Skip to content

Incidents from

2021

RansomwareResolved

Amedia ransomware attack

A ransomware attack encrypted the central systems of Amedia, Norway's largest local-newspaper group, halting presses and disrupting subscription and advertising systems for more than 70 titles serving around 2 million readers. Amedia refused to pay.

Victim
Amedia
Data breachResolved

Carding Mafia (December 2021) data breach (2021)

In December 2021, the Carding Mafia forum suffered a data breach that exposed over 300k members' email addresses. Dedicated to the theft and trading of stolen credit cards, the forum breach also exposed usernames, IP addresses and passwords stored as salted MD5 hashes.

Victim
Carding Mafia (December 2021)
Records
303.9K
Data breachResolved

FlexBooker data breach (2021)

In December 2021, the online booking service FlexBooker suffered a data breach that exposed 3.7 million accounts. The data included email addresses, names, phone numbers and for a small number of accounts, password hashes and partial credit card data.

Victim
FlexBooker
Records
3.8M
Zero-dayResolved

Log4Shell (Apache Log4j CVE-2021-44228)

A trivially exploitable remote code execution flaw in Apache Log4j 2, the ubiquitous Java logging library, scored a maximum CVSS 10.0 and exposed hundreds of millions of devices and applications worldwide to instant takeover via a single crafted log string.

Victim
Global (Apache Log4j users worldwide)
Data breachResolved

RedLine Stealer data breach (2021)

In December 2021, logs from the RedLine Stealer malware were left publicly exposed and were then obtained by security researcher Bob Diachenko. The data included 441 thousand unique email addresses, usernames and plain text passwords.

Victim
RedLine Stealer
Records
441.7K
Data breachResolved

Aditya Birla Fashion and Retail data breach (2021)

In December 2021, Indian retailer Aditya Birla Fashion and Retail Ltd was breached and ransomed. The ransom demand was allegedly rejected and data containing 5.4M unique email addresses was subsequently dumped publicly on a popular hacking forum the next month.

Victim
Aditya Birla Fashion and Retail
Records
5.5M
Data breachResolved

Travelio data breach (2021)

In November 2021, the Indonesian real estate website Travelio suffered a data breach that exposed over 470k customer accounts. The data included email addresses, names, password hashes, phone numbers and for some accounts, dates of birth, physical address and Facebook auth tokens.

Victim
Travelio
Records
471.4K
Data breachResolved

ZAP-Hosting data breach (2021)

In November 2021, web host ZAP-Hosting suffered a data breach that exposed over 60GB of data containing 746k unique email addresses. The breach also contained support chat logs, IP addresses, names, purchases, physical addresses and phone numbers.

Victim
ZAP-Hosting
Records
746.7K
Data breachResolved

Stripchat data breach (2021)

In November 2021, the live sex cams and adult chat website Stripchat left several databases exposed and unsecured. In June the following year, over 10M Stripchat records appeared on a popular hacking forum. The exposed data included usernames, email addresses and IP addresses.

Victim
Stripchat
Records
10.0M
Data breachResolved

Robinhood data breach (2021)

In November 2021, the online trading platform Robinhood suffered a data breach after a customer service representative was socially engineered. The incident exposed over 5M customer email addresses and 2M customer names.

Victim
Robinhood
Records
5.0M
Data breachResolved

BTC-Alpha data breach (2021)

In November 2021, the crypto exchange platform BTC-Alpha suffered a ransomware attack data breach after which customer data was publicly dumped. The impacted data included 362k email and IP addresses, usernames and passwords stored as PBKDF2 hashes.

Victim
BTC-Alpha
Records
362.4K
Data breachResolved

CyberServe data breach (2021)

In October 2021, the Israeli hosting provider CyberServe was breached and ransomed before having a substantial amount of their customer data leaked publicly by a group known as "Black Shadow". Amongst the data was the LGBTQ dating site Atraf and the Machon Mor medical institute.

