Latest Breach Information
Below is a list of the last 25 known data breaches and any information we may have about them.
French Citizens
Added Date: |
12/20/2024 |
Breach Date: |
9/25/2024 |
Updated Date: |
12/20/2024 |
Breach Count: |
28,445,106 |
Content: |
Device information, Email addresses, IP addresses, Names, Partial credit card data, Phone numbers, Physical addresses |
Domain: |
n/a |
Description:
In September 2024, over 90M rows of data on French Citizens was found left exposed in a publicly facing database. Compiled from various data breaches, the corpus contained 28M unique email addresses with the various source breaches each exposing different fields including name, physical and IP address, phone number and partial credit card data including payment type and last 4 digits.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Young Living Essential Oils
Added Date: |
12/19/2024 |
Breach Date: |
12/11/2024 |
Updated Date: |
12/19/2024 |
Breach Count: |
1,128,951 |
Content: |
Dates of birth, Email addresses, Geographic locations, Names |
Domain: |
youngliving.com |
Description:
In December 2024, data claimed to be breached from the multi-level marketing company Young Living Essential Oils was posted to a popular hacking forum. The data contained 1.1M unique email addresses alongside names, the country of the account and in many cases, their date of birth. The data was provided to HIBP by a source who requested it be attributed to "Threat Actor 888". Young Living Essential Oils did not respond to multiple attempts to contact them about the data.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
schenkYOU
Added Date: |
12/19/2024 |
Breach Date: |
8/15/2024 |
Updated Date: |
12/19/2024 |
Breach Count: |
237,349 |
Content: |
Dates of birth, Email addresses, Names, Passwords |
Domain: |
schenkyou.de |
Description:
In September 2024, data from the online German gift store schenkYOU was put up for sale on a popular hacking forum. Obtained the month before, the data included 237k unique email addresses alongside names, dates of birth and salted SHA-256 password hashes. The standalone store was subsequently shut down with all traffic redirected to their Amazon store.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
BitView
Added Date: |
12/19/2024 |
Breach Date: |
12/14/2024 |
Updated Date: |
12/19/2024 |
Breach Count: |
63,127 |
Content: |
Bios, Comments, Dates of birth, Email addresses, Genders, Geographic locations, IP addresses, Passwords, Private messages, Usernames |
Domain: |
bitview.net |
Description:
In December 2024, the video sharing Community BitView suffered a data breach that exposed 63k customer records. Attributed to a backup taken by a previous administrator earlier in the year, the breach exposed email and IP addresses, bcrypt password hashes, usernames, bios, private messages, video comments and for some records, gender, date of birth and country of location.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Hopamedia
Added Date: |
12/16/2024 |
Breach Date: |
8/30/2020 |
Updated Date: |
12/16/2024 |
Breach Count: |
23,835,870 |
Content: |
Email addresses, Geographic locations, Names, Phone numbers, Telecommunications carrier |
Domain: |
n/a |
Description:
In 2024, data relating to an unknown service referred to as "Hopamedia" and dating back to 2020 appeared in a publicly exposed database. The data included almost 24M records of email address, name, phone number, the country of the individual and their telecommunications carrier.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
MC2 Data
Added Date: |
12/15/2024 |
Breach Date: |
8/18/2024 |
Updated Date: |
12/15/2024 |
Breach Count: |
2,122,280 |
Content: |
Email addresses, Names, Passwords |
Domain: |
n/a |
Description:
In August 2024, data aggregator MC2 Data left a database publicly accessible without a password which was subsequently discovered by a security researcher. The breach exposed the personal information of 2.1M subscribers to the service which was marketed under a series of different brand names. The data included email addresses, names and salted SHA-256 password hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Yonéma
Added Date: |
12/14/2024 |
Breach Date: |
11/21/2024 |
Updated Date: |
12/14/2024 |
Breach Count: |
35,962 |
Content: |
Dates of birth, Device information, Email addresses, IP addresses, Names, Passwords, Phone numbers |
Domain: |
yonema.com |
Description:
In November 2024, data from the Senegalese payment platform Yonéma was posted to a popular hacking forum. The data included 36k unique email addresses alongside phone numbers, names and what appears to be encrypted passwords and dates of birth.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Tibber
Added Date: |
12/14/2024 |
Breach Date: |
11/10/2024 |
Updated Date: |
12/14/2024 |
Breach Count: |
50,002 |
Content: |
Email addresses, Geographic locations, Names, Purchases |
Domain: |
tibber.com |
Description:
In November 2024, the German electricity provider Tibber suffered a data breach that exposed the personal information of 50k customers. The data included names, email addresses, geographic locations (city and postcode) and total spend on purchases. The data was provided to HIBP by a source who requested it be attributed to "Threat Actor 888".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Senior Dating
Added Date: |
12/9/2024 |
Breach Date: |
11/23/2024 |
Updated Date: |
12/9/2024 |
Breach Count: |
765,517 |
Content: |
Bios, Dates of birth, Drinking habits, Education levels, Email addresses, Genders, Geographic locations, Occupations, Profile photos, Relationship statuses, Smoking habits, Social media profiles |
Domain: |
seniordating.app |
Description:
In 2024, the 40+ dating website Senior Dating suffered a data breach. Attributed to an exposed Firebase database, the breach included extensive personal information on 766k users of the service including email addresses, photos, genders, links to Facebook accounts, dates of birth and precise latitude and longitude, among other personal attributes. The website was shut down after the breach was acknowledged by the site operator in December, along with a breach of the "ladies.com" website run by the same organisation.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Ladies.com
Added Date: |
12/9/2024 |
Breach Date: |
7/3/2024 |
Updated Date: |
12/9/2024 |
Breach Count: |
118,809 |
Content: |
Bios, Dates of birth, Drinking habits, Education levels, Email addresses, Family structure, Genders, Geographic locations, Photos, Profile photos, Relationship statuses, Sexual orientations, Smoking habits, Tattoo status, Usernames |
Domain: |
ladies.com |
Description:
In 2024, the lesbian dating website ladies.com suffered a data breach. Attributed to an exposed Firebase database, the breach included extensive personal information on 119k users of the service including email addresses, photos, sexual orientation, genders, dates of birth and precise latitude and longitude, among other personal attributes. The website was shut down in mid-2024 and the breach later acknowledged by the site operator in December, along with a breach of the "Senior Dating" website run by the same organisation.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
The Real World
Added Date: |
11/22/2024 |
Breach Date: |
11/15/2024 |
Updated Date: |
11/22/2024 |
Breach Count: |
324,382 |
Content: |
Chat logs, Email addresses, Usernames |
Domain: |
therealworld.net |
Description:
In November 2024, the online course founded by Andrew Tate known as "The Real World" (previously "Hustler's University" suffered a data breach that exposed almost 325k users of the platform. The impacted data was limited to usernames, email addresses and chat logs.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
FlipaClip
Added Date: |
11/20/2024 |
Breach Date: |
11/18/2024 |
Updated Date: |
11/20/2024 |
Breach Count: |
892,854 |
Content: |
Dates of birth, Email addresses, Geographic locations, Names |
Domain: |
flipaclip.com |
Description:
In November 2024, the animation app FlipaClip suffered a data breach that exposed almost 900k records due to an exposed Firebase server. The impacted data included name, email address, country and date of birth. FlipaClip advised the issue has since been rectified.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Finsure
Added Date: |
11/18/2024 |
Breach Date: |
10/15/2024 |
Updated Date: |
11/18/2024 |
Breach Count: |
296,124 |
Content: |
Email addresses, Names, Phone numbers, Physical addresses |
Domain: |
finsure.com.au |
Description:
In October 2024, almost 300k unique email addresses from Australian mortgage broking group Finsure were obtained from the ActivePipe real estate marketing platform. The impacted data also included names, phone numbers and physical addresses. The incident did not directly affect any of Finsure's systems or expose any passwords or financial data.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
DemandScience by Pure Incubation
Added Date: |
11/13/2024 |
Breach Date: |
2/28/2024 |
Updated Date: |
11/13/2024 |
Breach Count: |
121,796,165 |
Content: |
Email addresses, Employers, Job titles, Names, Phone numbers, Physical addresses, Social media profiles |
Domain: |
demandscience.com |
Description:
In early 2024, a large corpus of data from DemandScience (a company owned by Pure Incubation), appeared for sale on a popular hacking forum. Later attributed to a leak from a decommissioned legacy system, the breach contained extensive data that was largely business contact information aggregated from public sources. Specifically, the data included 122M unique corporate email addresses, physical addresses, phone numbers, employers and job titles. It also included names and for many individuals, a link to their LinkedIn profile.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Hot Topic
Added Date: |
11/11/2024 |
Breach Date: |
10/19/2024 |
Updated Date: |
11/11/2024 |
Breach Count: |
56,904,909 |
Content: |
Dates of birth, Email addresses, Genders, Names, Partial credit card data, Phone numbers, Physical addresses, Purchases, Salutations |
Domain: |
hottopic.com |
Description:
In October 2024, retailer Hot Topic suffered a data breach that exposed 57 million unique email addresses. The impacted data also included physical addresses, phone numbers, purchases, genders, dates of birth and partial credit data containing card type, expiry and last 4 digits.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Earth 2
Added Date: |
11/6/2024 |
Breach Date: |
10/16/2024 |
Updated Date: |
11/6/2024 |
Breach Count: |
420,961 |
Content: |
Email addresses, Usernames |
Domain: |
earth2.io |
Description:
In October 2024, 421k unique email addresses from the virtual earth game Earth 2 were derived from embedded Gravatar images. Appearing alongside player usernames, the root cause was related to how Gravatar presents links to avatars as MD5 hashes within consuming services, a feature Earth 2 advised has now been disabled on their platform. This incident did not expose any further personal information, passwords or financial data.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Dennis Kirk
Added Date: |
11/5/2024 |
Breach Date: |
9/4/2021 |
Updated Date: |
11/5/2024 |
Breach Count: |
1,356,026 |
Content: |
Email addresses, Geographic locations, Names, Phone numbers, Purchases |
Domain: |
denniskirk.com |
Description:
In October 2024, almost 20GB of data containing 1.3M unique email addresses from motorcycle supplies store Dennis Kirk was circulated. Dating back to September 2021, the data also contained purchases from the online store along with customer names, phone numbers and postcodes. Dennis Kirk did not respond to multiple attempts to make contact about the breach. The data was provided to HIBP by a source who requested it be attributed to "IntelBroker, almighty444 & EnergyWeaponUser".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Altenen
Added Date: |
11/5/2024 |
Breach Date: |
6/24/2022 |
Updated Date: |
11/5/2024 |
Breach Count: |
1,267,701 |
Content: |
Cryptocurrency wallet addresses, Email addresses, Passwords, Usernames |
Domain: |
altenens.is |
Description:
In June 2022, the malicious "carding" (referring to credit card fraud) website Altenen suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 1.3M unique email addresses, usernames, bcrypt password hashes and cryptocurrency wallet addresses.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Z-lib
Added Date: |
11/3/2024 |
Breach Date: |
6/20/2024 |
Updated Date: |
11/3/2024 |
Breach Count: |
9,737,374 |
Content: |
Cryptocurrency wallet addresses, Email addresses, Geographic locations, Passwords, Purchases, Usernames |
Domain: |
z-lib.is |
Description:
In June 2024, almost 10M user records from Z-lib were discovered exposed online. Now defunct, Z-lib was a malicious clone of Z-Library, a well-known shadow online platform for pirating books and academic papers. The exposed data included usernames, email addresses, countries of residence, Bitcoin and Monero cryptocurrency wallet addresses, purchases and bcrypt password hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Stalker Online
Added Date: |
10/31/2024 |
Breach Date: |
5/5/2020 |
Updated Date: |
10/31/2024 |
Breach Count: |
1,385,472 |
Content: |
Email addresses, IP addresses, Passwords, Usernames |
Domain: |
stalker.so |
Description:
In May 2020, over 1.3M records from the MMO game Stalker Online were breached. The data included email and IP addresses, usernames and hashed passwords.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List: