Skip to content

Incidents from

2013

Data breachResolved

Astropid data breach (2013)

In December 2013, the vBulletin forum for the social engineering site known as "AstroPID" was breached and leaked publicly. The site provided tips on fraudulently obtaining goods and services, often by providing a legitimate "PID" or Product Information Description.

Victim
Astropid
Records
5.8K
Data breachResolved

Torrent Invites data breach (2013)

In December 2013, the torrent site Torrent Invites was hacked and over 352k accounts were exposed. The vBulletin forum contained usernames, email and IP addresses, birth dates and salted MD5 hashes of passwords.

Victim
Torrent Invites
Records
352.1K
Data breachResolved

Pixel Federation data breach (2013)

In December 2013, a breach of the web-based game community based in Slovakia exposed over 38,000 accounts which were promptly posted online. The breach included email addresses and unsalted MD5 hashed passwords, many of which were easily converted back to plain text.

Victim
Pixel Federation
Records
38.1K
Data breachResolved

Vodafone data breach (2013)

In November 2013, Vodafone in Iceland suffered an attack attributed to the Turkish hacker collective "Maxn3y". The data was consequently publicly exposed and included user names, email addresses, social security numbers, SMS message, server logs and passwords from a variety of different internalโ€ฆ

Victim
Vodafone
Records
56.0K
Data breachResolved

XSplit data breach (2013)

In November 2013, the makers of gaming live streaming and recording software XSplit was compromised in an online attack. The data breach leaked almost 3M names, email addresses, usernames and hashed passwords.

Victim
XSplit
Records
3.0M
Data breachResolved

We Heart It data breach (2013)

In November 2013, the image-based social network We Heart It suffered a data breach. The incident wasn't discovered until October 2017 when 8.6 million user records were sent to HIBP.

Victim
We Heart It
Records
8.6M
Data breachResolved

Mecho Download data breach (2013)

In October 2013, the (now defunct) downloads website "Mecho Download" suffered a data breach that exposed 438k records. Data from the vBulletin based website included email and IP addresses, usernames and passwords stored as salted MD5 hashes.

Victim
Mecho Download
Records
437.9K
Data breachResolved

Adobe data breach (2013)

Attackers stole roughly 153 million Adobe account records โ€” IDs, emails, weakly encrypted passwords and plaintext password hints โ€” along with source code for several Adobe products, in one of the largest software-company breaches on record.

Victim
Adobe Systems
Loss
$1.0M
Records
152.4M
Data breachResolved

iMesh data breach (2013)

In September 2013, the media and file sharing client known as iMesh was hacked and approximately 50M accounts were exposed. The data was later put up for sale on a dark market website in mid-2016 and included email and IP addresses, usernames and salted MD5 hashes.

Victim
iMesh
Records
49.5M
Data breachResolved

Crack Community data breach (2013)

In late 2013, the Crack Community forum specialising in cracks for games was compromised and over 19k accounts published online. Built on the MyBB forum platform, the compromised data included email addresses, IP addresses and salted MD5 passwords.

Victim
Crack Community
Records
19.2K
Data breachResolved

Win7Vista Forum data breach (2013)

In September 2013, the Win7Vista Windows forum (since renamed to the "Beyond Windows 9" forum) was hacked and later had its internal database dumped. The dump included over 200k membersโ€™ personal information and other internal data extracted from the forum.

Victim
Win7Vista Forum
Records
202.7K
Data breachResolved

Yatra data breach (2013)

In September 2013, the Indian bookings website known as Yatra had 5 million records exposed in a data breach. The data contained email and physical addresses, dates of birth and phone numbers along with both PINs and passwords stored in plain text.

Victim
Yatra
Records
5.0M
Data breachResolved

DragonNest data breach (2013)

In August 2013, the massively multiplayer online role-playing game (MMORGP) DragonNest suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed over 500k unique email addresses along with usernames, IP addresses and plain text passwords.

Victim
DragonNest
Records
511.3K
Data breachResolved

Evite data breach (2013)

An archived 2013 database from social-invitations site Evite was accessed by an attacker and later traded online, exposing roughly 101 million unique email addresses along with names, phone numbers, postal addresses, dates of birth and plaintext passwords.

Victim
Evite
Records
101.0M
Data breachResolved

Lord of the Rings Online data breach (2013)

In August 2013, the interactive video game Lord of the Rings Online suffered a data breach that exposed over 1.1M players' accounts. The data was being actively traded on underground forums and included email addresses, birth dates and password hashes.

Victim
Lord of the Rings Online
Records
1.1M
Data breachResolved

Lounge Board data breach (2013)

At some point in 2013, 45k accounts were breached from the Lounge Board "General Discussion Forum" and then dumped publicly. Lounge Board was a MyBB forum launched in 2012 and discontinued in mid 2013 (the last activity in the logs was from August 2013).

Victim
Lounge Board
Records
45.0K
Data breachResolved

OwnedCore data breach (2013)

In approximately August 2013, the World of Warcraft exploits forum known as OwnedCore was hacked and more than 880k accounts were exposed. The vBulletin forum included IP addresses and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.

Victim
OwnedCore
Records
880.3K
Data breachResolved

Nexus Mods data breach (2013)

In December 2015, the game modding site Nexus Mods released a statement notifying users that they had been hacked. They subsequently dated the hack as having occurred in July 2013 although there is evidence to suggest the data was being traded months in advance of that.

Victim
Nexus Mods
Records
5.9M
Data breachResolved

Yam data breach (2013)

In June 2013, the Taiwanese website Yam.com suffered a data breach which was shared to a popular hacking forum in 2021. The data included 13 million unique email addresses alongside names, usernames, phone numbers, physical addresses, dates of birth and unsalted MD5 password hashes.

Victim
Yam
Records
13.3M
Data breachResolved

AhaShare.com data breach (2013)

In May 2013, the torrent site AhaShare.com suffered a breach which resulted in more than 180k user accounts being published publicly. The breach included a raft of personal information on registered users plus despite assertions of not distributing personally identifiable information, the site alsoโ€ฆ

Victim
AhaShare.com
Records
180.5K
Data breachResolved

Non Nude Girls data breach (2013)

In May 2013, the non-consensual voyeurism site "Non Nude Girls" suffered a data breach. The hack of the vBulletin forum led to the exposure of over 75k accounts along with email and IP addresses, names and plain text passwords.

Victim
Non Nude Girls
Records
75.4K
Data breachResolved

Neopets data breach (2013)

In May 2016, a set of breached data originating from the virtual pet website "Neopets" was found being traded online. Allegedly hacked "several years earlier", the data contains sensitive personal information including birthdates, genders and names as well as almost 27 million unique emailโ€ฆ

Victim
Neopets
Records
26.9M
Data breachResolved

Dungeons & Dragons Online data breach (2013)

In April 2013, the interactive video game Dungeons & Dragons Online suffered a data breach that exposed almost 1.6M players' accounts. The data was being actively traded on underground forums and included email addresses, birth dates and password hashes.

Victim
Dungeons & Dragons Online
Records
1.6M
Data breachResolved

Brazzers data breach (2013)

In April 2013, the adult website known as Brazzers was hacked and 790k accounts were exposed publicly. Each record included a username, email address and password stored in plain text. The breach was brought to light by the Vigilante.pw data breach reporting site in September 2016.

Victim
Brazzers
Records
790.7K
Data breachResolved

Heroes of Gaia data breach (2013)

In early 2013, the online fantasy multiplayer game Heroes of Gaia suffered a data breach. The newest records in the data set indicate a breach date of 4 January 2013 and include usernames, IP and email addresses but no passwords.

Victim
Heroes of Gaia
Records
180.0K
Data breachResolved

JD data breach (2013)

In 2013 (exact date unknown), the Chinese e-commerce service JD suffered a data breach that exposed 13GB of data containing 77 million unique email addresses. The data also included usernames, phone numbers and passwords stored as SHA-1 hashes.

Victim
JD
Records
77.4M
Data breachResolved

OMGPOP data breach (2013)

In approximately 2013, the maker of the Draw Something game OMGPOP suffered a data breach. Formerly known as i'minlikewithyou or iilwy and later purchased by Zynga, the breach exposed over 7M email address and plain text password pairs which were later leaked in 2019.

Victim
OMGPOP
Records
7.1M