Skip to content

Incidents from

2015

Data breachResolved

Trillian data breach (2015)

In December 2015, the instant messaging application Trillian suffered a data breach. The breach became known in July 2016 and exposed various personal data attributes including names, email addresses and passwords stored as salted MD5 hashes.

Victim
Trillian
Records
3.8M
EspionageContained

Ukraine power grid attack โ€” Sandworm BlackEnergy (2015)

The Russia-linked Sandworm group used spear-phishing, BlackEnergy3, and KillDisk to remotely flip breakers at three Ukrainian regional electricity distribution companies, cutting power to approximately 230,000 customers for 1โ€“6 hours. It is the first publicly acknowledged successful cyberattack on an electric power grid in history.

Victim
Ukrainian regional electricity distribution companies (Oblenergos)
Data breachResolved

QuinStreet data breach (2015)

In approximately late 2015, the maker of "performance marketing products" QuinStreet had a number of their online assets compromised. The attack impacted 28 separate sites, predominantly technology forums such as flashkit.com, codeguru.com and webdeveloper.com (view a full list of sites).

Victim
QuinStreet
Records
4.9M
Data breachResolved

Aternos data breach (2015)

In December 2015, the service for creating and running free Minecraft servers known as Aternos suffered a data breach that impacted 1.4 million subscribers. The data included usernames, email and IP addresses and hashed passwords.

Victim
Aternos
Records
1.4M
Data breachResolved

DaniWeb data breach (2015)

In late 2015, the technology and social site DaniWeb suffered a data breach. The attack resulted in the disclosure of 1.1 million accounts including email and IP addresses which were also accompanied by salted MD5 hashes of passwords.

Victim
DaniWeb
Records
1.1M
Data breachResolved

Nihonomaru data breach (2015)

In late 2015, the anime community known as Nihonomaru had their vBulletin forum hacked and 1.7 million accounts exposed. The compromised data included email and IP addresses, usernames and salted hashes of passwords.

Victim
Nihonomaru
Records
1.7M
Data breachResolved

Programming Forums data breach (2015)

In approximately late 2015, the programming forum at programmingforums.org suffered a data breach resulting in the exposure of 707k unique user records. The data contained email and IP addresses, usernames and salted MD5 hashes of passwords.

Victim
Programming Forums
Records
707.4K
Data breachResolved

The Fappening data breach (2015)

In December 2015, the forum for discussing naked celebrity photos known as "The Fappening" (named after the iCloud leaks of 2014) was compromised and 179k accounts were leaked. Exposed member data included usernames, email addresses and salted hashes of passwords.

Victim
The Fappening
Records
179.0K
Data breachResolved

MajorGeeks data breach (2015)

In November 2015, almost 270k accounts from the MajorGeeks support forum were breached. The accounts were being actively sold and traded online and included email addresses, salted password hashes and IP addresses.

Victim
MajorGeeks
Records
269.5K
Data breachResolved

Beautiful People data breach (2015)

In November 2015, the dating website Beautiful People was hacked and over 1.1M accounts were leaked. The data was being traded in underground circles and included a huge amount of personal information related to dating.

Victim
Beautiful People
Records
1.1M
Data breachResolved

Comcast data breach (2015)

In November 2015, the US internet and cable TV provider Comcast suffered a data breach that exposed 590k customer email addresses and plain text passwords. A further 27k accounts appeared with home addresses with the entire data set being sold on underground forums.

Victim
Comcast
Records
616.9K
Data breachResolved

Ancestry data breach (2015)

In November 2015, an Ancestry service known as RootsWeb suffered a data breach. The breach was not discovered until late 2017 when a file containing almost 300k email addresses and plain text passwords was identified.

Victim
Ancestry
Records
297.8K
Data breachResolved

InterPals data breach (2015)

In late 2015, the online penpal site InterPals had their website hacked and 3.4 million accounts exposed. The compromised data included email addresses, geographical locations, birthdates and salted hashes of passwords.

Victim
InterPals
Records
3.4M
Data breachResolved

xat data breach (2015)

In November 2015, the online chatroom known as "xat" was hacked and 6 million user accounts were exposed. Used as a chat engine on websites, the leaked data included usernames, email and IP addresses along with hashed passwords.

Victim
xat
Records
6.0M
Data breachResolved

vBulletin data breach (2015)

In November 2015, the forum software maker vBulletin suffered a serious data breach. The attack lead to the release of both forum user and customer accounts totalling almost 519k records.

Victim
vBulletin
Records
519.0K
Data breachResolved

Abandonia (2015) data breach (2015)

In November 2015, the gaming website dedicated to classic DOS games Abandonia suffered a data breach resulting in the exposure of 776k unique user records. The data contained email and IP addresses, usernames and salted MD5 hashes of passwords.

Victim
Abandonia (2015)
Records
776.1K
Data breachResolved

R2Games data breach (2015)

In late 2015, the gaming website R2Games was hacked and more than 2.1M personal records disclosed. The vBulletin forum included IP addresses and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.

Victim
R2Games
Records
22.3M
Data breachResolved

Mac-Torrents data breach (2015)

In October 2015, the torrent site Mac-Torrents was hacked and almost 94k usernames, email addresses and passwords were leaked. The passwords were hashed with MD5 and no salt.

Victim
Mac-Torrents
Records
94.0K
Data breachResolved

PHP Freaks data breach (2015)

In October 2015, the PHP discussion board PHP Freaks was hacked and 173k user accounts were publicly leaked. The breach included multiple personal data attributes as well as salted and hashed passwords.

Victim
PHP Freaks
Records
173.9K
Data breachResolved

Go Games data breach (2015)

In approximately October 2015, the manga website Go Games suffered a data breach. The exposed data included 3.4M customer records including email and IP addresses, usernames and passwords stored as salted MD5 hashes. Go Games did not respond when contacted about the incident.

Victim
Go Games
Records
3.4M
Data breachResolved

Gamerzplanet data breach (2015)

In approximately October 2015, the online gaming forum known as Gamerzplanet was hacked and more than 1.2M accounts were exposed. The vBulletin forum included IP addresses and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.

Victim
Gamerzplanet
Records
1.2M
Data breachResolved

MPGH data breach (2015)

In October 2015, the multiplayer game hacking website MPGH was hacked and 3.1 million user accounts disclosed. The vBulletin forum breach contained usernames, email addresses, IP addresses and salted hashes of passwords.

Victim
MPGH
Records
3.1M
Data breachResolved

NapsGear data breach (2015)

In October 2015, the anabolic steroids retailer NapsGear suffered a data breach. An extensive amount of personal information on 287k customers was exposed including email addresses, names, addresses, phone numbers, purchase histories and salted MD5 password hashes.

Victim
NapsGear
Records
287.1K
Data breachResolved

NetEase data breach (2015)

In October 2015, a dataset attributed to the Chinese email provider NetEase (163.com and 126.com) surfaced, allegedly exposing around 234 million email addresses and plaintext passwords. NetEase denied any breach; HIBP lists the incident as unverified.

Victim
NetEase
Records
234.8M
Data breachResolved

Special K Data Feed Spam List data breach (2015)

In mid to late 2015, a spam list known as the Special K Data Feed was discovered containing almost 31M identities. The data includes personal attributes such as names, physical and IP addresses, genders, birth dates and phone numbers. Read more about spam lists in HIBP.

Victim
Special K Data Feed Spam List
Records
30.7M
Data breachResolved

Patreon data breach (2015)

In October 2015, the crowdfunding site Patreon was hacked and over 16GB of data was released publicly. The dump included almost 14GB of database records with more than 2.3M unique email addresses, millions of personal messages and passwords stored as bcrypt hashes.

Victim
Patreon
Records
2.3M
Data breachResolved

PSP ISO data breach (2015)

In approximately September 2015, the PlayStation PSP forum known as PSP ISO was hacked and almost 1.3 million accounts were exposed. Along with email and IP addresses, the vBulletin forum also exposed salted MD5 password hashes.

Victim
PSP ISO
Records
1.3M
Data breachResolved

WIIU ISO data breach (2015)

In September 2015, the Nintendo Wii U forum known as WIIU ISO was hacked and 458k accounts were exposed. Along with email and IP addresses, the vBulletin forum also exposed salted MD5 password hashes.

Victim
WIIU ISO
Records
458.2K
Data breachResolved

Xbox 360 ISO data breach (2015)

In approximately September 2015, the XBOX 360 forum known as XBOX360 ISO was hacked and 1.2 million accounts were exposed. Along with email and IP addresses, the vBulletin forum also exposed salted MD5 password hashes.

Victim
Xbox 360 ISO
Records
1.3M
Data breachResolved

Final Fantasy Shrine data breach (2015)

In September 2015, the Final Fantasy discussion forum known as FFShrine was breached and the data dumped publicly. Approximately 620k records were released containing email addresses, IP addresses and salted hashes of passwords.

Victim
Final Fantasy Shrine
Records
620.7K
Data breachResolved

Experian (2015) data breach (2015)

In September 2015, the US based credit bureau and consumer data broker Experian suffered a data breach that impacted 15 million customers who had applied for financing from T-Mobile.

Victim
Experian (2015)
Records
7.2M
Data breachResolved

The Candid Board data breach (2015)

In September 2015, the non-consensual voyeurism site "The Candid Board" suffered a data breach. The hack of the vBulletin forum led to the exposure of over 178k accounts along with email and IP addresses, dates of birth and salted passwords hashed with MD5.

Victim
The Candid Board
Records
178.2K
Data breachResolved

ClearVoice Surveys data breach (2015)

In April 2021, the market research surveys company ClearVoice Surveys had a publicly facing database backup from 2015 taken and redistributed on a popular hacking forum.

Victim
ClearVoice Surveys
Records
15.1M
Data breachResolved

MyVidster (2015) data breach (2015)

In August 2015, the social video sharing and bookmarking site MyVidster was hacked and nearly 20,000 accounts were dumped online. The dump included usernames, email addresses and hashed passwords.

Victim
MyVidster (2015)
Records
19.9K
Data breachResolved

StoryBird data breach (2015)

In August 2015, the storytelling service StoryBird suffered a data breach exposing 4 million records with 1 million unique email addresses. Impacted data also included names, usernames and passwords stored as PBKDF2 hashes. The data was provided to HIBP by dehashed.com.

Victim
StoryBird
Records
1.0M
Data breachResolved

Pokรฉbip data breach (2015)

In July 2015, the French Pokรฉmon site Pokรฉbip suffered a data breach which exposed 657k subscriber identities. The data included email and IP addresses, usernames and passwords stored as unsalted MD5 hashes.

Victim
Pokรฉbip
Records
657.0K
Data breachResolved

Soundwave data breach (2015)

In approximately mid 2015, the music tracking app Soundwave suffered a data breach. The breach stemmed from an incident whereby "production data had been used to populate the test database" and was then inadvertently exposed in a MongoDB.

Victim
Soundwave
Records
130.7K
Data breachResolved

Seedpeer data breach (2015)

In July 2015, the torrent site Seedpeer was hacked and 282k member records were exposed. The data included usernames, email addresses and passwords stored as weak MD5 hashes.

Victim
Seedpeer
Records
281.9K
Data breachResolved

WildStar data breach (2015)

In July 2015, the IP.Board forum for the gaming website WildStar suffered a data breach that exposed over 738k forum members' accounts. The data was being actively traded on underground forums and included email addresses, birth dates and passwords.

Victim
WildStar
Records
738.6K
Data breachResolved

Hacking Team data breach (2015)

In July 2015, the Italian security firm Hacking Team suffered a major data breach that resulted in over 400GB of their data being posted online via a torrent. The data searchable on "Have I Been Pwned?" is from 189GB worth of PST mail folders in the dump.

Victim
Hacking Team
Records
32.3K
Data breachResolved

myRepoSpace data breach (2015)

In July 2015, the Cydia repository known as myRepoSpace was hacked and user data leaked publicly. Cydia is designed to facilitate the installation of apps on jailbroken iOS devices.

Victim
myRepoSpace
Records
252.8K
Data breachResolved

Plex data breach (2015)

In July 2015, the discussion forum for Plex media centre was hacked and over 327k accounts exposed. The IP.Board forum included IP addresses and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.

Victim
Plex
Records
327.3K
Data breachResolved

CheapAssGamer.com data breach (2015)

In approximately mid-2015, the forum for CheapAssGamer.com suffered a data breach. The database from the IP.Board based forum contained 445k accounts including usernames, email and IP addresses and salted MD5 password hashes.

Victim
CheapAssGamer.com
Records
444.8K
Data breachResolved

iPmart data breach (2015)

During 2015, the iPmart forum (now known as Mobi NUKE) was hacked and over 2 million forum members' details were exposed. The vBulletin forum included IP addresses, birth dates and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.

Victim
iPmart
Records
2.5M
Data breachResolved

PS3Hax data breach (2015)

In approximately July 2015, the Sony Playstation hacks and mods forum known as PS3Hax was hacked and more than 447k accounts were exposed. The vBulletin forum included IP addresses and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.

Victim
PS3Hax
Records
447.4K
Data breachResolved

SvenskaMagic data breach (2015)

Sometime in 2015, the Swedish magic website SvenskaMagic suffered a data breach that exposed over 30k records. The compromised data included usernames, email addresses and MD5 password hashes. The data was self-submitted to HIBP by SvenskaMagic.

Victim
SvenskaMagic
Records
30.3K
Data breachResolved

Minefield data breach (2015)

In June 2015, the French Minecraft server known as Minefield was hacked and 188k member records were exposed. The IP.Board forum included email and IP addresses, birth dates and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.

Victim
Minefield
Records
188.3K
Data breachResolved

Scuf Gaming data breach (2015)

In June 2015, custom gaming controller maker Scuf Gaming suffered a data breach. The incident exposed 129k unique email addresses along with usernames, display names, IP addresses and password hashes.

Victim
Scuf Gaming
Records
128.7K
Data breachResolved

Eroticy data breach (2015)

In mid-2016, it's alleged that the adult website known as Eroticy was hacked. Almost 1.4 million unique accounts were found circulating in late 2016 which contained a raft of personal information ranging from email addresses to phone numbers to plain text passwords.

Victim
Eroticy
Records
1.4M
Data breachResolved

Minecraft Pocket Edition Forum data breach (2015)

In May 2015, the Minecraft Pocket Edition forum was hacked and over 16k accounts were dumped public. Allegedly hacked by @rmsg0d, the forum data included numerous personal pieces of data for each user. The forum has subsequently been decommissioned.

Victim
Minecraft Pocket Edition Forum
Records
16.0K
Data breachResolved

Bitcoin Talk data breach (2015)

In May 2015, the Bitcoin forum Bitcoin Talk was hacked and over 500k unique email addresses were exposed. The attack led to the exposure of a raft of personal data including usernames, email and IP addresses, genders, birth dates, security questions and MD5 hashes of their answers plus hashes ofโ€ฆ

Victim
Bitcoin Talk
Records
501.4K
Data breachResolved

Adult FriendFinder (2015) data breach (2015)

In May 2015, the adult hookup site Adult FriendFinder was hacked and nearly 4 million records dumped publicly. The data dump included extremely sensitive personal information about individuals and their relationship statuses and sexual preferences combined with personally identifiable information.

Victim
Adult FriendFinder (2015)
Records
3.9M
Data breachResolved

Gaadi data breach (2015)

In May 2015, the Indian motoring website known as Gaadi had 4.3 million records exposed in a data breach. The data contained usernames, email and IP addresses, genders, the city of users as well as passwords stored in both plain text and as MD5 hashes.

Victim
Gaadi
Records
4.3M
Data breachResolved

mSpy data breach (2015)

In May 2015, the "monitoring" software known as mSpy suffered a major data breach. The software (allegedly often used to spy on unsuspecting victims), stored extensive personal information within their online service which after being breached, was made freely available on the internet.

Victim
mSpy
Records
699.8K
Data breachResolved

Evermotion data breach (2015)

In May 2015, the Polish 3D modelling website known as Evermotion suffered a data breach resulting in the exposure of 435k unique user records. The data was sourced from a vBulletin forum and contained email addresses, usernames, dates of birth and salted MD5 hashes of passwords.

Victim
Evermotion
Records
435.5K
Data breachResolved

Kimsufi data breach (2015)

In mid-2015, the forum for the providers of affordable dedicated servers known as Kimsufi suffered a data breach. The vBulletin forum contained over half a million accounts including usernames, email and IP addresses and passwords stored as salted MD5 hashes.

Victim
Kimsufi
Records
504.6K
Data breachResolved

OVH data breach (2015)

In mid-2015, the forum for the hosting provider known as OVH suffered a data breach. The vBulletin forum contained 453k accounts including usernames, email and IP addresses and passwords stored as salted MD5 hashes.

Victim
OVH
Records
452.9K
Data breachResolved

SC Daily Phone Spam List data breach (2015)

In early 2015, a spam list known as SC Daily Phone emerged containing almost 33M identities. The data includes personal attributes such as names, physical and IP addresses, genders, birth dates and phone numbers. Read more about spam lists in HIBP.

Victim
SC Daily Phone Spam List
Records
32.9M
Data breachResolved

SweClockers.com data breach (2015)

In early 2015, the Swedish tech news site SweClockers was hacked and 255k accounts were exposed. The attack led to the exposure of usernames, email addresses and salted hashes of passwords stored with a combination of MD5 and SHA512.

Victim
SweClockers.com
Records
254.9K
Data breachResolved

Snail data breach (2015)

In March 2015, the gaming website Snail suffered a data breach that impacted 1.4 million subscribers. The impacted data included usernames, IP and email addresses and passwords stored as unsalted MD5 hashes. The data was provided to HIBP by dehashed.com.

Victim
Snail
Records
1.4M
Data breachResolved

000webhost data breach (2015)

In approximately March 2015, the free web hosting provider 000webhost suffered a major data breach that exposed almost 15 million customer records. The data was sold and traded before 000webhost was alerted in October. The breach included names, email addresses and plain text passwords.

Victim
000webhost
Records
14.9M
Data breachResolved

GameTuts data breach (2015)

Likely in early 2015, the video game website GameTuts suffered a data breach and over 2 million user accounts were exposed. The site later shut down in July 2016 but was identified as having been hosted on a vBulletin forum.

Victim
GameTuts
Records
2.1M
Data breachResolved

HongFire data breach (2015)

In March 2015, the anime and manga forum HongFire suffered a data breach. The hack of their vBulletin forum led to the exposure of 1 million accounts along with email and IP addresses, usernames, dates of birth and salted MD5 passwords.

Victim
HongFire
Records
1000.0K
Data breachResolved

StarNet data breach (2015)

In February 2015, the Moldavian ISP "StarNet" had it's database published online. The dump included nearly 140k email addresses, many with personal details including contact information, usage patterns of the ISP and even passport numbers.

Victim
StarNet
Records
139.4K
Data breachResolved

MyFHA data breach (2015)

In approximately February 2015, the home financing website MyFHA suffered a data breach which disclosed the personal information of nearly 1 million people.

Victim
MyFHA
Records
972.6K
Data breachResolved

Flashback data breach (2015)

In February 2015, the Swedish forum known as Flashback had sensitive internal data on 40k members published via the tabloid newspaper Aftonbladet. The data was allegedly sold to them via Researchgruppen (The Research Group) who have a history of exposing otherwise anonymous users, primarily thoseโ€ฆ

Victim
Flashback
Records
40.3K
Data breachResolved

PSX-Scene data breach (2015)

In approximately February 2015, the Sony Playstation forum known as PSX-Scene was hacked and more than 340k accounts were exposed. The vBulletin forum included IP addresses and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.

Victim
PSX-Scene
Records
341.1K
Data breachResolved

Xbox-Scene data breach (2015)

In approximately February 2015, the Xbox forum known as Xbox-Scene was hacked and more than 432k accounts were exposed. The IP.Board forum included IP addresses and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.

Victim
Xbox-Scene
Records
432.6K
Data breachResolved

Lizard Squad data breach (2015)

In January 2015, the hacker collective known as "Lizard Squad" created a DDoS service by the name of "Lizard Stresser" which could be procured to mount attacks against online targets.

Victim
Lizard Squad
Records
13.5K
Data breachResolved

Bleach Anime Forum data breach (2015)

In 2015, the now defunct independent forum for the Bleach Anime series suffered a data breach that exposed 144k user records. The impacted data included usernames, email addresses and salted MD5 password hashes.

Victim
Bleach Anime Forum
Records
143.7K