Latest Breach Information
Below is a list of the last 25 known data breaches and any information we may have about them.
Prosper
| Added Date: |
10/15/2025 |
| Breach Date: |
9/1/2025 |
| Updated Date: |
10/15/2025 |
| Breach Count: |
17,605,276 |
| Content: |
Browser user agent details, Credit status information, Dates of birth, Email addresses, Employment statuses, Government issued IDs, Income levels, IP addresses, Names, Physical addresses |
| Domain: |
prosper.com |
Description:
In September 2025, Prosper announced that it had detected unauthorised access to their systems, which resulted in the exposure of customer and applicant information. The data breach impacted 17.6M unique email addresses, along with other customer information, including US Social Security numbers. Prosper advised that they did not find any evidence of unauthorised access to customer accounts and funds, and that their customer-facing operations were uninterrupted. Further information about the incident is contained in Prosper's FAQs.
Verified: 
,
Fabricated: 
,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Hello Cake
| Added Date: |
10/14/2025 |
| Breach Date: |
7/25/2025 |
| Updated Date: |
10/14/2025 |
| Breach Count: |
22,907 |
| Content: |
Dates of birth, Email addresses, Names, Phone numbers, Physical addresses, Purchases |
| Domain: |
hellocake.com |
Description:
In July 2025, the sexual healthcare product maker Hello Cake suffered a data breach. The data was subsequently posted on a public hacking forum and included 23k unique email addresses along with names, phone numbers, physical addresses, dates of birth and purchases.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Vietnam Airlines
| Added Date: |
10/11/2025 |
| Breach Date: |
6/20/2025 |
| Updated Date: |
10/11/2025 |
| Breach Count: |
7,316,915 |
| Content: |
Dates of birth, Email addresses, Loyalty program details, Names, Phone numbers |
| Domain: |
vietnamairlines.com |
Description:
In October 2025, data stolen from the Salesforce instances of multiple companies by a hacking group calling itself "Scattered LAPSUS$ Hunters" was publicly released. Among the affected organisations was Vietnam Airlines, which had 7.3M unique customer email addresses exposed following a breach of its Salesforce environment in June of that year. The compromised data also included names, phone numbers, dates of birth, and loyalty program membership numbers.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Adpost
| Added Date: |
10/6/2025 |
| Breach Date: |
2/14/2025 |
| Updated Date: |
10/6/2025 |
| Breach Count: |
3,339,512 |
| Content: |
Email addresses, Names, Usernames |
| Domain: |
adpost.com |
Description:
In February 2025, data allegedly obtained from an earlier Adpost breach surfaced. The dataset contained 3.3M records including email addresses, usernames, and display names. Multiple attempts to contact Adpost regarding the incident received no response.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Artists&Clients
| Added Date: |
10/3/2025 |
| Breach Date: |
8/31/2025 |
| Updated Date: |
10/3/2025 |
| Breach Count: |
95,351 |
| Content: |
Email addresses, IP addresses, Passwords, Usernames |
| Domain: |
artistsnclients.com |
Description:
In August 2025, the "marketplace that connects artists to prospective clients" Artists&Clients, suffered a data breach and subsequent ransom demand of US$50k. The data was subsequently leaked publicly and included 95k unique email addresses alongside usernames, IP addresses and bcrypt password hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
HomeRefill
| Added Date: |
10/3/2025 |
| Breach Date: |
4/2/2020 |
| Updated Date: |
10/3/2025 |
| Breach Count: |
187,457 |
| Content: |
Dates of birth, Email addresses, Names, Passwords, Phone numbers |
| Domain: |
homerefill.com.br |
Description:
In April 2020, now defunct Brazilian e-commerce platform HomeRefill suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 187k unique email addresses along with names, phone numbers, dates of birth and salted password hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Latest Pilot Jobs
| Added Date: |
10/2/2025 |
| Breach Date: |
8/14/2022 |
| Updated Date: |
10/2/2025 |
| Breach Count: |
118,864 |
| Content: |
Email addresses, Names, Passwords, Usernames |
| Domain: |
latestpilotjobs.com |
Description:
In August 2022, the Latest Pilot Jobs website suffered a data breach that later appeared on a popular hacking forum before being redistributed as part of a larger corpus of data. The data included 119k unique email addresses along with names, usernames and unsalted MD5 password hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Cultura
| Added Date: |
9/24/2025 |
| Breach Date: |
9/6/2024 |
| Updated Date: |
9/24/2025 |
| Breach Count: |
1,462,025 |
| Content: |
Email addresses, Names, Phone numbers, Physical addresses, Purchases |
| Domain: |
cultura.com |
Description:
In September 2024, French retailer Cultura was the victim of a cyber attack they attributed to an external IT service provider. The resultant data breach included almost 1.5M unique email addresses along with names, phone numbers, physical addresses and orders. Cultura advised that all affected customers had been notified about the incident.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Bouygues Telecom
| Added Date: |
9/24/2025 |
| Breach Date: |
8/4/2025 |
| Updated Date: |
9/24/2025 |
| Breach Count: |
5,685,771 |
| Content: |
Bank account numbers, Dates of birth, Email addresses, Names, Phone numbers, Physical addresses |
| Domain: |
bouyguestelecom.fr |
Description:
In August 2025, the French telecommunications company Bouygues Telecom detected a cyber attack against their services. The incident resulted in a data breach that exposed almost 6.4M customer records, including 5.7M unique email addresses. The breach also exposed names, physical addresses, phone numbers, dates of birth and IBANs (International Bank Account Numbers). Bouygues Telecom advised that all affected customers had been notified about the incident.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Animeify
| Added Date: |
9/21/2025 |
| Breach Date: |
10/14/2021 |
| Updated Date: |
9/21/2025 |
| Breach Count: |
808,034 |
| Content: |
Email addresses, Genders, Names, Passwords, Usernames |
| Domain: |
animeify.net |
Description:
In October 2021, the now defunct Arabic language Anime website Animeify suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 808k unique email addresses along with names, usernames, genders and plain text passwords.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
FreeOnes
| Added Date: |
9/17/2025 |
| Breach Date: |
2/16/2017 |
| Updated Date: |
9/17/2025 |
| Breach Count: |
960,213 |
| Content: |
Email addresses, IP addresses, Passwords, Usernames |
| Domain: |
freeones.com |
Description:
In February 2017, the forum for the adult website FreeOnes suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 960k unique email addresses alongside usernames, IP addresses and salted MD5 password hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Miljödata
| Added Date: |
9/15/2025 |
| Breach Date: |
8/25/2025 |
| Updated Date: |
9/15/2025 |
| Breach Count: |
870,108 |
| Content: |
Dates of birth, Email addresses, Genders, Government issued IDs, Names, Phone numbers, Physical addresses |
| Domain: |
miljodata.se |
Description:
In August 2025, the Swedish system supplier Miljödata was the victim of a ransomware attack. Following the attack, data was subsequently published on the dark web and included 870k unique email addresses across various compromised files. Data also included names, phone numbers, physical addresses, dates of birth and government-issued personal identity numbers.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Giglio
| Added Date: |
9/1/2025 |
| Breach Date: |
8/9/2025 |
| Updated Date: |
9/1/2025 |
| Breach Count: |
1,026,468 |
| Content: |
Email addresses, Names, Phone numbers, Physical addresses |
| Domain: |
giglio.com |
Description:
In August 2025, over 1M unique email addresses appeared in a breach allegedly obtained from Italian fashion designer Giglio. The data also included names, phone numbers and physical addresses. Giglio did not respond to repeated attempts to disclose the incident.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
TheSqua.re
| Added Date: |
8/26/2025 |
| Breach Date: |
6/27/2025 |
| Updated Date: |
8/26/2025 |
| Breach Count: |
107,041 |
| Content: |
Email addresses, Geographic locations, Names, Phone numbers |
| Domain: |
thesqua.re |
Description:
In June 2025, 107k unique customer email addresses were allegedly obtained from TheSqua.re, the "easiest way to find your next serviced apartment". The data also included names, phone numbers and cities which were subsequently posted to a popular hacking forum. TheSqua.re did not respond to repeated attempts to disclose the incident, however multiple impacted HIBP subscribers confirmed the legitimacy and accuracy of the data.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Allianz Life
| Added Date: |
8/18/2025 |
| Breach Date: |
7/16/2025 |
| Updated Date: |
8/18/2025 |
| Breach Count: |
1,115,061 |
| Content: |
Dates of birth, Email addresses, Genders, Names, Phone numbers, Physical addresses |
| Domain: |
allianzlife.com |
Description:
In July 2025, Allianz Life was the victim of a cyber attack which resulted in millions of records later being leaked online. Allianz attributed the attack to "a social engineering technique" which targeted data on Salesforce and resulted in the exposure of 1.1M unique email addresses, names, genders, dates of birth, phone numbers and physical addresses.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Data Troll Stealer Logs
| Added Date: |
8/13/2025 |
| Breach Date: |
6/20/2025 |
| Updated Date: |
8/13/2025 |
| Breach Count: |
109,532,219 |
| Content: |
Email addresses, Passwords |
| Domain: |
n/a |
Description:
In June 2025, headlines erupted over a "16 billion password" breach. In reality, the dataset was a compilation of publicly accessible stealer logs, mostly repurposed from older leaks, with only a small portion of genuinely new material. HIBP received 2.7B rows containing 109M unique email addresses, which was subsequently added to the service under the name "Data Troll". The websites the stealer logs were captured against are searchable via the HIBP dashboard.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Unigame
| Added Date: |
8/7/2025 |
| Breach Date: |
12/14/2019 |
| Updated Date: |
8/7/2025 |
| Breach Count: |
843,696 |
| Content: |
Email addresses, Passwords |
| Domain: |
unigame.me |
Description:
In December 2019, the now defunct gaming website Unigame (maker of Hunter Online) suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 844k email addresses and salted MD5 password hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Pi-hole
| Added Date: |
7/31/2025 |
| Breach Date: |
7/30/2025 |
| Updated Date: |
7/31/2025 |
| Breach Count: |
29,926 |
| Content: |
Email addresses, Names |
| Domain: |
pi-hole.net |
Description:
In July 2025, a vulnerability in the GiveWP WordPress plugin exposed the names and email addresses of approximately 30k donors to the Pi-hole network-wide ad blocking project. Pi-hole subsequently self-submitted the list of impacted donors to HIBP.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Creams Cafe
| Added Date: |
7/22/2025 |
| Breach Date: |
5/1/2025 |
| Updated Date: |
7/22/2025 |
| Breach Count: |
159,652 |
| Content: |
Email addresses, Names, Phone numbers, Physical addresses |
| Domain: |
creamscafe.com |
Description:
In May 2025, 160k records of customer data was allegedly obtained from Creams Cafe, "the UK's favourite dessert parlour". The data included email and physical addresses, names and phone numbers. Creams Cafe did not respond to repeated attempts to disclose the incident, however multiple impacted HIBP subscribers confirmed the legitimacy and accuracy of the data.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
MaReads
| Added Date: |
7/15/2025 |
| Breach Date: |
6/22/2025 |
| Updated Date: |
7/15/2025 |
| Breach Count: |
74,453 |
| Content: |
Dates of birth, Email addresses, Phone numbers, Usernames |
| Domain: |
mareads.com |
Description:
In June 2025, MaReads, the website for readers and writers of Thai-language fiction and comics suffered a data breach that exposed 74k records. The breach included usernames, email addresses, phone numbers and dates of birth. MaReads is aware of the breach.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List: