Skip to content

Incidents in sector:

Media

Data breachResolved

BCD Travel data breach (2026)

In May 2026, the corporate travel management company BCD Travel was claimed as a victim of the ShinyHunters "pay or leak" extortion campaign. Data allegedly obtained from BCD was subsequently published publicly in early June and contained 396k unique email addresses.

Victim
BCD Travel
Records
396.3K
Data breachResolved

Cushman & Wakefield data breach (2026)

In May 2026, the real estate services firm Cushman & Wakefield was the target of a "pay or leak" extortion campaign by the ShinyHunters group. Following the threat, the group publicly published data they alleged had been obtained from the firm, consisting mostly of C&W email addresses along withโ€ฆ

Victim
Cushman & Wakefield
Records
310.4K
Data breachResolved

CTT data breach (2026)

In April 2026, data allegedly obtained from CTT, Portugal's national postal service, was posted to a public hacking forum. The data included 468k unique email addresses along with names, phone numbers and parcel tracking numbers which can be used to retrieve the tracking history of the parcel.

Victim
CTT
Records
468.1K
Data breachResolved

ADT data breach (2026)

In April 2026, home security firm ADT confirmed a data breach by ShinyHunters, which listed the company on its website as part of a "pay or leak" extortion attempt. The breach impacted 5.5M unique email addresses along with names, phone numbers and physical addresses.

Victim
ADT
Records
5.5M
Data breachResolved

Canada Life data breach (2026)

In April 2026, Canada Life was the victim of a "pay or leak" extortion campaign by the ShinyHunters group. The group subsequently published the data which contained over 200k unique email addresses along with names, phone numbers, physical addresses and, in some cases, customer support tickets.

Victim
Canada Life
Records
237.8K
Data breachResolved

Pitney Bowes data breach (2026)

In April 2026, the hacking collective ShinyHunters claimed to have obtained data from Pitney Bowes as part of a broader extortion campaign that also named several other organisations.

Victim
Pitney Bowes
Records
8.2M
Data breachResolved

Carnival data breach (2026)

In April 2026, the notorious hacking collective ShinyHunters claimed they had obtained a substantial volume of data belonging to the Carnival cruise operator and attempted to extort the organisation to prevent the data from being leaked.

Victim
Carnival
Records
7.5M
Data breachResolved

Marcus & Millichap data breach (2026)

In April 2026, the commercial real estate brokerage firm Marcus & Millichap was named as one of multiple alleged victims of the ShinyHunters hacking and extortion group.

Victim
Marcus & Millichap
Records
1.8M
Data breachResolved

Amtrak data breach (2026)

In April 2026, the hacking group ShinyHunters claimed they had breached Amtrak. The group typically compromises organisations' Salesforce instances before demanding a ransom and later, if not paid, dumping the data publicly.

Victim
Amtrak
Records
2.1M
Data breachResolved

SongTrivia2 data breach (2026)

In April 2026, the music trivia platform SongTrivia2 suffered a data breach that was subsequently published to a public hacking forum. The data contained a total of 291k unique email addresses sourced from either Google OAuth logins or accounts created on the site, the latter also containing bcryptโ€ฆ

Victim
SongTrivia2
Records
291.7K
Data breachResolved

BreachForums Version 5 data breach (2026)

In March 2026, a breach of one of the many iterations of the BreachForums hacking forum known as "Version 5" was publicly disclosed. The incident exposed 340k unique email addresses along with usernames and argon2 password hashes.

Victim
BreachForums Version 5
Records
339.8K
Supply chainContained

Leak at Crunchyroll

On 24 March 2026, anime streaming service Crunchyroll confirmed a data breach traced to a compromised third-party support vendor (Telus), exposing customer support-ticket data โ€” names, emails, IP addresses and partial payment-card details โ€” with a hacker claiming ~8M ticket records and ~6.8M unique email addresses.

Victim
Crunchyroll
Data breachResolved

Woflow data breach (2026)

In March 2026, the AI-driven merchant data platform Woflow was named as a victim by the ShinyHunters data extortion group. The group subsequently published tens of thousands of files allegedly obtained from the company, comprising more than 2TB of data.

Victim
Woflow
Records
447.6K
Data breachResolved

Panera Bread data breach (2026)

In January 2026, Panera Bread suffered a data breach that exposed 14M records. After an attempted extortion failed, the attackers published the data publicly, which included 5.1M unique email addresses along with associated account information such as names, phone numbers and physical addresses.

Victim
Panera Bread
Records
5.1M
Data breachResolved

Pass'Sport data breach (2025)

In December 2025, data from France's Pass'Sport program was posted to a popular hacking forum. Initially misattributed to CAF (the French family allowance fund), the data contained 6.5M unique email addresses affecting 3.5M households.

Victim
Pass'Sport
Records
6.4M
Data breachResolved

APOIA.se data breach (2025)

In December 2025, a database of the Brazilian crowdfunding platform APOIA.se was posted to an online forum. In January 2026, the company confirmed it had suffered a data breach. The incident exposed 451k unique email addresses along with names and physical addresses.

Victim
APOIA.se
Records
450.8K
Supply chainOngoing

Leak at PornHub

On 16 December 2025, adult-content platform Pornhub disclosed that historical analytics data on select Premium users โ€” including email addresses and search/viewing history โ€” was stolen via third-party provider Mixpanel; ShinyHunters claimed ~200 million records and demanded a ransom.

Victim
PornHub
Data breachResolved

CodeStepByStep data breach (2025)

In November 2025, the online coding practice tool CodeStepByStep suffered a data breach that exposed 17k records which were subsequently published online. The following month, a further corpus of data was released bringing the total to 103k.

Victim
CodeStepByStep
Records
103.1K
Data breachResolved

Operation Endgame 3.0 data breach (2025)

Between 10 and 13 November 2025, the latest phase of Operation Endgame was coordinated from Europol's headquarters in The Hague. The actions targeted one of the biggest infostealer Rhadamanthys, the Remote Access Trojan VenomRAT, and the botnet Elysium, all of which played a key role inโ€ฆ

Victim
Operation Endgame 3.0
Records
2.0M
Data breachResolved

International Kiteboarding Organization data breach (2025)

In November 2025, the International Kiteboarding Organization suffered a data breach that exposed 340k user records. The data was subsequently listed for sale on a hacking forum and included email addresses, names, usernames and in many cases, the user's city and country.

Victim
International Kiteboarding Organization
Records
340.3K
Data breachResolved

Beckett Collectibles data breach (2025)

In November 2025, Beckett Collectibles experienced a data breach accompanied by website content defacement. The stolen data was later advertised for sale on a prominent hacking forum, with portions subsequently released publicly.

Victim
Beckett Collectibles
Records
1.0M
Data breachResolved

Zilvia.net data breach (2025)

In November 2025, data breached from the Zilvia.net Nissan 240SX Silvia and Z Fairlady car forum was leaked. The breach exposed 288k unique email addresses along with usernames, IP addresses and salted MD5 password hashes sourced from the vBulletin based platform.

Victim
Zilvia.net
Records
287.9K
Data breachResolved

MyVidster (2025) data breach (2025)

In October 2025, the data of almost 4M MyVidster users was posted to a public hacking forum. Separate to the 2015 breach, this incident exposed usernames, email addresses and in a small number of cases, profile photos.

Victim
MyVidster (2025)
Records
3.9M
Data breachResolved

Substack data breach (2025)

In October 2025, the publishing platform Substack suffered a data breach that was subsequently circulated more widely in February 2026. The breach exposed 663k account holder records containing email addresses along with publicly visible profile information from Substack accounts, such asโ€ฆ

Victim
Substack
Records
663.1K
Data breachResolved

TISZA Vilรกg data breach (2025)

In late October 2025, data breached from the Hungarian political party TISZA was published online before being extensively redistributed. Stemming from a compromise of the TISZA Vilรกg service earlier in the month, the breach exposed 200k records of personal data including email addresses along withโ€ฆ

Victim
TISZA Vilรกg
Records
198.5K
Data breachResolved

WIRED data breach (2025)

In December 2025, 2.3M records of WIRED magazine users allegedly obtained from parent company Condรฉ Nast were published online. The most recent data dated back to the previous September and exposed email addresses and display names, as well as, for a small number of users, their name, phone number,โ€ฆ

Victim
WIRED
Records
2.4M
Data breachResolved

BreachForums (2025) data breach (2025)

In October 2025, a reincarnation of the hacking forum BreachForums, which had previously been shut down multiple times, was taken offline by a coalition of law enforcement agencies.

Victim
BreachForums (2025)
Records
672.2K
Data breachResolved

TheSqua.re data breach (2025)

In June 2025, 107k unique customer email addresses were allegedly obtained from TheSqua.re, the "easiest way to find your next serviced apartment". The data also included names, phone numbers and cities which were subsequently posted to a popular hacking forum.

Victim
TheSqua.re
Records
107.0K
Data breachResolved

Operation Endgame 2.0 data breach (2025)

In May 2025, a coalition of law enforcement agencies took down the criminal infrastructure behind the malware used to launch ransomware attacks in a new phase of "Operation Endgame".

Victim
Operation Endgame 2.0
Records
15.4M
Data breachResolved

Ualabee data breach (2025)

In May 2025, the South American mobility services platform Ualabee had hundreds of thousands of records scraped from an interface on their platform. The data included 472k unique email addresses along with names, profile photos, dates of birth and phone numbers.

Victim
Ualabee
Records
472.3K
Data breachUnknown

Leak at Reporterre

A data leak disclosed on 1 April 2025 exposed personal contact details of people associated with Reporterre, the French independent environmental news outlet, including last names, first names, email addresses and postal addresses.

Victim
Reporterre
Data breachResolved

German Doner Kebab data breach (2025)

In March 2025, data allegedly sourced from German Doner Kebab was published on a popular hacking forum. The data included 162k unique email addresses alongside names, phone numbers and physical addresses. German Doner Kebab subsequently sent a disclosure notice to impacted individuals.

Victim
German Doner Kebab
Records
162.4K
Data breachResolved

Troy Hunt's Mailchimp List data breach (2025)

In March 2025, a phishing attack successfully gained access to Troy Hunt's Mailchimp account and automatically exported a list of people who had subscribed to the newsletter for his personal blog.

Victim
Troy Hunt's Mailchimp List
Records
16.6K
Data breachResolved

ADDA data breach (2025)

In March 2025, data allegedly breached from the ADDA housing societies service was posted to a public hacking forum. The data contained over 1.8M unique email addresses along with names, phone numbers and MD5 password hashes.

Victim
ADDA
Records
1.8M
Data breachResolved

Cuties AI data breach (2025)

In March 2026, the NSFW AI companion platform Cuties AI suffered a data breach that was subsequently published to a public hacking forum. The incident exposed 144k unique email addresses along with display names, avatars, prompts and descriptions used to generate AI adult images, as well as URLs toโ€ฆ

Victim
Cuties AI
Records
144.3K
Data breachResolved

Adpost data breach (2025)

In February 2025, data obtained from an earlier Adpost breach surfaced. The dataset contained 3.3M records including email addresses, usernames, and display names. Adpost later published a disclosure notice and advised they'd forced a credential refresh, among other actions.

Victim
Adpost
Records
3.3M
Data breachResolved

Scholastic data breach (2025)

In January 2025, a data breach of the publishing company Scholastic surfaced. The breach contained 4.2M unique email addresses with many of the records also including name, phone number and physical address.

Victim
Scholastic
Records
4.2M
Data breachResolved

Speedio data breach (2024)

In December 2024, data alleged to have been taken from the Brazilian lead generation platform Speedio was posted for sale to a popular hacking forum. The data was allegedly obtained from an unsecured Elasticsearch instance and contained over 62M records of largely public business informationโ€ฆ

Victim
Speedio
Records
27.5M
Data breachUnknown

Data leak at Wakanim

Wakanim user data surfaced in a misconfigured, publicly accessible ElasticSearch server hoarding ~95 million records from 17 past French breaches, exposing names, emails, postal and IP addresses and phone numbers.

Victim
Wakanim
Data breachResolved

Young Living Essential Oils data breach (2024)

In December 2024, data claimed to be breached from the multi-level marketing company Young Living Essential Oils was posted to a popular hacking forum. The data contained 1.1M unique email addresses alongside names, the country of the account and in many cases, their date of birth.

Victim
Young Living Essential Oils
Records
1.1M
Supply chainContained

Leak at Le Point

On 18 November 2024, French news magazine Le Point disclosed a breach traced to a compromised subscriber-management subcontractor, exposing the names, postal/email addresses and phone numbers of an estimated 900,000 current and former readers.

Victim
Le Point
Data breachContained

Leak at Molotov

Around 13 November 2024, French streaming TV service Molotov disclosed a data breach exposing roughly 10.8 million email addresses, along with the names and dates of birth of users who had supplied them; no passwords or banking data were affected.

Victim
Molotov
Records
10.8M
Data breachResolved

Not SOCRadar data breach (2024)

In August 2024, over 332M rows of email addresses were posted to a popular hacking forum. The post alleged the addresses were scraped from cybersecurity firm SOCRadar, however an investigation on their behalf concluded that "the actor merely utilised functionalities inherent in the platform'sโ€ฆ

Victim
Not SOCRadar
Records
282.5M
Data breachResolved

AnimeLeague data breach (2024)

In July 2024, AnimeLeague disclosed a data breach of their services. The data was posted for sale on a popular hacking forum and included 2 databases covering both event registration records and a dump of the phpBB bulletin board.

Victim
AnimeLeague
Records
192.1K
Data breachResolved

Husky Owners data breach (2024)

In July 2024, the Husky Owners forum website was defaced and linked to a breach of user data containing 16k records. The exposed data included usernames, email addresses, dates of birth and time zones.

Victim
Husky Owners
Records
16.5K
Data breachResolved

BudTrader data breach (2024)

In July 2024, a data breach of the now defunct cannabis social platform BudTrader was posted for sale on a hacking forum. Dating back to the previous month, the breach of the website exposed 2.7M email addresses, usernames and WordPress password hashes.

Victim
BudTrader
Records
2.7M
Data breachResolved

Zacks (2024) data breach (2024)

In June 2024, the investment research company Zacks was allegedly breached, and data was later published to a popular hacking forum. This comes after a separate Zacks data breach confirmed by the organisation in 2023 with the subsequent breach disclosing millions of additional records representingโ€ฆ

Victim
Zacks (2024)
Records
12.0M
Data breachResolved

Ticketek data breach (2024)

In May 2024, the Australian event ticketing company Ticketek reported a data breach linked to a third party cloud-based platform. The following month, the data appeared for sale on a popular hacking forum and was later linked to a series of breaches of the Snowflake cloud storage service.

Victim
Ticketek
Records
17.6M
Credential stuffingContained

Snowflake customer-account credential-stuffing campaign (UNC5537, 2024)

A threat cluster tracked as UNC5537 / ShinyHunters used credentials harvested by infostealer malware to log into ~160 Snowflake customer tenants that lacked MFA. Victims included AT&T, Ticketmaster, Santander, LendingTree, Advance Auto Parts, Neiman Marcus, and Bausch Health. Ticketmaster alone exposed data for ~560 million users.

Victim
Snowflake customer tenants (~160 organisations: AT&T, Ticketmaster, Santander, LendingTree, Advance Auto Parts, Neiman Marcus, Bausch Health, et al.)
Records
560.0M
Data breachResolved

pcTattletale data breach (2024)

In May 2024, the spyware service pcTattletale suffered a data breach that defaced the website and posted tens of gigabytes of data to the homepage, allegedly due to pcTattletale not responding to a previous security vulnerability report.

Victim
pcTattletale
Records
138.8K
Data breachResolved

The Post Millennial data breach (2024)

In May 2024, the conservative news website The Post Millennial suffered a data breach. The breach resulted in the defacement of the website and links posted to 3 different corpuses of data including hundreds of writers and editors (IP, physical address and email exposed), tens of thousands ofโ€ฆ

Victim
The Post Millennial
Records
57.0M
Data breachResolved

Salvadoran Citizens data breach (2024)

In April 2024, nearly 6 million records of Salvadoran citizens were published to a popular hacking forum. The data included names, dates of birth, phone numbers, physical addresses and nearly 1M unique email addresses. Further, over 5M corresponding profile photos were also included in the breach.

Victim
Salvadoran Citizens
Records
947.0K
Data breachResolved

Lookiero data breach (2024)

In August 2024, a data breach from the online styling service Lookiero was posted to a popular hacking forum. Dating back to March 2024, the data included 5M unique email addresses, with many of the records also including name, phone number and physical address.

Victim
Lookiero
Records
5.0M
Data breachResolved

boAt data breach (2024)

In March 2024, the Indian audio and wearables brand boAt suffered a data breach that exposed 7.5M customer records. The data included physical and email address, names and phone numbers, all of which were subsequently published to a popular clear web hacking forum.

Victim
boAt
Records
7.5M
Data breachResolved

HuntStand data breach (2024)

In March 2024, millions of records scraped from the hunting and land management service HuntStand were publicly posted to a popular hacking forum. The data included 2.8M unique email addresses with many records also containing name, date of birth and country.

Victim
HuntStand
Records
2.8M
Data breachResolved

WoTLabs data breach (2024)

In March 2024, WoTLabs (World of Tanks Statistics and Resources) suffered a data breach and website defacement attributed to "chromebook breachers". The breach exposed 22k forum members' personal data including email and IP addresses, usernames, dates of birth and time zones.

Victim
WoTLabs
Records
22.0K
Data breachResolved

Life360 data breach (2024)

In July 2024, data scraped from a misconfigured Life360 API was posted online after being obtained several months earlier. The records included 443k unique email addresses and in most cases, corresponding names and phone numbers (some records were null or obfuscated).

Victim
Life360
Records
442.5K
Data breachResolved

DemandScience by Pure Incubation data breach (2024)

In early 2024, a large corpus of data from DemandScience (a company owned by Pure Incubation), appeared for sale on a popular hacking forum. Later attributed to a leak from a decommissioned legacy system, the breach contained extensive data that was largely business contact information aggregatedโ€ฆ

Victim
DemandScience by Pure Incubation
Records
121.8M
Data breachResolved

Cutout.Pro data breach (2024)

In February 2024, the AI-powered visual design platform Cutout.Pro suffered a data breach that exposed 20M records. The data included email and IP addresses, names and salted MD5 password hashes which were subsequently broadly distributed on a popular hacking forum and Telegram channels.

Victim
Cutout.Pro
Records
20.0M
Data breachResolved

Trello data breach (2024)

In January 2024, data was scraped from Trello and posted for sale on a popular hacking forum. Containing over 15M email addresses, names and usernames, the data was obtained by enumerating a publicly accessible resource using email addresses from previous breach corpuses.

Victim
Trello
Records
15.1M
Data breachResolved

Zadig & Voltaire data breach (2023)

In June 2024, a data brach sourced from French fashion brand Zadig & Voltaire was publicly posted to a popular hacking forum. The data included names, email and physical addresses, phone numbers and genders.

Victim
Zadig & Voltaire
Records
586.9K
Data breachResolved

Chess data breach (2023)

In November 2023, over 800k user records were scraped from the Chess website and posted to a popular hacking forum. The data included email address, name, username and the geographic location of the user. A further 446k scraped records were later provided and added to HIBP.

Victim
Chess
Records
1.3M
Data breachResolved

LinkedIn Scraped and Faked Data (2023) data breach (2023)

In November 2023, a post to a popular hacking forum alleged that millions of LinkedIn records had been scraped and leaked. On investigation, the data turned out to be a combination of legitimate data scraped from LinkedIn and email addresses constructed from impacted individuals' names.

Victim
LinkedIn Scraped and Faked Data (2023)
Records
19.8M
Data breachResolved

Toumei data breach (2023)

In October 2023, the Japanese consultancy firm Toumei suffered a data breach. The breach exposed over 100M lines and 10GB of data including 77k unique email addresses along with names, phone numbers and physical addresses.

Victim
Toumei
Records
76.7K
Data breachResolved

Shadow data breach (2023)

In September 2023, the cloud gaming provider Shadow suffered a data breach that exposed over half a million customer records. The data included email and physical addresses, names and dates of birth.

Victim
Shadow
Records
543.3K
Data breachResolved

Naz.API data breach (2023)

In September 2023, over 100GB of stealer logs and credential stuffing lists titled "Naz.API" was posted to a popular hacking forum. The incident contained a combination of email address and plain text password pairs alongside the service they were entered into, and standalone credential pairsโ€ฆ

Victim
Naz.API
Records
70.8M
Data breachResolved

BreachForums Clone data breach (2023)

In June 2023, a clone of the previously shuttered popular hacking forum "BreachForums" suffered a data breach that exposed over 4k records. The breach was due to an exposed backup of the MyBB database which included email and IP addresses, usernames and Argon2 password hashes.

Victim
BreachForums Clone
Records
4.2K
Data breachResolved

Polish Credentials data breach (2023)

In May 2023, a credential stuffing list of 6.3M Polish email address and password pairs appeared on a local forum. Likely obtained by malware running on victims' machines, each record included an email address and plain text password alongside the website the credentials were used on.

Victim
Polish Credentials
Records
1.2M
Data breachResolved

Le Coq Sportif Columbia data breach (2023)

In January 2025, a data breach from the Columbian website for Le Coq Sportif was posted to a popular hacking forum. The data included almost 80k unique email addresses with the breach dating back to May 2023.

Victim
Le Coq Sportif Columbia
Records
79.7K
Data breachResolved

RentoMojo data breach (2023)

In April 2023, the Indian rental service RentoMojo suffered a data breach. The breach exposed over 2M unique email addresses along with names, phone, passport and Aadhaar numbers, genders, dates of birth, purchases and bcrypt password hashes.

Victim
RentoMojo
Records
2.2M
Data breachResolved

Duolingo data breach (2023)

In August 2023, 2.6M records of data scraped from Duolingo were broadly distributed on a popular hacking forum. Obtained by enumerating a vulnerable API, the data had earlier appeared for sale in January 2023 and contained email addresses, names, the languages being learned, XP (experience points),โ€ฆ

Victim
Duolingo
Records
2.7M
Data breachResolved

iD Tech data breach (2023)

In February 2023, the tech camps for kids service iD Tech had almost 1M records posted to a popular hacking forum. The data included 415k unique email addresses, names, dates of birth and plain text passwords which appear to have been breached in the previous month.

Victim
iD Tech
Records
415.1K
Data breachResolved

SevenRooms data breach (2022)

In December 2022, over 400GB of data belonging to restaurant customer management platform SevenRooms was posted for sale to a popular hacking forum. The data included 1.2M unique email addresses alongside names and purchases.

Victim
SevenRooms
Records
1.2M
Data breachResolved

Activision data breach (2022)

In December 2022, attackers socially engineered an Activision HR employee into disclosing information which led to the breach of almost 20k employee records. The data contained 16k unique email addresses along with names, phone numbers, job titles and the office location of the employee.

Victim
Activision
Records
16.0K
Data breachResolved

Get Revenge On Your Ex data breach (2022)

In September 2022, the revenge website Get Revenge On Your Ex suffered a data breach that exposed almost 80k unique email addresses. The data spanned both customers and victims including names, IP and physical addresses, phone numbers, purchase histories and plain text passwords.

Victim
Get Revenge On Your Ex
Records
79.2K
Data breachResolved

APK.TW data breach (2022)

In September 2022, the Taiwanese Android forum APK.TW suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 2.5M unique email addresses along with IP addresses, usernames and salted MD5 password hashes.

Victim
APK.TW
Records
2.5M
Data breachResolved

Wakanim data breach (2022)

In August 2022, the European streaming service Wakanim suffered a data breach which was subsequently advertised and sold on a popular hacking forum. The breach exposed 6.7M customer records including email, IP and physical addresses, names and usernames.

Victim
Wakanim
Records
6.7M
Data breachResolved

Latest Pilot Jobs data breach (2022)

In August 2022, the Latest Pilot Jobs website suffered a data breach that later appeared on a popular hacking forum before being redistributed as part of a larger corpus of data. The data included 119k unique email addresses along with names, usernames and unsalted MD5 password hashes.

Victim
Latest Pilot Jobs
Records
118.9K
Data breachResolved

Shitexpress data breach (2022)

In August 2022, the online faeces delivery service Shitexpress suffered a data breach that exposed 24k unique email addresses. The addresses spanned invoices, gift cards, promotions and PayPal records.

Victim
Shitexpress
Records
23.8K
Data breachResolved

Exvagos data breach (2022)

In July 2022, the direct download website Exvagos suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 2.1M unique email addresses along with IP addresses, usernames, dates of birth and MD5 password hashes.

Victim
Exvagos
Records
2.1M
Data breachResolved

Weee data breach (2022)

In February 2023, data belonging to the Asian and Hispanic food delivery service Weee appeared on a popular hacking forum. Dating back to mid-2022, the data included 1.1M unique email addresses from 11M rows of orders containing names, phone numbers and delivery instructions.

Victim
Weee
Records
1.1M
Data breachResolved

Adopt Me Trading Values data breach (2022)

In July 2022, the Adopt Me Trading Values website for assessing the value of pet trades within the "Adopt Me!" Roblox game suffered a data breach that was later redistributed as part of a larger corpus of data.

Victim
Adopt Me Trading Values
Records
86.1K
Data breachResolved

MemeChat data breach (2022)

In mid-2022, "the ultimate hub of memes" MemeChat suffered a data breach that exposed 7.4M records. Alleged to be due to a misconfigured Elasticsearch instance, the data contained 4.3M unique email addresses alongside usernames.

Victim
MemeChat
Records
4.3M
Data breachResolved

TNAFlix data breach (2022)

In June 2022, the adult website TNAFlix suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 1.4M records of email and IP addresses, usernames and plain text passwords.

Victim
TNAFlix
Records
1.4M
Data breachResolved

QuestionPro data breach (2022)

In May 2022, the survey website QuestionPro was the target of an extortion attempt relating to an alleged data breach. Over 100GB of data containing 22M unique email addresses (some of which appear to be generated by the platform), are alleged to have been extracted from the service along with IPโ€ฆ

Victim
QuestionPro
Records
22.2M
Data breachResolved

E-Pal data breach (2022)

In October 2022, the service dedicated to finding friends on Discord known as E-Pal disclosed a data breach. The compromised data included over 100k unique email addresses and usernames spanning approximately 1M orders. The data was subsequently distributed via a popular hacking forum.

Victim
E-Pal
Records
108.9K
Data breachResolved

CDEK data breach (2022)

In early 2022, a collective known as IT Army whose stated goal is to "completely de-anonymise most Russian users by leaking hundreds of gigabytes of databases" published over 30GB of data allegedly sourced from Russian courier service CDEK.

Victim
CDEK
Records
19.2M
Data breachResolved

CraftRise data breach (2022)

In May 2023, news broke of a data breach of the Turkish Minecraft server known as CraftRise. The data of over 2.5M users was subsequently shared on a popular hacking forum and included email addresses, usernames, geographic locations and plain text passwords.

Victim
CraftRise
Records
2.5M
Data breachResolved

Explore Talent (July 2024) data breach (2022)

In July 2024, a data breach attributed to Explore Talent was publicly posted to a popular hacking forum. Containing 5.7M rows with 5.4M unique email addresses, the incident has been described by various sources as occurring between early 2022 to 2023 and also contains names, phone numbers andโ€ฆ

Victim
Explore Talent (July 2024)
Records
5.4M
RansomwareResolved

Impresa media group ransomware attack

The Lapsus$ group seized the Amazon Web Services account of Impresa, Portugal's largest media conglomerate, knocking the Expresso newspaper and SIC television channels offline, defacing their websites and hijacking Expresso's verified Twitter account in what authorities called the country's largest ransomware attack.

Victim
Impresa (Expresso / SIC)
Data breachResolved

Twitter data breach (2022)

In January 2022, a vulnerability in Twitter's platform allowed an attacker to build a database of the email addresses and phone numbers of millions of users of the social platform.

Victim
Twitter
Records
6.7M
RansomwareResolved

Amedia ransomware attack

A ransomware attack encrypted the central systems of Amedia, Norway's largest local-newspaper group, halting presses and disrupting subscription and advertising systems for more than 70 titles serving around 2 million readers. Amedia refused to pay.

Victim
Amedia
Data breachResolved

Stripchat data breach (2021)

In November 2021, the live sex cams and adult chat website Stripchat left several databases exposed and unsecured. In June the following year, over 10M Stripchat records appeared on a popular hacking forum. The exposed data included usernames, email addresses and IP addresses.

Victim
Stripchat
Records
10.0M
Data breachResolved

JukinMedia data breach (2021)

In October 2021, the "global leader in user-generated entertainment" Jukin Media suffered a data breach. The breach exposed 13GB of code, configuration and data consisting of 314k unique email addresses along with names, phone numbers, IP addresses and bcrypt password hashes.

Victim
JukinMedia
Records
314.3K
Data breachResolved

Animeify data breach (2021)

In October 2021, the now defunct Arabic language Anime website Animeify suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 808k unique email addresses along with names, usernames, genders and plain text passwords.

Victim
Animeify
Records
808.0K
Data breachResolved

ActMobile data breach (2021)

In October 2021, security researcher Bob Diachenko discovered an exposed database he attributed to ActMobile, the operators of Dash VPN and FreeVPN. The exposed data included 1.6 million unique email addresses along with IP addresses and password hashes, all of which were subsequently leaked on aโ€ฆ

Victim
ActMobile
Records
1.6M
Data breachResolved

ECCIE data breach (2021)

In January 2021, the adult escort forum ECCIE suffered a data breach which was later posted to a popular hacking forum. The data included 536k user records with email and IP addresses, usernames, dates of birth and salted MD5 password hashes.

Victim
ECCIE
Records
536.9K
Data breachResolved

HeatGames data breach (2021)

In June 2021, the (now defunct) gaming website HeatGames suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed almost 650k unique email addresses along with IP addresses, country and salted MD5 password hashes.

Victim
HeatGames
Records
647.9K
Data breachResolved

START data breach (2021)

In August 2022, news broke of an attack against the Russian streaming service "START". The incident led to the exposure of 44M records containing 7.4M unique email addresses. The impacted data also included the subscriber's country and password hash.

Victim
START
Records
7.5M
Data breachResolved

Atmeltomo data breach (2021)

In April 2021, "Japan's largest e-mail friend search site" Atmeltomo suffered a data breach that was later sold on a popular hacking forum. The breach exposed 1.3M records with 580k unique email addresses along with usernames, IP addresses and unsalted MD5 password hashes.

Victim
Atmeltomo
Records
580.2K
Data breachResolved

KinoKong data breach (2021)

In March 2021, the Russian online streaming service KinoKong suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed over 800k unique email addresses along with names, usernames, IP addresses and MD5 password hashes.

Victim
KinoKong
Records
817.8K
Data breachResolved

Domino's India data breach (2021)

In April 2021, 13TB of compromised Domino's India appeared for sale on a hacking forum after which the company acknowledged a major data breach they dated back to March. The compromised data included 22.5 million unique email addresses, names, phone numbers, order histories and physical addresses.

Victim
Domino's India
Records
22.5M
Data breachResolved

SuperVPN & GeckoVPN data breach (2021)

In February 2021, a series of "free" VPN services were breached including SuperVPN and GeckoVPN, exposing over 20M records. The data appeared together in a single file with a small number of records also included from FlashVPN, suggesting that all three brands may share the same platform.

Victim
SuperVPN & GeckoVPN
Records
20.3M
Data breachResolved

WedMeGood data breach (2021)

In January 2021, the Indian wedding planning platform WedMeGood suffered a data breach that exposed 1.3 million customers. The breach exposed 41.5GB of data including email and physical addresses, names, genders, phone numbers and password hashes. The data was provided to HIBP by dehashed.com.

Victim
WedMeGood
Records
1.3M
Data breachResolved

Roblox Developer Conference (2023) data breach (2020)

In July 2023, a list of alleged attendees from the 2017-2020 Roblox Developers Conferences was circulated on a forum. The data contained 4k unique email addresses along with names, usernames, dates of birth, phone numbers, physical and IP addresses and T-shirt sizes

Victim
Roblox Developer Conference (2023)
Records
3.9K
Data breachResolved

Nitro data breach (2020)

In September 2020, the Nitro PDF service suffered a massive data breach which exposed over 70 million unique email addresses. The breach also exposed names, bcrypt password hashes and the titles of converted documents. The data was provided to HIBP by dehashed.com.

Victim
Nitro
Records
77.2M
Data breachResolved

Promo data breach (2020)

In July 2020, the self-proclaimed "World's #1 Marketing Video Maker" Promo suffered a data breach which was then shared extensively on a hacking forum. The incident exposed 22 million records containing almost 15 million unique email addresses alongside IP addresses, genders, names and saltedโ€ฆ

Victim
Promo
Records
14.6M
Data breachResolved

Dunzo data breach (2020)

In approximately June 2019, the Indian delivery service Dunzo suffered a data breach. Exposing 3.5 million unique email addresses, the Dunzo breach also included names, phone numbers and IP addresses which were all broadly distributed online via a hacking forum.

Victim
Dunzo
Records
3.5M
Data breachResolved

Mashable data breach (2020)

In approximately mid-2020, Mashable suffered a data breach that subsequently turned up publicly in November 2020. The data included 1.4 million unique email addresses along with names, genders, expired auth tokens, physical locations, links to social media profiles and days and months of birth.

Victim
Mashable
Records
1.4M
Data breachResolved

Preen.Me data breach (2020)

In May 2020, social media marketing company Preen.Me was the target of a ransom attack that resulted in hundreds of thousands of records being publicly posted. Over 236k unique email addresses were exposed in the attack alongside names, usernames and links to social media profiles.

Victim
Preen.Me
Records
236.1K
Data breachResolved

Sina Weibo data leak

Personal data on 538 million Sina Weibo accounts โ€” including the phone numbers of 172 million users โ€” was offered for sale on the dark web for about $250, in a leak Weibo attributed to address-book matching abuse dating back to 2018. China's industry ministry summoned the company over its handling of personal data.

Victim
Sina Weibo
Records
538.0M
Data breachResolved

Lead Hunter data breach (2020)

In March 2020, a massive trove of personal information referred to as "Lead Hunter" was provided to HIBP after being found left exposed on a publicly facing Elasticsearch server.

Victim
Lead Hunter
Records
68.7M
Data breachResolved

TrueFire data breach (2020)

In February 2020, the guitar tuition website TrueFire suffered a data breach which impacted 600k members. The breach exposed extensive personal information including names, email and physical addresses, account balances and unsalted MD5 password hashes. The data was provided to HIBP by dehashed.com.

Victim
TrueFire
Records
599.7K
Data breachResolved

HTC Mania data breach (2020)

In January 2020, the Spanish mobile phone forum HTC Mania suffered a data breach of the vBulletin based site. The incident exposed 1.5M member email addresses, usernames, IP addresses, dates of birth and salted MD5 password hashes and password histories.

Victim
HTC Mania
Records
1.5M
Data breachResolved

Avvo data breach (2019)

In approximately December 2019, an alleged data breach of the lawyer directory service Avvo was published to an online hacking forum and used in an extortion scam (it's possible the exposure dates back earlier than that).

Victim
Avvo
Records
4.1M
Data breachResolved

JoyGames data breach (2019)

In December 2019, the forum for the JoyGames website suffered a data breach that exposed 4.5M unique email addresses. The impacted data also included usernames, IP addresses and salted MD5 password hashes.

Victim
JoyGames
Records
4.5M
Data breachResolved

Unigame data breach (2019)

In December 2019, the now defunct gaming website Unigame (maker of Hunter Online) suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 844k email addresses and salted MD5 password hashes.

Victim
Unigame
Records
843.7K
Data breachResolved

KiwiFarms data breach (2019)

In September 2019, the forum for discussing "lolcows" (people who can be milked for laughs) Kiwi Farms suffered a data breach. The disclosure notice advised that email and IP addresses, dates of birth and content created by members were all exposed in the incident.

Victim
KiwiFarms
Records
4.6K
Data breachResolved

ToonDoo data breach (2019)

In August 2019, the comic strip creation website ToonDoo suffered a data breach. The data was subsequently redistributed on a popular hacking forum in November where the personal information of over 6M subscribers was shared.

Victim
ToonDoo
Records
6.0M
Data breachResolved

europa.jobs data breach (2019)

In August 2019, the now defunct European jobs website europa.jobs (Google cache link) suffered a data breach. The incident exposed 226k unique email addresses alongside extensive personal information including names, dates of birth, job applications and passwords.

Victim
europa.jobs
Records
226.1K
Data breachResolved

MGM Resorts data breach (2019)

In July 2019, MGM Resorts discovered a data breach of one of their cloud services. The breach included 10.6M guest records with 3.1M unique email addresses stemming back to 2017.

Victim
MGM Resorts
Records
3.1M
Data breachResolved

Condo.com data breach (2019)

In June 2019, now defunct website Condo.com suffered a data breach that was later redistributed as part of a larger corpus of data. The impacted data included 1.5M email addresses alongside names, phone numbers and for a small number of records, physical addresses.

Victim
Condo.com
Records
1.5M
Data breachResolved

Lumin PDF data breach (2019)

In April 2019, the PDF management service Lumin PDF suffered a data breach. The breach wasn't publicly disclosed until September when 15.5M records of user data appeared for download on a popular hacking forum.

Victim
Lumin PDF
Records
15.5M
Data breachResolved

Royal Enfield data breach (2019)

In January 2020, motorcycle maker Royal Enfield left a database publicly exposed that resulted in the inadvertent publication of over 400k customers. The impacted data included email and physical addresses, names, motorcycle information, social media profiles, passwords, and other personalโ€ฆ

Victim
Royal Enfield
Records
420.9K
Data breachResolved

Fotolog data breach (2018)

In December 2018, the photo sharing social network Fotolog suffered a data breach that exposed 16.7 million unique email addresses. The data also included usernames and unsalted SHA-256 password hashes.

Victim
Fotolog
Records
16.7M
Data breachResolved

Data & Leads data breach (2018)

In November 2018, security researcher Bob Diachenko identified an unprotected database believed to be hosted by a data aggregator. Upon further investigation, the data was linked to marketing company Data & Leads.

Victim
Data & Leads
Records
44.3M
Data breachResolved

Adapt data breach (2018)

In November 2018, security researcher Bob Diachenko identified an unprotected database hosted by data aggregator "Adapt". A provider of "Fresh Quality Contacts", the service exposed over 9.3M unique records of individuals and employer information including their names, employers, job titles,โ€ฆ

Victim
Adapt
Records
9.4M
Data breachResolved

You've Been Scraped data breach (2018)

In October and November 2018, security researcher Bob Diachenko identified several unprotected MongoDB instances believed to be hosted by a data aggregator.

Victim
You've Been Scraped
Records
66.1M
Data breachResolved

Color Dating data breach (2018)

In September 2018, the dating app to match people with different ethnicities Color Dating suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 220k unique email addresses along with bios, names, profile photos and bcrypt password hashes.

Victim
Color Dating
Records
220.5K
Data breachResolved

Knuddels data breach (2018)

In September 2018, the German social media website Knuddels suffered a data breach. The incident exposed 808k unique email addresses alongside usernames, real names, the city of the person and their password in plain text. Knuddels was subsequently fined โ‚ฌ20k for the breach.

Victim
Knuddels
Records
808.3K
Data breachResolved

HTH Studios data breach (2018)

In August 2018, the adult furry interactive game creator HTH Studios suffered a data breach impacting multiple repositories of customer data. Several months later, the data surfaced on a popular hacking forum and included 411k unique email addresses along with physical and IP addresses, names,โ€ฆ

Victim
HTH Studios
Records
411.8K
Data breachResolved

Trik Spam Botnet data breach (2018)

In June 2018, the command and control server of a malicious botnet known as the "Trik Spam Botnet" was misconfigured such that it exposed the email addresses of more than 43 million people.

Victim
Trik Spam Botnet
Records
43.4M
Data breachResolved

Houzz data breach (2018)

In mid-2018, the home-design platform Houzz had a file containing user data obtained by an unauthorized third party. The company learned of it in late 2018 and disclosed it in early 2019. Roughly 49 million accounts were exposed, including emails, usernames, salted password hashes and IP-derived locations.

Victim
Houzz
Records
48.9M
Data breachResolved

Lolzteam data breach (2018)

In May 2018, the Russian hacking forum Lolzteam suffered a data breach that exposed 400k members. The impacted data included usernames and email addresses which were later redistributed via another hacking forum.

Victim
Lolzteam
Records
398.0K
Data breachResolved

Creative data breach (2018)

In May 2018, the forum for Singaporean hardware company Creative Technology suffered a data breach which resulted in the disclosure of 483k unique email addresses. Running on an old version of vBulletin, the breach also disclosed usernames, IP addresses and salted MD5 password hashes.

Victim
Creative
Records
483.0K
Data breachResolved

Linux Forums data breach (2018)

In May 2018, the Linux Forums website suffered a data breach which resulted in the disclosure of 276k unique email addresses. Running on an old version of vBulletin, the breach also disclosed usernames, IP addresses and salted MD5 password hashes.

Victim
Linux Forums
Records
275.8K
Data breachResolved

Bestialitysextaboo data breach (2018)

In March 2018, the animal bestiality website known as Bestialitysextaboo was hacked. A collection of various sites running on the same service were also compromised and details of the hack (including links to the data) were posted on a popular forum.

Victim
Bestialitysextaboo
Records
3.2K
Data breachResolved

2fast4u data breach (2017)

In December 2017, the Belgian motorcycle forum 2fast4u discovered a data breach of their system. The breach of the vBulletin message board impacted over 17k individual users and exposed email addresses, usersnames and salted MD5 passwords.

Victim
2fast4u
Records
17.7K
Data breachResolved

ai.type data breach (2017)

In December 2017, the virtual keyboard application ai.type was found to have left a huge amount of data publicly facing in an unsecured MongoDB instance.

Victim
ai.type
Records
20.6M
Data breachResolved

TheTVDB.com data breach (2017)

In November 2017, the open television database known as TheTVDB.com suffered a data breach. The breached data was posted to a hacking forum and included 182k records with usernames, email addresses and MySQL password hashes.

Victim
TheTVDB.com
Records
181.9K
Data breachResolved

Smogon data breach (2017)

In April 2018, the Pokรฉmon website known as Smogon announced they'd suffered a data breach. The breach dated back to September 2017 and affected their XenForo based forum. The exposed data included usernames, email addresses, genders and both bcrypt and MD5 password hashes.

Victim
Smogon
Records
386.5K
Data breachResolved

Taringa data breach (2017)

In September 2017, news broke that Taringa had suffered a data breach exposing 28 million records. Known as "The Latin American Reddit", Taringa's breach disclosure notice indicated the incident dated back to August that year.

Victim
Taringa
Records
28.0M
Data breachResolved

Exposed VINs data breach (2017)

In June 2017, an unsecured database with more than 10 million VINs (vehicle identification numbers) was discovered by researchers. Believed to be sourced from US car dealerships, the data included a raft of personal information and vehicle data along with 397k unique email addresses.

Victim
Exposed VINs
Records
396.6K
EspionageResolved

Qatar News Agency hack

Attackers planted malware on Qatar's state news agency in April 2017 and exploited it on 24 May to publish fabricated quotes attributed to the Emir, providing the pretext used by Saudi Arabia, the UAE, Bahrain, and Egypt to launch a blockade of Qatar.

Victim
Qatar News Agency (QNA)
Data breachResolved

Underworld Empire data breach (2017)

In April 2017, the vBulletin forum for the Underworld Empire game suffered a data breach that exposed 429k accounts. The data was then posted to a hacking forum in mid-February 2018 where it was made available to download.

Victim
Underworld Empire
Records
428.8K
Data breachResolved

Bolt data breach (2017)

In approximately March 2017, the file sharing website Bolt suffered a data breach resulting in the exposure of 995k unique user records. The data was sourced from their vBulletin forum and contained email and IP addresses, usernames and salted MD5 password hashes.

Victim
Bolt
Records
995.3K
Data breachResolved

FreeOnes data breach (2017)

In February 2017, the forum for the adult website FreeOnes suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 960k unique email addresses alongside usernames, IP addresses and salted MD5 password hashes.

Victim
FreeOnes
Records
960.2K
Data breachResolved

LiveJournal data breach (2017)

In mid-2019, news broke of an alleged LiveJournal data breach. This followed multiple reports of credential abuse against Dreamwidth beginning in 2018, a fork of LiveJournal with a significant crossover in user base.

Victim
LiveJournal
Records
26.4M
Data breachResolved

R2 (2017 forum breach) data breach (2017)

In early 2017, the forum for the gaming website R2 Games was hacked. R2 had previously appeared on HIBP in 2015 after a prior incident. This one exposed over 1 million unique user accounts and corresponding MD5 password hashes with no salt.

Victim
R2 (2017 forum breach)
Records
1.0M
Data breachResolved

River City Media Spam List data breach (2017)

In January 2017, a massive trove of data from River City Media was found exposed online. The data was found to contain almost 1.4 billion records including email and IP addresses, names and physical addresses, all of which was used as part of an enormous spam operation.

Victim
River City Media Spam List
Records
393.4M
Data breachResolved

Ethereum data breach (2016)

In December 2016, the forum for the public blockchain-based distributed computing platform Ethereum suffered a data breach. The database contained over 16k unique email addresses along with IP addresses, private forum messages and (mostly) bcrypt hashed passwords.

Victim
Ethereum
Records
16.4K
Data breachResolved

MrExcel data breach (2016)

In December 2016, the forum for the Microsoft Excel tips and solutions site Mr Excel suffered a data breach. The hack of the vBulletin forum led to the exposure of over 366k accounts along with email and IP addresses, dates of birth and salted passwords hashed with MD5.

Victim
MrExcel
Records
366.1K
Data breachResolved

Biohack.me data breach (2016)

In December 2016, the forum for the biohacking website Biohack.me suffered a data breach that exposed 3.4k accounts. The data included usernames, email addresses and hashed passwords along with the private messages of forum members. The data was self-submitted to HIBP by the Biohack.me operators.

Victim
Biohack.me
Records
3.4K
Data breachResolved

xHamster data breach (2016)

In November 2016, news broke that hackers were trading hundreds of thousands of xHamster porn account details. In total, the data contained almost 380k unique user records including email addresses, usernames and unsalted MD5 password hashes.

Victim
xHamster
Records
377.4K
Data breachResolved

RankWatch data breach (2016)

In approximately November 2016, the search engine optimisation management company RankWatch exposed a Mongo DB with no password publicly whereupon their data was exfiltrated and posted to an online forum.

Victim
RankWatch
Records
7.4M
Data breachResolved

SubaGames data breach (2016)

In November 2016, the game developer Suba Games suffered a data breach which led to the exposure of 6.1M unique email addresses. Impacted data also included usernames and passwords, most of which appeared circulating in the breached file in plain text after being cracked from salted MD5 hashes.

Victim
SubaGames
Records
6.1M
Data breachResolved

Modern Business Solutions data breach (2016)

In October 2016, a large Mongo DB file containing tens of millions of accounts was shared publicly on Twitter (the file has since been removed). The database contained over 58M unique email addresses along with IP addresses, names, home addresses, genders, job titles, dates of birth and phoneโ€ฆ

Victim
Modern Business Solutions
Records
58.8M
Data breachResolved

Leet data breach (2016)

In August 2016, the service for creating and running Pocket Minecraft edition servers known as Leet was reported as having suffered a data breach that impacted 6 million subscribers.

Victim
Leet
Records
5.1M
Data breachResolved

Epic Games data breach (2016)

In August 2016, the Epic Games forum suffered a data breach, allegedly due to a SQL injection vulnerability in vBulletin. The attack resulted in the exposure of 252k accounts including usernames, email addresses and salted MD5 hashes of passwords.

Victim
Epic Games
Records
251.7K
Data breachResolved

Unreal Engine data breach (2016)

In August 2016, the Unreal Engine Forum suffered a data breach, allegedly due to a SQL injection vulnerability in vBulletin. The attack resulted in the exposure of 530k accounts including usernames, email addresses and salted MD5 hashes of passwords.

Victim
Unreal Engine
Records
530.1K
Data breachResolved

GSM Hosting data breach (2016)

In August 2016, breached data from the vBulletin forum for GSM-Hosting appeared for sale alongside dozens of other hacked services. The breach impacted 2.6M users of the service and included email and IP addresses, usernames and salted MD5 password hashes.

Victim
GSM Hosting
Records
2.6M
Data breachResolved

GTAGaming data breach (2016)

In August 2016, the Grand Theft Auto forum GTAGaming was hacked and nearly 200k user accounts were leaked. The vBulletin based forum included usernames, email addresses and password hashes.

Victim
GTAGaming
Records
197.2K
Data breachResolved

DLH.net data breach (2016)

In July 2016, the gaming news site DLH.net suffered a data breach which exposed 3.3M subscriber identities. Along with the keys used to redeem and activate games on the Steam platform, the breach also resulted in the exposure of email addresses, birth dates and salted MD5 password hashes.

Victim
DLH.net
Records
3.3M
Data breachResolved

dBforums data breach (2016)

In July 2016, a data breach of the now defunct database forum "dBforums" appeared for sale alongside several others hacked from the parent company, Penton.

Victim
dBforums
Records
363.5K
Data breachResolved

CrackingForum data breach (2016)

In approximately mid-2016, the cracking community forum known as CrackingForum suffered a data breach. The vBulletin based forum exposed 660k email and IP addresses, usernames and salted MD5 hashes.

Victim
CrackingForum
Records
660.3K
Data breachResolved

GPS Underground data breach (2016)

In early 2017, GPS Underground was amongst a collection of compromised vBulletin websites that were found being sold online. The breach dated back to mid-2016 and included 670k records with usernames, email and IP addresses, dates of birth and salted MD5 password hashes.

Victim
GPS Underground
Records
669.6K
Data breachResolved

Web Hosting Talk data breach (2016)

In July 2016, the Web Hosting Talk forum suffered a data breach that was subsequently listed for sale. The breach of the vBulletin based forum exposed 515k user records including usernames, email addresses, IP addresses and salted MD5 password hashes.

Victim
Web Hosting Talk
Records
515.1K
Data breachResolved

HLTV data breach (2016)

In June 2016, the "home of competitive Counter Strike" website HLTV was hacked and 611k accounts were exposed. The attack led to the exposure of names, usernames, email addresses and bcrypt hashes of passwords.

Victim
HLTV
Records
611.1K
EspionageResolved

Democratic National Committee hack

Russian GRU Units 26165 (APT28) and 31165 (APT29) compromised the Democratic National Committee, Hillary Clinton campaign, and DCCC. Stolen emails were selectively released via 'DCLeaks', 'Guccifer 2.0', and WikiLeaks to influence the 2016 U.S. presidential election.

Victim
Democratic National Committee + Clinton campaign + DCCC
Loss
$50.0M
Records
50.0K
Data breachResolved

ForumCommunity data breach (2016)

In approximately mid-2016, the Italian-based service for creating forums known as ForumCommunity suffered a data breach. The incident impacted over 776k unique email addresses along with usernames and unsalted MD5 password hashes. No response was received from ForumCommunity when contacted.

Victim
ForumCommunity
Records
776.6K
Data breachResolved

MangaFox.me data breach (2016)

In approximately July 2016, the manga website known as mangafox.me suffered a data breach. The vBulletin based forum exposed 1.3 million accounts including usernames, email and IP addresses, dates of birth and salted MD5 password hashes.

Victim
MangaFox.me
Records
1.3M
Data breachResolved

Shotbow data breach (2016)

In May 2016, the multiplayer server for Minecraft service Shotbow announced they'd suffered a data breach. The incident resulted in the exposure of over 1 million unique email addresses, usernames and salted SHA-256 password hashes.

Victim
Shotbow
Records
1.1M
Data breachResolved

Nulled.cr data breach (2016)

In May 2016, the cracking community forum known as Nulled.cr was hacked and 599k user accounts were leaked publicly. The compromised data included email and IP addresses, weak salted MD5 password hashes and hundreds of thousands of private messages between members.

Victim
Nulled.cr
Records
599.1K
Data breachResolved

GameVN data breach (2016)

In May 2016, the Vietnamese gaming forum GameVN suffered a data breach that was later redistributed as part of a larger corpus of data. Data breached from the XenForo-based forum included 1.4M unique email addresses, usernames, IP addresses and salted MD5 password hashes.

Victim
GameVN
Records
1.4M
Data breachResolved

CD Projekt RED data breach (2016)

In March 2016, Polish game developer CD Projekt RED suffered a data breach. The hack of their forum led to the exposure of almost 1.9 million accounts along with usernames, email addresses and salted SHA1 passwords.

Victim
CD Projekt RED
Records
1.9M
Data breachResolved

Linux Mint data breach (2016)

In February 2016, the website for the Linux distro known as Linux Mint was hacked and the ISO infected with a backdoor. The site also ran a phpBB forum which was subsequently put up for sale complete with almost 145k email addresses, passwords and other personal subscriber information.

Victim
Linux Mint
Records
145.0K
Data breachResolved

Flash Flash Revolution (2016 breach) data breach (2016)

In February 2016, the music-based rhythm game known as Flash Flash Revolution was hacked and 1.8M accounts were exposed. Along with email and IP addresses, the vBulletin forum also exposed salted MD5 password hashes.

Victim
Flash Flash Revolution (2016 breach)
Records
1.8M
Data breachResolved

uTorrent data breach (2016)

In early 2016, the forum for the uTorrent BitTorrent client suffered a data breach which came to light later in the year. The database from the IP.Board based forum contained 395k accounts including usernames, email addresses and MD5 password hashes without a salt.

Victim
uTorrent
Records
395.0K
Data breachResolved

QuinStreet data breach (2015)

In approximately late 2015, the maker of "performance marketing products" QuinStreet had a number of their online assets compromised. The attack impacted 28 separate sites, predominantly technology forums such as flashkit.com, codeguru.com and webdeveloper.com (view a full list of sites).

Victim
QuinStreet
Records
4.9M
Data breachResolved

Nihonomaru data breach (2015)

In late 2015, the anime community known as Nihonomaru had their vBulletin forum hacked and 1.7 million accounts exposed. The compromised data included email and IP addresses, usernames and salted hashes of passwords.

Victim
Nihonomaru
Records
1.7M
Data breachResolved

Programming Forums data breach (2015)

In approximately late 2015, the programming forum at programmingforums.org suffered a data breach resulting in the exposure of 707k unique user records. The data contained email and IP addresses, usernames and salted MD5 hashes of passwords.

Victim
Programming Forums
Records
707.4K
Data breachResolved

The Fappening data breach (2015)

In December 2015, the forum for discussing naked celebrity photos known as "The Fappening" (named after the iCloud leaks of 2014) was compromised and 179k accounts were leaked. Exposed member data included usernames, email addresses and salted hashes of passwords.

Victim
The Fappening
Records
179.0K
Data breachResolved

MajorGeeks data breach (2015)

In November 2015, almost 270k accounts from the MajorGeeks support forum were breached. The accounts were being actively sold and traded online and included email addresses, salted password hashes and IP addresses.

Victim
MajorGeeks
Records
269.5K
Data breachResolved

Comcast data breach (2015)

In November 2015, the US internet and cable TV provider Comcast suffered a data breach that exposed 590k customer email addresses and plain text passwords. A further 27k accounts appeared with home addresses with the entire data set being sold on underground forums.

Victim
Comcast
Records
616.9K
Data breachResolved

vBulletin data breach (2015)

In November 2015, the forum software maker vBulletin suffered a serious data breach. The attack lead to the release of both forum user and customer accounts totalling almost 519k records.

Victim
vBulletin
Records
519.0K
Data breachResolved

PHP Freaks data breach (2015)

In October 2015, the PHP discussion board PHP Freaks was hacked and 173k user accounts were publicly leaked. The breach included multiple personal data attributes as well as salted and hashed passwords.

Victim
PHP Freaks
Records
173.9K
Data breachResolved

MPGH data breach (2015)

In October 2015, the multiplayer game hacking website MPGH was hacked and 3.1 million user accounts disclosed. The vBulletin forum breach contained usernames, email addresses, IP addresses and salted hashes of passwords.

Victim
MPGH
Records
3.1M
Data breachResolved

NetEase data breach (2015)

In October 2015, a dataset attributed to the Chinese email provider NetEase (163.com and 126.com) surfaced, allegedly exposing around 234 million email addresses and plaintext passwords. NetEase denied any breach; HIBP lists the incident as unverified.

Victim
NetEase
Records
234.8M
Data breachResolved

PSP ISO data breach (2015)

In approximately September 2015, the PlayStation PSP forum known as PSP ISO was hacked and almost 1.3 million accounts were exposed. Along with email and IP addresses, the vBulletin forum also exposed salted MD5 password hashes.

Victim
PSP ISO
Records
1.3M
Data breachResolved

WIIU ISO data breach (2015)

In September 2015, the Nintendo Wii U forum known as WIIU ISO was hacked and 458k accounts were exposed. Along with email and IP addresses, the vBulletin forum also exposed salted MD5 password hashes.

Victim
WIIU ISO
Records
458.2K
Data breachResolved

Xbox 360 ISO data breach (2015)

In approximately September 2015, the XBOX 360 forum known as XBOX360 ISO was hacked and 1.2 million accounts were exposed. Along with email and IP addresses, the vBulletin forum also exposed salted MD5 password hashes.

Victim
Xbox 360 ISO
Records
1.3M
Data breachResolved

Final Fantasy Shrine data breach (2015)

In September 2015, the Final Fantasy discussion forum known as FFShrine was breached and the data dumped publicly. Approximately 620k records were released containing email addresses, IP addresses and salted hashes of passwords.

Victim
Final Fantasy Shrine
Records
620.7K
Data breachResolved

The Candid Board data breach (2015)

In September 2015, the non-consensual voyeurism site "The Candid Board" suffered a data breach. The hack of the vBulletin forum led to the exposure of over 178k accounts along with email and IP addresses, dates of birth and salted passwords hashed with MD5.

Victim
The Candid Board
Records
178.2K
Data breachResolved

ClearVoice Surveys data breach (2015)

In April 2021, the market research surveys company ClearVoice Surveys had a publicly facing database backup from 2015 taken and redistributed on a popular hacking forum.

Victim
ClearVoice Surveys
Records
15.1M
Data breachResolved

WildStar data breach (2015)

In July 2015, the IP.Board forum for the gaming website WildStar suffered a data breach that exposed over 738k forum members' accounts. The data was being actively traded on underground forums and included email addresses, birth dates and passwords.

Victim
WildStar
Records
738.6K
Data breachResolved

CheapAssGamer.com data breach (2015)

In approximately mid-2015, the forum for CheapAssGamer.com suffered a data breach. The database from the IP.Board based forum contained 445k accounts including usernames, email and IP addresses and salted MD5 password hashes.

Victim
CheapAssGamer.com
Records
444.8K
Data breachResolved

Scuf Gaming data breach (2015)

In June 2015, custom gaming controller maker Scuf Gaming suffered a data breach. The incident exposed 129k unique email addresses along with usernames, display names, IP addresses and password hashes.

Victim
Scuf Gaming
Records
128.7K
Data breachResolved

Eroticy data breach (2015)

In mid-2016, it's alleged that the adult website known as Eroticy was hacked. Almost 1.4 million unique accounts were found circulating in late 2016 which contained a raft of personal information ranging from email addresses to phone numbers to plain text passwords.

Victim
Eroticy
Records
1.4M
Data breachResolved

Minecraft Pocket Edition Forum data breach (2015)

In May 2015, the Minecraft Pocket Edition forum was hacked and over 16k accounts were dumped public. Allegedly hacked by @rmsg0d, the forum data included numerous personal pieces of data for each user. The forum has subsequently been decommissioned.

Victim
Minecraft Pocket Edition Forum
Records
16.0K
Data breachResolved

Adult FriendFinder (2015) data breach (2015)

In May 2015, the adult hookup site Adult FriendFinder was hacked and nearly 4 million records dumped publicly. The data dump included extremely sensitive personal information about individuals and their relationship statuses and sexual preferences combined with personally identifiable information.

Victim
Adult FriendFinder (2015)
Records
3.9M
Data breachResolved

Evermotion data breach (2015)

In May 2015, the Polish 3D modelling website known as Evermotion suffered a data breach resulting in the exposure of 435k unique user records. The data was sourced from a vBulletin forum and contained email addresses, usernames, dates of birth and salted MD5 hashes of passwords.

Victim
Evermotion
Records
435.5K
Data breachResolved

GameTuts data breach (2015)

Likely in early 2015, the video game website GameTuts suffered a data breach and over 2 million user accounts were exposed. The site later shut down in July 2016 but was identified as having been hosted on a vBulletin forum.

Victim
GameTuts
Records
2.1M
Data breachResolved

HongFire data breach (2015)

In March 2015, the anime and manga forum HongFire suffered a data breach. The hack of their vBulletin forum led to the exposure of 1 million accounts along with email and IP addresses, usernames, dates of birth and salted MD5 passwords.

Victim
HongFire
Records
1000.0K
Data breachResolved

Flashback data breach (2015)

In February 2015, the Swedish forum known as Flashback had sensitive internal data on 40k members published via the tabloid newspaper Aftonbladet. The data was allegedly sold to them via Researchgruppen (The Research Group) who have a history of exposing otherwise anonymous users, primarily thoseโ€ฆ

Victim
Flashback
Records
40.3K
Data breachResolved

Bleach Anime Forum data breach (2015)

In 2015, the now defunct independent forum for the Bleach Anime series suffered a data breach that exposed 144k user records. The impacted data included usernames, email addresses and salted MD5 password hashes.

Victim
Bleach Anime Forum
Records
143.7K
Data breachResolved

Acne.org data breach (2014)

In November 2014, the acne website acne.org suffered a data breach that exposed over 430k forum members' accounts. The data was being actively traded on underground forums and included email addresses, birth dates and passwords.

Victim
Acne.org
Records
432.9K
Data breachResolved

ILikeCheats data breach (2014)

In October 2014, the game cheats website known as ILikeCheats suffered a data breach that exposed 189k accounts. The vBulletin based forum leaked usernames, IP and email addresses and weak MD5 hashes of passwords. The data was provided with support from dehashed.com.

Victim
ILikeCheats
Records
188.8K
Data breachResolved

9Lives data breach (2014)

In October 2014, the (now defunct) Belgian gaming news forum 9Lives suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 109k unique email addresses along with usernames and salted MD5 password hashes.

Victim
9Lives
Records
109.5K
Data breachResolved

Yandex Dump data breach (2014)

In September 2014, news broke of a massive leak of accounts from Yandex, the Russian search engine giants who also provides email services. The purported million "breached" accounts were disclosed at the same time as nearly 5M mail.ru accounts with both companies claiming the credentials wereโ€ฆ

Victim
Yandex Dump
Records
1.2M
Data breachResolved

Vermillion data breach (2014)

In August 2014, the Roblox hacking forum Vermillion suffered a data breach that exposed over 8k subscriber records. The breach of the MyBB forum exposed email and IP addresses, usernames, dates of birth and salted password hashes.

Victim
Vermillion
Records
8.1K
Data breachResolved

Insanelyi data breach (2014)

In July 2014, the iOS forum Insanelyi was hacked by an attacker known as Kim Jong-Cracks. A popular source of information for users of jailbroken iOS devices running Cydia, the Insanelyi breach disclosed over 104k users' emails addresses, user names and weakly hashed passwords (salted MD5).

Victim
Insanelyi
Records
104.1K
Data breachResolved

PoliceOne data breach (2014)

In February 2017, the law enforcement website PoliceOne confirmed they'd suffered a data breach. The breach contained over 700k accounts which appeared for sale by a data broker and included email and IP addresses, usernames and salted MD5 password hashes.

Victim
PoliceOne
Records
709.9K
Data breachResolved

Black Hat World data breach (2014)

In June 2014, the search engine optimisation forum Black Hat World had three quarters of a million accounts breached from their system. The breach included various personally identifiable attributes which were publicly released in a MySQL database script.

Victim
Black Hat World
Records
777.4K
Data breachResolved

Avast data breach (2014)

In May 2014, the Avast anti-virus forum was hacked and 423k member records were exposed. The Simple Machines Based forum included usernames, emails and password hashes.

Victim
Avast
Records
423.0K
Data breachResolved

NextGenUpdate data breach (2014)

Early in 2014, the video game website NextGenUpdate reportedly suffered a data breach that disclosed almost 1.2 million accounts. Amongst the data breach was usernames, email addresses, IP addresses and salted and hashed passwords.

Victim
NextGenUpdate
Records
1.2M
Data breachResolved

CafeMom data breach (2014)

In 2014, the social network for mothers CafeMom suffered a data breach. The data surfaced alongside a number of other historical breaches including Kickstarter, Bitly and Disqus and contained 2.6 million email addresses and plain text passwords.

Victim
CafeMom
Records
2.6M
Data breachResolved

Boxee data breach (2014)

In March 2014, the home theatre PC software maker Boxee had their forums compromised in an attack. The attackers obtained the entire vBulletin MySQL database and promptly posted it for download on the Boxee forum itself.

Victim
Boxee
Records
158.1K
Data breachResolved

Spirol data breach (2014)

In February 2014, Connecticut based Spirol Fastening Solutions suffered a data breach that exposed over 70,000 customer records. The attack was allegedly mounted by exploiting a SQL injection vulnerability which yielded data from Spirolโ€™s CRM system ranging from customersโ€™ names, companies, contactโ€ฆ

Victim
Spirol
Records
55.6K
Data breachResolved

Muslim Directory data breach (2014)

In February 2014, the UK guide to services and business known as the Muslim Directory was attacked by the hacker known as @th3inf1d3l. The data was consequently dumped publicly and included the web accounts of tens of thousands of users which contained data including their names, home address, ageโ€ฆ

Victim
Muslim Directory
Records
37.8K
Data breachResolved

Forbes data breach (2014)

In February 2014, the Forbes website succumbed to an attack that leaked over 1 million user accounts. The attack was attributed to the Syrian Electronic Army, allegedly as retribution for a perceived "Hate of Syria".

Victim
Forbes
Records
1.1M
Data breachResolved

Tesco data breach (2014)

In February 2014, over 2,000 Tesco accounts with usernames, passwords and loyalty card balances appeared on Pastebin. Whilst the source of the breach is not clear, many confirmed the credentials were valid for Tesco and indeed they have a history of poor online security.

Victim
Tesco
Records
2.2K
Data breachResolved

Cannabis.com data breach (2014)

In February 2014, the vBulletin forum for the Marijuana site cannabis.com was breached and leaked publicly. Whilst there has been no public attribution of the breach, the leaked data included over 227k accounts and nearly 10k private messages between users of the forum.

Victim
Cannabis.com
Records
227.7K
Data breachResolved

Verified data breach (2014)

In January 2014, one of the largest communities of Eastern Europe cybercriminals known as "Verified" was hacked. The breach exposed nearly 17k users of the vBulletin forum including their personal messages and other potentially personally identifiable information.

Victim
Verified
Records
16.9K
Data breachResolved

Bitcoin Security Forum Gmail Dump data breach (2014)

In September 2014, a large dump of nearly 5M usernames and passwords was posted to a Russian Bitcoin forum. Whilst commonly reported as 5M "Gmail passwords", the dump also contained 123k yandex.ru addresses.

Victim
Bitcoin Security Forum Gmail Dump
Records
4.8M
Data breachResolved

ReverbNation data breach (2014)

In January 2014, the online service for assisting musicians to build their careers ReverbNation suffered a data breach which wasn't identified until September the following year. The breach contained over 7 million accounts with unique email addresses and salted SHA1 passwords.

Victim
ReverbNation
Records
7.0M
Data breachResolved

ThisHabbo Forum data breach (2014)

In 2014, the ThisHabbo forum (a fan site for Habbo.com, a Finnish social networking site) appeared among a list of compromised sites which has subsequently been removed from the internet.

Victim
ThisHabbo Forum
Records
612.4K
Data breachResolved

Astropid data breach (2013)

In December 2013, the vBulletin forum for the social engineering site known as "AstroPID" was breached and leaked publicly. The site provided tips on fraudulently obtaining goods and services, often by providing a legitimate "PID" or Product Information Description.

Victim
Astropid
Records
5.8K
Data breachResolved

Torrent Invites data breach (2013)

In December 2013, the torrent site Torrent Invites was hacked and over 352k accounts were exposed. The vBulletin forum contained usernames, email and IP addresses, birth dates and salted MD5 hashes of passwords.

Victim
Torrent Invites
Records
352.1K
Data breachResolved

Pixel Federation data breach (2013)

In December 2013, a breach of the web-based game community based in Slovakia exposed over 38,000 accounts which were promptly posted online. The breach included email addresses and unsalted MD5 hashed passwords, many of which were easily converted back to plain text.

Victim
Pixel Federation
Records
38.1K
Data breachResolved

Vodafone data breach (2013)

In November 2013, Vodafone in Iceland suffered an attack attributed to the Turkish hacker collective "Maxn3y". The data was consequently publicly exposed and included user names, email addresses, social security numbers, SMS message, server logs and passwords from a variety of different internalโ€ฆ

Victim
Vodafone
Records
56.0K
Data breachResolved

We Heart It data breach (2013)

In November 2013, the image-based social network We Heart It suffered a data breach. The incident wasn't discovered until October 2017 when 8.6 million user records were sent to HIBP.

Victim
We Heart It
Records
8.6M
Data breachResolved

iMesh data breach (2013)

In September 2013, the media and file sharing client known as iMesh was hacked and approximately 50M accounts were exposed. The data was later put up for sale on a dark market website in mid-2016 and included email and IP addresses, usernames and salted MD5 hashes.

Victim
iMesh
Records
49.5M
Data breachResolved

Crack Community data breach (2013)

In late 2013, the Crack Community forum specialising in cracks for games was compromised and over 19k accounts published online. Built on the MyBB forum platform, the compromised data included email addresses, IP addresses and salted MD5 passwords.

Victim
Crack Community
Records
19.2K
Data breachResolved

Win7Vista Forum data breach (2013)

In September 2013, the Win7Vista Windows forum (since renamed to the "Beyond Windows 9" forum) was hacked and later had its internal database dumped. The dump included over 200k membersโ€™ personal information and other internal data extracted from the forum.

Victim
Win7Vista Forum
Records
202.7K
Data breachResolved

DragonNest data breach (2013)

In August 2013, the massively multiplayer online role-playing game (MMORGP) DragonNest suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed over 500k unique email addresses along with usernames, IP addresses and plain text passwords.

Victim
DragonNest
Records
511.3K
Data breachResolved

Lord of the Rings Online data breach (2013)

In August 2013, the interactive video game Lord of the Rings Online suffered a data breach that exposed over 1.1M players' accounts. The data was being actively traded on underground forums and included email addresses, birth dates and password hashes.

Victim
Lord of the Rings Online
Records
1.1M
Data breachResolved

Lounge Board data breach (2013)

At some point in 2013, 45k accounts were breached from the Lounge Board "General Discussion Forum" and then dumped publicly. Lounge Board was a MyBB forum launched in 2012 and discontinued in mid 2013 (the last activity in the logs was from August 2013).

Victim
Lounge Board
Records
45.0K
Data breachResolved

Yam data breach (2013)

In June 2013, the Taiwanese website Yam.com suffered a data breach which was shared to a popular hacking forum in 2021. The data included 13 million unique email addresses alongside names, usernames, phone numbers, physical addresses, dates of birth and unsalted MD5 password hashes.

Victim
Yam
Records
13.3M
Data breachResolved

AhaShare.com data breach (2013)

In May 2013, the torrent site AhaShare.com suffered a breach which resulted in more than 180k user accounts being published publicly. The breach included a raft of personal information on registered users plus despite assertions of not distributing personally identifiable information, the site alsoโ€ฆ

Victim
AhaShare.com
Records
180.5K
Data breachResolved

Non Nude Girls data breach (2013)

In May 2013, the non-consensual voyeurism site "Non Nude Girls" suffered a data breach. The hack of the vBulletin forum led to the exposure of over 75k accounts along with email and IP addresses, names and plain text passwords.

Victim
Non Nude Girls
Records
75.4K
Data breachResolved

Dungeons & Dragons Online data breach (2013)

In April 2013, the interactive video game Dungeons & Dragons Online suffered a data breach that exposed almost 1.6M players' accounts. The data was being actively traded on underground forums and included email addresses, birth dates and password hashes.

Victim
Dungeons & Dragons Online
Records
1.6M
Data breachResolved

OMGPOP data breach (2013)

In approximately 2013, the maker of the Draw Something game OMGPOP suffered a data breach. Formerly known as i'minlikewithyou or iilwy and later purchased by Zynga, the breach exposed over 7M email address and plain text password pairs which were later leaked in 2019.

Victim
OMGPOP
Records
7.1M
Data breachResolved

BookCrossing data breach (2012)

In August 2022, the book social networking site BookCrossing disclosed a data breach that dated back to a database backup from November 2012. The incident exposed almost 1.6M records including names, usernames, email and IP addresses, dates of birth and plain text passwords.

Victim
BookCrossing
Records
1.6M
Data breachResolved

The Botting Network data breach (2012)

In August 2012, the forum for making money with botting "The Botting Network" suffered a data breach that exposed 96k user records. The now defunct vBulletin forum leaked 96k email addresses, usernames, dates of birth and salted MD5 password hashes.

Victim
The Botting Network
Records
96.3K
Data breachResolved

JobStreet data breach (2012)

In October 2017, the Malaysian website lowyat.net ran a story on a massive set of breached data affecting millions of Malaysians after someone posted it for sale on their forums.

Victim
JobStreet
Records
3.9M
Data breachResolved

VK data breach (2012)

Russia's largest social network VK was compromised around 2012, exposing roughly 93 million accounts with names, phone numbers, email addresses and plaintext passwords. The data surfaced for sale in 2016 via the broker 'Peace'.

Victim
VK
Records
93.3M
Data breachResolved

17173 data breach (2011)

In late 2011, a series of data breaches in China affected up to 100 million users, including 7.5 million from the gaming site known as 17173. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified".

Victim
17173
Records
7.5M
Data breachResolved

RuneScape Boards data breach (2011)

In around 2011, the now defunct RuneScape Boards forum (also known as RSBoards) suffered a data breach that was later redistributed as part of a larger corpus of data. The vBulletin-based service exposed 223k unique email addresses along with usernames, IP addresses and salted MD5 password hashes.

Victim
RuneScape Boards
Records
222.8K
Data breachResolved

hackforums.net data breach (2011)

In June 2011, the hacktivist group known as "LulzSec" leaked one final large data breach they titled "50 days of lulz". The compromised data came from sources such as AT&T, Battlefield Heroes and the hackforums.net website.

Victim
hackforums.net
Records
191.5K
Data breachResolved

Gawker data breach (2010)

In December 2010, Gawker was attacked by the hacker collective "Gnosis" in retaliation for what was reported to be a feud between Gawker and 4Chan. Information about Gawkers 1.3M users was published along with the data from Gawker's other web presences including Gizmodo and Lifehacker.

Victim
Gawker
Records
1.2M
DDoSResolved

2007 cyberattacks on Estonia

A three-week wave of distributed denial-of-service attacks crippled Estonian government, banking, and media websites amid a dispute with Russia, becoming the first cyber assault on an entire nation-state and the birthplace of NATO's cyber-defence doctrine.

Victim
Republic of Estonia (government, banks, media)