Latest Breach Information
Below is a list of the last 25 known data breaches and any information we may have about them.
JD Group
Added Date: |
6/5/2023 |
Breach Date: |
5/31/2023 |
Updated Date: |
6/5/2023 |
Breach Count: |
521,878 |
Content: |
Email addresses, Government issued IDs, Names, Phone numbers, Physical addresses |
Domain: |
jdgroup.co.za |
Description:
In May 2023, the South African retailer JD Group announced a data breach affecting a number of their online assets including Bradlows, Everyshop, HiFi Corp, Incredible (Connection), Rochester, Russells, and Sleepmasters. The breach exposed over 520k unique customer records including names, email and physical addresses, phone numbers and South African ID numbers.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
RaidForums
Added Date: |
5/30/2023 |
Breach Date: |
9/24/2020 |
Updated Date: |
5/30/2023 |
Breach Count: |
478,604 |
Content: |
Dates of birth, Email addresses, IP addresses, Passwords, Usernames |
Domain: |
raidforums.com |
Description:
In May 2023, 478k user records from the now defunct hacking forum known as "RaidForums" was posted to another hacking forum. The data dated back to September 2020 and included email addresses, usernames, dates of birth, IP addresses and passwords stored as Argon2 hashes. The data was provided to HIBP by a source who requested it be attributed to "[email protected]".
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
Polish Credentials
Added Date: |
5/30/2023 |
Breach Date: |
5/29/2023 |
Updated Date: |
5/30/2023 |
Breach Count: |
1,204,870 |
Content: |
Email addresses, Passwords |
Domain: |
n/a |
Description:
In May 2023, a credential stuffing list of 6.3M Polish email address and password pairs appeared on a local forum. Likely obtained by malware running on victims' machines, each record included an email address and plain text password alongside the website the credentials were used on. The data included 1.2M unique email addresses.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
Luxottica
Added Date: |
5/19/2023 |
Breach Date: |
3/16/2021 |
Updated Date: |
5/19/2023 |
Breach Count: |
77,093,812 |
Content: |
Dates of birth, Email addresses, Genders, Names, Phone numbers, Physical addresses |
Domain: |
luxottica.com |
Description:
In March 2021, the world's largest eyewear company Luxoticca suffered a data breach via one of their partners that exposed the personal information of more than 70M people. The data was subsequently sold via a popular hacking forum in late 2022 and included email and physical addresses, names, genders, dates of birth and phone numbers. In a statement from Luxottica, they advised they were aware of the incident and are currently "considering other notification obligations".
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
RentoMojo
Added Date: |
5/10/2023 |
Breach Date: |
4/15/2023 |
Updated Date: |
5/10/2023 |
Breach Count: |
2,185,697 |
Content: |
Dates of birth, Email addresses, Genders, Government issued IDs, Names, Passport numbers, Passwords, Phone numbers, Purchases, Social media profiles |
Domain: |
rentomojo.com |
Description:
In April 2023, the Indian rental service RentoMojo suffered a data breach. The breach exposed over 2M unique email addresses along with names, phone, passport and Aadhaar numbers, genders, dates of birth, purchases and bcrypt password hashes.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
CityJerks
Added Date: |
4/27/2023 |
Breach Date: |
2/27/2023 |
Updated Date: |
4/27/2023 |
Breach Count: |
177,554 |
Content: |
Bios, Dates of birth, Email addresses, Geographic locations, IP addresses, Passwords, Private messages, Profile photos, Sexual orientations, Usernames |
Domain: |
cityjerks.com |
Description:
In early 2023, the "mutual masturbation" website CityJerks suffered a data breach that exposed 177k unique email addresses. The breach also included data from the TruckerSucker "dating app for REAL TRUCKERS and REAL MEN" with the combined corpus of data also exposing usernames, IP addresses, dates of birth, sexual orientations, geo locations, private messages between members and passwords stored as salted MD5 hashes. The data was listed on a public hacking site and provided to HIBP by a source who requested it be attributed to "discord.gg/gN9C9em".
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
MEO
Added Date: |
4/23/2023 |
Breach Date: |
12/24/2020 |
Updated Date: |
4/23/2023 |
Breach Count: |
8,227 |
Content: |
Email addresses, Names, Passwords, Phone numbers, Physical addresses, Purchases, Usernames |
Domain: |
meoair.com |
Description:
In early 2023, a corpus of data sourced from the New Zealand based face mask company MEO was discovered. Dating back to December 2020, the data contained over 8k customer records including names, addresses, phone numbers and passwords stored as MD5 Wordpress hashes. MEO did not respond to multiple attempts to report the breach.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
Terravision
Added Date: |
4/22/2023 |
Breach Date: |
2/1/2023 |
Updated Date: |
4/22/2023 |
Breach Count: |
2,075,625 |
Content: |
Dates of birth, Email addresses, Geographic locations, Names, Passwords, Phone numbers |
Domain: |
terravision.eu |
Description:
In February 2023, the European airport transfers service Terravision suffered a data breach. The breach exposed over 2M records of customer data including names, phone numbers, email addresses, salted password hashes and in some cases, date of birth and country of origin. Terravision did not respond to multiple attempts by individuals period over a period of months to report the incident.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
OGUsers (2022 breach)
Added Date: |
4/13/2023 |
Breach Date: |
7/13/2022 |
Updated Date: |
4/13/2023 |
Breach Count: |
529,020 |
Content: |
Email addresses, IP addresses, Passwords, Usernames |
Domain: |
ogusers.com |
Description:
In July 2022, the account hijacking and SIM swapping forum OGusers suffered a data breach, the fifth since December 2018. The breach contained usernames, email and IP addresses and passwords stored as argon2 hashes. A total of 529k unique email addresses appeared in the breach.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
The Kodi Foundation
Added Date: |
4/13/2023 |
Breach Date: |
2/16/2023 |
Updated Date: |
4/13/2023 |
Breach Count: |
400,635 |
Content: |
Browser user agent details, Dates of birth, Email addresses, IP addresses, Passwords, Private messages, Usernames |
Domain: |
kodi.tv |
Description:
In February 2023, The Kodi Foundation suffered a data breach that exposed more than 400k user records. Attributed to an account belonging to "a trusted but currently inactive member of the forum admin team", the breach involved the administrator account creating a database backup that was subsequently downloaded before being sold on a hacking forum. The breach exposed email and IP addresses, usernames, genders and passwords stored as MyBB salted hashes. The Kodi Foundation elected to self-submit impacted email addresses to HIBP.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
Genesis Market
Added Date: |
4/5/2023 |
Breach Date: |
4/5/2023 |
Updated Date: |
4/5/2023 |
Breach Count: |
8,000,000 |
Content: |
Browser user agent details, Credit card CVV, Credit cards, Dates of birth, Email addresses, Names, Passwords, Phone numbers, Physical addresses, Usernames |
Domain: |
genesis.market |
Description:
In April 2023, the stolen identity marketplace Genesis Market was shut down by the FBI and a coalition of law enforcement agencies across the globe in "Operation Cookie Monster". The service traded in "browser fingerprints" which enabled criminals to impersonate victims and access their online services. As many of the impacted accounts did not include email addresses, "8M" is merely an approximation intended to indicate scale. Other personal data compromised by the service included names, addresses and credit card information, although not all individuals had each of these fields exposed.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
Sundry Files
Added Date: |
3/30/2023 |
Breach Date: |
1/21/2022 |
Updated Date: |
3/30/2023 |
Breach Count: |
274,461 |
Content: |
Email addresses, IP addresses, Passwords, Usernames |
Domain: |
sundryfiles.com |
Description:
In January 2022, the now defunct file upload service Sundry Files suffered a data breach that exposed 274k unique email addresses. The data also included usernames, IP addresses and passwords stored as salted SHA-256 hashes.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
Leaked Reality
Added Date: |
3/30/2023 |
Breach Date: |
1/31/2022 |
Updated Date: |
3/30/2023 |
Breach Count: |
114,907 |
Content: |
Email addresses, IP addresses, Passwords, Usernames |
Domain: |
leakedreality.com |
Description:
In January 2022, the now defunct uncensored video website Leaked Reality suffered a data breach that exposed 115k unique email addresses. The data also included usernames, IP addresses and passwords stored as either MD5 or phpass hashes.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
TheGradCafe
Added Date: |
3/23/2023 |
Breach Date: |
2/26/2023 |
Updated Date: |
3/23/2023 |
Breach Count: |
310,975 |
Content: |
Email addresses, Genders, Geographic locations, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Usernames |
Domain: |
