Skip to content

Incidents from

2014

Data breachResolved

Team SoloMid data breach (2014)

In December 2014, the electronic sports organisation known as Team SoloMid was hacked and 442k members accounts were leaked. The accounts included email and IP addresses, usernames and salted hashes of passwords.

Victim
Team SoloMid
Records
442.2K
Data breachResolved

Acne.org data breach (2014)

In November 2014, the acne website acne.org suffered a data breach that exposed over 430k forum members' accounts. The data was being actively traded on underground forums and included email addresses, birth dates and passwords.

Victim
Acne.org
Records
432.9K
Data breachResolved

Warframe data breach (2014)

In November 2014, the online game Warframe was hacked and 819k unique email addresses were exposed. Allegedly due to a SQL injection flaw in Drupal, the attack exposed usernames, email addresses and data in a "pass" column which adheres to the salted SHA12 password hashing pattern used by Drupal 7.

Victim
Warframe
Records
819.5K
Data breachResolved

Malwarebytes data breach (2014)

In November 2014, the Malwarebytes forum was hacked and 111k member records were exposed. The IP.Board forum included email and IP addresses, birth dates and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.

Victim
Malwarebytes
Records
111.6K
Data breachResolved

Bot of Legends data breach (2014)

In November 2014, the forum for Bot of Legends suffered a data breach. The IP.Board forum contained 238k accounts including usernames, email and IP addresses and passwords stored as salted MD5 hashes.

Victim
Bot of Legends
Records
238.4K
Data breachResolved

ILikeCheats data breach (2014)

In October 2014, the game cheats website known as ILikeCheats suffered a data breach that exposed 189k accounts. The vBulletin based forum leaked usernames, IP and email addresses and weak MD5 hashes of passwords. The data was provided with support from dehashed.com.

Victim
ILikeCheats
Records
188.8K
Data breachResolved

JPMorgan Chase data breach

Attackers exploited a server missing two-factor authentication to breach more than 90 JPMorgan Chase servers and steal contact details for 76 million households and 7 million small businesses β€” one of the largest intrusions ever into a U.S. financial institution.

Victim
JPMorgan Chase
Records
83.0M
Data breachResolved

9Lives data breach (2014)

In October 2014, the (now defunct) Belgian gaming news forum 9Lives suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 109k unique email addresses along with usernames and salted MD5 password hashes.

Victim
9Lives
Records
109.5K
Data breachResolved

BTC-E data breach (2014)

In October 2014, the Bitcoin exchange BTC-E was hacked and 568k accounts were exposed. The data included email and IP addresses, wallet balances and hashed passwords.

Victim
BTC-E
Records
568.3K
Data breachResolved

Tout data breach (2014)

In approximately September 2014, the now defunct social networking service Tout suffered a data breach. The breach subsequently appeared years later and included 653k unique email addresses, names, IP addresses, the location of the user, their bio and passwords stored as bcrypt hashes.

Victim
Tout
Records
652.7K
MalwareResolved

Home Depot POS breach

Attackers used a vendor's stolen credentials and custom point-of-sale malware to harvest about 56 million payment cards and 53 million email addresses from Home Depot's U.S. and Canadian self-checkout systems over five months β€” the largest retail card breach of its time.

Victim
The Home Depot
Loss
$179.0M
Records
56.0M
Data breachResolved

Yandex Dump data breach (2014)

In September 2014, news broke of a massive leak of accounts from Yandex, the Russian search engine giants who also provides email services. The purported million "breached" accounts were disclosed at the same time as nearly 5M mail.ru accounts with both companies claiming the credentials were…

Victim
Yandex Dump
Records
1.2M
Data breachResolved

Bin Weevils data breach (2014)

In September 2014, the online game Bin Weevils suffered a data breach. Whilst originally stating that only usernames and passwords had been exposed, a subsequent story on DataBreaches.net indicated that a more extensive set of personal attributes were impacted (comments there also suggest the data…

Victim
Bin Weevils
Records
1.3M
Data breachResolved

Powerbot data breach (2014)

In approximately September 2014, the RuneScape bot website Powerbot suffered a data breach resulting in the exposure of over half a million unique user records. The data contained email and IP addresses, usernames and salted MD5 hashes of passwords.

Victim
Powerbot
Records
503.5K
Data breachResolved

Vermillion data breach (2014)

In August 2014, the Roblox hacking forum Vermillion suffered a data breach that exposed over 8k subscriber records. The breach of the MyBB forum exposed email and IP addresses, usernames, dates of birth and salted password hashes.

Victim
Vermillion
Records
8.1K
Data breachResolved

Banorte data breach (2014)

In August 2022, millions of records from Mexican bank "Banorte" were publicly dumped on a popular hacking forum including 2.1M unique email addresses, physical addresses, names, phone numbers, RFC (tax) numbers, genders and bank balances.

Victim
Banorte
Records
2.1M
Data breachResolved

diet.com data breach (2014)

In August 2014, the diet and nutrition website diet.com suffered a data breach resulting in the exposure of 1.4 million unique user records dating back as far as 2004.

Victim
diet.com
Records
1.4M
Data breachResolved

PokΓ©mon Creed data breach (2014)

In August 2014, the PokΓ©mon RPG website PokΓ©mon Creed was hacked after a dispute with rival site, PokΓ©mon Dusk. In a post on Facebook, "Cruz Dusk" announced the hack then pasted the dumped MySQL database on pkmndusk.in.

Victim
PokΓ©mon Creed
Records
116.5K
Data breachResolved

Insanelyi data breach (2014)

In July 2014, the iOS forum Insanelyi was hacked by an attacker known as Kim Jong-Cracks. A popular source of information for users of jailbroken iOS devices running Cydia, the Insanelyi breach disclosed over 104k users' emails addresses, user names and weakly hashed passwords (salted MD5).

Victim
Insanelyi
Records
104.1K
Insider threatResolved

Benesse insider data breach

A contractor's system engineer copied 35 million customer records from Japanese education giant Benesse onto a personal device and sold them to data brokers β€” the largest insider data theft in Japanese history, triggering a Β₯20 billion compensation programme.

Victim
Benesse Holdings
Loss
$190.0M
Records
35.0M
Data breachResolved

PoliceOne data breach (2014)

In February 2017, the law enforcement website PoliceOne confirmed they'd suffered a data breach. The breach contained over 700k accounts which appeared for sale by a data broker and included email and IP addresses, usernames and salted MD5 password hashes.

Victim
PoliceOne
Records
709.9K
Data breachResolved

Black Hat World data breach (2014)

In June 2014, the search engine optimisation forum Black Hat World had three quarters of a million accounts breached from their system. The breach included various personally identifiable attributes which were publicly released in a MySQL database script.

Victim
Black Hat World
Records
777.4K
Data breachResolved

Sumo Torrent data breach (2014)

In June 2014, the torrent site Sumo Torrent was hacked and 285k member records were exposed. The data included IP addresses, email addresses and passwords stored as weak MD5 hashes.

Victim
Sumo Torrent
Records
285.2K
Data breachResolved

Domino's data breach (2014)

In June 2014, Domino's Pizza in France and Belgium was hacked by a group going by the name "Rex Mundi" and their customer data held to ransom. Domino's refused to pay the ransom and six months later, the attackers released the data along with troves of other hacked accounts.

Victim
Domino's
Records
648.2K
Data breachResolved

Manga Traders data breach (2014)

In June 2014, the Manga trading website Mangatraders.com had the usernames and passwords of over 900k users leaked on the internet (approximately 855k of the emails were unique). The passwords were weakly hashed with a single iteration of MD5 leaving them vulnerable to being easily cracked.

Victim
Manga Traders
Records
855.2K
Data breachResolved

Avast data breach (2014)

In May 2014, the Avast anti-virus forum was hacked and 423k member records were exposed. The Simple Machines Based forum included usernames, emails and password hashes.

Victim
Avast
Records
423.0K
Data breachResolved

Fridae data breach (2014)

In May 2014, over 25,000 user accounts were breached from the Asian lesbian, gay, bisexual and transgender website known as "Fridae". The attack which was announced on Twitter appears to have been orchestrated by Deletesec who claim that "Digital weapons shall annihilate all secrecy within…

Victim
Fridae
Records
35.4K
Data breachResolved

Business Acumen Magazine data breach (2014)

In April 2014, the Australian "Business Acumen Magazine" website was hacked by an attacker known as 1337MiR. The breach resulted in over 26,000 accounts being exposed including usernames, email addresses and password stored with a weak cryptographic hashing algorithm (MD5 with no salt).

Victim
Business Acumen Magazine
Records
26.6K
Data breachResolved

NextGenUpdate data breach (2014)

Early in 2014, the video game website NextGenUpdate reportedly suffered a data breach that disclosed almost 1.2 million accounts. Amongst the data breach was usernames, email addresses, IP addresses and salted and hashed passwords.

Victim
NextGenUpdate
Records
1.2M
Data breachResolved

CafeMom data breach (2014)

In 2014, the social network for mothers CafeMom suffered a data breach. The data surfaced alongside a number of other historical breaches including Kickstarter, Bitly and Disqus and contained 2.6 million email addresses and plain text passwords.

Victim
CafeMom
Records
2.6M
Data breachResolved

BigMoneyJobs data breach (2014)

In April 2014, the job site bigmoneyjobs.com was hacked by an attacker known as "ProbablyOnion". The attack resulted in the exposure of over 36,000 user accounts including email addresses, usernames and passwords which were stored in plain text.

Victim
BigMoneyJobs
Records
36.8K
Data breachResolved

Boxee data breach (2014)

In March 2014, the home theatre PC software maker Boxee had their forums compromised in an attack. The attackers obtained the entire vBulletin MySQL database and promptly posted it for download on the Boxee forum itself.

Victim
Boxee
Records
158.1K
Data breachResolved

Quantum Booter data breach (2014)

In March 2014, the booter service Quantum Booter (also referred to as Quantum Stresser) suffered a breach which lead to the disclosure of their internal database.

Victim
Quantum Booter
Records
48.6K
Data breachResolved

Rambler data breach (2014)

A data dump of almost 100 million accounts from Russian internet portal Rambler β€” often called 'the Russian Yahoo' β€” surfaced for trade in 2016, exposing roughly 91 million unique usernames and passwords stored in plain text.

Victim
Rambler
Records
91.4M
Data breachResolved

Spirol data breach (2014)

In February 2014, Connecticut based Spirol Fastening Solutions suffered a data breach that exposed over 70,000 customer records. The attack was allegedly mounted by exploiting a SQL injection vulnerability which yielded data from Spirol’s CRM system ranging from customers’ names, companies, contact…

Victim
Spirol
Records
55.6K
Data breachResolved

Muslim Directory data breach (2014)

In February 2014, the UK guide to services and business known as the Muslim Directory was attacked by the hacker known as @th3inf1d3l. The data was consequently dumped publicly and included the web accounts of tens of thousands of users which contained data including their names, home address, age…

Victim
Muslim Directory
Records
37.8K
Data breachResolved

Forbes data breach (2014)

In February 2014, the Forbes website succumbed to an attack that leaked over 1 million user accounts. The attack was attributed to the Syrian Electronic Army, allegedly as retribution for a perceived "Hate of Syria".

Victim
Forbes
Records
1.1M
Data breachResolved

Tesco data breach (2014)

In February 2014, over 2,000 Tesco accounts with usernames, passwords and loyalty card balances appeared on Pastebin. Whilst the source of the breach is not clear, many confirmed the credentials were valid for Tesco and indeed they have a history of poor online security.

Victim
Tesco
Records
2.2K
Data breachResolved

Coupon Mom / Armor Games data breach (2014)

In 2014, a file allegedly containing data hacked from Coupon Mom was created and included 11 million email addresses and plain text passwords. On further investigation, the file was also found to contain data indicating it had been sourced from Armor Games.

Victim
Coupon Mom / Armor Games
Records
11.0M
Data breachResolved

Cannabis.com data breach (2014)

In February 2014, the vBulletin forum for the Marijuana site cannabis.com was breached and leaked publicly. Whilst there has been no public attribution of the breach, the leaked data included over 227k accounts and nearly 10k private messages between users of the forum.

Victim
Cannabis.com
Records
227.7K
Data breachResolved

Bell (2014 breach) data breach (2014)

In February 2014, Bell Canada suffered a data breach via the hacker collective known as NullCrew. The breach included data from multiple locations within Bell and exposed email addresses, usernames, user preferences and a number of unencrypted passwords and credit card data from 40,000 records…

Victim
Bell (2014 breach)
Records
20.9K
Data breachResolved

Verified data breach (2014)

In January 2014, one of the largest communities of Eastern Europe cybercriminals known as "Verified" was hacked. The breach exposed nearly 17k users of the vBulletin forum including their personal messages and other potentially personally identifiable information.

Victim
Verified
Records
16.9K
Data breachResolved

Bitcoin Security Forum Gmail Dump data breach (2014)

In September 2014, a large dump of nearly 5M usernames and passwords was posted to a Russian Bitcoin forum. Whilst commonly reported as 5M "Gmail passwords", the dump also contained 123k yandex.ru addresses.

Victim
Bitcoin Security Forum Gmail Dump
Records
4.8M
Insider threatResolved

Korea Credit Bureau card-data theft

A contractor at the Korea Credit Bureau copied the card and identity data of about 20 million customers of KB Kookmin, Lotte and NH Nonghyup card firms onto a USB drive and sold it β€” one of the largest financial-data thefts in South Korean history.

Victim
Korea Credit Bureau (KCB) / KB Kookmin, Lotte, NH Nonghyup card units
Records
20.0M
Data breachResolved

WPT Amateur Poker League data breach (2014)

In January 2014, the World Poker Tour (WPT) Amateur Poker League website was hacked by the Twitter user @smitt3nz. The attack resulted in the public disclosure of 175,000 accounts including 148,000 email addresses. The plain text password for each account was also included in the breach.

Victim
WPT Amateur Poker League
Records
148.4K
Data breachResolved

HiAPK data breach (2014)

In approximately 2014, it's alleged that the Chinese Android store known as HIAPK suffered a data breach that impacted 13.8 million unique subscribers. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as…

Victim
HiAPK
Records
13.9M
Data breachResolved

ReverbNation data breach (2014)

In January 2014, the online service for assisting musicians to build their careers ReverbNation suffered a data breach which wasn't identified until September the following year. The breach contained over 7 million accounts with unique email addresses and salted SHA1 passwords.

Victim
ReverbNation
Records
7.0M
Data breachResolved

Snapchat data breach (2014)

In January 2014 just one week after Gibson Security detailed vulnerabilities in the service, Snapchat had 4.6 million usernames and phone number exposed.

Victim
Snapchat
Records
4.6M
Data breachResolved

ThisHabbo Forum data breach (2014)

In 2014, the ThisHabbo forum (a fan site for Habbo.com, a Finnish social networking site) appeared among a list of compromised sites which has subsequently been removed from the internet.

Victim
ThisHabbo Forum
Records
612.4K