Victim
CyberServe
Records
1.1M
Data breachResolved

JukinMedia data breach (2021)

In October 2021, the "global leader in user-generated entertainment" Jukin Media suffered a data breach. The breach exposed 13GB of code, configuration and data consisting of 314k unique email addresses along with names, phone numbers, IP addresses and bcrypt password hashes.

Victim
JukinMedia
Records
314.3K
sabotageunresolved

Iran nationwide fuel-distribution cyberattack

A cyberattack attributed to Predatory Sparrow disabled the system behind Iran's subsidized-fuel cards, knocking out payment at all 4,300 of the country's gas stations and hijacking highway billboards to taunt Supreme Leader Khamenei.

Victim
National Iranian Oil Products Distribution Company (NIOPDC) — fuel-card network
Data breachResolved

Animeify data breach (2021)

In October 2021, the now defunct Arabic language Anime website Animeify suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 808k unique email addresses along with names, usernames, genders and plain text passwords.

Victim
Animeify
Records
808.0K
Data breachContained

Argentina RENAPER national ID database breach (2021)

An attacker used a compromised government VPN account to query Argentina's RENAPER national ID database for all 45 million Argentines. Photos and ID details for the president, soccer star Lionel Messi, and other public figures were posted to Twitter as proof. The data went on sale on a dark-web forum.

Victim
Registro Nacional de las Personas (RENAPER), Argentina
Records
45.0M
RansomwareResolved

Hillel Yaffe Medical Center ransomware attack

DeepBlueMagic ransomware paralysed Israel's Hillel Yaffe Medical Center, locking every hospital computer system. As a government-owned hospital barred from paying ransom, it ran on paper and alternative systems for weeks, taking roughly two months to fully recover.

Victim
Hillel Yaffe Medical Center
Data breachResolved

RENAPER national ID database breach

A hacker accessed Argentina's RENAPER national identity registry through a stolen government VPN credential, obtaining ID-card data and photographs on the country's entire population of roughly 45 million citizens.

Victim
Registro Nacional de las Personas (RENAPER)
Records
45.0M
Data breachResolved

CoinMarketCap data breach (2021)

During October 2021, 3.1 million email addresses with accounts on the cryptocurrency market capitalisation website CoinMarketCap were discovered being traded on hacking forums.

Victim
CoinMarketCap
Records
3.1M
Data breachResolved

ActMobile data breach (2021)

In October 2021, security researcher Bob Diachenko discovered an exposed database he attributed to ActMobile, the operators of Dash VPN and FreeVPN. The exposed data included 1.6 million unique email addresses along with IP addresses and password hashes, all of which were subsequently leaked on a…

Victim
ActMobile
Records
1.6M
Data breachResolved

Protemps data breach (2021)

In October 2021, the Singaporean recruitment website Protemps suffered a data breach that exposed almost 50,000 unique email addresses. The impacted data includes names, email and physical addresses, phone numbers, passport numbers and passwords stored as unsalted MD5 hashes, among troves of other…

Victim
Protemps
Records
49.6K
Data breachResolved

Fantasy Football Hub data breach (2021)

In October 2021, the fantasy premier league (soccer) website Fantasy Football Hub suffered a data breach that exposed 66 thousand unique email addresses. The data included names, usernames, IP addresses, transactions and passwords stored as WordPress MD5 hashes.

Victim
Fantasy Football Hub
Records
66.5K
Data breachResolved

Fitmart data breach (2021)

In October 2021, data from the German fitness supplies store Fitmart was obtained and later redistributed online. The data included 214k unique email addresses accompanied by plain text passwords, allegedly "dehashed" from the original stored version.

Victim
Fitmart
Records
214.5K
Data breachResolved

Epik data breach (2021)

In September 2021, the domain registrar and web host Epik suffered a significant data breach, allegedly in retaliation for hosting alt-right websites. The breach exposed a huge volume of data not just of Epik customers, but also scraped WHOIS records belonging to individuals and organisations who…

Victim
Epik
Records
15.0M
Data breachResolved

Republican Party of Texas data breach (2021)

In September 2021, the Republican Party of Texas was hacked by a group claiming to be "Anonymous" in retaliation for the state's controversial abortion ban. The September defacement was followed by a leak of data and documents which included material from the hosting provider Epik.

Victim
Republican Party of Texas
Records
72.6K
Data breachResolved

Dennis Kirk data breach (2021)

In October 2024, almost 20GB of data containing 1.3M unique email addresses from motorcycle supplies store Dennis Kirk was circulated. Dating back to September 2021, the data also contained purchases from the online store along with customer names, phone numbers and postcodes.

Victim
Dennis Kirk
Records
1.4M
Data breachResolved

DatPiff data breach (2021)

In late 2021, email address and plain text password pairs from the rap mixtape website DatPiff appeared for sale on a popular hacking forum. The data allegedly dated back to an earlier breach and in total, contained almost 7.5M email addresses and cracked password pairs.

Victim
DatPiff
Records
7.5M
Data breachResolved

AT&T data breach (2021)

A dataset dating to August 2021 — names, addresses, phone numbers, and encrypted SSNs and dates of birth — resurfaced in March 2024 and was leaked for free, with AT&T eventually confirming ~73 million current and former customers were affected.

Victim
AT&T
Records
73.0M
Data breachResolved

Imavex data breach (2021)

In August 2021, the website development company Imavex suffered a data breach that exposed 878 thousand unique email addresses. The data included user records containing names, usernames and password material with some records also containing genders and partial credit card data, including the last…

Victim
Imavex
Records
878.2K
Data breachResolved

Have Fun Teaching data breach (2021)

In August 2021, the teaching resources website Have Fun Teaching suffered a data breach that leaked 80k WooCommerce transactions which were later posted to a popular hacking forum.

Victim
Have Fun Teaching
Records
27.1K
Vulnerability exploitResolved

Pakistan FBR data centre breach

Attackers compromised the data centre of Pakistan's Federal Board of Revenue by exploiting a pirated copy of Microsoft Hyper-V, taking down all tax-authority websites and putting network access for 360 virtual machines up for sale on a Russian dark-web forum.

Victim
Federal Board of Revenue (FBR)
Data breachResolved

Open Subtitles data breach (2021)

In August 2021, the subtitling website Open Subtitles suffered a data breach and subsequent ransom demand. The breach exposed almost 7M subscribers' personal data including email and IP addresses, usernames, the country of the user and passwords stored as unsalted MD5 hashes.

Victim
Open Subtitles
Records
6.8M
Data breachResolved

AndroidLista data breach (2021)

In July 2021, the Android applications and games review site AndroidLista suffered a data breach. The incident exposed 6.6M user records containing email addresses, names, usernames and passwords stored as salted SHA-1 hashes, all of which were subsequently posted to a popular hacking forum.

Victim
AndroidLista
Records
6.6M
RansomwareContained

Transnet 'Death Kitty' ransomware (South Africa, 2021)

A ransomware attack on South Africa's state-owned logistics firm Transnet shut down operations at Durban, Ngqura, Port Elizabeth and Cape Town container terminals, forcing the operator to declare force majeure. Durban — 60% of Southern Africa's containerised trade — reverted to paper-based clearance for cargo for a week.

Victim
Transnet SOC (state-owned freight & port operator)
Data breachResolved

Guntrader data breach (2021)

In July 2021, the United Kingdom based website Guntrader suffered a data breach that exposed 112k unique email addresses. Extensive personal information was also exposed including names, phone numbers, geolocation data, IP addresses and various physical address attributes (cities for all users,…

Victim
Guntrader
Records
112.0K
RansomwareResolved

CNT Ecuador RansomEXX attack

The RansomEXX gang hit Ecuador's state-run telecom CNT, disrupting its payment portal and call centers and claiming to have stolen more than 190 GB of corporate and customer data.

Victim
Corporación Nacional de Telecomunicaciones (CNT EP)
Wiperunresolved

Iranian Railways 'MeteorExpress' wiper attack

A previously unseen wiper named Meteor crippled Iran's national railway network, wiping computers across stations, halting and delaying hundreds of trains, and defacing departure boards with a number for travelers to call: the office of Supreme Leader Khamenei.

Victim
Islamic Republic of Iran Railways (RAI) / Ministry of Roads and Urban Development
Data breachResolved

Qraved data breach (2021)

In July 2021, the Indonesian restaurant website Qraved suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed almost 1M unique email addresses along with names, phone numbers, dates of birth and passwords stored as MD5 hashes.

Victim
Qraved
Records
984.5K
Data breachResolved

Jam Tangan data breach (2021)

In July 2021, the online Indonesian watch store, Jam Tangan (AKA Machtwatch), suffered a data breach that exposed over 400k customer records which were subsequently posted to a popular hacking forum.

Victim
Jam Tangan
Records
434.8K
Data breachResolved

ECCIE data breach (2021)

In January 2021, the adult escort forum ECCIE suffered a data breach which was later posted to a popular hacking forum. The data included 536k user records with email and IP addresses, usernames, dates of birth and salted MD5 password hashes.

Victim
ECCIE
Records
536.9K
Data breachResolved

Short Édition data breach (2021)

In June 2021, the French publishing house of short literature Short Édition suffered a data breach that exposed 505k records. Impacted data included email and physical addresses, names, usernames, phone numbers, dates of birth, genders and passwords stored as either salted SHA-1 or salted SHA-512…

Victim
Short Édition
Records
505.5K
Data breachResolved

HeatGames data breach (2021)

In June 2021, the (now defunct) gaming website HeatGames suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed almost 650k unique email addresses along with IP addresses, country and salted MD5 password hashes.

Victim
HeatGames
Records
647.9K
Data breachResolved

Phoenix data breach (2021)

In mid-2021, the "vintage messaging reborn" service Phoenix suffered a data breach that exposed 75k unique email addresses. The breach also exposed IP addresses, usernames and passwords.

Victim
Phoenix
Records
74.8K
Data breachResolved

START data breach (2021)

In August 2022, news broke of an attack against the Russian streaming service "START". The incident led to the exposure of 44M records containing 7.4M unique email addresses. The impacted data also included the subscriber's country and password hash.

Victim
START
Records
7.5M
Data breachResolved

IndiaMART data breach (2021)

In August 2021, 38 million records from Indian e-commerce company IndiaMART were found being traded on a popular hacking forum. Dated several months earlier, the data included over 20 million unique email addresses alongside names, phone numbers and physical addresses.

Victim
IndiaMART
Records
20.2M
Data breachResolved

Paragon Cheats data breach (2021)

In May 2021, the Grand Theft Auto Online cheats website Paragon Cheats suffered a data breach that lead to the shutdown of the service. The breach exposed 188k customer records including usernames, email and IP addresses.

Victim
Paragon Cheats
Records
188.1K
Supply chainResolved

Air India SITA passenger data breach

A supply-chain compromise of aviation IT provider SITA exposed roughly 4.5 million Air India passengers' names, passport details, ticket data, frequent-flyer numbers, and payment card information collected over nearly a decade of bookings.

Victim
Air India
Records
4.5M
RansomwareContained

HSE Ireland ransomware (Conti)

Conti ransomware paralysed Ireland's Health Service Executive, forcing cancellation of outpatient appointments nationwide for weeks. Conti released the decryptor for free; recovery still cost an estimated €100M+.

Victim
Health Service Executive (HSE) of Ireland
Loss
$130.0M
Records
700.0K
Data breachResolved

SirHurt data breach (2021)

In April 2021, the the Roblox cheats website SirHurt suffered a data breach that exposed over 90k customer records. The exposed data included email and IP addresses, usernames and passwords stored as MD5 hashes.

Victim
SirHurt
Records
90.7K
Data breachResolved

Atmeltomo data breach (2021)

In April 2021, "Japan's largest e-mail friend search site" Atmeltomo suffered a data breach that was later sold on a popular hacking forum. The breach exposed 1.3M records with 580k unique email addresses along with usernames, IP addresses and unsalted MD5 password hashes.

Victim
Atmeltomo
Records
580.2K
Data breachResolved

OGUsers (2021 breach) data breach (2021)

In April 2021, the account hijacking and SIM swapping forum OGusers suffered a data breach, the fourth since December 2018. The breach was subsequently sold on a rival hacking forum and contained usernames, email and IP addresses and passwords stored as either salted MD5 or argon2 hashes.

Victim
OGUsers (2021 breach)
Records
348.3K
Data breachResolved

Phone House España data breach (2021)

In April 2021, the Spanish retailer Phone House allegedly suffered a ransomware attack that also exposed significant volumes of customer data. Attributed to the Babuk ransomware, a collection of data alleged to be a subset of a larger corpus was posted to a dark web site and contained 5.2M email…

Victim
Phone House España
Records
5.2M
RansomwareResolved

Phone House Spain ransomware breach

The Babuk ransomware gang breached Spanish mobile retailer The Phone House and leaked roughly 100 GB of customer data — names, ID numbers, bank details and contact information on up to 3 million people — after the company refused to pay.

Victim
The Phone House España
Loss
$7.0M
Records
3.0M
Data breachResolved

Upstox data breach (2021)

In April 2021, Indian brokerage firm Upstox suffered a data breach. The incident exposed extensive personal information on over 100k customers including names, genders, dates of birth, physical addresses, banking information and passwords stored as bcrypt hashes.

Victim
Upstox
Records
111.0K
Data breachResolved

SlideTeam data breach (2021)

In April 2021, the "world’s largest collection of pre-designed presentation slides" SlideTeam had 1.4M records breached and later published to a popular hacking forum the following year.

Victim
SlideTeam
Records
1.5M
Data breachdisputed

MobiKwik data breach

An 8.2TB trove tied to Indian fintech MobiKwik — reportedly covering up to 99 million users with KYC documents, Aadhaar and card details — was advertised for sale on a dark-web forum, in a breach the company repeatedly denied.

Victim
MobiKwik
Records
99.0M
Data breachResolved

KinoKong data breach (2021)

In March 2021, the Russian online streaming service KinoKong suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed over 800k unique email addresses along with names, usernames, IP addresses and MD5 password hashes.

Victim
KinoKong
Records
817.8K
Data breachResolved

Domino's India data breach (2021)

In April 2021, 13TB of compromised Domino's India appeared for sale on a hacking forum after which the company acknowledged a major data breach they dated back to March. The compromised data included 22.5 million unique email addresses, names, phone numbers, order histories and physical addresses.

Victim
Domino's India
Records
22.5M
Data breachResolved

MangaDex data breach (2021)

In March 2021, the manga fan site MangaDex suffered a data breach that resulted in the exposure of almost 3 million subscribers. The data included email and IP addresses, usernames and passwords stored as bcrypt hashes. The data was subsequently circulated within hacking groups.

Victim
MangaDex
Records
3.0M
Data breachResolved

ParkMobile data breach (2021)

In March 2021, the mobile parking app service ParkMobile suffered a data breach which exposed 21 million customers' personal data. The impacted data included email addresses, names, phone numbers, vehicle licence plates and passwords stored as bcrypt hashes.

Victim
ParkMobile
Records
20.9M
Data breachResolved

Air Europa payment-data breach

Spanish airline Air Europa exposed contact and full payment-card data — including CVV codes — on roughly 489,000 customers across 1.5 million records, and was fined €600,000 by the AEPD for weak security and a 41-day notification delay.

Victim
Air Europa
Loss
$648.0K
Records
1.5M
Data breachResolved

Carding Mafia (March 2021) data breach (2021)

In March 2021, the Carding Mafia forum suffered a data breach that exposed almost 300k members' email addresses. Dedicated to the theft and trading of stolen credit cards, the forum breach also exposed usernames, IP addresses and passwords stored as salted MD5 hashes.

Victim
Carding Mafia (March 2021)
Records
297.7K
Data breachResolved

IDC Games data breach (2021)

In March 2021, 4 million records sourced from IDC Games were shared on a public hacking forum. The data included usernames, email addresses and passwords stored as salted MD5 hashes.

Victim
IDC Games
Records
4.0M
Data breachResolved

Descomplica data breach (2021)

In March 2021, the Brazilian EdTech company Descomplica suffered a data breach which was subsequently posted to a popular hacking forum. The data included almost 5 million email addresses, names, the first 6 and last 4 digits and the expiry date of credit cards, purchase histories and password…

Victim
Descomplica
Records
4.8M
Data breachResolved

Liker data breach (2021)

In March 2021, the self-proclaimed "kinder, smarter social network" Liker suffered a data breach, allegedly in retaliation for the Gab data breach and scraping of data from Parler.

Victim
Liker
Records
465.1K
Data breachResolved

WeLeakInfo data breach (2021)

In March 2021, the Stripe account of the now-defunct WeLeakInfo service was taken over by "pompompurin" after acquiring an expired domain name with an email address used to manage the account.

Victim
WeLeakInfo
Records
11.8K
Data breachResolved

Gab data breach (2021)

In February 2021, the alt-tech social network service Gab suffered a data breach. The incident exposed almost 70GB of data including 4M user accounts, a small number of private chat logs and a list of public groups and public posts made to the service.

Victim
Gab
Records
66.5K
Data breachResolved

SuperVPN & GeckoVPN data breach (2021)

In February 2021, a series of "free" VPN services were breached including SuperVPN and GeckoVPN, exposing over 20M records. The data appeared together in a single file with a small number of records also included from FlashVPN, suggesting that all three brands may share the same platform.

Victim
SuperVPN & GeckoVPN
Records
20.3M
Data breachResolved

Gemplex data breach (2021)

In February 2021, the Indian streaming platform Gemplex suffered a data breach that exposed 4.6M user accounts. The impacted data included device information, names, phone numbers, email addresses and bcrypt password hashes.

Victim
Gemplex
Records
4.6M
Data breachResolved

NurseryCam data breach (2021)

In February 2021, a series of egregiously bad security flaws were identified in the NurseryCam system designed for parents to remotely monitor their children whilst attending nursery. The flaws led to the exposure of over 10k parent records before the service was shut down.

Victim
NurseryCam
Records
10.6K
Insider threatResolved

Yandex mail insider breach

Yandex disclosed that one of three administrators with privileged access to its email service had been selling unauthorized access to user mailboxes, compromising 4,887 inboxes before the company's internal security team detected the abuse during a routine review.

Victim
Yandex
Records
4.9K
Data breachResolved

CityBee data breach (2021)

In February 2021, the Lithuanian car-sharing service CityBee announced they'd suffered a data breach that exposed 110k customers' personal information. The breach exposed names, email addresses, government issued IDs and passwords stored as unsalted SHA-1 hashes.

Victim
CityBee
Records
110.2K
Data breachResolved

KomplettFritid data breach (2021)

In January 2023, the online Norwegian store KomplettFritid was reported as having had a data breach dating back to February 2021. The incident exposed 140k customer records including physical, email and IP addresses, names, phone numbers and passwords.

Victim
KomplettFritid
Records
139.4K
Data breachResolved

Raychat data breach (2021)

In January 2021, the now defunct Iranian social media platform Raychat suffered a data breach that exposed 939 thousand unique email addresses. The data included names, IP addresses, browser user agent strings and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.

Victim
Raychat
Records
939.0K
Data breachResolved

Ducks Unlimited data breach (2021)

In mid-2021, Risk Based Security reported on a database sourced from Ducks Unlimited being traded online. The data dated back to January 2021 and contained 1.3M unique email addresses across both a membership list and a list of website users.

Victim
Ducks Unlimited
Records
1.3M
Data breachResolved

Bookchor data breach (2021)

In January 2021, the Indian book trading website Bookchor suffered a data breach that exposed half a million customer records. The exposed data included email and IP addresses, names, genders, dates of birth, phone numbers and passwords stored as unsalted MD5 hashes.

Victim
Bookchor
Records
498.3K
Data breachResolved

Emotet data breach (2021)

In January 2021, the FBI in partnership with the Dutch NHTCU, German BKA and other international law enforcement agencies brought down the world's most dangerous malware: Emotet.

Victim
Emotet
Records
4.3M
Data breachResolved

Unverified Data Source data breach (2021)

In January 2021, over 11M unique email addresses were discovered by Night Lion Security alongside an extensive amount of personal information including names, physical and IP addresses, phone numbers and dates of birth.

Victim
Unverified Data Source
Records
11.5M
Data breachunresolved

Brazil 223-million mega-leak

The largest personal-data leak in Brazilian history: databases on roughly 223 million people — including names, CPF tax IDs, facial images, salaries and credit scores — surfaced for sale on a dark-web forum, with suspicion pointing at credit-bureau data.

Victim
Brazilian population (credit-bureau-linked databases)
Records
223.0M
Data breachResolved

Oxfam data breach (2021)

In January 2021, Oxfam Australia was the victim of a data breach which exposed 1.8M unique email addresses of supporters of the charity. The data was put up for sale on a popular hacking forum and also included names, phone numbers, addresses, genders and dates of birth.

Victim
Oxfam
Records
1.8M
Data breachResolved

Daily Quiz data breach (2021)

In January 2021, the quiz website Daily Quiz suffered a data breach that exposed over 8 million unique email addresses. The data also included usernames, IP addresses and passwords stored in plain text.

Victim
Daily Quiz
Records
8.0M
Data breachResolved

Bourse des Vols data breach (2021)

In January 2021, the French travel company Bourse des Vols suffered a data breach that exposed 1.46M unique email addresses across more than 1.2k .sql files and over 9GB of data.

Victim
Bourse des Vols
Records
1.5M
Data breachResolved

Date Hot Brunettes data breach (2021)

In January 2021, the now defunct website Date Hot Brunettes which provided a service to "Date Neglected Women Who Can Keep a Secret", suffered a data breach. The incident exposed 1.5M unique email addresses along with IP addresses, usernames, user-entered bios and MD5 password hashes.

Victim
Date Hot Brunettes
Records
1.5M
Data breachResolved

Guns.com data breach (2021)

In January 2021, the firearms website guns.com suffered a data breach. The breach exposed 376k unique email addresses along with names, phone numbers, physical addresses, gun purchases, partial credit card data, dates of birth and passwords stored as bcrypt hashes.

Victim
Guns.com
Records
375.9K
Data breachResolved

WedMeGood data breach (2021)

In January 2021, the Indian wedding planning platform WedMeGood suffered a data breach that exposed 1.3 million customers. The breach exposed 41.5GB of data including email and physical addresses, names, genders, phone numbers and password hashes. The data was provided to HIBP by dehashed.com.

Victim
WedMeGood
Records
1.3M
Data breachResolved

Devil-Torrents.pl data breach (2021)

In early 2021, the Polish torrents website Devil-Torrents.pl suffered a data breach. A subset of the data including 63k unique email addresses and cracked passwords were subsequently socialised on a popular data breach sharing service.

Victim
Devil-Torrents.pl
Records
63.5K
Data breachResolved

Ho. Mobile SIM data breach

The customer database of Ho. Mobile, Vodafone Italy's budget operator, was stolen and offered for sale on the dark web — exposing the personal and SIM data of about 2.5 million Italian subscribers and prompting a mass SIM replacement.

Victim
Ho. Mobile (Vodafone Italy)
Records
2.5M
Data breachResolved

Adecco data breach (2021)

In March 2021, news broke of a massive data breach impacting millions of Adecco customers in South America which was subsequently sold on a popular hacking forum.

Victim
Adecco
Records
4.3M