thegradcafe.com |
Description:
In February 2023, the grad school admissions search website TheGradCafe suffered a data breach that disclosed the personal records of 310k users. The data included email addresses, names and usernames, genders, geographic locations and passwords stored as bcrypt hashes. Some records also included physical address, phone number and date of birth. TheGradCafe did not respond to multiple attempts to disclose the breach.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
Shopper+
Added Date: |
3/11/2023 |
Breach Date: |
9/14/2020 |
Updated Date: |
3/11/2023 |
Breach Count: |
878,290 |
Content: |
Dates of birth, Email addresses, Genders, Names, Phone numbers, Physical addresses, Spoken languages |
Domain: |
shopperplus.ca |
Description:
In March 2023, "Canada's online shopping mall" Shopper+ disclosed a data breach discovered on a public hacking forum. The breach dated back to September 2020 and included 878k customer records with email and physical addresses, names, phone numbers and in some cases, genders and dates of birth.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
HDB Financial Services
Added Date: |
3/10/2023 |
Breach Date: |
2/22/2023 |
Updated Date: |
3/10/2023 |
Breach Count: |
1,658,750 |
Content: |
Dates of birth, Email addresses, Genders, Geographic locations, Loan information, Names, Phone numbers |
Domain: |
hdbfs.com |
Description:
In March 2023, the Indian non-bank lending unit HDB Financial Services suffered a data breach that disclosed over 70M customer records. Containing 1.6M unique email addresses, the breach also disclosed names, dates of birth, phone numbers, genders, post codes and loan information belonging to the customers.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
Eye4Fraud
Added Date: |
3/5/2023 |
Breach Date: |
1/25/2023 |
Updated Date: |
3/6/2023 |
Breach Count: |
16,000,591 |
Content: |
Email addresses, IP addresses, Names, Partial credit card data, Passwords, Phone numbers, Physical addresses |
Domain: |
eye4fraud.com |
Description:
In February 2023, data alleged to have been taken from the fraud protection service Eye4Fraud was listed for sale on a popular hacking forum. Spanning tens of millions of rows with 16M unique email addresses, the data was spread across 147 tables totalling 65GB and included both direct users of the service and what appears to be individuals who'd placed orders on other services that implemented Eye4Fraud to protect their sales. The data included names and bcrypt password hashes for users, and names, phone numbers, physical addresses and partial credit card data (card type and last 4 digits) for orders placed using the service. Eye4Fraud did not respond to multiple attempts to report the incident.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
iD Tech
Added Date: |
3/5/2023 |
Breach Date: |
1/3/2023 |
Updated Date: |
3/5/2023 |
Breach Count: |
415,121 |
Content: |
Dates of birth, Email addresses, Names, Passwords |
Domain: |
idtech.com |
Description:
In February 2023, the tech camps for kids service iD Tech had almost 1M records posted to a popular hacking forum. The data included 415k unique email addresses, names, dates of birth and plain text passwords which appear to have been breached in the previous month. iD Tech did not respond to multiple attempts to report the incident.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
LBB
Added Date: |
3/5/2023 |
Breach Date: |
2/14/2019 |
Updated Date: |
3/5/2023 |
Breach Count: |
39,288 |
Content: |
Browser user agent details, Email addresses, IP addresses, Names, Physical addresses |
Domain: |
lbb.in |
Description:
In August 2022, customer data of the Indian shopping site "LBB" (Little Black Book) was posted to a popular hacking forum. The data contained over 3M records with 39k unique email addresses alongside IP and physical addresses, names and device information with the most recent data dating back to early 2019. LBB advised they believe the data was exposed by a third party service and whilst it contained information they retain on their customers, it had also been enriched with additional data attributes.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
GunAuction.com
Added Date: |
3/2/2023 |
Breach Date: |
12/3/2022 |
Updated Date: |
3/4/2023 |
Breach Count: |
565,470 |
Content: |
Browser user agent details, Email addresses, Genders, IP addresses, Partial credit card data, Partial dates of birth, Passwords, Phone numbers, Physical addresses, Usernames |
Domain: |
gunauction.com |
Description:
In December 2022, the online firearms auction website GunAuction.com suffered a data breach which was later discovered left unprotected on the hacker's server. The data included over 565k user records with extensive personal data including email, IP and physical addresses, names, phone numbers, genders, years of birth, credit card type and passwords stored in plain text. The leaked identities could subsequently be matched to firearms listed for sale on the website.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List: