million unique email addresses alongside usernames and PBKDF2 password hashes. In 2019, the data appeared listed for sale on a dark web marketplace (along with several other large breaches) and subsequently began circulating more broadly. The data was provided to HIBP by a source who requested it to be attributed to "BenjaminBlue@exploit.im".

Dati compromessi

Email addressesGeographic locationsNamesPasswordsPhone numbersSpoken languagesUsernames

Sito web dubsmash.com

Accounts 161.749.950

Stato Verificato

Attacco 01/12/2018

Inserimento 25/02/2019 - 09:35:58

Modifica 25/02/2019 - 09:35:58

DDO

In April 2013, the interactive video game Dungeons & Dragons Online suffered a data breach that exposed almost 1.6M players' accounts. The data was being actively traded on underground forums and included email addresses, birth dates and password hashes.

Dati compromessi

Dates of birthEmail addressesIP addressesPasswordsUsernamesWebsite activity

Sito web ddo.com

Accounts 1.580.933

Stato Verificato

Attacco 02/04/2013

Inserimento 12/03/2016 - 11:59:56

Modifica 12/03/2016 - 11:59:56

Duowan

In approximately 2011, data was allegedly obtained from the Chinese gaming website known as Duowan.com and contained 2.6M accounts. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified". The data in the breach contains email addresses, user names and plain text passwords. Read more about Chinese data breaches in Have I Been Pwned.

Dati compromessi

Email addressesPasswordsUsernames

Sito web duowan.com

Accounts 2.639.894

Stato Non verificato

Attacco 01/01/2011

Inserimento 07/11/2016 - 13:53:19

Modifica 07/11/2016 - 13:53:19

DVDShopCH

In December 2017, the online Swiss DVD store known as dvd-shop.ch suffered a data breach. The incident led to the exposure of 68k email addresses and plain text passwords. The site has since been updated to indicate that it is currently closed.

Dati compromessi

Email addressesPasswords

Sito web dvd-shop.ch

Accounts 67.973

Stato Verificato

Attacco 05/12/2017

Inserimento 10/12/2017 - 05:58:09

Modifica 10/12/2017 - 05:58:09

EatStreet

In May 2019, the online food ordering service EatStreet suffered a data breach affecting 6.4 million customers. An extensive amount of personal data was obtained including names, phone numbers, addresses, partial credit card data and passwords stored as bcrypt hashes. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".

Dati compromessi

Dates of birthEmail addressesGendersNamesPartial credit card dataPasswordsPhone numbersPhysical addressesSocial media profiles

Sito web eatstreet.com

Accounts 6.353.564

Stato Verificato

Attacco 03/05/2019

Inserimento 19/07/2019 - 13:29:35

Modifica 19/07/2019 - 13:29:35

Edmodo

In May 2017, the education platform Edmodo was hacked resulting in the exposure of 77 million records comprised of over 43 million unique customer email addresses. The data was consequently published to a popular hacking forum and made freely available. The records in the breach included usernames, email addresses and bcrypt hashes of passwords.

Dati compromessi

Email addressesPasswordsUsernames

Sito web edmodo.com

Accounts 43.423.561

Stato Verificato

Attacco 11/05/2017

Inserimento 01/06/2017 - 07:59:24

Modifica 01/06/2017 - 07:59:24

Elance

Sometime in 2009, staffing platform Elance suffered a data breach that impacted 1.3 million accounts. Appearing online 8 years later, the data contained usernames, email addresses, phone numbers and SHA1 hashes of passwords, amongst other personal data.

Dati compromessi

Email addressesEmployersGeographic locationsPasswordsPhone numbersUsernames

Sito web elance.com

Accounts 1.291.178

Stato Verificato

Attacco 01/01/2009

Inserimento 18/02/2017 - 03:54:48

Modifica 18/02/2017 - 03:54:48

ElasticsearchSalesLeads

In October 2018, security researcher Bob Diachenko identified multiple exposed databases with hundreds of millions of records. One of those datasets was an Elasticsearch instance on AWS containing sales lead data and 5.8M unique email addresses. The data contained information relating to individuals and the companies they worked for including their names, email addresses and company name and contact information. Despite best efforts, it was not possible to identify the owner of the data hence this breach as been titled "Elasticsearch Sales Leads".

Dati compromessi

Email addressesEmployersNamesPhysical addresses

Sito web

Accounts 5.788.169

Stato Verificato

Attacco 29/10/2018

Inserimento 17/11/2018 - 10:04:54

Modifica 18/11/2018 - 04:30:53

Emuparadise

In April 2018, the self-proclaimed "biggest retro gaming website on earth", Emuparadise, suffered a data breach. The compromised vBulletin forum exposed 1.1 million email addresses, IP address, usernames and passwords stored as salted MD5 hashes. The data was provided to HIBP by dehashed.com.

Dati compromessi

Email addressesIP addressesPasswordsUsernames

Sito web emuparadise.me

Accounts 1.131.229

Stato Verificato

Attacco 01/04/2018

Inserimento 09/06/2019 - 08:23:35

Modifica 15/06/2019 - 17:19:53

EpicGames

In August 2016, the Epic Games forum suffered a data breach, allegedly due to a SQL injection vulnerability in vBulletin. The attack resulted in the exposure of 252k accounts including usernames, email addresses and salted MD5 hashes of passwords.

Dati compromessi

Email addressesPasswordsUsernames

Sito web epicgames.com

Accounts 251.661

Stato Verificato

Attacco 11/08/2016

Inserimento 07/11/2016 - 11:19:34

Modifica 07/11/2016 - 11:19:34

EpicNPC

In January 2016, the hacked account reseller EpicNPC suffered a data breach that impacted 409k subscribers. The impacted data included usernames, IP and email addresses and passwords stored as salted MD5 hashes. The data was provided to HIBP by dehashed.com.

Dati compromessi

Email addressesIP addressesPasswordsUsernames

Sito web epicnpc.com

Accounts 408.795

Stato Verificato

Attacco 02/01/2016

Inserimento 28/07/2019 - 01:11:30

Modifica 28/07/2019 - 01:20:02

Eroticy

In mid-2016, it's alleged that the adult website known as Eroticy was hacked. Almost 1.4 million unique accounts were found circulating in late 2016 which contained a raft of personal information ranging from email addresses to phone numbers to plain text passwords. Whilst many HIBP subscribers confirmed their data was legitimate, the actual source of the breach remains inconclusive. A detailed account of the data has been published in the hope of identifying the origin of the breach.

Dati compromessi

Email addressesIP addressesNamesPasswordsPayment historiesPhone numbersPhysical addressesUsernamesWebsite activity

Sito web eroticy.com

Accounts 1.370.175

Stato Non verificato

Attacco 01/06/2015

Inserimento 10/01/2017 - 03:19:56

Modifica 10/01/2017 - 03:19:56

Estonia

In June 2018, the Cybercrime Bureau of the Estonian Central Criminal Police contacted HIBP and asked for assistance in making a data set of 655k email addresses searchable. The Estonian police suspected the email addresses and passwords they obtained were being used to access mailboxes, cryptocurrency exchanges, cloud service accounts and other similar online assets. They've requested that individuals who find themselves in the data set and also identify that cryptocurrency has been stolen contact them at cybercrime@politsei.ee.

Dati compromessi

Email addressesPasswords

Sito web

Accounts 655.161

Stato Verificato

Attacco 07/06/2018

Inserimento 11/06/2018 - 11:41:17

Modifica 11/06/2018 - 11:41:17

eThekwiniMunicipality

In September 2016, the new eThekwini eServices website in South Africa was launched with a number of security holes that lead to the leak of over 98k residents' personal information and utility bills across 82k unique email addresses. Emails were sent prior to launch containing passwords in plain text and the site allowed anyone to download utility bills without sufficient authentication. Various methods of customer data enumeration was possible and phishing attacks began appearing the day after launch.

Dati compromessi

Dates of birthDeceased dateEmail addressesGendersGovernment issued IDsNamesPassport numbersPasswordsPhone numbersPhysical addressesUtility bills

Sito web eservices.durban.gov.za

Accounts 81.830

Stato Verificato

Attacco 07/09/2016

Inserimento 15/09/2016 - 02:01:47

Modifica 15/09/2016 - 02:01:47

Ethereum

In December 2016, the forum for the public blockchain-based distributed computing platform Ethereum suffered a data breach. The database contained over 16k unique email addresses along with IP addresses, private forum messages and (mostly) bcrypt hashed passwords. Ethereum elected to self-submit the data to HIBP, providing the service with a list of email addresses impacted by the incident.

Dati compromessi

Email addressesIP addressesPasswordsPrivate messagesUsernamesWebsite activity

Sito web ethereum.org

Accounts 16.431

Stato Verificato

Attacco 16/12/2016

Inserimento 21/12/2016 - 00:56:26

Modifica 21/12/2016 - 00:56:26

Evermotion

In May 2015, the Polish 3D modelling website known as Evermotion suffered a data breach resulting in the exposure of 435k unique user records. The data was sourced from a vBulletin forum and contained email addresses, usernames, dates of birth and salted MD5 hashes of passwords. The site was previously reported as compromised on the Vigilante.pw breached database directory.

Dati compromessi

Dates of birthEmail addressesPasswordsUsernames

Sito web evermotion.org

Accounts 435.510

Stato Verificato

Attacco 07/05/2015

Inserimento 02/07/2017 - 15:49:09

Modifica 02/07/2017 - 15:49:09

EverybodyEdits

In March 2019, the multiplayer platform game Everybody Edits suffered a data breach. The incident exposed 871k unique email addresses alongside usernames and IP addresses. The data was subsequently distributed online across a collection of files.

Dati compromessi

Email addressesIP addressesUsernames

Sito web everybodyedits.com

Accounts 871.190

Stato Verificato

Attacco 23/03/2019

Inserimento 03/04/2019 - 12:50:16

Modifica 03/04/2019 - 12:55:58

Evite

In April 2019, the social planning website for managing online invitations Evite identified a data breach of their systems. Upon investigation, they found unauthorised access to a database archive dating back to 2013. The exposed data included a total of 101 million unique email addresses, most belonging to recipients of invitations. Members of the service also had names, phone numbers, physical addresses, dates of birth, genders and passwords stored in plain text exposed. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".

Dati compromessi

Dates of birthEmail addressesGendersNamesPasswordsPhone numbersPhysical addresses

Sito web evite.com

Accounts 100.985.047

Stato Verificato

Attacco 11/08/2013

Inserimento 14/07/2019 - 16:51:51

Modifica 14/07/2019 - 16:51:51

Evony

In June 2016, the online multiplayer game Evony was hacked and over 29 million unique accounts were exposed. The attack led to the exposure of usernames, email and IP addresses and MD5 hashes of passwords (without salt).

Dati compromessi

Email addressesIP addressesPasswordsUsernames

Sito web evony.com

Accounts 29.396.116

Stato Verificato

Attacco 01/06/2016

Inserimento 26/03/2017 - 00:43:45

Modifica 26/03/2017 - 00:43:45

Exactis

In June 2018, the marketing firm Exactis inadvertently publicly leaked 340 million records of personal data. Security researcher Vinny Troia of Night Lion Security discovered the leak contained multiple terabytes of personal information spread across hundreds of separate fields including addresses, phone numbers, family structures and extensive profiling data. The data was collected as part of Exactis' service as a "compiler and aggregator of premium business & consumer data" which they then sell for profiling and marketing purposes. A small subset of the exposed fields were provided to Have I Been Pwned and contained 132 million unique email addresses.

Dati compromessi

Credit status informationDates of birthEducation levelsEmail addressesEthnicitiesFamily structureFinancial investmentsGendersHome ownership statusesIncome levelsIP addressesMarital statusesNamesNet worthsOccupationsPersonal interestsPhone numbersPhysical addressesReligionsSpoken languages

Sito web exactis.com

Accounts 131.577.763

Stato Verificato

Attacco 01/06/2018

Inserimento 25/07/2018 - 22:00:44

Modifica 25/07/2018 - 22:00:44

Experian

In September 2015, the US based credit bureau and consumer data broker Experian suffered a data breach that impacted 15 million customers who had applied for financing from T-Mobile. An alleged data breach was subsequently circulated containing personal information including names, physical and email addresses, birth dates and various other personal attributes. Multiple Have I Been Pwned subscribers verified portions of the data as being accurate, but the actual source of it was inconclusive therefor this breach has been flagged as "unverified".

Dati compromessi

Credit status informationDates of birthEmail addressesEthnicitiesFamily structureGendersHome ownership statusesIncome levelsIP addressesNamesPhone numbersPhysical addressesPurchasing habits

Sito web experian.com

Accounts 7.196.890

Stato Non verificato

Attacco 16/09/2015

Inserimento 07/09/2016 - 01:49:00

Modifica 07/09/2016 - 01:49:00

ExploitIn

In late 2016, a huge list of email address and password pairs appeared in a "combo list" referred to as "Exploit.In". The list contained 593 million unique email addresses, many with multiple different passwords hacked from various online systems. The list was broadly circulated and used for "credential stuffing", that is attackers employ it in an attempt to identify other online systems where the account owner had reused their password. For detailed background on this incident, read Password reuse, credential stuffing and another billion records in Have I Been Pwned.

Dati compromessi

Email addressesPasswords

Sito web

Accounts 593.427.119

Stato Non verificato

Attacco 13/10/2016

Inserimento 06/05/2017 - 09:03:18

Modifica 06/05/2017 - 09:03:18

VINs

In June 2017, an unsecured database with more than 10 million VINs (vehicle identification numbers) was discovered by researchers. Believed to be sourced from US car dealerships, the data included a raft of personal information and vehicle data along with 397k unique email addresses.

Dati compromessi

Dates of birthEmail addressesFamily structureGendersNamesPhone numbersPhysical addressesVehicle details

Sito web

Accounts 396.650

Stato Non verificato

Attacco 05/06/2017

Inserimento 09/06/2017 - 07:35:19

Modifica 09/06/2017 - 07:35:19

EyeEm

In February 2018, photography website EyeEm suffered a data breach. The breach was identified among a collection of other large incidents and exposed almost 20M unique email addresses, names, usernames, bios and password hashes. The data was provided to HIBP by a source who asked for it to be attributed to "Kuroi'sh or Gabriel Kimiaie-Asadi Bildstein".

Dati compromessi

BiosEmail addressesNamesPasswordsUsernames

Sito web eyeem.com

Accounts 19.611.022

Stato Verificato

Attacco 28/02/2018

Inserimento 16/02/2019 - 08:17:45

Modifica 16/02/2019 - 08:17:45

Facepunch

In June 2016, the game development studio Facepunch suffered a data breach that exposed 343k users. The breached data included usernames, email and IP addresses, dates of birth and salted MD5 password hashes. Facepunch advised they were aware of the incident and had notified people at the time. The data was provided to HIBP by whitehat security researcher and data analyst Adam Davies.

Dati compromessi

Dates of birthEmail addressesIP addressesPasswordsUsernames

Sito web facepunch.com

Accounts 342.913

Stato Verificato

Attacco 03/06/2016

Inserimento 17/10/2018 - 15:15:39

Modifica 17/10/2018 - 15:31:23

FaceUP

In 2013, the Danish social media site FaceUP suffered a data breach. The incident exposed 87k unique email addresses alongside genders, dates of birth, names, phone numbers and passwords stored as unsalted MD5 hashes. When notified of the incident, FaceUP advised they had identified a SQL injection vulnerability at the time and forced password resets on impacted customers.

Dati compromessi

Dates of birthEmail addressesGendersNamesPasswordsPhone numbersUsernames

Sito web faceup.dk

Accounts 87.633

Stato Verificato

Attacco 01/01/2013

Inserimento 13/01/2019 - 10:50:41

Modifica 13/01/2019 - 10:50:41

WhiteRoom

In July 2018, UK-based ecommerce company Fashion Nexus suffered a data breach which exposed 1.4 million records. Multiple websites developed by sister company White Room Solutions were impacted in the breach amongst which were sites including Jaded London and AX Paris. The various sites exposed in the incident included a range of different data types including names, phone numbers, addresses and passwords stored as a mix of salted MD5 and SHA-1 as well as unsalted MD5 passwords. When asked by reporter Graham Cluley if a public statement on the incident was available, a one-word response of "No" was received.

Dati compromessi

Browser user agent detailsDates of birthEmail addressesGendersIP addressesNamesPasswordsPhone numbersPhysical addressesPurchases

Sito web fashionnexus.co.uk

Accounts 1.279.263

Stato Verificato

Attacco 09/07/2018

Inserimento 31/07/2018 - 10:20:54

Modifica 31/07/2018 - 10:20:54

FashionFantasyGame

In late 2016, the fashion gaming website Fashion Fantasy Game suffered a data breach. The incident exposed 2.3 million unique user accounts and corresponding MD5 password hashes with no salt. The data was contributed to Have I Been Pwned courtesy of rip@creep.im.

Dati compromessi

Email addressesPasswords

Sito web fashionfantasygame.com

Accounts 2.357.872

Stato Verificato

Attacco 01/12/2016

Inserimento 20/04/2017 - 12:33:38

Modifica 20/04/2017 - 12:33:38

FFShrine

In September 2015, the Final Fantasy discussion forum known as FFShrine was breached and the data dumped publicly. Approximately 620k records were released containing email addresses, IP addresses and salted hashes of passwords.

Dati compromessi

Email addressesPasswordsUsernamesWebsite activity

Sito web ffshrine.org

Accounts 620.677

Stato Verificato

Attacco 18/09/2015

Inserimento 31/10/2015 - 13:43:58

Modifica 31/10/2015 - 13:43:58

FlashFlashRevolution

In February 2016, the music-based rhythm game known as Flash Flash Revolution was hacked and 1.8M accounts were exposed. Along with email and IP addresses, the vBulletin forum also exposed salted MD5 password hashes.

Dati compromessi

Email addressesPasswordsUsernames

Sito web flashflashrevolution.com

Accounts 1.771.845

Stato Verificato

Attacco 01/02/2016

Inserimento 06/09/2016 - 10:08:29

Modifica 21/07/2019 - 18:28:59

FlashFlashRevolution2019

In July 2019, the music-based rhythm game Flash Flash Revolution suffered a data breach. The 2019 breach imapcted almost 1.9 million members and is in addition to the 2016 data breach of the same service. Email and IP addesses, usernames, dates of birth and salted MD5 hashes were all exposed in the breach. The data was provided with support from dehashed.com.

Dati compromessi

Dates of birthEmail addressesIP addressesPasswordsUsernames

Sito web flashflashrevolution.com

Accounts 1.858.124

Stato Verificato

Attacco 16/07/2019

Inserimento 21/07/2019 - 22:31:54

Modifica 21/07/2019 - 22:31:54

Flashback

In February 2015, the Swedish forum known as Flashback had sensitive internal data on 40k members published via the tabloid newspaper Aftonbladet. The data was allegedly sold to them via Researchgruppen (The Research Group) who have a history of exposing otherwise anonymous users, primarily those who they believe participate in "troll like" behaviour. The compromised data includes social security numbers, home and email addresses.

Dati compromessi

Email addressesGovernment issued IDsPhysical addresses

Sito web flashback.se

Accounts 40.256

Stato Verificato

Attacco 11/02/2015

Inserimento 12/02/2015 - 06:42:12

Modifica 12/02/2015 - 06:42:12

Fling

In 2011, the self-proclaimed "World's Best Adult Social Network" website known as Fling was hacked and more than 40 million accounts obtained by the attacker. The breached data included highly sensitive personal attributes such as sexual orientation and sexual interests as well as email addresses and passwords stored in plain text.

Dati compromessi

Dates of birthEmail addressesGendersGeographic locationsIP addressesPasswordsPhone numbersSexual fetishesSexual orientationsUsernamesWebsite activity

Sito web fling.com

Accounts 40.767.652

Stato Verificato

Attacco 10/03/2011

Inserimento 29/05/2016 - 01:08:07

Modifica 29/05/2016 - 01:08:07

FLVS

In March 2018, the Florida Virtual School (FLVS) posted a data breach notification to their website. The school had identified a data breach which had occurred sometime between 6 May 2016 and 12 Feb 2018 and an XML file containing 368k student records was subsequently found circulating. Each record contained student name, date of birth, password, grade, email and parent email resulting in a total of 543k unique email addresses. Due to the prevalence of email addresses belonging to individuals who are still legally children, the data breach has been flagged as "sensitive".

Dati compromessi

Dates of birthEmail addressesNamesPasswordsSchool grades (class levels)Usernames

Sito web flvs.net

Accounts 542.902

Stato Verificato

Attacco 12/02/2018

Inserimento 18/03/2018 - 02:40:31

Modifica 18/03/2018 - 02:40:31

Forbes

In February 2014, the Forbes website succumbed to an attack that leaked over 1 million user accounts. The attack was attributed to the Syrian Electronic Army, allegedly as retribution for a perceived "Hate of Syria". The attack not only leaked user credentials, but also resulted in the posting of fake news stories to forbes.com.

Dati compromessi

Email addressesPasswordsUser website URLsUsernames

Sito web forbes.com

Accounts 1.057.819

Stato Verificato

Attacco 15/02/2014

Inserimento 15/02/2014 - 12:24:42

Modifica 15/02/2014 - 12:24:42

ForumCommunity

In approximately mid-2016, the Italian-based service for creating forums known as ForumCommunity suffered a data breach. The incident impacted over 776k unique email addresses along with usernames and unsalted MD5 password hashes. No response was received from ForumCommunity when contacted.

Dati compromessi

Email addressesPasswordsUsernames

Sito web forumcommunity.net

Accounts 776.648

Stato Verificato

Attacco 01/06/2016

Inserimento 05/12/2018 - 06:04:45

Modifica 05/12/2018 - 08:29:20

FoxyBingo

In April 2007, the online gambling site Foxy Bingo was hacked and 252,000 accounts were obtained by the hackers. The breached records were subsequently sold and traded and included personal information data such as plain text passwords, birth dates and home addresses.

Dati compromessi

Account balancesBrowser user agent detailsDates of birthEmail addressesGendersNamesPasswordsPhone numbersPhysical addressesUsernamesWebsite activity

Sito web foxybingo.com

Accounts 252.216

Stato Verificato

Attacco 04/04/2008

Inserimento 22/11/2015 - 02:05:05

Modifica 22/11/2015 - 02:05:05

FreedomHostingII

In January 2017, the free hidden service host Freedom Hosting II suffered a data breach. The attack allegedly took down 20% of dark web sites running behind Tor hidden services with the attacker claiming that of the 10,613 impacted sites, more than 50% of the content was child pornography. The hack led to the exposure of MySQL databases for the sites which included a vast amount of information on the hidden services Freedom Hosting II was managing. The impacted data classes far exceeds those listed for the breach and differ between the thousands of impacted sites.

Dati compromessi

Email addressesPasswordsUsernames

Sito web fhostingesps6bly.onion

Accounts 380.830

Stato Verificato

Attacco 31/01/2017

Inserimento 05/02/2017 - 11:06:58

Modifica 05/02/2017 - 11:06:58

FreshMenu

In July 2016, the India-based food delivery service FreshMenu suffered a data breach. The incident exposed the personal data of over 110k customers and included their names, email addresses, phone numbers, home addresses and order histories. When advised of the incident, FreshMenu acknowledged being already aware of the breach but stated they had decided not to notify impacted customers.

Dati compromessi

Device informationEmail addressesNamesPhone numbersPhysical addressesPurchases

Sito web freshmenu.com

Accounts 110.355

Stato Verificato

Attacco 01/07/2016

Inserimento 10/09/2018 - 14:27:19

Modifica 10/09/2018 - 14:27:19

Fridae

In May 2014, over 25,000 user accounts were breached from the Asian lesbian, gay, bisexual and transgender website known as "Fridae". The attack which was announced on Twitter appears to have been orchestrated by Deletesec who claim that "Digital weapons shall annihilate all secrecy within governments and corporations". The exposed data included password stored in plain text.

Dati compromessi

Email addressesPasswordsUsernamesWebsite activity

Sito web fridae.asia

Accounts 35.368

Stato Verificato

Attacco 02/05/2014

Inserimento 06/05/2014 - 04:48:35

Modifica 06/05/2014 - 04:48:35

Funimation

In July 2016, the anime site Funimation suffered a data breach that impacted 2.5 million accounts. The data contained usernames, email addresses, dates of birth and salted SHA1 hashes of passwords.

Dati compromessi

Dates of birthEmail addressesPasswordsUsernames

Sito web funimation.com

Accounts 2.491.103

Stato Verificato

Attacco 01/07/2016

Inserimento 20/02/2017 - 01:43:26

Modifica 20/02/2017 - 01:43:26

FunnyGames

In April 2018, the online entertainment site Funny Games suffered a data breach that disclosed 764k records including usernames, email and IP addresses and salted MD5 password hashes. The incident was disclosed to Funny Games in July who acknowledged the breach and identified it had been caused by legacy code no longer in use. The record count in the breach constitute approximately half of the user base.

Dati compromessi

Email addressesIP addressesPasswordsUsernames

Sito web funny-games.biz

Accounts 764.357

Stato Verificato

Attacco 28/04/2018

Inserimento 24/07/2018 - 05:01:35

Modifica 24/07/2018 - 05:01:35

FurAffinity

In May 2016, the Fur Affinity website for people with an interest in anthropomorphic animal characters (also known as "furries") was hacked. The attack exposed 1.2M email addresses (many accounts had a different "first" and "last" email against them) and hashed passwords.

Dati compromessi

Email addressesPasswordsUsernames

Sito web furaffinity.net

Accounts 1.270.564

Stato Verificato

Attacco 17/05/2016

Inserimento 27/05/2016 - 11:36:18

Modifica 27/05/2016 - 11:36:18

Gaadi

In May 2015, the Indian motoring website known as Gaadi had 4.3 million records exposed in a data breach. The data contained usernames, email and IP addresses, genders, the city of users as well as passwords stored in both plain text and as MD5 hashes. The site was previously reported as compromised on the Vigilante.pw breached database directory.

Dati compromessi

Email addressesGendersGeographic locationsIP addressesNamesPasswordsPhone numbersUsernames

Sito web gaadi.com

Accounts 4.261.179

Stato Verificato

Attacco 14/05/2015

Inserimento 01/07/2018 - 09:17:02

Modifica 01/07/2018 - 09:17:02

GamerzPlanet

In approximately October 2015, the online gaming forum known as Gamerzplanet was hacked and more than 1.2M accounts were exposed. The vBulletin forum included IP addresses and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.

Dati compromessi

Email addressesIP addressesPasswordsUsernames

Sito web gamerzplanet.net

Accounts 1.217.166

Stato Verificato

Attacco 23/10/2015

Inserimento 05/02/2016 - 21:12:26

Modifica 05/02/2016 - 21:12:26

GameSalad

In February 2019, the education and game creation website Game Salad suffered a data breach. The incident impacted 1.5M accounts and exposed email addresses, usernames, IP addresses and passwords stored as SHA-256 hashes. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".

Dati compromessi

Email addressesIP addressesPasswordsUsernames

Sito web gamesalad.com

Accounts 1.506.242

Stato Verificato

Attacco 24/02/2019

Inserimento 21/07/2019 - 16:18:46

Modifica 21/07/2019 - 16:23:46

GameTuts

Likely in early 2015, the video game website GameTuts suffered a data breach and over 2 million user accounts were exposed. The site later shut down in July 2016 but was identified as having been hosted on a vBulletin forum. The exposed data included usernames, email and IP addresses and salted MD5 hashes.

Dati compromessi

Email addressesIP addressesPasswordsUsernames

Sito web game-tuts.com

Accounts 2.064.274

Stato Verificato

Attacco 01/03/2015

Inserimento 24/09/2016 - 01:59:38

Modifica 24/09/2016 - 01:59:38

Gamigo

In March 2012, the German online game publisher Gamigo was hacked and more than 8 million accounts publicly leaked. The breach included email addresses and passwords stored as weak MD5 hashes with no salt.

Dati compromessi

Email addressesPasswords

Sito web gamigo.com

Accounts 8.243.604

Stato Verificato

Attacco 01/03/2012

Inserimento 18/01/2016 - 17:26:24

Modifica 18/01/2016 - 17:26:24

Gawker

In December 2010, Gawker was attacked by the hacker collective "Gnosis" in retaliation for what was reported to be a feud between Gawker and 4Chan. Information about Gawkers 1.3M users was published along with the data from Gawker's other web presences including Gizmodo and Lifehacker. Due to the prevalence of password reuse, many victims of the breach then had their Twitter accounts compromised to send Acai berry spam.

Dati compromessi

Email addressesPasswordsUsernames

Sito web gawker.com

Accounts 1.247.574

Stato Verificato

Attacco 11/12/2010

Inserimento 04/12/2013 - 01:00:00

Modifica 04/12/2013 - 01:00:00

GeekedIn

In August 2016, the technology recruitment site GeekedIn left a MongoDB database exposed and over 8M records were extracted by an unknown third party. The breached data was originally scraped from GitHub in violation of their terms of use and contained information exposed in public profiles, including over 1 million members' email addresses. Full details on the incident (including how impacted members can see their leaked data) are covered in the blog post on 8 million GitHub profiles were leaked from GeekedIn's MongoDB - here's how to see yours.

Dati compromessi

Email addressesGeographic locationsNamesProfessional skillsUsernamesYears of professional experience

Sito web geekedin.net

Accounts 1.073.164

Stato Verificato

Attacco 15/08/2016

Inserimento 17/11/2016 - 20:44:24

Modifica 17/11/2016 - 20:44:24

GFAN

In October 2016, data surfaced that was allegedly obtained from the Chinese website known as GFAN and contained 22.5M accounts. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified". The data in the breach contains email and IP addresses, user names and salted and hashed passwords. Read more about Chinese data breaches in Have I Been Pwned.

Dati compromessi

Email addressesIP addressesPasswordsUsernames

Sito web gfan.com

Accounts 22.526.334

Stato Non verificato

Attacco 10/10/2016

Inserimento 10/10/2016 - 18:32:34

Modifica 10/10/2016 - 18:32:34

GoldSilver

In October 2018, the bullion education and dealer services site GoldSilver suffered a data breach that exposed 243k unique email addresses spanning customers and mailing list subscribers. An extensive amount of personal information on customers was obtained including names, addresses, phone numbers, purchases and passwords and answers to security questions stored as MD5 hashes. In a small number of cases, passport, social security numbers and partial credit card data was also exposed. The data breach and source code belonging to GoldSilver was publicly posted on a dark web service where it remained months later. When notified about the incident, GoldSilver advised that "all affected customers have been directly notified".

Dati compromessi

Bank account numbersEmail addressesIP addressesNamesPartial credit card dataPassport numbersPhone numbersPhysical addressesPurchasesSecurity questions and answersSocial security numbers

Sito web goldsilver.com

Accounts 242.715

Stato Verificato

Attacco 21/10/2018

Inserimento 27/12/2018 - 09:49:18

Modifica 27/12/2018 - 09:51:50

gPotato

In July 2007, the multiplayer game portal known as gPotato (link to archive of the site at that time) suffered a data breach and over 2 million user accounts were exposed. The site later merged into the Webzen portal where the original accounts still exist today. The exposed data included usernames, email and IP addresses, MD5 hashes and personal attributes such as gender, birth date, physical address and security questions and answers stored in plain text.

Dati compromessi

Dates of birthEmail addressesGendersIP addressesNamesPasswordsPhysical addressesSecurity questions and answersUsernamesWebsite activity

Sito web gpotato.com

Accounts 2.136.520

Stato Verificato

Attacco 12/07/2007

Inserimento 24/09/2016 - 23:37:43

Modifica 24/09/2016 - 23:37:43

GTAGaming

In August 2016, the Grand Theft Auto forum GTAGaming was hacked and nearly 200k user accounts were leaked. The vBulletin based forum included usernames, email addresses and password hashes.

Dati compromessi

Dates of birthEmail addressesIP addressesPasswordsUsernamesWebsite activity

Sito web gtagaming.com

Accounts 197.184

Stato Verificato

Attacco 01/08/2016

Inserimento 23/08/2016 - 22:41:17

Modifica 23/08/2016 - 22:41:17

Playgar

In approximately April 2016, the gaming website Guns and Robots suffered a data breach resulting in the exposure of 143k unique records. The data contained email and IP addresses, usernames and SHA-1 password hashes. The site was previously reported as compromised on the Vigilante.pw breached database directory.

Dati compromessi

Email addressesIP addressesPasswordsUsernames

Sito web play-gar.com

Accounts 143.569

Stato Verificato

Attacco 01/04/2016

Inserimento 14/02/2018 - 23:32:25

Modifica 14/02/2018 - 23:32:25

HackForums

In June 2011, the hacktivist group known as "LulzSec" leaked one final large data breach they titled "50 days of lulz". The compromised data came from sources such as AT&T, Battlefield Heroes and the hackforums.net website. The leaked Hack Forums data included credentials and personal information of nearly 200,000 registered forum users.

Dati compromessi

Dates of birthEmail addressesInstant messenger identitiesIP addressesPasswordsSocial connectionsSpoken languagesTime zonesUser website URLsUsernamesWebsite activity

Sito web hackforums.net

Accounts 191.540

Stato Verificato

Attacco 25/06/2011

Inserimento 11/05/2014 - 12:30:43

Modifica 11/05/2014 - 12:30:43

HackingTeam

In July 2015, the Italian security firm Hacking Team suffered a major data breach that resulted in over 400GB of their data being posted online via a torrent. The data searchable on "Have I Been Pwned?" is from 189GB worth of PST mail folders in the dump. The contents of the PST files is searchable on Wikileaks.

Dati compromessi

Email addressesEmail messages

Sito web hackingteam.com

Accounts 32.310

Stato Verificato

Attacco 06/07/2015

Inserimento 13/07/2015 - 01:52:27

Modifica 13/07/2015 - 01:52:27

HauteLook

In mid-2018, the fashion shopping site HauteLook was among a raft of sites that were breached and their data then sold in early-2019. The data included over 28 million unique email addresses alongside names, genders, dates of birth and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.

Dati compromessi

Dates of birthEmail addressesGendersGeographic locationsNamesPasswords

Sito web hautelook.com

Accounts 28.510.459

Stato Verificato

Attacco 07/08/2018

Inserimento 21/03/2019 - 22:57:32

Modifica 21/03/2019 - 22:57:32

HealthNowNetworks

In March 2017, the telemarketing service Health Now Networks left a database containing hundreds of thousands of medical records exposed. There were over 900,000 records in total containing significant volumes of personal information including names, dates of birth, various medical conditions and operator notes on the individuals' health. The data included over 320k unique email addresses.

Dati compromessi

Dates of birthEmail addressesGendersHealth insurance informationIP addressesNamesPersonal health dataPhone numbersPhysical addressesSecurity questions and answersSocial connections

Sito web healthnow.co

Accounts 321.920

Stato Verificato

Attacco 25/03/2017

Inserimento 07/04/2017 - 20:37:15

Modifica 07/04/2017 - 20:37:15

Hemmakvall

In July 2015, the Swedish video store chain Hemmakväll was hacked and nearly 50k records dumped publicly. The disclosed data included various attributes of their customers including email and physical addresses, names and phone numbers. Passwords were also leaked, stored with a weak MD5 hashing algorithm.

Dati compromessi

Email addressesNamesPasswordsPhone numbersPhysical addresses

Sito web hemmakvall.se

Accounts 47.297

Stato Verificato

Attacco 08/07/2015

Inserimento 09/07/2015 - 11:23:52

Modifica 09/07/2015 - 11:23:52

Hemmelig

In December 2011, Norway's largest online sex shop hemmelig.com was hacked by a collective calling themselves "Team Appunity". The attack exposed over 28,000 usernames and email addresses along with nicknames, gender, year of birth and unsalted MD5 password hashes.

Dati compromessi

Email addressesGendersNicknamesPasswordsUsernamesYears of birth

Sito web hemmelig.com

Accounts 28.641

Stato Verificato

Attacco 21/12/2011

Inserimento 25/03/2014 - 08:23:52

Modifica 25/03/2014 - 08:23:52

HeroesOfGaia

In early 2013, the online fantasy multiplayer game Heroes of Gaia suffered a data breach. The newest records in the data set indicate a breach date of 4 January 2013 and include usernames, IP and email addresses but no passwords.

Dati compromessi

Browser user agent detailsEmail addressesIP addressesUsernamesWebsite activity

Sito web heroesofgaia.com

Accounts 179.967

Stato Verificato

Attacco 04/01/2013

Inserimento 07/11/2016 - 09:11:03

Modifica 07/11/2016 - 09:11:03

HeroesOfNewerth

In December 2012, the multiplayer online battle arena game known as Heroes of Newerth was hacked and over 8 million accounts extracted from the system. The compromised data included usernames, email addresses and passwords.

Dati compromessi

Email addressesPasswordsUsernames

Sito web heroesofnewerth.com

Accounts 8.089.103

Stato Verificato

Attacco 17/12/2012

Inserimento 24/01/2016 - 17:27:23

Modifica 24/01/2016 - 17:27:23

HIAPK

In approximately 2014, it's alleged that the Chinese Android store known as HIAPK suffered a data breach that impacted 13.8 million unique subscribers. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified". The data in the breach contains usernames, email addresses and salted MD5 password hashes and was provided to HIBP by white hat security researcher and data analyst Adam Davies. Read more about Chinese data breaches in Have I Been Pwned.

Dati compromessi

Email addressesPasswordsUsernames

Sito web hiapk.com

Accounts 13.873.674

Stato Non verificato

Attacco 01/01/2014

Inserimento 01/04/2018 - 09:13:44

Modifica 01/04/2018 - 09:13:44

HLTV

In June 2016, the "home of competitive Counter Strike" website HLTV was hacked and 611k accounts were exposed. The attack led to the exposure of names, usernames, email addresses and bcrypt hashes of passwords.

Dati compromessi

Email addressesNamesPasswordsUsernamesWebsite activity

Sito web hltv.org

Accounts 611.070

Stato Verificato

Attacco 19/06/2016

Inserimento 22/03/2017 - 09:58:10

Modifica 22/03/2017 - 09:58:10

HongFire

In March 2015, the anime and manga forum HongFire suffered a data breach. The hack of their vBulletin forum led to the exposure of 1 million accounts along with email and IP addresses, usernames, dates of birth and salted MD5 passwords.

Dati compromessi

Dates of birthEmail addressesIP addressesPasswordsUsernames

Sito web hongfire.com

Accounts 999.991

Stato Verificato

Attacco 01/03/2015

Inserimento 05/02/2017 - 21:36:21

Modifica 05/02/2017 - 21:36:21

HookersNL

In October 2019, the Dutch prostitution forum Hookers.nl suffered a data breach which exposed the personal information of sex workers and their customers. The IP and email addresses, usernames and bcrypt password hashes of 291k members were accessed via an unpatched vulnerability in the vBulletin forum software.

Dati compromessi

Email addressesIP addressesPasswordsUsernames

Sito web hookers.nl

Accounts 290.955

Stato Verificato

Attacco 10/10/2019

Inserimento 23/10/2019 - 11:51:59

Modifica 23/10/2019 - 11:51:59

HoundDawgs

In December 2017, the Danish torrent tracker known as HoundDawgs suffered a data breach. More than 55GB of data was dumped publicly and whilst there was initially contention as to the severity of the incident, the data did indeed contain more than 45k unique email addresses complete extensive logs of torrenting activity, IP addresses and SHA1 passwords.

Dati compromessi

Email addressesIP addressesPasswordsWebsite activity

Sito web hounddawgs.org

Accounts 45.701

Stato Verificato

Attacco 30/12/2017

Inserimento 03/01/2018 - 13:48:10

Modifica 03/01/2018 - 13:48:10

Houzz

In mid-2018, the housing design website Houzz suffered a data breach. The company learned of the incident later that year then disclosed it to impacted members in February 2019. Almost 49 million unique email addresses were in the breach alongside names, IP addresses, geographic locations and either salted hashes of passwords or links to social media profiles used to authenticate to the service. The data was provided to HIBP by dehashed.com.

Dati compromessi

Email addressesGeographic locationsIP addressesNamesPasswordsSocial media profilesUsernames

Sito web houzz.com

Accounts 48.881.308

Stato Verificato

Attacco 23/05/2018

Inserimento 12/03/2019 - 21:57:35

Modifica 12/03/2019 - 21:57:35

HTHStudios

In August 2018, the adult furry interactive game creator HTH Studios suffered a data breach impacting mulitple repositories of customer data. Several months later, the data surfaced on a popular hacking forum and included 411k unique email addresses along with physical and IP addresses, names, orders, salted SHA-1 and salted MD5 hashes. HTH Studios is aware of the incident.

Dati compromessi

Browser user agent detailsDates of birthEmail addressesIP addressesNamesPhone numbersPhysical addressesPurchasesUsernames

Sito web hthstudios.com

Accounts 411.755

Stato Verificato

Attacco 24/08/2018

Inserimento 20/11/2018 - 22:22:09

Modifica 20/11/2018 - 22:22:09

Hub4Tech

On an unknown date in approximately 2017, the Indian training and assessment service known as Hub4Tech suffered a data breach via a SQL injection attack. The incident exposed almost 37k unique email addresses and passwords stored as unsalted MD5 hashes. No response was received from Hub4Tech when contacted about the incident.

Dati compromessi

Email addressesPasswords

Sito web hub4tech.com

Accounts 36.916

Stato Verificato

Attacco 01/01/2017

Inserimento 09/12/2018 - 23:40:51

Modifica 09/12/2018 - 23:43:38

iDressup

In June 2016, the teen social site known as i-Dressup was hacked and over 2 million user accounts were exposed. At the time the hack was reported, the i-Dressup operators were not contactable and the underlying SQL injection flaw remained open, allegedly exposing a total of 5.5 million accounts. The breach included email addresses and passwords stored in plain text.

Dati compromessi

Email addressesPasswords

Sito web i-dressup.com

Accounts 2.191.565

Stato Verificato

Attacco 15/07/2016

Inserimento 26/09/2016 - 22:14:51

Modifica 26/09/2016 - 22:14:51

ILikeCheats

In October 2014, the game cheats website known as ILikeCheats suffered a data breach that exposed 189k accounts. The vBulletin based forum leaked usernames, IP and email addresses and weak MD5 hashes of passwords. The data was provided with support from dehashed.com.

Dati compromessi

Email addressesIP addressesPasswordsUsernames

Sito web ilikecheats.net

Accounts 188.847

Stato Verificato

Attacco 18/10/2014

Inserimento 22/04/2018 - 10:18:28

Modifica 22/04/2018 - 10:27:56

iMesh

In September 2013, the media and file sharing client known as iMesh was hacked and approximately 50M accounts were exposed. The data was later put up for sale on a dark market website in mid-2016 and included email and IP addresses, usernames and salted MD5 hashes.

Dati compromessi

Email addressesIP addressesPasswordsUsernames

Sito web imesh.com

Accounts 49.467.477

Stato Verificato

Attacco 22/09/2013

Inserimento 02/07/2016 - 07:42:13

Modifica 02/07/2016 - 07:42:13

imgur

In September 2013, the online image sharing community imgur suffered a data breach. A selection of the data containing 1.7 million email addresses and passwords surfaced more than 4 years later in November 2017. Although imgur stored passwords as SHA-256 hashes, the data in the breach contained plain text passwords suggesting that many of the original hashes had been cracked. imgur advises that they rolled over to bcrypt hashes in 2016.

Dati compromessi

Email addressesPasswords

Sito web imgur.com

Accounts 1.749.806

Stato Verificato

Attacco 01/09/2013

Inserimento 25/11/2017 - 01:00:33

Modifica 25/11/2017 - 01:00:33

Insanelyi

In July 2014, the iOS forum Insanelyi was hacked by an attacker known as Kim Jong-Cracks. A popular source of information for users of jailbroken iOS devices running Cydia, the Insanelyi breach disclosed over 104k users' emails addresses, user names and weakly hashed passwords (salted MD5).

Dati compromessi

Email addressesPasswordsUsernamesWebsite activity

Sito web insanelyi.com

Accounts 104.097

Stato Verificato

Attacco 22/07/2014

Inserimento 23/07/2014 - 00:56:15

Modifica 23/07/2014 - 00:56:15

Intelimost

Dati compromessi

Email addressesPasswords

Sito web intelimost.com

Accounts 3.073.409

Stato Verificato

Attacco 10/03/2019

Inserimento 02/04/2019 - 22:52:19

Modifica 02/04/2019 - 22:52:19

Interpals

In late 2015, the online penpal site InterPals had their website hacked and 3.4 million accounts exposed. The compromised data included email addresses, geographical locations, birthdates and salted hashes of passwords.

Dati compromessi

Dates of birthEmail addressesGeographic locationsNamesPasswordsUsernames

Sito web interpals.net

Accounts 3.439.414

Stato Verificato

Attacco 04/11/2015

Inserimento 30/08/2016 - 13:22:42

Modifica 30/08/2016 - 13:22:42

iPmart

During 2015, the iPmart forum (now known as Mobi NUKE) was hacked and over 2 million forum members' details were exposed. The vBulletin forum included IP addresses, birth dates and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked. A further 368k accounts were added to "Have I Been Pwned" in March 2016 bringing the total to over 2.4M.

Dati compromessi

Dates of birthEmail addressesPasswordsUsernames

Sito web ipmart-forum.com

Accounts 2.460.787

Stato Verificato

Attacco 01/07/2015

Inserimento 23/02/2016 - 11:13:22

Modifica 23/02/2016 - 11:13:22

ixigo

In January 2019, the travel and hotel booking site ixigo suffered a data breach. The data appeared for sale on a dark web marketplace the following month and included over 17M unique email addresses alongside names, genders, phone numbers, connections to Facebook profiles and passwords stored as MD5 hashes. The data was provided to HIBP by a source who requested it to be attributed to "BenjaminBlue@exploit.im".

Dati compromessi

Auth tokensDevice informationEmail addressesGendersNamesPasswordsPhone numbersSalutationsSocial media profilesUsernames

Sito web ixigo.com

Accounts 17.204.697

Stato Verificato

Attacco 03/01/2019

Inserimento 17/03/2019 - 14:27:11

Modifica 17/03/2019 - 14:27:11

JobStreet

In October 2017, the Malaysian website lowyat.net ran a story on a massive set of breached data affecting millions of Malaysians after someone posted it for sale on their forums. The data spanned multiple separate breaches including the JobStreet jobs website which contained almost 4 million unique email addresses. The dates in the breach indicate the incident occurred in March 2012. The data later appeared freely downloadable on a Tor hidden service and contained extensive information on job seekers including names, genders, birth dates, phone numbers, physical addresses and passwords.

Dati compromessi

Dates of birthEmail addressesGendersGeographic locationsGovernment issued IDsMarital statusesNamesNationalitiesPasswordsPhone numbersPhysical addressesUsernames

Sito web jobstreet.com

Accounts 3.883.455

Stato Verificato

Attacco 07/03/2012

Inserimento 30/10/2017 - 02:12:14

Modifica 30/10/2017 - 02:12:14

JoomlArt

In January 2018, the Joomla template website JoomlArt inadvertantly exposed more than 22k unique customer records in a Jira ticket. The exposed data was from iJoomla and JomSocial, both services that JoomlArt acquired the previous year. The data included usernames, email addresses, purchases and passwords stored as MD5 hashes. When contacted, JoomlArt advised they were aware of the incident and had previously notified impacted parties.

Dati compromessi

Email addressesNamesPasswordsPayment historiesUsernames

Sito web joomlart.com

Accounts 22.477

Stato Verificato

Attacco 30/01/2018

Inserimento 01/11/2018 - 04:27:26

Modifica 01/11/2018 - 04:27:26

JustDate

An alleged breach of the dating website Justdate.com began circulating in approximately September 2016. Comprised of over 24 million records, the data contained various personal attributes such as email addresses, dates of birth and physical locations. However, upon verification with HIBP subscribers, only a fraction of the data was found to be accurate and no account owners recalled using the Justdate.com service. This breach has consequently been flagged as fabricated; it's highly unlikely the data was sourced from Justdate.com.

Dati compromessi

Dates of birthEmail addressesGeographic locationsNames

Sito web justdate.com

Accounts 24.451.312

Stato Non verificato

Attacco 29/09/2016

Inserimento 07/02/2017 - 02:28:41

Modifica 07/02/2017 - 02:28:41

KayoMoe

In September 2018, a collection of almost 42 million email address and plain text password pairs was uploaded to the anonymous file sharing service kayo.moe. The operator of the service contacted HIBP to report the data which, upon further investigation, turned out to be a large credential stuffing list. For more information, read about The 42M Record kayo.moe Credential Stuffing Data.

Dati compromessi

Email addressesPasswords

Sito web

Accounts 41.826.763

Stato Non verificato

Attacco 11/09/2018

Inserimento 13/09/2018 - 11:37:49

Modifica 13/09/2018 - 22:12:18

Kickstarter

In February 2014, the crowdfunding platform Kickstarter announced they'd suffered a data breach. The breach contained almost 5.2 million unique email addresses, usernames and salted SHA1 hashes of passwords.

Dati compromessi

Email addressesPasswords

Sito web kickstarter.com

Accounts 5.176.463

Stato Verificato

Attacco 16/02/2014

Inserimento 06/10/2017 - 09:29:07

Modifica 06/10/2017 - 09:29:07

Kimsufi

In mid-2015, the forum for the providers of affordable dedicated servers known as Kimsufi suffered a data breach. The vBulletin forum contained over half a million accounts including usernames, email and IP addresses and passwords stored as salted MD5 hashes.

Dati compromessi

Email addressesIP addressesPasswordsUsernames

Sito web kimsufi.com

Accounts 504.565

Stato Verificato

Attacco 01/05/2015

Inserimento 27/12/2016 - 08:05:43

Modifica 27/12/2016 - 08:05:43

KiwiFarms

In September 2019, the forum for discussing "lolcows" (people who can be milked for laughs) Kiwi Farms suffered a data breach. The disclosure notice advised that email and IP addresses, dates of birth and content created by members were all exposed in the incident.

Dati compromessi

AvatarsDates of birthEmail addressesIP addressesWebsite activity

Sito web kiwifarms.net

Accounts 4.606

Stato Verificato

Attacco 10/09/2019

Inserimento 17/09/2019 - 11:48:25

Modifica 17/09/2019 - 11:54:23

KMRU

In February 2016, the Russian portal and email service KM.RU was the target of an attack which was consequently detailed on Reddit. Allegedly protesting "the foreign policy of Russia in regards to Ukraine", KM.RU was one of several Russian sites in the breach and impacted almost 1.5M accounts including sensitive personal information.

Dati compromessi

Dates of birthEmail addressesGendersGeographic locationsRecovery email addressesSecurity questions and answersUsernames

Sito web km.ru

Accounts 1.476.783

Stato Verificato

Attacco 29/02/2016

Inserimento 03/03/2016 - 07:12:04

Modifica 03/03/2016 - 07:12:04

KnownCircle

In approximately April 2016, the "marketing automation for agents and professional service providers" company KnownCircle had a large volume of data obtained by an external party. The data belonging to the now defunct service appeared in JSON format and contained gigabytes of data related to the real estate and insurance sectors. The personal data in the breach appears to have primarily been used for marketing purposes, including logs of emails sent and tracking of gift cards. A small number of passwords for KnownCircle staff were also present and were stored as bcrypt hashes.

Dati compromessi

Email addressesEmail messagesGendersNamesPasswordsPhone numbersPhysical addresses

Sito web knowncircle.com

Accounts 1.957.600

Stato Verificato

Attacco 12/04/2016

Inserimento 17/11/2018 - 03:33:54

Modifica 17/11/2018 - 03:38:15

Knuddels

In September 2018, the German social media website Knuddels suffered a data breach. The incident exposed 808k unique email addresses alongside usernames, real names, the city of the person and their password in plain text. Knuddels was subsequently fined €20k for the breach.

Dati compromessi

Email addressesGeographic locationsNamesPasswordsUsernames

Sito web knuddels.de

Accounts 808.330

Stato Verificato

Attacco 05/09/2018

Inserimento 08/04/2019 - 23:11:56

Modifica 08/04/2019 - 23:11:56

Lanwar

In July 2018, staff of the Lanwar gaming site discovered a data breach they believe dates back to sometime over the previous several months. The data contained 45k names, email addresses, usernames and plain text passwords. A Lanwar staff member self-submitted the breach to HIBP and has also contacted the relevant authorities about the incident after identifying a phishing attempt to extort Bitcoin from a user.

Dati compromessi

Email addressesNamesPasswordsPhysical addressesUsernames

Sito web lanwar.com

Accounts 45.120

Stato Verificato

Attacco 28/07/2018

Inserimento 08/08/2018 - 04:57:06

Modifica 08/08/2018 - 04:57:06

Lastfm

In March 2012, the music website Last.fm was hacked and 43 million user accounts were exposed. Whilst Last.fm knew of an incident back in 2012, the scale of the hack was not known until the data was released publicly in September 2016. The breach included 37 million unique email addresses, usernames and passwords stored as unsalted MD5 hashes.

Dati compromessi

Email addressesPasswordsUsernamesWebsite activity

Sito web last.fm

Accounts 37.217.682

Stato Verificato

Attacco 22/03/2012

Inserimento 20/09/2016 - 22:00:49

Modifica 20/09/2016 - 22:00:49

LeagueOfLegends

In June 2012, the multiplayer online game League of Legends suffered a data breach. At the time, the service had more than 32 million registered accounts and the breach affected various personal data attributes including "encrypted" passwords. In 2018, a 339k record subset of the data emerged with email addresses, usernames and plain text passwords, likely cracked from the original cryptographically protected ones.

Dati compromessi

Email addressesPasswordsUsernames

Sito web leagueoflegends.com

Accounts 339.487

Stato Verificato

Attacco 11/06/2012

Inserimento 28/07/2018 - 23:52:12

Modifica 28/07/2018 - 23:52:12

Leet

In August 2016, the service for creating and running Pocket Minecraft edition servers known as Leet was reported as having suffered a data breach that impacted 6 million subscribers. The incident reported by Softpedia had allegedly taken place earlier in the year, although the data set sent to HIBP was dated as recently as early September but contained only 2 million subscribers. The data included usernames, email and IP addresses and SHA512 hashes. A further 3 million accounts were obtained and added to HIBP several days after the initial data was loaded bringing the total to over 5 million.

Dati compromessi

Email addressesIP addressesPasswordsUsernamesWebsite activity

Sito web leet.cc

Accounts 5.081.689

Stato Verificato

Attacco 10/09/2016

Inserimento 01/10/2016 - 00:00:48

Modifica 01/10/2016 - 00:00:48

Lifeboat

In January 2016, the Minecraft community known as Lifeboat was hacked and more than 7 million accounts leaked. Lifeboat knew of the incident for three months before the breach was made public but elected not to advise customers. The leaked data included usernames, email addresses and passwords stored as straight MD5 hashes.

Dati compromessi

Email addressesPasswordsUsernames

Sito web lbsg.net

Accounts 7.089.395

Stato Verificato

Attacco 01/01/2016

Inserimento 25/04/2016 - 23:51:50

Modifica 25/04/2016 - 23:51:50

LightsHope

In June 2018, the World of Warcraft service Light's Hope suffered a data breach which they subsequently self-submitted to HIBP. Over 30K unique users were impacted and their exposed data included email addresses, dates of birth, private messages and passwords stored as bcrypt hashes.

Dati compromessi

Dates of birthEmail addressesGeographic locationsIP addressesPasswordsPrivate messagesUsernames

Sito web lightshope.org

Accounts 30.484

Stato Verificato

Attacco 25/06/2018

Inserimento 04/07/2018 - 15:32:01

Modifica 04/07/2018 - 15:32:01

LinkedIn

In May 2016, LinkedIn had 164 million email addresses and passwords exposed. Originally hacked in 2012, the data remained out of sight until being offered for sale on a dark market site 4 years later. The passwords in the breach were stored as SHA1 hashes without salt, the vast majority of which were quickly cracked in the days following the release of the data.

Dati compromessi

Email addressesPasswords

Sito web linkedin.com

Accounts 164.611.595

Stato Verificato

Attacco 05/05/2012

Inserimento 21/05/2016 - 23:35:40

Modifica 21/05/2016 - 23:35:40

LinuxForums

In May 2018, the Linux Forums website suffered a data breach which resulted in the disclosure of 276k unique email addresses. Running on an old version of vBulletin, the breach also disclosed usernames, IP addresses and salted MD5 password hashes. Linux Forums did not respond to multiple attempts to contact them about the breach.

Dati compromessi

Email addressesIP addressesPasswordsUsernames

Sito web linuxforums.org

Accounts 275.785

Stato Verificato

Attacco 01/05/2018

Inserimento 07/06/2018 - 14:55:25

Modifica 07/06/2018 - 14:55:25

LinuxMint

In February 2016, the website for the Linux distro known as Linux Mint was hacked and the ISO infected with a backdoor. The site also ran a phpBB forum which was subsequently put up for sale complete with almost 145k email addresses, passwords and other personal subscriber information.

Dati compromessi

AvatarsDates of birthEmail addressesGeographic locationsIP addressesPasswordsTime zonesWebsite activity

Sito web linuxmint.com

Accounts 144.989

Stato Verificato

Attacco 21/02/2016

Inserimento 22/02/2016 - 02:28:08

Modifica 22/02/2016 - 02:28:08

LittleMonsters

In approximately January 2017, the Lady Gaga fan site known as "Little Monsters" suffered a data breach that impacted 1 million accounts. The data contained usernames, email addresses, dates of birth and bcrypt hashes of passwords.

Dati compromessi

Dates of birthEmail addressesPasswordsUsernames

Sito web littlemonsters.com

Accounts 995.698

Stato Verificato

Attacco 01/01/2017

Inserimento 07/03/2017 - 21:39:08

Modifica 07/03/2017 - 21:39:08

LizardSquad

In January 2015, the hacker collective known as "Lizard Squad" created a DDoS service by the name of "Lizard Stresser" which could be procured to mount attacks against online targets. Shortly thereafter, the service suffered a data breach which resulted in the public disclosure of over 13k user accounts including passwords stored in plain text.

Dati compromessi

Email addressesPasswordsUsernames

Sito web lizardstresser.su

Accounts 13.451

Stato Verificato

Attacco 16/01/2015

Inserimento 18/01/2015 - 02:24:24

Modifica 18/01/2015 - 02:24:24

Lookbook

In August 2012, the fashion site Lookbook suffered a data breach. The data later appeared listed for sale in June 2016 and included 1.1 million usernames, email and IP addresses, birth dates and plain text passwords.

Dati compromessi

Dates of birthEmail addressesIP addressesNamesPasswordsUsernamesWebsite activity

Sito web lookbook.nu

Accounts 1.074.948

Stato Verificato

Attacco 24/08/2012

Inserimento 08/11/2016 - 10:03:44

Modifica 08/11/2016 - 10:03:44

LOTR

In August 2013, the interactive video game Lord of the Rings Online suffered a data breach that exposed over 1.1M players' accounts. The data was being actively traded on underground forums and included email addresses, birth dates and password hashes.

Dati compromessi

Dates of birthEmail addressesIP addressesPasswordsUsernamesWebsite activity

Sito web lotro.com

Accounts 1.141.278

Stato Verificato

Attacco 01/08/2013

Inserimento 12/03/2016 - 13:46:03

Modifica 12/03/2016 - 13:46:03

LoungeBoard

At some point in 2013, 45k accounts were breached from the Lounge Board "General Discussion Forum" and then dumped publicly. Lounge Board was a MyBB forum launched in 2012 and discontinued in mid 2013 (the last activity in the logs was from August 2013).

Dati compromessi

Email addressesIP addressesNamesPasswordsPrivate messagesUsernamesWebsite activity

Sito web loungeboard.net

Accounts 45.018

Stato Verificato

Attacco 01/08/2013

Inserimento 06/07/2014 - 12:22:01

Modifica 06/07/2014 - 12:22:01

LuminPDF

In April 2019, the PDF management service Lumin PDF suffered a data breach. The breach wasn't publicly disclosed until September when 15.5M records of user data appeared for download on a popular hacking forum. The data had been left publicly exposed in a MongoDB instance after which Lumin PDF was allegedly been "contacted multiple times, but ignored all the queries". The exposed data included names, email addresses, genders, spoken language and either a bcrypt password hash or Google auth token. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".

Dati compromessi

Auth tokensEmail addressesGendersNamesPasswordsSpoken languagesUsernames

Sito web luminpdf.com

Accounts 15.453.048

Stato Verificato

Attacco 01/04/2019

Inserimento 18/09/2019 - 07:00:15

Modifica 18/09/2019 - 07:00:15

LyricsMania

In December 2017, the song lyrics website known as Lyrics Mania suffered a data breach. The data in the breach included 109k usernames, email addresses and plain text passwords. Numerous attempts were made to contact Lyrics Mania about the incident, however no responses were received.

Dati compromessi

Email addressesPasswordsUsernames

Sito web lyricsmania.com

Accounts 109.202

Stato Verificato

Attacco 21/12/2017

Inserimento 15/01/2018 - 07:32:46

Modifica 15/01/2018 - 07:32:46

MacForums

In July 2016, the self-proclaimed "Ultimate Source For Your Mac" website Mac Forums suffered a data breach. The vBulletin-based system exposed over 326k usernames, email and IP addresses, dates of birth and passwords stored as salted MD5 hashes. The data was later discovered being traded on a popular hacking forum. Mac Forums did not respond when contacted about the incident via their contact us form.

Dati compromessi

Dates of birthEmail addressesIP addressesPasswordsUsernames

Sito web mac-forums.com

Accounts 326.714

Stato Verificato

Attacco 03/07/2016

Inserimento 30/10/2018 - 00:47:44

Modifica 30/10/2018 - 00:50:37

Mac-Torrents

In October 2015, the torrent site Mac-Torrents was hacked and almost 94k usernames, email addresses and passwords were leaked. The passwords were hashed with MD5 and no salt.

Dati compromessi

Email addressesPasswordsUsernames

Sito web mac-torrents.com

Accounts 93.992

Stato Verificato

Attacco 31/10/2015

Inserimento 01/11/2015 - 00:54:26

Modifica 01/11/2015 - 00:54:26

MailRu

In September 2014, several large dumps of user accounts appeared on the Russian Bitcoin Security Forum including one with nearly 5M email addresses and passwords, predominantly on the mail.ru domain. Whilst unlikely to be the result of a direct attack against mail.ru, the credentials were confirmed by many as legitimate for other services they had subscribed to. Further data allegedly valid for mail.ru and containing email addresses and plain text passwords was added in January 2018 bringing to total to more than 16M records. The incident was also then flagged as "unverified", a concept that was introduced after the initial data load in 2014.

Dati compromessi

Email addressesPasswords

Sito web mail.ru

Accounts 16.630.988

Stato Non verificato

Attacco 10/09/2014

Inserimento 12/09/2014 - 06:50:22

Modifica 09/01/2018 - 04:38:56

MajorGeeks

In November 2015, almost 270k accounts from the MajorGeeks support forum were breached. The accounts were being actively sold and traded online and included email addresses, salted password hashes and IP addresses.

Dati compromessi

Email addressesIP addressesPasswordsUsernames

Sito web majorgeeks.com

Accounts 269.548

Stato Verificato

Attacco 15/11/2015

Inserimento 03/03/2016 - 03:45:09

Modifica 03/03/2016 - 03:45:09

MallCZ

In July 2017, the Czech Republic e-commerce site MALL.cz suffered a data breach after which 735k unique accounts including email addresses, names, phone numbers and passwords were later posted online. Whilst passwords were stored as hashes, a number of different algorithms of varying strength were used over time. All passwords included in the publicly distributed data were in plain text and were likely just those that had been successfully cracked (members with strong passwords don't appear to be included). According to MALL.cz, the breach only impacted accounts created before 2015.

Dati compromessi

Email addressesNamesPasswordsPhone numbers

Sito web mall.cz

Accounts 735.405

Stato Verificato

Attacco 27/07/2017

Inserimento 04/09/2017 - 14:46:39

Modifica 04/09/2017 - 14:46:39

Malwarebytes

In November 2014, the Malwarebytes forum was hacked and 111k member records were exposed. The IP.Board forum included email and IP addresses, birth dates and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.

Dati compromessi

Dates of birthEmail addressesIP addressesPasswordsUsernamesWebsite activity

Sito web malwarebytes.org

Accounts 111.623

Stato Verificato

Attacco 15/11/2014

Inserimento 09/03/2016 - 12:15:43

Modifica 09/03/2016 - 12:15:43

MangaTraders

In June 2014, the Manga trading website Mangatraders.com had the usernames and passwords of over 900k users leaked on the internet (approximately 855k of the emails were unique). The passwords were weakly hashed with a single iteration of MD5 leaving them vulnerable to being easily cracked.

Dati compromessi

Email addressesPasswords

Sito web mangatraders.com

Accounts 855.249

Stato Verificato

Attacco 09/06/2014

Inserimento 10/06/2014 - 05:49:45

Modifica 13/05/2019 - 14:24:00

MangaFox

In approximately July 2016, the manga website known as mangafox.me suffered a data breach. The vBulletin based forum exposed 1.3 million accounts including usernames, email and IP addresses, dates of birth and salted MD5 password hashes.

Dati compromessi

Dates of birthEmail addressesIP addressesPasswordsUsernames

Sito web mangafox.me

Accounts 1.311.610

Stato Verificato

Attacco 01/06/2016

Inserimento 17/03/2018 - 02:43:24

Modifica 17/03/2018 - 02:43:24

Mappery

In December 2018, the mapping website Mappery suffered a data breach that exposed over 205k unique email addresses. The incident also exposed usernames, the geographic location of the user and passwords stored as unsalted SHA-1 hashes. No response was received from Mappery when contacted about the incident.

Dati compromessi

Email addressesGeographic locationsPasswordsUsernames

Sito web mappery.com

Accounts 205.242

Stato Verificato

Attacco 11/12/2018

Inserimento 18/12/2018 - 17:19:50

Modifica 18/12/2018 - 17:19:50

MasterDeeds

In March 2017, a 27GB database backup file named "Master Deeds" was sent to HIBP by a supporter of the project. Upon detailed analysis later that year, the file was found to contain the personal data of tens of millions of living and deceased South African residents. The data included extensive personal attributes such as names, addresses, ethnicities, genders, birth dates, government issued personal identification numbers and 2.2 million email addresses. At the time of publishing, it's alleged the data was sourced from Dracore Data Sciences (Dracore is yet to publicly confirm or deny the data was sourced from their systems). On 18 October 2017, the file was found to have been published to a publicly accessible web server where it was located at the root of an IP address with directory listing enabled. The file was dated 8 April 2015.

Dati compromessi

Dates of birthDeceased statusesEmail addressesEmployersEthnicitiesGendersGovernment issued IDsHome ownership statusesJob titlesNamesNationalitiesPhone numbersPhysical addresses

Sito web

Accounts 2.257.930

Stato Verificato

Attacco 14/03/2017

Inserimento 18/10/2017 - 13:01:46

Modifica 18/10/2017 - 13:03:37

MastercardPricelessSpecials

In August 2019, the German Mastercard bonus program "Priceless Specials" suffered a data breach. Personal data on almost 90k program members was subsequently extensively circulated online and included names, email and IP addresses, phone numbers and partial credit card data. Following the incident, the program was subsequently suspended.

Dati compromessi

Email addressesIP addressesNamesPartial credit card dataPhone numbersSalutations

Sito web specials.mastercard.de

Accounts 89.388

Stato Verificato

Attacco 20/08/2019

Inserimento 01/09/2019 - 22:37:49

Modifica 01/09/2019 - 22:37:49

Mate1

In February 2016, the dating site mate1.com suffered a huge data breach resulting in the disclosure of over 27 million subscribers' information. The data included deeply personal information about their private lives including drug and alcohol habits, incomes levels and sexual fetishes as well as passwords stored in plain text.

Dati compromessi

Astrological signsDates of birthDrinking habitsDrug habitsEducation levelsEmail addressesEthnicitiesFitness levelsGendersGeographic locationsIncome levelsJob titlesNamesParenting plansPasswordsPersonal descriptionsPhysical attributesPolitical viewsRelationship statusesReligionsSexual fetishesTravel habitsUsernamesWebsite activityWork habits

Sito web mate1.com

Accounts 27.393.015

Stato Verificato

Attacco 29/02/2016

Inserimento 15/04/2016 - 01:37:15

Modifica 15/04/2016 - 01:37:15

MCBans

In October 2016, the Minecraft banning service known as MCBans suffered a data breach resulting in the exposure of 120k unique user records. The data contained email and IP addresses, usernames and password hashes of unknown format. The site was previously reported as compromised on the Vigilante.pw breached database directory.

Dati compromessi

Email addressesIP addressesPasswordsUsernamesWebsite activity

Sito web mcbans.com

Accounts 119.948

Stato Verificato

Attacco 27/10/2016

Inserimento 23/07/2017 - 07:34:55

Modifica 23/07/2017 - 07:34:55

MDPI

In August 2016, the Swiss scholarly open access publisher known as MDPI had 17.5GB of data obtained from an unprotected Mongo DB instance. The data contained email exchanges between MDPI and their authors and reviewers which included 845k unique email addresses. MDPI have confirmed that the system has since been protected and that no data of a sensitive nature was impacted. As such, they concluded that notification to their subscribers was not necessary due to the fact that all their authors and reviewers are available online on their website.

Dati compromessi

Email addressesEmail messagesIP addressesNames

Sito web mdpi.com

Accounts 845.012

Stato Verificato

Attacco 30/08/2016

Inserimento 26/03/2018 - 00:50:36

Modifica 26/03/2018 - 00:50:36

MindJolt

In March 2019, the online gaming website MindJolt suffered a data breach that exposed 28M unique email addresses. Also impacted were names and dates of birth, but no passwords. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".

Dati compromessi

Dates of birthEmail addressesNames

Sito web mindjolt.com

Accounts 28.364.826

Stato Verificato

Attacco 18/03/2019

Inserimento 13/07/2019 - 21:21:12

Modifica 13/07/2019 - 21:21:12

MinecraftPocketEditionForum

In May 2015, the Minecraft Pocket Edition forum was hacked and over 16k accounts were dumped public. Allegedly hacked by @rmsg0d, the forum data included numerous personal pieces of data for each user. The forum has subsequently been decommissioned.

Dati compromessi

Email addressesIP addressesPasswordsUsernames

Sito web minecraftpeforum.net

Accounts 16.034

Stato Verificato

Attacco 24/05/2015

Inserimento 30/06/2015 - 11:19:43

Modifica 30/06/2015 - 11:19:43

MinecraftWorldMap

In approximately January 2016, the Minecraft World Map site designed for sharing maps created for the game was hacked and over 71k user accounts were exposed. The data included usernames, email and IP addresses along with salted and hashed passwords.

Dati compromessi

Email addressesIP addressesPasswordsUsernames

Sito web minecraftworldmap.com

Accounts 71.081

Stato Verificato

Attacco 15/01/2016

Inserimento 29/08/2016 - 03:07:38

Modifica 29/08/2016 - 03:07:38

Minefield

In June 2015, the French Minecraft server known as Minefield was hacked and 188k member records were exposed. The IP.Board forum included email and IP addresses, birth dates and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.

Dati compromessi

Dates of birthEmail addressesIP addressesPasswordsUsernamesWebsite activity

Sito web minefield.fr

Accounts 188.343

Stato Verificato

Attacco 28/06/2015

Inserimento 09/03/2016 - 09:18:43

Modifica 09/03/2016 - 09:18:43

Minehut

In May 2019, the Minecraft server website Minehut suffered a data breach. The company advised a database backup had been obtained after which they subsequently notified all impacted users. 397k email addresses from the incident were provided to HIBP.

Dati compromessi

Email addresses

Sito web minehut.com

Accounts 396.533

Stato Verificato

Attacco 17/05/2019

Inserimento 17/09/2019 - 10:27:31

Modifica 17/09/2019 - 10:27:31

MoDaCo

In approximately January 2016, the UK based Android community known as MoDaCo suffered a data breach which exposed 880k subscriber identities. The data included email and IP addresses, usernames and passwords stored as salted MD5 hashes.

Dati compromessi

Email addressesIP addressesPasswordsUsernames

Sito web modaco.com

Accounts 879.703

Stato Verificato

Attacco 01/01/2016

Inserimento 20/09/2016 - 09:32:50

Modifica 20/09/2016 - 09:32:50

ModernBusinessSolutions

In October 2016, a large Mongo DB file containing tens of millions of accounts was shared publicly on Twitter (the file has since been removed). The database contained over 58M unique email addresses along with IP addresses, names, home addresses, genders, job titles, dates of birth and phone numbers. The data was subsequently attributed to "Modern Business Solutions", a company that provides data storage and database hosting solutions. They've yet to acknowledge the incident or explain how they came to be in possession of the data.

Dati compromessi

Dates of birthEmail addressesGendersIP addressesJob titlesNamesPhone numbersPhysical addresses

Sito web modbsolutions.com

Accounts 58.843.488

Stato Verificato

Attacco 08/10/2016

Inserimento 12/10/2016 - 11:09:11

Modifica 12/10/2016 - 11:09:11

MoneyBookers

Sometime in 2009, the e-wallet service known as Money Bookers suffered a data breach which exposed almost 4.5M customers. Now called Skrill, the breach was not discovered until October 2015 and included names, email addresses, home addresses and IP addresses.

Dati compromessi

Dates of birthEmail addressesIP addressesNamesPhone numbersPhysical addresses

Sito web moneybookers.com

Accounts 4.483.605

Stato Verificato

Attacco 01/01/2009

Inserimento 30/11/2015 - 10:21:55

Modifica 30/11/2015 - 10:21:55

MoreleNet

In October 2018, the Polish e-commerce website Morele.net suffered a data breach. The incident exposed almost 2.5 million unique email addresses alongside phone numbers, names and passwords stored as md5crypt hashes.

Dati compromessi

Email addressesNamesPasswordsPhone numbers

Sito web morele.net

Accounts 2.467.304

Stato Verificato

Attacco 10/10/2018

Inserimento 21/04/2019 - 00:57:28

Modifica 21/04/2019 - 00:57:28

MortalOnline

In June 2018, the massively multiplayer online role-playing game (MMORPG) Mortal Online suffered a data breach. A file containing 570k email addresses and cracked passwords was subsequently distributed online. A larger more complete file containing 607k email addresses with original unsalted MD5 password hashes along with names, usernames and physical addresses was later provided and the original breach in HIBP was updated accordingly. The data was provided to HIBP by whitehat security researcher and data analyst Adam Davies.

Dati compromessi

Email addressesNamesPasswordsPhysical addressesUsernames

Sito web mortalonline.com

Accounts 606.637

Stato Verificato

Attacco 17/06/2018

Inserimento 31/08/2018 - 07:38:46

Modifica 24/09/2018 - 23:05:18

MPGH

In October 2015, the multiplayer game hacking website MPGH was hacked and 3.1 million user accounts disclosed. The vBulletin forum breach contained usernames, email addresses, IP addresses and salted hashes of passwords.

Dati compromessi

Email addressesIP addressesPasswordsUsernames

Sito web mpgh.net

Accounts 3.122.898

Stato Verificato

Attacco 22/10/2015

Inserimento 26/10/2015 - 04:20:20

Modifica 26/10/2015 - 04:20:20

MrExcel

In December 2016, the forum for the Microsoft Excel tips and solutions site Mr Excel suffered a data breach. The hack of the vBulletin forum led to the exposure of over 366k accounts along with email and IP addresses, dates of birth and salted passwords hashed with MD5. The owner of the MrExcel forum subsequently self-submitted the data to HIBP.

Dati compromessi

Dates of birthEmail addressesIP addressesPasswordsSocial connectionsUsernamesWebsite activity

Sito web mrexcel.com

Accounts 366.140

Stato Verificato

Attacco 05/12/2016

Inserimento 22/01/2017 - 08:39:17

Modifica 22/01/2017 - 08:39:17

mSpy

In May 2015, the "monitoring" software known as mSpy suffered a major data breach. The software (allegedly often used to spy on unsuspecting victims), stored extensive personal information within their online service which after being breached, was made freely available on the internet.

Dati compromessi

Device usage tracking data

Sito web mspy.com

Accounts 699.793

Stato Verificato

Attacco 14/05/2015

Inserimento 28/05/2015 - 20:09:16

Modifica 28/05/2015 - 20:09:16

MuslimDirectory

In February 2014, the UK guide to services and business known as the Muslim Directory was attacked by the hacker known as @th3inf1d3l. The data was consequently dumped publicly and included the web accounts of tens of thousands of users which contained data including their names, home address, age group, email, website activity and password in plain text.

Dati compromessi

Age groupsEmail addressesEmployersNamesPasswordsPhone numbersPhysical addressesWebsite activity

Sito web muslimdirectory.co.uk

Accounts 37.784

Stato Verificato

Attacco 17/02/2014

Inserimento 23/02/2014 - 04:09:38

Modifica 23/02/2014 - 04:09:38

MyFHA

In approximately February 2015, the home financing website MyFHA suffered a data breach which disclosed the personal information of nearly 1 million people. The data included extensive personal information relating to home financing including personal contact info, credit statuses, household incomes, loan amounts and notes on personal circumstances, often referring to legal issues, divorces and health conditions. Multiple parties contacted HIBP with the data after which MyFHA was alerted in mid-July and acknowledged the legitimacy of the breach then took the site offline.

Dati compromessi

Credit status informationEmail addressesHome loan informationIncome levelsIP addressesNamesPasswordsPersonal descriptionsPhysical addresses

Sito web myfha.net

Accounts 972.629

Stato Verificato

Attacco 18/02/2015

Inserimento 09/08/2018 - 22:26:35

Modifica 09/08/2018 - 22:26:35

MyFitnessPal

In February 2018, the diet and exercise service MyFitnessPal suffered a data breach. The incident exposed 144 million unique email addresses alongside usernames, IP addresses and passwords stored as SHA-1 and bcrypt hashes (the former for earlier accounts, the latter for newer accounts). In 2019, the data appeared listed for sale on a dark web marketplace (along with several other large breaches) and subsequently began circulating more broadly. The data was provided to HIBP by a source who requested it to be attributed to "BenjaminBlue@exploit.im".

Dati compromessi

Email addressesIP addressesPasswordsUsernames

Sito web myfitnesspal.com

Accounts 143.606.147

Stato Verificato

Attacco 01/02/2018

Inserimento 21/02/2019 - 20:28:46

Modifica 21/02/2019 - 21:00:56

MyHeritage

In October 2017, the genealogy website MyHeritage suffered a data breach. The incident was reported 7 months later after a security researcher discovered the data and contacted MyHeritage. In total, more than 92M customer records were exposed and included email addresses and salted SHA-1 password hashes. In 2019, the data appeared listed for sale on a dark web marketplace (along with several other large breaches) and subsequently began circulating more broadly. The data was provided to HIBP by a source who requested it be attributed to "BenjaminBlue@exploit.im".

Dati compromessi

Email addressesPasswords

Sito web myheritage.com

Accounts 91.991.358

Stato Verificato

Attacco 26/10/2017

Inserimento 20/02/2019 - 22:04:04

Modifica 20/02/2019 - 22:04:04

myRepoSpace

In July 2015, the Cydia repository known as myRepoSpace was hacked and user data leaked publicly. Cydia is designed to facilitate the installation of apps on jailbroken iOS devices. The repository service was allegedly hacked by @its_not_herpes and 0x8badfl00d in retaliation for the service refusing to remove pirated tweaks.

Dati compromessi

Email addressesIP addressesPasswordsUsernames

Sito web myrepospace.com

Accounts 252.751

Stato Verificato

Attacco 06/07/2015

Inserimento 08/07/2015 - 10:44:51

Modifica 08/07/2015 - 10:44:51

MySpace

In approximately 2008, MySpace suffered a data breach that exposed almost 360 million accounts. In May 2016 the data was offered up for sale on the "Real Deal" dark market website and included email addresses, usernames and SHA1 hashes of the first 10 characters of the password converted to lowercase and stored without a salt. The exact breach date is unknown, but analysis of the data suggests it was 8 years before being made public.

Dati compromessi

Email addressesPasswordsUsernames

Sito web myspace.com

Accounts 359.420.698

Stato Verificato

Attacco 01/07/2008

Inserimento 31/05/2016 - 02:12:29

Modifica 31/05/2016 - 02:12:29

MyVidster

In August 2015, the social video sharing and bookmarking site MyVidster was hacked and nearly 20,000 accounts were dumped online. The dump included usernames, email addresses and hashed passwords.

Dati compromessi

Email addressesPasswordsUsernames

Sito web myvidster.com

Accounts 19.863

Stato Verificato

Attacco 15/08/2015

Inserimento 10/10/2015 - 09:06:17

Modifica 10/10/2015 - 09:06:17

NapsGear

In October 2015, the anabolic steroids retailer NapsGear suffered a data breach. An extensive amount of personal information on 287k customers was exposed including email addresses, names, addresses, phone numbers, purchase histories and salted MD5 password hashes.

Dati compromessi

Dates of birthEmail addressesGendersNamesPasswordsPhone numbersPhysical addressesPurchases

Sito web napsgear.org

Accounts 287.071

Stato Verificato

Attacco 21/10/2015

Inserimento 10/09/2018 - 13:07:00

Modifica 10/09/2018 - 13:07:00

NaughtyAmerica

In March 2016, the adult website Naughty America was hacked and the data consequently sold online. The breach included data from numerous systems with various personal identity attributes, the largest of which had passwords stored as easily crackable MD5 hashes. There were 1.4 million unique email addresses in the breach.

Dati compromessi

Dates of birthEmail addressesIP addressesPasswordsUsernamesWebsite activity

Sito web naughtyamerica.com

Accounts 1.398.630

Stato Verificato

Attacco 14/03/2016

Inserimento 24/04/2016 - 08:14:42

Modifica 24/04/2016 - 08:14:42

NemoWeb

In September 2016, almost 21GB of data from the French website used for "standardised and decentralized means of exchange for publishing newsgroup articles" NemoWeb was leaked from what appears to have been an unprotected Mongo DB. The data consisted of a large volume of emails sent to the service and included almost 3.5M unique addresses, albeit many of them auto-generated. Multiple attempts were made to contact the operators of NemoWeb but no response was received.

Dati compromessi

Email addressesNames

Sito web nemoweb.net

Accounts 3.472.916

Stato Verificato

Attacco 04/09/2016

Inserimento 19/09/2018 - 05:53:20

Modifica 24/09/2018 - 07:09:56

Neopets

In May 2016, a set of breached data originating from the virtual pet website "Neopets" was found being traded online. Allegedly hacked "several years earlier", the data contains sensitive personal information including birthdates, genders and names as well as almost 27 million unique email addresses. Passwords were stored in plain text and IP addresses were also present in the breach.

Dati compromessi

Dates of birthEmail addressesGendersGeographic locationsIP addressesNamesPasswordsUsernames

Sito web neopets.com

Accounts 26.892.897

Stato Verificato

Attacco 05/05/2013

Inserimento 08/07/2016 - 01:00:10

Modifica 08/07/2016 - 01:00:10

NetEase

In October 2015, the Chinese site known as NetEase (located at 163.com) was reported as having suffered a data breach that impacted hundreds of millions of subscribers. Whilst there is evidence that the data itself is legitimate (multiple HIBP subscribers confirmed a password they use is in the data), due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified". The data in the breach contains email addresses and plain text passwords. Read more about Chinese data breaches in Have I Been Pwned.

Dati compromessi

Email addressesPasswords

Sito web 163.com

Accounts 234.842.089

Stato Non verificato

Attacco 19/10/2015

Inserimento 09/10/2016 - 08:13:31

Modifica 09/10/2016 - 08:13:31

Neteller

In May 2010, the e-wallet service known as Neteller suffered a data breach which exposed over 3.6M customers. The breach was not discovered until October 2015 and included names, email addresses, home addresses and account balances.

Dati compromessi

Account balancesDates of birthEmail addressesGendersIP addressesNamesPhone numbersPhysical addressesSecurity questions and answersWebsite activity

Sito web neteller.com

Accounts 3.619.948

Stato Verificato

Attacco 17/05/2010

Inserimento 30/11/2015 - 11:26:47

Modifica 30/11/2015 - 11:26:47

Netlog

In July 2018, the Belgian social networking site Netlog identified a data breach of their systems dating back to November 2012 (PDF). Although the service was discontinued in 2015, the data breach still impacted 49 million subscribers for whom email addresses and plain text passwords were exposed. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".

Dati compromessi

Email addressesPasswords

Sito web netlog.com

Accounts 49.038.354

Stato Verificato

Attacco 01/11/2012

Inserimento 15/07/2019 - 12:25:07

Modifica 15/07/2019 - 12:25:07

NetProspex

In 2016, a list of over 33 million individuals in corporate America sourced from Dun & Bradstreet's NetProspex service was leaked online. D&B believe the targeted marketing data was lost by a customer who purchased it from them. It contained extensive personal and corporate information including names, email addresses, job titles and general information about the employer.

Dati compromessi

Email addressesEmployersJob titlesNamesPhone numbersPhysical addresses

Sito web netprospex.com

Accounts 33.698.126

Stato Verificato

Attacco 01/09/2016

Inserimento 15/03/2017 - 02:57:04

Modifica 15/03/2017 - 02:57:04

Netshoes

In December 2017, the online Brazilian retailer known as Netshoes had half a million records allegedly hacked from their system posted publicly. The company was contacted by local Brazilian media outlet Tecmundo and subsequently advised that no indications have been identified of an invasion of the company's systems. However, Netshoes' own systems successfully confirm the presence of matching identifiers and email addresses from the data set, indicating a high likelihood that the data originated from them.

Dati compromessi

Dates of birthEmail addressesNamesPurchases

Sito web netshoes.com.br

Accounts 499.836

Stato Verificato

Attacco 07/12/2017

Inserimento 10/12/2017 - 05:01:03

Modifica 10/12/2017 - 05:01:03

NextGenUpdate

Early in 2014, the video game website NextGenUpdate reportedly suffered a data breach that disclosed almost 1.2 million accounts. Amongst the data breach was usernames, email addresses, IP addresses and salted and hashed passwords.

Dati compromessi

Email addressesIP addressesPasswordsUsernames

Sito web nextgenupdate.com

Accounts 1.194.597

Stato Verificato

Attacco 22/04/2014

Inserimento 05/06/2015 - 06:12:29

Modifica 05/06/2015 - 06:12:29

NexusMods

In December 2015, the game modding site Nexus Mods released a statement notifying users that they had been hacked. They subsequently dated the hack as having occurred in July 2013 although there is evidence to suggest the data was being traded months in advance of that. The breach contained usernames, email addresses and passwords stored as a salted hashes.

Dati compromessi

Email addressesPasswordsUsernames

Sito web nexusmods.com

Accounts 5.915.013

Stato Verificato

Attacco 22/07/2013

Inserimento 17/01/2016 - 18:18:47

Modifica 17/01/2016 - 18:18:47

Nihonomaru

In late 2015, the anime community known as Nihonomaru had their vBulletin forum hacked and 1.7 million accounts exposed. The compromised data included email and IP addresses, usernames and salted hashes of passwords.

Dati compromessi

Email addressesIP addressesPasswordsUsernames

Sito web nihonomaru.net

Accounts 1.697.282

Stato Verificato

Attacco 01/12/2015

Inserimento 30/08/2016 - 11:54:55

Modifica 30/08/2016 - 11:54:55

Nival

In February 2016, the Russian gaming company Nival was the target of an attack which was consequently detailed on Reddit. Allegedly protesting "the foreign policy of Russia in regards to Ukraine", Nival was one of several Russian sites in the breach and impacted over 1.5M accounts including sensitive personal information.

Dati compromessi

AvatarsDates of birthEmail addressesGendersNamesSpoken languagesUsernamesWebsite activity

Sito web nival.com

Accounts 1.535.473

Stato Verificato

Attacco 29/02/2016

Inserimento 03/03/2016 - 01:32:49

Modifica 03/03/2016 - 01:32:49

NonNudeGirls

In May 2013, the non-consensual voyeurism site "Non Nude Girls" suffered a data breach. The hack of the vBulletin forum led to the exposure of over 75k accounts along with email and IP addresses, names and plain text passwords.

Dati compromessi

Email addressesIP addressesNamesPasswordsUsernamesWebsite activity

Sito web nonnudegirls.org

Accounts 75.383

Stato Verificato

Attacco 21/05/2013

Inserimento 25/01/2017 - 07:38:36

Modifica 25/01/2017 - 07:38:36

Nulled

In May 2016, the cracking community forum known as Nulled was hacked and 599k user accounts were leaked publicly. The compromised data included email and IP addresses, weak salted MD5 password hashes and hundreds of thousands of private messages between members.

Dati compromessi

Dates of birthEmail addressesIP addressesPasswordsPrivate messagesUsernamesWebsite activity

Sito web nulled.cr

Accounts 599.080

Stato Verificato

Attacco 06/05/2016

Inserimento 09/05/2016 - 13:28:01

Modifica 09/05/2016 - 13:28:01

OGUsers

In May 2019, the account hijacking and SIM swapping forum OGusers suffered a data breach. The breach exposed a database backup from December 2018 which was published on a rival hacking forum. There were 161k unique email addresses spread across 113k forum users and other tables in the database. The exposed data also included usernames, IP addresses, private messages and passwords stored as salted MD5 hashes.

Dati compromessi

Email addressesIP addressesPasswordsPrivate messagesUsernames

Sito web ogusers.com

Accounts 161.143

Stato Verificato

Attacco 26/12/2018

Inserimento 20/05/2019 - 00:45:45

Modifica 20/05/2019 - 00:45:45

OnlinerSpambot

In August 2017, a spambot by the name of Onliner Spambot was identified by security researcher Benkow moʞuƎq. The malicious software contained a server-based component located on an IP address in the Netherlands which exposed a large number of files containing personal information. In total, there were 711 million unique email addresses, many of which were also accompanied by corresponding passwords. A full write-up on what data was found is in the blog post titled Inside the Massive 711 Million Record Onliner Spambot Dump.

Dati compromessi

Email addressesPasswords

Sito web

Accounts 711.477.622

Stato Verificato

Attacco 28/08/2017

Inserimento 29/08/2017 - 21:25:56

Modifica 29/08/2017 - 21:25:56

Onverse

In January 2016, the online virtual world known as Onverse was hacked and 800k accounts were exposed. Along with email and IP addresses, the site also exposed salted MD5 password hashes.

Dati compromessi

Email addressesIP addressesPasswordsUsernames

Sito web onverse.com

Accounts 800.157

Stato Verificato

Attacco 01/01/2016

Inserimento 06/09/2016 - 08:28:30

Modifica 06/09/2016 - 08:28:30

OpenCSGO

In December 2017, the website for purchasing Counter-Strike skins known as Open CS:GO (Counter-Strike: Global Offensive) suffered a data breach (address since redirects to dropgun.com). The 10GB file contained an extensive amount of personal information including email and IP addresses, phone numbers, physical addresses and purchase histories. Numerous attempts were made to contact Open CS:GO about the incident, however no responses were received.

Dati compromessi

AvatarsEmail addressesIP addressesPhone numbersPhysical addressesPurchasesSocial media profilesUsernames

Sito web opencsgo.com

Accounts 512.311

Stato Verificato

Attacco 28/11/2017

Inserimento 15/01/2018 - 07:14:55

Modifica 15/01/2018 - 07:14:55

OrdineAvvocatiDiRoma

In May 2019, the Lawyers Order of Rome suffered a data breach by a group claiming to be Anonymous Italy. Data on tens of thousands of Roman lawyers was taken from the breached system and redistributed online. The data included contact information, email addresses and email messages themselves encompassing tens of thousands of unique email addresses. A total of 42k unique addresses appeared in the breach.

Dati compromessi

Email addressesEmail messagesGeographic locationsPasswordsPhone numbers

Sito web ordineavvocatiroma.it

Accounts 41.960

Stato Verificato

Attacco 07/05/2019

Inserimento 27/05/2019 - 01:24:11

Modifica 27/05/2019 - 01:24:11

OVH

In mid-2015, the forum for the hosting provider known as OVH suffered a data breach. The vBulletin forum contained 453k accounts including usernames, email and IP addresses and passwords stored as salted MD5 hashes.

Dati compromessi

Email addressesIP addressesPasswordsUsernames

Sito web ovh.com

Accounts 452.899

Stato Verificato

Attacco 01/05/2015

Inserimento 27/12/2016 - 08:49:12

Modifica 27/12/2016 - 08:49:12

OwnedCore

In approximately August 2013, the World of Warcraft exploits forum known as OwnedCore was hacked and more than 880k accounts were exposed. The vBulletin forum included IP addresses and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.

Dati compromessi

Email addressesIP addressesPasswordsUsernames

Sito web OwnedCore.com

Accounts 880.331

Stato Verificato

Attacco 01/08/2013

Inserimento 06/02/2016 - 03:53:13

Modifica 06/02/2016 - 03:53:13

PaddyPower

In October 2010, the Irish bookmaker Paddy Power suffered a data breach that exposed 750,000 customer records with nearly 600,000 unique email addresses. The breach was not disclosed until July 2014 and contained extensive personal information including names, addresses, phone numbers and plain text security questions and answers.

Dati compromessi

Account balancesDates of birthEmail addressesIP addressesNamesPhone numbersPhysical addressesSecurity questions and answersUsernamesWebsite activity

Sito web paddypower.com

Accounts 590.954

Stato Verificato

Attacco 25/10/2010

Inserimento 11/10/2015 - 03:26:05

Modifica 11/10/2015 - 03:26:05

Patreon

In October 2015, the crowdfunding site Patreon was hacked and over 16GB of data was released publicly. The dump included almost 14GB of database records with more than 2.3M unique email addresses and millions of personal messages.

Dati compromessi

Email addressesPayment historiesPhysical addressesPrivate messagesWebsite activity

Sito web patreon.com

Accounts 2.330.382

Stato Verificato

Attacco 01/10/2015

Inserimento 02/10/2015 - 04:29:20

Modifica 02/10/2015 - 04:29:20

PayAsUGym

In December 2016, an attacker breached PayAsUGym's website exposing over 400k customers' personal data. The data was consequently leaked publicly and broadly distributed via Twitter. The leaked data contained personal information including email addresses and passwords hashed using MD5 without a salt.

Dati compromessi

Browser user agent detailsEmail addressesIP addressesNamesPartial credit card dataPasswordsPhone numbersWebsite activity

Sito web payasugym.com

Accounts 400.260

Stato Verificato

Attacco 15/12/2016

Inserimento 17/12/2016 - 07:45:44

Modifica 17/12/2016 - 07:45:44

Pemiblanc

In April 2018, a credential stuffing list containing 111 million email addresses and passwords known as Pemiblanc was discovered on a French server. The list contained email addresses and passwords collated from different data breaches and used to mount account takeover attacks against other services. Read more about the incident.

Dati compromessi

Email addressesPasswords

Sito web pemiblanc.com

Accounts 110.964.206

Stato Non verificato

Attacco 02/04/2018

Inserimento 10/07/2018 - 00:16:26

Modifica 10/07/2018 - 00:16:26

PHPFreaks

In October 2015, the PHP discussion board PHP Freaks was hacked and 173k user accounts were publicly leaked. The breach included multiple personal data attributes as well as salted and hashed passwords.

Dati compromessi

Dates of birthEmail addressesIP addressesPasswordsUsernamesWebsite activity

Sito web phpfreaks.com

Accounts 173.891

Stato Verificato

Attacco 27/10/2015

Inserimento 30/10/2015 - 15:19:52

Modifica 30/10/2015 - 15:19:52

PixelFederation

In December 2013, a breach of the web-based game community based in Slovakia exposed over 38,000 accounts which were promptly posted online. The breach included email addresses and unsalted MD5 hashed passwords, many of which were easily converted back to plain text.

Dati compromessi

Email addressesPasswords

Sito web pixelfederation.com

Accounts 38.108

Stato Verificato

Attacco 04/12/2013

Inserimento 06/12/2013 - 01:00:00

Modifica 06/12/2013 - 01:00:00

piZap

In approximately December 2017, the online photo editing site piZap suffered a data breach. The data was later placed up for sale on a dark web marketplace along with a collection of other data breaches in February 2019. A total of 42 million unique email addresses were included in the breach alongside names, genders and links to Facebook profiles when the social media platform was used to authenticate to piZap. When accounts were created directly on piZap without using Facebook for authentication, passwords stored as SHA-1 hashes were also exposed. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".

Dati compromessi

Email addressesGendersGeographic locationsNamesPasswordsSocial media profilesUsernamesWebsite activity

Sito web pizap.com

Accounts 41.817.893

Stato Verificato

Attacco 07/12/2017

Inserimento 16/07/2019 - 07:43:27

Modifica 16/07/2019 - 07:43:27

Plex

In July 2015, the discussion forum for Plex media centre was hacked and over 327k accounts exposed. The IP.Board forum included IP addresses and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.

Dati compromessi

Email addressesIP addressesPasswordsUsernames

Sito web plex.tv

Accounts 327.314

Stato Verificato

Attacco 02/07/2015

Inserimento 08/02/2016 - 02:35:48

Modifica 08/02/2016 - 02:35:48

Pokebip

In July 2015, the French Pokémon site Pokébip suffered a data breach which exposed 657k subscriber identities. The data included email and IP addresses, usernames and passwords stored as unsalted MD5 hashes.

Dati compromessi

Email addressesIP addressesPasswordsTime zonesUsernamesWebsite activity

Sito web pokebip.com

Accounts 657.001

Stato Verificato

Attacco 28/07/2015

Inserimento 09/09/2016 - 06:43:00

Modifica 09/09/2016 - 06:43:00

PokemonCreed

In August 2014, the Pokémon RPG website Pokémon Creed was hacked after a dispute with rival site, Pokémon Dusk. In a post on Facebook, "Cruz Dusk" announced the hack then pasted the dumped MySQL database on pkmndusk.in. The breached data included over 116k usernames, email addresses and plain text passwords.

Dati compromessi

Email addressesGendersIP addressesPasswordsUsernamesWebsite activity

Sito web pokemoncreed.net

Accounts 116.465

Stato Verificato

Attacco 08/08/2014

Inserimento 10/08/2014 - 02:03:59

Modifica 10/08/2014 - 02:03:59

PokemonNegro

In approximately October 2016, the Spanish Pokémon site Pokémon Negro suffered a data breach. The attack resulted in the disclosure of 830k accounts including email and IP addresses along with plain text passwords. Pokémon Negro did not respond when contacted about the breach.

Dati compromessi

Email addressesIP addressesPasswords

Sito web pokemonnegro.com

Accounts 830.155

Stato Verificato

Attacco 01/10/2016

Inserimento 03/01/2017 - 21:45:24

Modifica 03/01/2017 - 21:45:24

PoliceOne

In February 2017, the law enforcement website PoliceOne confirmed they'd suffered a data breach. The breach contained over 700k accounts which appeared for sale by a data broker and included email and IP addresses, usernames and salted MD5 password hashes. The file the data was contained in indicated the original breach dated back to July 2014.

Dati compromessi

Email addressesIP addressesPasswordsUsernames

Sito web policeone.com

Accounts 709.926

Stato Verificato

Attacco 01/07/2014

Inserimento 15/11/2017 - 08:57:11

Modifica 15/11/2017 - 08:57:11

Poshmark

In mid-2018, social commerce marketplace Poshmark suffered a data breach that exposed 36M user accounts. The compromised data included email addresses, names, usernames, genders, locations and passwords stored as bcrypt hashes. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".

Dati compromessi

Email addressesGendersGeographic locationsNamesPasswordsUsernames

Sito web poshmark.com

Accounts 36.395.491

Stato Verificato

Attacco 16/05/2018

Inserimento 02/09/2019 - 05:36:05

Modifica 02/09/2019 - 05:44:37

Powerbot

In approximately September 2014, the RuneScape bot website Powerbot suffered a data breach resulting in the exposure of over half a million unique user records. The data contained email and IP addresses, usernames and salted MD5 hashes of passwords. The site was previously reported as compromised on the Vigilante.pw breached database directory.

Dati compromessi

Email addressesIP addressesPasswordsUsernames

Sito web powerbot.org

Accounts 503.501

Stato Verificato

Attacco 01/09/2014

Inserimento 01/07/2017 - 18:12:37

Modifica 01/07/2017 - 18:12:37

ProgrammingForums

In approximately late 2015, the programming forum at programmingforums.org suffered a data breach resulting in the exposure of 707k unique user records. The data contained email and IP addresses, usernames and salted MD5 hashes of passwords. The site was previously reported as compromised on the Vigilante.pw breached database directory.

Dati compromessi

Email addressesIP addressesPasswordsUsernames

Sito web programmingforums.org

Accounts 707.432

Stato Verificato

Attacco 01/12/2015

Inserimento 01/07/2017 - 18:42:46

Modifica 01/07/2017 - 18:42:46

PS3Hax

In approximately July 2015, the Sony Playstation hacks and mods forum known as PS3Hax was hacked and more than 447k accounts were exposed. The vBulletin forum included IP addresses and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.

Dati compromessi

Email addressesIP addressesPasswordsUsernames

Sito web ps3hax.net

Accounts 447.410

Stato Verificato

Attacco 01/07/2015

Inserimento 07/02/2016 - 05:44:49

Modifica 07/02/2016 - 05:44:49

PSPISO

In approximately September 2015, the PlayStation PSP forum known as PSP ISO was hacked and almost 1.3 million accounts were exposed. Along with email and IP addresses, the vBulletin forum also exposed salted MD5 password hashes.

Dati compromessi

Email addressesIP addressesPasswordsUsernames

Sito web pspiso.com

Accounts 1.274.070

Stato Verificato

Attacco 25/09/2015

Inserimento 29/01/2017 - 08:28:23

Modifica 29/01/2017 - 08:28:23

PSX-Scene

In approximately February 2015, the Sony Playstation forum known as PSX-Scene was hacked and more than 340k accounts were exposed. The vBulletin forum included IP addresses and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.

Dati compromessi

Email addressesIP addressesPasswordsUsernames

Sito web psx-scene.com

Accounts 341.118

Stato Verificato

Attacco 01/02/2015

Inserimento 07/02/2016 - 04:46:46

Modifica 07/02/2016 - 04:46:46

QatarNationalBank

In July 2015, the Qatar National Bank suffered a data breach which exposed 15k documents totalling 1.4GB and detailing more than 100k accounts with passwords and PINs. The incident was made public some 9 months later in April 2016 when the documents appeared publicly on a file sharing site. Analysis of the breached data suggests the attack began by exploiting a SQL injection flaw in the bank's website.

Dati compromessi

Bank account numbersCustomer feedbackDates of birthFinancial transactionsGendersGeographic locationsGovernment issued IDsIP addressesMarital statusesNamesPasswordsPhone numbersPhysical addressesPINsSecurity questions and answersSpoken languages

Sito web qnb.com

Accounts 88.678

Stato Verificato

Attacco 01/07/2015

Inserimento 01/05/2016 - 03:06:35

Modifica 01/05/2016 - 03:06:35

QIP

In mid-2011, the Russian instant messaging service known as QIP (Quiet Internet Pager) suffered a data breach. The attack resulted in the disclosure of over 26 million unique accounts including email addresses and passwords with the data eventually appearing in public years later.

Dati compromessi

Email addressesPasswordsUsernamesWebsite activity

Sito web qip.ru

Accounts 26.183.992

Stato Verificato

Attacco 01/06/2011

Inserimento 08/01/2017 - 23:23:19

Modifica 08/01/2017 - 23:23:19

QuantumBooter

In March 2014, the booter service Quantum Booter (also referred to as Quantum Stresser) suffered a breach which lead to the disclosure of their internal database. The leaked data included private discussions relating to malicious activity Quantum Booter users were performing against online adversaries, including the IP addresses of those using the service to mount DDoS attacks.

Dati compromessi

Email addressesIP addressesPasswordsPrivate messagesUsernamesWebsite activity

Sito web quantumbooter.net

Accounts 48.592

Stato Verificato

Attacco 18/03/2014

Inserimento 04/04/2015 - 08:40:05

Modifica 04/04/2015 - 08:40:05

QuinStreet

In approximately late 2015, the maker of "performance marketing products" QuinStreet had a number of their online assets compromised. The attack impacted 28 separate sites, predominantly technology forums such as flashkit.com, codeguru.com and webdeveloper.com (view a full list of sites). QuinStreet advised that impacted users have been notified and passwords reset. The data contained details on over 4.9 million people and included email addresses, dates of birth and salted MD5 hashes.

Dati com