Latest Breach Information
Below is a list of the last 25 known data breaches and any information we may have about them.
QuestionPro
| Added Date: |
8/4/2022 |
| Breach Date: |
5/21/2022 |
| Updated Date: |
8/5/2022 |
| Breach Count: |
22,229,637 |
| Content: |
Browser user agent details, Email addresses, IP addresses, Survey results |
| Domain: |
questionpro.com |
Description:
In May 2022, the survey website QuestionPro was the target of an extortion attempt relating to an alleged data breach. Over 100GB of data containing 22M unique email addresses (some of which appear to be generated by the platform), are alleged to have been extracted from the service along with IP addresses, browser user agents and results relating to surveys. QuestionPro would not confirm whether a breach had occurred (although they did confirm they were the target of an extortion attempt), so the data was initially flagged as "unverified". Subsequent verification by impacted HIBP subscribers later led to the removal of the unverified flag.
Verified: 
,
Fabricated: 
,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Tuned Global
| Added Date: |
8/2/2022 |
| Breach Date: |
3/16/2016 |
| Updated Date: |
8/2/2022 |
| Breach Count: |
985,586 |
| Content: |
Email addresses, Names, Passwords, Phone numbers, Physical addresses |
| Domain: |
tunedglobal.com |
Description:
In January 2021, data from a number of breached services including Tuned Global were released to a public hacking forum. The breach appears to date back to 2016 and includes 985k records containing email addresses, names, a small number of physical addresses and phone numbers and passwords stored in plain text.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Mecho Download
| Added Date: |
8/1/2022 |
| Breach Date: |
10/31/2013 |
| Updated Date: |
8/1/2022 |
| Breach Count: |
437,928 |
| Content: |
Email addresses, IP addresses, Passwords, Usernames |
| Domain: |
mechodownload.com |
Description:
In October 2013, the (now defunct) downloads website "Mecho Download" suffered a data breach that exposed 438k records. Data from the vBulletin based website included email and IP addresses, usernames and passwords stored as salted MD5 hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Battlefy
| Added Date: |
7/28/2022 |
| Breach Date: |
1/11/2016 |
| Updated Date: |
7/28/2022 |
| Breach Count: |
83,610 |
| Content: |
Email addresses, Passwords, Usernames |
| Domain: |
battlefy.com |
Description:
In January 2016, the esports website Battlefy suffered a data breach that exposed 83k customer records. The impacted data included email addresses, usernames and passwords stored as bcrypt hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Paytm
| Added Date: |
7/26/2022 |
| Breach Date: |
8/30/2020 |
| Updated Date: |
7/28/2022 |
| Breach Count: |
3,395,101 |
| Content: |
Dates of birth, Email addresses, Genders, Geographic locations, Income levels, Names, Phone numbers, Purchases |
| Domain: |
paytm.com |
Description:
In August 2020, the Indian payment provider Paytm was reported as having suffered a data breach and subsequent ransom demand, after which the data was circulated publicly. Further investigation into the data concluded that the breach was fabricated and did not originate from Paytm. The impacted data covered 3.4M unique email addresses along with names, phone numbers, genders, dates of birth, income levels and previous purchases.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Shadi.com
| Added Date: |
7/20/2022 |
| Breach Date: |
7/9/2016 |
| Updated Date: |
7/20/2022 |
| Breach Count: |
2,021,984 |
| Content: |
Email addresses, Passwords |
| Domain: |
shadi.com |
Description:
In July 2016, the Muslim dating site Shadi.com suffered a data breach that exposed over 2M members' email addresses. The breach also exposed passwords stored as MD5 hashes alongside their plain text equivalents. The data was provided to HIBP by a source who requested it be attributed to "[email protected]".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
PPCGeeks
| Added Date: |
7/18/2022 |
| Breach Date: |
8/19/2016 |
| Updated Date: |
7/18/2022 |
| Breach Count: |
492,518 |
| Content: |
Dates of birth, Email addresses, IP addresses, Passwords, Usernames |
| Domain: |
ppcgeeks.com |
Description:
In August 2016, the pocket PC fan site forum PPCGeeks suffered a data breach that exposed over 490k records. The breach of the vBulletin forum exposed email and IP addresses, usernames, dates of birth and passwords stored as salted MD5 hashes. The data was provided to HIBP by a source who requested it be attributed to "[email protected]".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
JukinMedia
| Added Date: |
7/16/2022 |
| Breach Date: |
10/28/2021 |
| Updated Date: |
7/16/2022 |
| Breach Count: |
314,290 |
| Content: |
Email addresses, Employers, IP addresses, Names, Occupations, Passwords, Phone numbers |
| Domain: |
jukinmedia.com |
Description:
In October 2021, the "global leader in user-generated entertainment" Jukin Media suffered a data breach. The breach exposed 13GB of code, configuration and data consisting of 314k unique email addresses along with names, phone numbers, IP addresses and bcrypt password hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Famm
| Added Date: |
7/16/2022 |
| Breach Date: |
10/8/2020 |
| Updated Date: |
7/16/2022 |
| Breach Count: |
535,240 |
| Content: |
Dates of birth, Email addresses, Genders, Names, Passwords |
| Domain: |
famm.us |
Description:
In late 2020, the Japanese family photos website Famm suffered a data breach that subsequently exposed 1.3M customer records, including 535k unique email addresses. Impacted data also included names, dates of birth, genders and passwords stored as SHA-256 hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Eskimi
| Added Date: |
7/16/2022 |
| Breach Date: |
9/25/2020 |
| Updated Date: |
7/16/2022 |
| Breach Count: |
1,197,620 |
| Content: |
Dates of birth, Email addresses, Genders, Geographic locations, Passwords, Usernames |
| Domain: |
eskimi.com |
Description:
In late 2020, the AdTech platform Eskimi suffered a data breach that exposed 26M records with 1.2M unique email addresses. The data included usernames, dates of birth, genders and passwords stored as unsalted MD5 hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
La Poste Mobile
| Added Date: |
7/13/2022 |
| Breach Date: |
7/4/2022 |
| Updated Date: |
7/13/2022 |
| Breach Count: |
533,886 |
| Content: |
Bank account numbers, Dates of birth, Email addresses, Genders, Names, Phone numbers, Physical addresses |
| Domain: |
lapostemobile.fr |
Description:
In July 2022, the French telecommunications company La Poste Mobile was the target of an attack by the LockBit ransomware which resulted in company data being published publicly. The impacted data included 533k unique email addresses along with names, physical addresses, phone numbers, dates of births, genders and banking information. 10 days after the attack, the La Poste Mobile website remained offline.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Mangatoon
| Added Date: |
7/6/2022 |
| Breach Date: |
5/13/2022 |
| Updated Date: |
7/6/2022 |
| Breach Count: |
23,040,238 |
| Content: |
Auth tokens, Avatars, Email addresses, Genders, Names, Passwords, Social media profiles, Usernames |
| Domain: |
mangatoon.mobi |
Description:
In May 2022, the Hong Kong based Manga service Mangatoon suffered a data breach that exposed 23M subscriber records. The breach exposed names, email addresses, genders, social media account identities, auth tokens from social logins and passwords stored as salted MD5 hashes. Mangatoon did not respond to multiple attempts to make contact regarding the breach.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Capital Economics
| Added Date: |
7/4/2022 |
| Breach Date: |
12/12/2020 |
| Updated Date: |
7/4/2022 |
| Breach Count: |
263,829 |
| Content: |
Email addresses, Employers, Job titles, Names, Phone numbers, Physical addresses |
| Domain: |
capitaleconomics.com |
Description:
In December 2020, the economic research company Capital Economics suffered a data breach that exposed 263k customer records. The exposed data included email and physical addresses, names, phone numbers, job titles and the employer of impacted customers.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Bookchor
| Added Date: |
7/3/2022 |
| Breach Date: |
1/28/2021 |
| Updated Date: |
7/3/2022 |
| Breach Count: |
498,297 |
| Content: |
Dates of birth, Email addresses, Genders, IP addresses, Names, Passwords, Phone numbers, Social media profiles |
| Domain: |
bookchor.com |
Description:
In January 2021, the Indian book trading website Bookchor suffered a data breach that exposed half a million customer records. The exposed data included email and IP addresses, names, genders, dates of birth, phone numbers and passwords stored as unsalted MD5 hashes. The data was subsequently traded on a popular hacking forum.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Bourse des Vols
| Added Date: |
7/3/2022 |
| Breach Date: |
1/12/2021 |
| Updated Date: |
7/3/2022 |
| Breach Count: |
1,460,130 |
| Content: |
Dates of birth, Email addresses, Flights taken, IP addresses, Names, Phone numbers, Physical addresses, Purchases |
| Domain: |
bourse-des-vols.com |
Description:
In January 2021, the French travel company Bourse des Vols suffered a data breach that exposed 1.46M unique email addresses across more than 1.2k .sql files and over 9GB of data. The impacted data exposed personal information and travel histories including names, phone numbers, IP and physical addresses, dates of birth along with flights taken and purchases.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
DivX SubTitles
| Added Date: |
6/13/2022 |
| Breach Date: |
1/1/2010 |
| Updated Date: |
6/13/2022 |
| Breach Count: |
783,058 |
| Content: |
Email addresses, Passwords, Usernames |
| Domain: |
divxsubtitles.net |
Description:
In approximately 2010, the now defunct website DivX SubTitles suffered a data breach that exposed 783k user accounts including email addresses, usernames and plain text passwords.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
CTARS
| Added Date: |
5/31/2022 |
| Breach Date: |
5/21/2021 |
| Updated Date: |
5/31/2022 |
| Breach Count: |
12,314 |
| Content: |
Dates of birth, Email addresses, Genders, Names, Passwords, Personal health data, Phone numbers, Physical addresses, Salutations, Usernames |
| Domain: |
ctars.com.au |
Description:
In May 2022, the client management system for the Australian government's NDIS (National Disability Insurance Scheme) suffered a data breach which was subsequently posted to an online hacking forum. The CTARS cloud platform is used by care providers to record information about NDIS participants and often contains sensitive medical information. Impacted data includes over 12k unique email addresses, physical addresses, names, dates of birth, phone numbers and data related to patient conditions and treatments.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Adecco
| Added Date: |
5/31/2022 |
| Breach Date: |
1/3/2021 |
| Updated Date: |
5/31/2022 |
| Breach Count: |
4,284,538 |
| Content: |
Email addresses, Genders, Geographic locations, Marital statuses, Names, Passwords, Phone numbers |
| Domain: |
adecco.com |
Description:
In March 2021, news broke of a massive data breach impacting millions of Adecco customers in South America which was subsequently sold on a popular hacking forum. The breach exposed over 4M unique email addresses as well as genders, dates of birth, marital statuses, phone numbers and passwords stored as bcrypt hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
MGM Resorts (2022 Update)
| Added Date: |
5/28/2022 |
| Breach Date: |
7/25/2019 |
| Updated Date: |
5/28/2022 |
| Breach Count: |
24,842,001 |
| Content: |
Dates of birth, Email addresses, Names, Phone numbers, Physical addresses |
| Domain: |
mgmresorts.com |
Description:
In July 2019, MGM Resorts discovered a data breach of one of their cloud services. The breach included 10.6M guest records with 3.1M unique email addresses stemming back to 2017. In May 2022, a superset of the data totalling almost 25M unique email addresses across 142M rows was extensively shared on Telegram. On analysis, it's highly likely the data stems from the same incident with 142M records having been discovered for sale on a dark web marketplace in mid-2020. The exposed data included email and physical addresses, names, phone numbers and dates of birth.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Preen.Me
| Added Date: |
5/25/2022 |
| Breach Date: |
5/25/2020 |
| Updated Date: |
5/25/2022 |
| Breach Count: |
236,105 |
| Content: |
Email addresses, Names, Social media profiles, Usernames |
| Domain: |
preen.me |
Description:
In May 2020, social media marketing company Preen.Me was the target of a ransom attack that resulted in hundreds of thousands of records being publicly posted. Over 236k unique email addresses were exposed in the attack alongside names, usernames and links to social media profiles.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List: