Latest Breach Information

Below is a list of the last 25 known data breaches and any information we may have about them.


Cit0day

Added Date: 11/19/2020
Breach Date: 11/4/2020
Updated Date: 11/19/2020
Breach Count: 226,883,414
Content: Email addresses, Passwords
Domain:cit0day.in

Description:

In November 2020, a collection of more than 23,000 allegedly breached websites known as Cit0day were made available for download on several hacking forums. The data consisted of 226M unique email address alongside password pairs, often represented as both password hashes and the cracked, plain text versions. Independent verification of the data established it contains many legitimate, previously undisclosed breaches. The data was provided to HIBP by dehashed.com.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

123RF

Added Date: 11/14/2020
Breach Date: 3/22/2020
Updated Date: 11/14/2020
Breach Count: 8,661,578
Content: Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Usernames
Domain:123rf.com

Description:

In March 2020, the stock photo site 123RF suffered a data breach which impacted over 8 million subscribers and was subsequently sold online. The breach included email, IP and physical addresses, names, phone numbers and passwords stored as MD5 hashes. The data was provided to HIBP by dehashed.com.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Home Chef

Added Date: 11/12/2020
Breach Date: 2/10/2020
Updated Date: 11/12/2020
Breach Count: 8,815,692
Content: Email addresses, Geographic locations, IP addresses, Names, Partial credit card data, Passwords, Phone numbers
Domain:homechef.com

Description:

In early 2020, the food delivery service Home Chef suffered a data breach which was subsequently sold online. The breach exposed the personal information of almost 9 million customers including names, IP addresses, post codes, the last 4 digits of credit card numbers and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Animal Jam

Added Date: 11/11/2020
Breach Date: 10/12/2020
Updated Date: 11/11/2020
Breach Count: 7,104,998
Content: Dates of birth, Email addresses, Genders, IP addresses, Names, Passwords, Physical addresses, Usernames
Domain:animaljam.com

Description:

In October 2020, the online game for kids Animal Jam suffered a data breach which was subsequently shared through online hacking communities the following month. The data contained 46 million user accounts with over 7 million unique email addresses. Impacted data also included usernames, IP addresses and for some records, dates of birth (sometimes in partial form), physical addresses, parent names and passwords stored as PBKDF2 hashes.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Mashable

Added Date: 11/9/2020
Breach Date: 6/1/2020
Updated Date: 11/9/2020
Breach Count: 1,414,677
Content: Auth tokens, Email addresses, Genders, Geographic locations, IP addresses, Names, Partial dates of birth, Social media profiles
Domain:mashable.com

Description:

In approximately mid-2020, Mashable suffered a data breach that subsequently turned up publicly in November 2020. The data included 1.4 million unique email addresses along with names, genders, expired auth tokens, physical locations, links to social media profiles and days and months of birth. The data was provided to HIBP by dehashed.com.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Lazada RedMart

Added Date: 11/9/2020
Breach Date: 7/30/2020
Updated Date: 11/9/2020
Breach Count: 1,107,789
Content: Email addresses, Names, Partial credit card data, Passwords, Phone numbers, Physical addresses
Domain:redmart.lazada.sg

Description:

In October 2020, news broke of Lazada RedMart data breach containing records as recent as July 2020 and being sold via an online marketplace. In all, the data contained 1.1 million customer email addresses alongside names, phone numbers, physical addresses, partial credit card numbers and passwords stored as SHA-1 hashes.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

James

Added Date: 11/4/2020
Breach Date: 3/25/2020
Updated Date: 11/4/2020
Breach Count: 1,541,284
Content: Email addresses, Geographic locations, Passwords
Domain:jamesdelivery.com.br

Description:

In June 2020, 14 previously undisclosed data breaches appeared for sale including the Brazilian delivery service, "James". The breach occurred in March 2020 and exposed 1.5M unique email addresses, customer locations expressed in longitude and latitude and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Wongnai

Added Date: 11/4/2020
Breach Date: 10/28/2020
Updated Date: 11/4/2020
Breach Count: 3,924,454
Content: Dates of birth, Email addresses, Geographic locations, IP addresses, Names, Passwords, Phone numbers, Social media profiles
Domain:wongnai.com

Description:

In October 2020, 17 previously undisclosed data breaches appeared for sale including the Thai restaurant, hotel and attraction finding service, Wongnai. The breach exposed almost 4M unique customer records from some time during 2020 along with names, phone numbers, links to social media profiles and passwords stored as MD5 hashes. The data was self-submitted to HIBP by Wongnai.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Minted

Added Date: 11/3/2020
Breach Date: 5/6/2020
Updated Date: 11/3/2020
Breach Count: 4,418,182
Content: Email addresses, Names, Passwords, Phone numbers, Physical addresses
Domain:minted.com

Description:

In May 2020, the online marketplace for independent artists Minted suffered a data breach that exposed 4.4M unique customer records subsequently sold on a dark web marketplace. Exposed data also included names, physical addresses, phone numbers and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Promofarma

Added Date: 11/1/2020
Breach Date: 8/3/2019
Updated Date: 11/3/2020
Breach Count: 1,277,761
Content: Email addresses, Names
Domain:promofarma.com

Description:

In August 2019, a data breach from the Spanish online pharmacy Promofarma appeared for sale on a dark web marketplace. The breach exposed over 2.7M records and contained almost 1.3M unique customer email addresses. The data also included customer names and was provided to HIBP by dehashed.com.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

StarTribune

Added Date: 10/30/2020
Breach Date: 10/10/2019
Updated Date: 10/30/2020
Breach Count: 2,192,857
Content: Dates of birth, Email addresses, Genders, Names, Passwords, Physical addresses, Usernames
Domain:startribune.com

Description:

In October 2019, the Minnesota-based news service StarTribune suffered a data breach which was subsequently sold on the dark web. The breach exposed over 2 million unique email addresses alongside names, usernames, physical addresses, dates of birth, genders and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Reincubate

Added Date: 10/29/2020
Breach Date: 5/11/2017
Updated Date: 10/29/2020
Breach Count: 616,146
Content: Email addresses, Names, Passwords
Domain:reincubate.com

Description:

In October 2020, the app data company Reincubate suffered a data breach which exposed a backup from November 2017 (the newest record in the data appeared several months earlier). The data included over 616k unique email addresses, names and passwords stored as PBKDF2 hashes.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Chowbus

Added Date: 10/6/2020
Breach Date: 10/5/2020
Updated Date: 10/6/2020
Breach Count: 444,224
Content: Email addresses, Names, Phone numbers, Physical addresses
Domain:chowbus.com

Description:

In October 2020, the Asian food delivery app Chowbus suffered a data breach which led to over 800,000 records being emailed to customers. The email contained a link to a CSV file with customer data including physical addresses, names, phone numbers and over 444,000 unique email addresses.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

WiziShop

Added Date: 10/4/2020
Breach Date: 7/14/2020
Updated Date: 10/5/2020
Breach Count: 2,856,769
Content: Dates of birth, Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses
Domain:wizishop.fr

Description:

In July 2020, the French e-commerce platform WiziShop suffered a data breach. The breach exposed 18GB worth of data including names, phone numbers, dates of birth, physical and IP addresses, SHA-1 password hashes and almost 3 million unique email addresses. The data was provided to HIBP by a source who requested it be attributed to "pompompurin@riseup.net".

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Experian (South Africa)

Added Date: 9/1/2020
Breach Date: 8/19/2020
Updated Date: 9/1/2020
Breach Count: 1,284,637
Content: Email addresses, Employers, Government issued IDs, Names, Occupations, Phone numbers
Domain:n/a

Description:

In August 2020, Experian South Africa suffered a data breach which exposed the personal information of tens of millions of individuals. Only 1.3M of the records contained email addresses, whilst most contained government issued identity numbers, names, addresses, occupations and employers, amongst other person information.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

LiveAuctioneers

Added Date: 8/21/2020
Breach Date: 6/19/2020
Updated Date: 8/21/2020
Breach Count: 3,385,862
Content: Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Usernames
Domain:liveauctioneers.com

Description:

In June 2020, the online antiques marketplace LiveAuctioneers suffered a data breach which was subsequently sold online then extensively redistributed in the hacking community. The data contained 3.4 million records including names, email and IP addresses, physical addresses, phones numbers and passwords stored as unsalted MD5 hashes. The data was provided to HIBP by breachbase.pw.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Unico Campania

Added Date: 8/19/2020
Breach Date: 8/19/2020
Updated Date: 8/19/2020
Breach Count: 166,031
Content: Email addresses, Passwords
Domain:unicocampania.it

Description:

In August 2020, the Neapolitan public transport website Unico Campania was hacked and the data extensively circulated. The breach contained 166k user records with email addresses and plain text passwords.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Utah Gun Exchange

Added Date: 8/19/2020
Breach Date: 7/17/2020
Updated Date: 8/19/2020
Breach Count: 235,233
Content: Email addresses, Genders, IP addresses, Passwords, Usernames
Domain:utahgunexchange.com

Description:

In July 2020, the Utah Gun Exchange website suffered a data breach which included several other associated websites. In total, 235k unique email addresses were exposed before being traded online alongside names, usernames, genders, IP addresses and password hashes. The data was provided to HIBP by breachbase.pw.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Catho

Added Date: 8/18/2020
Breach Date: 3/1/2020
Updated Date: 8/18/2020
Breach Count: 1,173,012
Content: Email addresses, Names, Passwords, Usernames
Domain:catho.com.br

Description:

In approximately March 2020, the Brazilian recruitment website Catho was compromised and subsequently appeared alongside 20 other breached websites listed for sale on a dark web marketplace. The breach included almost 11 million records with 1.2 million unique email addresses. Names, usernames and plain text passwords were also exposed. The data was provided to HIBP by breachbase.pw.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Sonicbids

Added Date: 8/18/2020
Breach Date: 12/30/2019
Updated Date: 8/18/2020
Breach Count: 751,700
Content: Email addresses, Names, Passwords, Usernames
Domain:sonicbids.com

Description:

In December 2019, the booking website Sonicbids suffered a data breach which they attributed to "a data privacy event involving our third-party cloud hosting services". The breach contained 752k user records including names and usernames, email addresses and passwords stored as PBKDF2 hashes. The data was provided to HIBP by breachbase.pw.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:










Compromised Account Search

This site simply searches online databases of compromised account information in an attempt to help you keep your accounts safe and secure. We do not actually have or store any information -- including the usernames and email addresses you enter above.

Share This!