Skip to content

Incidents from

2020

Data breachResolved

MEO data breach (2020)

In early 2023, a corpus of data sourced from the New Zealand based face mask company MEO was discovered. Dating back to December 2020, the data contained over 8k customer records including names, addresses, phone numbers and passwords stored as MD5 Wordpress hashes.

Victim
MEO
Records
8.2K
Data breachResolved

University of California data breach (2020)

In December 2020, the University of California suffered a data breach due to vulnerability in in a third-party provider, Accellion. The breach exposed extensive personal data on both students and staff including 547 thousand unique email addresses, names, dates of birth, genders, social securityโ€ฆ

Victim
University of California
Records
547.4K
Data breachResolved

NetGalley data breach (2020)

In December 2020, the book promotion site NetGalley suffered a data breach. The incident exposed 1.4 million unique email addresses alongside names, usernames, physical and IP addresses, phone numbers, dates of birth and passwords stored as salted SHA-1 hashes.

Victim
NetGalley
Records
1.4M
Data breachResolved

MMG Fusion data breach (2020)

In December 2020, the dental practice management service MMG Fusion was the victim of a data breach which exposed 2.6M unique email addresses. The data also included patient appointments, names, phone numbers, dates of birth, genders and physical addresses.

Victim
MMG Fusion
Records
2.7M
Data breachResolved

DriveSure data breach (2020)

In December 2020, the car dealership service provider DriveSure suffered a data breach. The incident resulted in 26GB of data being downloaded and later shared on a hacking forum. Impacted personal information included 3.6 million unique email addresses, names, phone numbers and physical addresses.

Victim
DriveSure
Records
3.7M
Data breachResolved

Roblox Developer Conference (2023) data breach (2020)

In July 2023, a list of alleged attendees from the 2017-2020 Roblox Developers Conferences was circulated on a forum. The data contained 4k unique email addresses along with names, usernames, dates of birth, phone numbers, physical and IP addresses and T-shirt sizes

Victim
Roblox Developer Conference (2023)
Records
3.9K
Data breachResolved

Travel Oklahoma data breach (2020)

In December 2020, the Oklahoma state Tourism and Recreation Department suffered a data breach. The incident exposed 637k email addresses across a variety of tables including age ranges against brochure orders and dates of birth against contest entries.

Victim
Travel Oklahoma
Records
637.3K
Supply chainContained

SolarWinds SUNBURST supply-chain compromise (Cozy Bear)

Russian SVR operators trojanized SolarWinds Orion build infrastructure, distributing a backdoored update to 18,000 customers including the U.S. Treasury, Commerce, DHS, State, and Energy departments. The defining state cyberespionage operation of the decade.

Victim
SolarWinds (Orion customers โ€” ~18,000 organisations including 9 U.S. federal agencies and Microsoft, FireEye, Mimecast)
Loss
$100.00B
Data breachResolved

Capital Economics data breach (2020)

In December 2020, the economic research company Capital Economics suffered a data breach that exposed 263k customer records. The exposed data included email and physical addresses, names, phone numbers, job titles and the employer of impacted customers.

Victim
Capital Economics
Records
263.8K
Data breachResolved

GamingMonk data breach (2020)

In December 2020, India's "largest esports community" GamingMonk (since acquired by and redirected to MPL Esports), suffered a data breach. The incident exposed 655k unique email addresses along with names, usernames, phone numbers, dates of birth and bcrypt password hashes.

Victim
GamingMonk
Records
654.5K
Data breachResolved

Wongnai data breach (2020)

In October 2020, 17 previously undisclosed data breaches appeared for sale including the Thai restaurant, hotel and attraction finding service, Wongnai.

Victim
Wongnai
Records
3.9M
Data breachContained

Vastaamo psychotherapy data breach and patient extortion (Finland, 2020)

Records on approximately 33,000 patients of Finnish psychotherapy provider Vastaamo were stolen in 2018 from an unencrypted database with no root password. After failed company-extortion in October 2020, the attacker sent ransom demands to ~30,000 patients directly. Founder later acquitted; Aleksanteri Kivimรคki convicted and sentenced to 6 years 3 months.

Victim
Vastaamo (Finnish psychotherapy centre)
Loss
$670.0K
Records
33.0K
Data breachResolved

Playbook data breach (2020)

In September 2021, a publicly accessible PostgresSQL database belonging to the Playbook service was identified. Run by VC firm Plug and Play Ventures, the database had been exposed since October 2020 and contained more than 50 thousand unique email addresses along with names, phone numbers, jobโ€ฆ

Victim
Playbook
Records
50.5K
Data breachResolved

bigbasket data breach (2020)

In October 2020, the Indian grocery platform bigbasket suffered a data breach that exposed over 20 million customer records. The data was originally sold before being leaked publicly in April the following year and included email, IP and physical addresses, names, phones numbers, dates of birthโ€ฆ

Victim
bigbasket
Records
24.5M
Data breachResolved

Thingiverse data breach (2020)

In October 2021, a database backup taken from the 3D model sharing service Thingiverse began extensively circulating within the hacking community. Dating back to October 2020, the 36GB file contained 228 thousand unique email addresses, mostly alongside comments left on 3D models.

Victim
Thingiverse
Records
228.1K
Data breachResolved

Animal Jam data breach (2020)

In October 2020, the online game for kids Animal Jam suffered a data breach which was subsequently shared through online hacking communities the following month. The data contained 46 million user accounts with over 7 million unique email addresses.

Victim
Animal Jam
Records
7.1M
Data breachResolved

Famm data breach (2020)

In late 2020, the Japanese family photos website Famm suffered a data breach that subsequently exposed 1.3M customer records, including 535k unique email addresses. Impacted data also included names, dates of birth, genders and passwords stored as SHA-256 hashes.

Victim
Famm
Records
535.2K
Data breachResolved

LimeVPN data breach (2020)

In October 2020, the VPN provider LimeVPN suffered a data breach that exposed the personal information of tens of thousands of customers. The data included email, IP and physical addresses, names, phone numbers, purchase histories and passwords stored as salted MD5 hashes.

Victim
LimeVPN
Records
23.3K
Data breachResolved

Pixlr data breach (2020)

In October 2020, the online photo editing application Pixlr suffered a data breach exposing 1.9 million subscribers. Impacted data included names, email addresses, social media profiles, the country signed up from and passwords stored as SHA-512 hashes. The data was provided to HIBP by dehashed.com.

Victim
Pixlr
Records
1.9M
Data breachResolved

Chowbus data breach (2020)

In October 2020, the Asian food delivery app Chowbus suffered a data breach which led to over 800,000 records being emailed to customers. The email contained a link to a CSV file with customer data including physical addresses, names, phone numbers and over 444,000 unique email addresses.

Victim
Chowbus
Records
444.2K
Data breachResolved

GeniusU data breach (2020)

In November 2020, a collection of data breaches were made public including the "Entrepreneur Success Platform", GeniusU. Dating back to the previous month, the data included 1.3M names, email and IP addresses, genders, links to social media profiles and passwords stored as bcrypt hashes.

Victim
GeniusU
Records
1.3M
Data breachResolved

Nitro data breach (2020)

In September 2020, the Nitro PDF service suffered a massive data breach which exposed over 70 million unique email addresses. The breach also exposed names, bcrypt password hashes and the titles of converted documents. The data was provided to HIBP by dehashed.com.

Victim
Nitro
Records
77.2M
Data breachResolved

Eskimi data breach (2020)

In late 2020, the AdTech platform Eskimi suffered a data breach that exposed 26M records with 1.2M unique email addresses. The data included usernames, dates of birth, genders and passwords stored as unsalted MD5 hashes.

Victim
Eskimi
Records
1.2M
Data breachResolved

RaidForums data breach (2020)

In May 2023, 478k user records from the now defunct hacking forum known as "RaidForums" was posted to another hacking forum. The data dated back to September 2020 and included email addresses, usernames, dates of birth, IP addresses and passwords stored as Argon2 hashes.

Victim
RaidForums
Records
478.6K
Data breachResolved

Games Box data breach (2020)

In September 2020, now defunct website Games Box suffered a data breach that was later redistributed as part of a larger corpus of data. The impacted data included 1.4M email addresses alongside usernames, genders, ages and passwords stored as either a hash or plain text.

Victim
Games Box
Records
1.4M
Data breachResolved

Horse Isle data breach (2020)

In June 2020 then again in September that same year, Horse Isle "The Secrent Land of Horses" suffered a data breach. The incident exposed 28k unique email addresses along with names, usernames, IP addresses, genders, purchases and plain text passwords.

Victim
Horse Isle
Records
27.8K
Data breachResolved

ShopBack data breach (2020)

In September 2020, the cashback reward program ShopBack suffered a data breach. The incident exposed over 20 million unique email addresses along with names, phone numbers, country of residence and passwords stored as salted SHA-1 hashes. The data was provided to HIBP by dehashed.com.

Victim
ShopBack
Records
20.5M
Data breachResolved

Shopper+ data breach (2020)

In March 2023, "Canada's online shopping mall" Shopper+ disclosed a data breach discovered on a public hacking forum. The breach dated back to September 2020 and included 878k customer records with email and physical addresses, names, phone numbers and in some cases, genders and dates of birth.

Victim
Shopper+
Records
878.3K
Data breachResolved

RedDoorz data breach (2020)

In September 2020, the hotel management & booking platform RedDoorz suffered a data breach that exposed over 5.8M user accounts. The breached data included names, email addresses, phone numbers, genders, dates of birth and passwords stored as bcrypt hashes.

Victim
RedDoorz
Records
5.9M
Data breachResolved

Hopamedia data breach (2020)

In 2024, data relating to an unknown service referred to as "Hopamedia" and dating back to 2020 appeared in a publicly exposed database. The data included almost 24M records of email address, name, phone number, the country of the individual and their telecommunications carrier.

Victim
Hopamedia
Records
23.8M
Data breachResolved

Livpure data breach (2020)

In August 2020, the Indian retailer Livpure suffered a data breach which exposed over 1 million customer purchases with 270 thousand unique email addresses. The data also included names, phone numbers, physical addresses and details of purchased items.

Victim
Livpure
Records
269.6K
DDoSResolved

NZX stock exchange DDoS attacks

A sustained volumetric DDoS campaign knocked New Zealand's stock exchange offline for parts of five consecutive trading days, halting trading because the exchange could not publish market announcements, and drawing a sharp regulatory rebuke.

Victim
NZX (New Zealand's Exchange)
Data breachResolved

Experian (South Africa) data breach (2020)

In August 2020, Experian South Africa suffered a data breach which exposed the personal information of tens of millions of individuals. Only 1.3M of the records contained email addresses, whilst most contained government issued identity numbers, names, addresses, occupations and employers, amongstโ€ฆ

Victim
Experian (South Africa)
Records
1.3M
Data breachResolved

Bonobos data breach (2020)

In August 2020, the clothing store Bonobos suffered a data breach that exposed almost 70GB of data containing 2.8 million unique email addresses. The breach also exposed names, physical and IP addresses, phone numbers, order histories and passwords stored as salted SHA-512 hashes, includingโ€ฆ

Victim
Bonobos
Records
2.8M
Data breachResolved

Jefit data breach (2020)

In August 2020, the workout tracking app Jefit suffered a data breach. The data was subsequently sold within the hacking community and included over 9 million email and IP addresses, usernames and passwords stored as either vBulletin or argon2 hashes.

Victim
Jefit
Records
9.1M
Data breachResolved

ShockGore data breach (2020)

In August 2020, the website for sharing graphic videos and images of gore and animal cruelty suffered a data breach. The breach exposed 74k unique email addresses alongside usernames, IP addresses, genders and unsalted SHA-1 password hashes.

Victim
ShockGore
Records
73.9K
Data breachResolved

Lazada RedMart data breach (2020)

In October 2020, news broke of Lazada RedMart data breach containing records as recent as July 2020 and being sold via an online marketplace. In all, the data contained 1.1 million customer email addresses alongside names, phone numbers, physical addresses, partial credit card numbers and passwordsโ€ฆ

Victim
Lazada RedMart
Records
1.1M
Data breachResolved

Utah Gun Exchange data breach (2020)

In July 2020, the Utah Gun Exchange website suffered a data breach which included several other associated websites. In total, 235k unique email addresses were exposed before being traded online alongside names, usernames, genders, IP addresses and password hashes.

Victim
Utah Gun Exchange
Records
235.2K
Data breachResolved

WiziShop data breach (2020)

In July 2020, the French e-commerce platform WiziShop suffered a data breach. The breach exposed 18GB worth of data including names, phone numbers, dates of birth, physical and IP addresses, SHA-1 password hashes and almost 3 million unique email addresses.

Victim
WiziShop
Records
2.9M
Data breachResolved

StreamCraft data breach (2020)

In July 2020, the Russian Minecraft service StreamCraft suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 1.8M records of usernames, email and IP addresses and passwords stored as either MD5 or bcrypt hashes.

Victim
StreamCraft
Records
1.8M
Data breachResolved

Drizly data breach (2020)

In approximately July 2020, the US-based online alcohol delivery service Drizly suffered a data breach. The data was sold online before being extensively redistributed and contained 2.5 million unique email addresses alongside names, physical and IP addresses, phone numbers, dates of birth andโ€ฆ

Victim
Drizly
Records
2.5M
Data breachResolved

OrderSnapp data breach (2020)

In June 2020, the restaurant solutions provider OrderSnapp suffered a data breach which exposed 1.3M unique email addresses. Impacted data also included names, phone numbers, dates of birth and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.

Victim
OrderSnapp
Records
1.3M
Data breachResolved

Wattpad data breach (2020)

In mid-2020, the user-generated stories platform Wattpad suffered a breach exposing roughly 268.8 million records, including names, email addresses, dates of birth, and bcrypt-hashed passwords. The database was first sold privately, then leaked for free on a hacking forum.

Victim
Wattpad
Records
268.8M
Data breachResolved

Dave data breach (2020)

In June 2020, the digital banking app Dave suffered a data breach which exposed 7.5 million rows of data and subsequently appeared for public download on a hacking forum.

Victim
Dave
Records
3.0M
Data breachResolved

ProctorU data breach (2020)

In June 2020, the online exam service ProctorU suffered a data breach which was subsequently shared extensively across online hacking communities. The breach contained 444k user records including names, email and physical addresses, phones numbers and passwords stored as bcrypt hashes.

Victim
ProctorU
Records
444.5K
Data breachResolved

Havenly data breach (2020)

In June 2020, the interior design website Havenly suffered a data breach which impacted almost 1.4 million members of the service. The exposed data included email addresses, names, phone numbers, geographic locations and passwords stored as SHA-1 hashes, all of which was subsequently sharedโ€ฆ

Victim
Havenly
Records
1.4M
Data breachResolved

Ledger data breach (2020)

In June 2020, the hardware crypto wallet manufacturer Ledger suffered a data breach that exposed over 1 million email addresses. The data was initially sold before being dumped publicly in December 2020 and included names, physical addresses and phone numbers.

Victim
Ledger
Records
1.1M
Data breachResolved

Kreditplus data breach (2020)

In June 2020, the Indonesian credit service Kreditplus suffered a data breach which exposed 896k records containing 769k unique email addresses. The breach exposed extensive personal information including names, family makeup, information on spouses, income and expenses, religions and employmentโ€ฆ

Victim
Kreditplus
Records
768.9K
Data breachResolved

Swvl data breach (2020)

In June 2020, the Egyptian bus operator Swvl suffered a data breach which impacted over 4 million members of the service. The exposed data included names, email addresses, phone numbers, profile photos, partial credit card data (type and last 4 digits) and passwords stored as bcrypt hashes, all ofโ€ฆ

Victim
Swvl
Records
4.2M
Data breachResolved

Appen data breach (2020)

In June 2020, the AI training data company Appen suffered a data breach exposing the details of almost 5.9 million users which were subsequently sold online. Included in the breach were names, email addresses and passwords stored as bcrypt hashes.

Victim
Appen
Records
5.9M
Data breachResolved

Promo data breach (2020)

In July 2020, the self-proclaimed "World's #1 Marketing Video Maker" Promo suffered a data breach which was then shared extensively on a hacking forum. The incident exposed 22 million records containing almost 15 million unique email addresses alongside IP addresses, genders, names and saltedโ€ฆ

Victim
Promo
Records
14.6M
Data breachResolved

Scentbird data breach (2020)

In June 2020, the online fragrance service Scentbird suffered a data breach that exposed the personal information of over 5.8 million customers. Personal information including names, email addresses, genders, dates of birth, passwords stored as bcrypt hashes and indicators of password strength wereโ€ฆ

Victim
Scentbird
Records
5.8M
Data breachResolved

Vakinha data breach (2020)

In June 2020, the Brazilian fund raising service Vakinha suffered a data breach which impacted almost 4.8 million members. The exposed data included email addresses, names, phone numbers, geographic locations and passwords stored as bcrypt hashes, all of which was subsequently shared extensivelyโ€ฆ

Victim
Vakinha
Records
4.8M
Data breachResolved

yotepresto.com data breach (2020)

In June 2020, the Mexican lending platform yotepresto.com suffered a data breach. Over 1.4 million customers were impacted by the breach which disclosed email and IP addresses, usernames and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.

Victim
yotepresto.com
Records
1.4M
Data breachResolved

Not Acxiom data breach (2020)

In 2020, a corpus of data containing almost a quarter of a billion records spanning over 400 different fields was misattributed to database marketing company Acxiom and subsequently circulated within the hacking community.

Victim
Not Acxiom
Records
51.7M
Data breachResolved

SitePoint data breach (2020)

In June 2020, the web development site SitePoint suffered a data breach that exposed over 1M customer records. Impacted data included email and IP addresses, names, usernames, bios and passwords stored as bcrypt hashes.

Victim
SitePoint
Records
1.0M
Data breachResolved

Dunzo data breach (2020)

In approximately June 2019, the Indian delivery service Dunzo suffered a data breach. Exposing 3.5 million unique email addresses, the Dunzo breach also included names, phone numbers and IP addresses which were all broadly distributed online via a hacking forum.

Victim
Dunzo
Records
3.5M
Data breachResolved

LiveAuctioneers data breach (2020)

In June 2020, the online antiques marketplace LiveAuctioneers suffered a data breach which was subsequently sold online then extensively redistributed in the hacking community.

Victim
LiveAuctioneers
Records
3.4M
Data breachResolved

Acuity data breach (2020)

In mid-2020, a 437GB corpus of data attributed to an entity named "Acuity" was created and later extensively distributed. However, the source could not be confidently verified as any known companies named Acuity.

Victim
Acuity
Records
14.1M
Data breachResolved

Mashable data breach (2020)

In approximately mid-2020, Mashable suffered a data breach that subsequently turned up publicly in November 2020. The data included 1.4 million unique email addresses along with names, genders, expired auth tokens, physical locations, links to social media profiles and days and months of birth.

Victim
Mashable
Records
1.4M
Data breachResolved

Preen.Me data breach (2020)

In May 2020, social media marketing company Preen.Me was the target of a ransom attack that resulted in hundreds of thousands of records being publicly posted. Over 236k unique email addresses were exposed in the attack alongside names, usernames and links to social media profiles.

Victim
Preen.Me
Records
236.1K
Data breachResolved

Nulled.ch data breach (2020)

In May 2020, the hacking forum Nulled.ch was breached and the data published to a rival hacking forum. Over 43k records were compromised and included IP and email addresses, usernames and passwords stored as salted MD5 hashes alongside the private message history of the website's admin.

Victim
Nulled.ch
Records
43.5K
Data breachResolved

Zacks data breach (2020)

In December 2022, the investment research company Zacks announced a data breach. The following month, reports emerged of the incident impacting 820k customers. However, in June 2023, a corpus of data with almost 9M Zacks customers appeared before being broadly circulated on a popular hacking forum.

Victim
Zacks
Records
8.9M
Data breachResolved

Minted data breach (2020)

In May 2020, the online marketplace for independent artists Minted suffered a data breach that exposed 4.4M unique customer records subsequently sold on a dark web marketplace. Exposed data also included names, physical addresses, phone numbers and passwords stored as bcrypt hashes.

Victim
Minted
Records
4.4M
Data breachResolved

Stalker Online data breach (2020)

In May 2020, over 1.3M records from the MMO game Stalker Online were breached. The data included email and IP addresses, usernames and hashed passwords.

Victim
Stalker Online
Records
1.4M
Data breachResolved

Aptoide data breach (2020)

In April 2020, the independent Android app store Aptoide suffered a data breach. The incident resulted in the exposure of 20M customer records which were subsequently shared online via a popular hacking forum.

Victim
Aptoide
Records
20.0M
Data breachResolved

Vianet data breach (2020)

In April 2020, the Nepalese internet service provider Vianet suffered a data breach. The attack on the ISP led to the exposure of 177k customer records including 94k unique email addresses. Also exposed were names, phone numbers and physical addresses.

Victim
Vianet
Records
94.4K
Data breachResolved

HomeRefill data breach (2020)

In April 2020, now defunct Brazilian e-commerce platform HomeRefill suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 187k unique email addresses along with names, phone numbers, dates of birth and salted password hashes.

Victim
HomeRefill
Records
187.5K
Data breachResolved

OGUsers (2020 breach) data breach (2020)

In April 2020, the account hijacking and SIM swapping forum OGUsers suffered their second data breach in less than a year. As with the previous breach, the exposed data included email and IP addresses, usernames, private messages and passwords stored as salted MD5 hashes.

Victim
OGUsers (2020 breach)
Records
263.2K
Data breachResolved

Glofox data breach (2020)

In March 2020, the Irish gym management software company Glofox suffered a data breach which exposed 2.3M membership records. The data included email addresses, names, phone numbers, genders, dates of birth and passwords stored as unsalted MD5 hashes.

Victim
Glofox
Records
2.3M
Data breachResolved

Chatbooks data breach (2020)

In March 2020, the photo print service Chatbooks suffered a data breach which was subsequently put up for sale on a dark web marketplace. The breach contained 15 million user records with 2.5 million unique email addresses alongside names, phone numbers, social media profiles and salted SHA-512โ€ฆ

Victim
Chatbooks
Records
2.5M
Data breachResolved

James data breach (2020)

In June 2020, 14 previously undisclosed data breaches appeared for sale including the Brazilian delivery service, "James". The breach occurred in March 2020 and exposed 1.5M unique email addresses, customer locations expressed in longitude and latitude and passwords stored as bcrypt hashes.

Victim
James
Records
1.5M
Data breachResolved

123RF data breach (2020)

In March 2020, the stock photo site 123RF suffered a data breach which impacted over 8 million subscribers and was subsequently sold online. The breach included email, IP and physical addresses, names, phone numbers and passwords stored as MD5 hashes. The data was provided to HIBP by dehashed.com.

Victim
123RF
Records
8.7M
Data breachResolved

Sina Weibo data leak

Personal data on 538 million Sina Weibo accounts โ€” including the phone numbers of 172 million users โ€” was offered for sale on the dark web for about $250, in a leak Weibo attributed to address-book matching abuse dating back to 2018. China's industry ministry summoned the company over its handling of personal data.

Victim
Sina Weibo
Records
538.0M
Data breachResolved

Lead Hunter data breach (2020)

In March 2020, a massive trove of personal information referred to as "Lead Hunter" was provided to HIBP after being found left exposed on a publicly facing Elasticsearch server.

Victim
Lead Hunter
Records
68.7M
Data breachResolved

Catho data breach (2020)

In approximately March 2020, the Brazilian recruitment website Catho was compromised and subsequently appeared alongside 20 other breached websites listed for sale on a dark web marketplace. The breach included almost 11 million records with 1.2 million unique email addresses.

Victim
Catho
Records
1.2M
Data breachResolved

Tamodo data breach (2020)

In February 2020, the affiliate marketing network Tamodo suffered a data breach which was subsequently shared on a popular hacking forum. The incident exposed almost 500k accounts including names, email addresses, dates of birth and passwords stored as bcrypt hashes.

Victim
Tamodo
Records
494.9K
Data breachResolved

AnimeGame data breach (2020)

In February 2020, the gaming website AnimeGame suffered a data breach. The incident affected 1.4M subscribers and exposed email addresses, usernames and passwords stored as salted MD5 hashes. The data was subsequently shared on a popular hacking forum and was provided to HIBP by dehashed.com.

Victim
AnimeGame
Records
1.4M
Data breachResolved

TrueFire data breach (2020)

In February 2020, the guitar tuition website TrueFire suffered a data breach which impacted 600k members. The breach exposed extensive personal information including names, email and physical addresses, account balances and unsalted MD5 password hashes. The data was provided to HIBP by dehashed.com.

Victim
TrueFire
Records
599.7K
Data breachResolved

Covve data breach (2020)

In February 2020, a massive trove of personal information referred to as "db8151dd" was provided to HIBP after being found left exposed on a publicly facing Elasticsearch server.

Victim
Covve
Records
22.8M
Data breachResolved

Slickwraps data breach (2020)

In February 2020, the online store for consumer electronics wraps Slickwraps suffered a data breach. The incident resulted in the exposure of 858k unique email addresses across customer records and newsletter subscribers.

Victim
Slickwraps
Records
857.6K
Data breachResolved

Straffic data breach (2020)

In February 2020, Israeli marketing company Straffic exposed a database with 140GB of personal data. The publicly accessible Elasticsearch database contained over 300M rows with 49M unique email addresses. Exposed data also included names, phone numbers, physical addresses and genders.

Victim
Straffic
Records
48.6M
Data breachResolved

Home Chef data breach (2020)

In early 2020, the food delivery service Home Chef suffered a data breach which was subsequently sold online. The breach exposed the personal information of almost 9 million customers including names, IP addresses, post codes, the last 4 digits of credit card numbers and passwords stored as bcryptโ€ฆ

Victim
Home Chef
Records
8.8M
Data breachResolved

Bhinneka data breach (2020)

In early 2020, the Indonesian consumer electronics website Bhinneka suffered a data breach that exposed almost 1.3M customer records. The data included email and physical addresses, names, genders, dates of birth, phone numbers and salted password hashes.

Victim
Bhinneka
Records
1.3M
Data breachResolved

Wishbone (2020) data breach (2020)

In January 2020, the mobile app to "compare anything" Wishbone suffered another data breach which followed their breach from 2016. An extensive amount of personal information including almost 10M unique email addresses alongside names, phone numbers geographic locations and other personalโ€ฆ

Victim
Wishbone (2020)
Records
9.7M
Data breachResolved

MeetMindful data breach (2020)

In early 2020, the online dating service MeetMindful suffered a data breach that exposed 1.4 million unique customer email addresses. Included in the data was an extensive array of personal information used to find romantic matches including physical attributes, use of alcohol, drugs andโ€ฆ

Victim
MeetMindful
Records
1.4M
Data breachResolved

Ulmon data breach (2020)

In January 2020, the travel app creator Ulmon suffered a data breach. The service had almost 1.3M records with 777k unique email addresses, names, passwords stored as bcrypt hashes and in some cases, social media profile IDs, telephone numbers and bios.

Victim
Ulmon
Records
777.8K
Data breachResolved

Mathway data breach (2020)

In January 2020, the math solving website Mathway suffered a data breach that exposed over 25M records. The data was subsequently sold on a dark web marketplace and included names, Google and Facebook IDs, email addresses and salted password hashes.

Victim
Mathway
Records
25.7M
Data breachResolved

Zoosk (2020) data breach (2020)

In January 2020, the online dating service Zoosk suffered a data breach which was subsequently shared extensively across online hacking communities. The breach contained 24 million unique email addresses alongside extensive personal information including genders, sexualities, dates of birth,โ€ฆ

Victim
Zoosk (2020)
Records
23.9M
Data breachResolved

MobiFriends data breach (2020)

In January 2020, the Barcelona-based dating app MobiFriends suffered a data breach that exposed 3.5 million unique email addresses. The data also included usernames, genders, dates of birth and MD5 password hashes.

Victim
MobiFriends
Records
3.5M
Data breachResolved

HTC Mania data breach (2020)

In January 2020, the Spanish mobile phone forum HTC Mania suffered a data breach of the vBulletin based site. The incident exposed 1.5M member email addresses, usernames, IP addresses, dates of birth and salted MD5 password hashes and password histories.

Victim
HTC Mania
Records
1.5M
Data breachResolved

Pampling data breach (2020)

In January 2020, the online clothing retailer Pampling suffered a data breach that exposed 383k unique customer email addresses. The data was later shared on a popular hacking forum and also included names, usernames and unsalted MD5 password hashes.

Victim
Pampling
Records
383.5K
Vulnerability exploitResolved

Virgin Mobile Polska data breach

An unauthorised party exploited a flaw in Virgin Mobile Polska's prepaid-registration application to access the personal data of over 114,000 subscribers, including PESEL identity numbers and ID-card details. Poland's data-protection authority fined the operator nearly PLN 2 million for inadequate security testing.

Victim
Virgin Mobile Polska
Records
115.0K
Data breachResolved

Nameless Malware data breach (2020)

In January 2021, NordLocker provided HIBP 1.1 million email addresses collected by nameless malware. The malware campaign ran between 2018 and 2020 and infected 3.25 million computers, stealing files, credentials and taking screenshots and photos using the computer's webcam.

Victim
Nameless Malware
Records
1.1M