Latest Breach Information

Below is a list of the last 25 known data breaches and any information we may have about them.


Nitro

Added Date: 1/19/2021
Breach Date: 9/28/2020
Updated Date: 1/19/2021
Breach Count: 77,159,696
Content: Email addresses, Names, Passwords
Domain: gonitro.com

Description:

In September 2020, the Nitro PDF service suffered a massive data breach which exposed over 70 million unique email addresses. The breach also exposed names, bcrypt password hashes and the titles of converted documents. The data was provided to HIBP by dehashed.com.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Romwe

Added Date: 1/18/2021
Breach Date: 6/1/2018
Updated Date: 1/18/2021
Breach Count: 19,531,820
Content: Geographic locations, IP addresses, Names, Passwords, Phone numbers, Physical addresses
Domain: romwe.com

Description:

In mid-2018, the Hong Kong-based retailer Romwe suffered a data breach which exposed almost 20 million customers. The data was subsequently sold online and includes names, phone numbers, email and IP addresses, customer geographic locations and passwords stored as salted SHA-1 hashes. The data was provided to HIBP by dehashed.com.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Jobandtalent

Added Date: 1/17/2021
Breach Date: 2/1/2018
Updated Date: 1/17/2021
Breach Count: 10,981,207
Content: Email addresses, IP addresses, Names, Passwords
Domain: jobandtalent.com

Description:

In approximately February 2018, the employment website Jobandtalent suffered a data breach which then appeared for sale alongside other breaches a year later. The incident impacted 11 million subscribers and exposed their names, email and IP addresses and passwords stored as salted SHA-1 hashes.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Glofox

Added Date: 1/9/2021
Breach Date: 3/27/2020
Updated Date: 1/9/2021
Breach Count: 2,330,735
Content: Dates of birth, Email addresses, Genders, Names, Passwords, Phone numbers
Domain: glofox.com

Description:

In March 2020, the Irish gym management software company Glofox suffered a data breach which exposed 2.3M membership records. The data included email addresses, names, phone numbers, genders, dates of birth and passwords stored as unsalted MD5 hashes.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

GeniusU

Added Date: 1/8/2021
Breach Date: 10/2/2020
Updated Date: 1/9/2021
Breach Count: 1,301,460
Content: Email addresses, Genders, IP addresses, Names, Passwords, Social media profiles
Domain: geniusu.com

Description:

In November 2020, a collection of data breaches were made public including the "Entrepreneur Success Platform", GeniusU. Dating back to the previous month, the data included 1.3M names, email and IP addresses, genders, links to social media profiles and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Ledger

Added Date: 12/20/2020
Breach Date: 6/25/2020
Updated Date: 12/20/2020
Breach Count: 1,075,241
Content: Email addresses, Names, Phone numbers, Physical addresses
Domain: ledger.com

Description:

In June 2020, the hardware crypto wallet manufacturer Ledger suffered a data breach that exposed over 1 million email addresses. The data was initially sold before being dumped publicly in December 2020 and included names, physical addresses and phone numbers. The data was provided to HIBP by Alon Gal, CTO of cybercrime intelligence firm Hudson Rock.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Peatix

Added Date: 12/6/2020
Breach Date: 1/20/2019
Updated Date: 12/6/2020
Breach Count: 4,227,907
Content: Email addresses, Names, Passwords
Domain: peatix.com

Description:

In January 2019, the event organising platform Peatix suffered a data breach. The incident exposed 4.2M email addresses, names and salted password hashes. The data was provided to HIBP by dehashed.com.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Pluto TV

Added Date: 12/5/2020
Breach Date: 10/12/2018
Updated Date: 12/5/2020
Breach Count: 3,225,080
Content: Dates of birth, Device information, Email addresses, Genders, IP addresses, Names, Passwords, Social media profiles, Usernames
Domain: pluto.tv

Description:

In October 2018, the internet television service Pluto TV suffered a data breach which was then shared extensively in hacking communities. Pluto TV "decided not to proactively inform users of the breach" which contained 3.2M unique email and IP addresses, names, usernames, genders, dates of birth and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Cit0day

Added Date: 11/19/2020
Breach Date: 11/4/2020
Updated Date: 11/19/2020
Breach Count: 226,883,414
Content: Email addresses, Passwords
Domain: cit0day.in

Description:

In November 2020, a collection of more than 23,000 allegedly breached websites known as Cit0day were made available for download on several hacking forums. The data consisted of 226M unique email address alongside password pairs, often represented as both password hashes and the cracked, plain text versions. Independent verification of the data established it contains many legitimate, previously undisclosed breaches. The data was provided to HIBP by dehashed.com.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

123RF

Added Date: 11/14/2020
Breach Date: 3/22/2020
Updated Date: 11/14/2020
Breach Count: 8,661,578
Content: Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Usernames
Domain: 123rf.com

Description:

In March 2020, the stock photo site 123RF suffered a data breach which impacted over 8 million subscribers and was subsequently sold online. The breach included email, IP and physical addresses, names, phone numbers and passwords stored as MD5 hashes. The data was provided to HIBP by dehashed.com.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Home Chef

Added Date: 11/12/2020
Breach Date: 2/10/2020
Updated Date: 11/12/2020
Breach Count: 8,815,692
Content: Email addresses, Geographic locations, IP addresses, Names, Partial credit card data, Passwords, Phone numbers
Domain: homechef.com

Description:

In early 2020, the food delivery service Home Chef suffered a data breach which was subsequently sold online. The breach exposed the personal information of almost 9 million customers including names, IP addresses, post codes, the last 4 digits of credit card numbers and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Animal Jam

Added Date: 11/11/2020
Breach Date: 10/12/2020
Updated Date: 11/11/2020
Breach Count: 7,104,998
Content: Dates of birth, Email addresses, Genders, IP addresses, Names, Passwords, Physical addresses, Usernames
Domain: animaljam.com

Description:

In October 2020, the online game for kids Animal Jam suffered a data breach which was subsequently shared through online hacking communities the following month. The data contained 46 million user accounts with over 7 million unique email addresses. Impacted data also included usernames, IP addresses and for some records, dates of birth (sometimes in partial form), physical addresses, parent names and passwords stored as PBKDF2 hashes.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Mashable

Added Date: 11/9/2020
Breach Date: 6/1/2020
Updated Date: 11/9/2020
Breach Count: 1,414,677
Content: Auth tokens, Email addresses, Genders, Geographic locations, IP addresses, Names, Partial dates of birth, Social media profiles
Domain: mashable.com

Description:

In approximately mid-2020, Mashable suffered a data breach that subsequently turned up publicly in November 2020. The data included 1.4 million unique email addresses along with names, genders, expired auth tokens, physical locations, links to social media profiles and days and months of birth. The data was provided to HIBP by dehashed.com.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Lazada RedMart

Added Date: 11/9/2020
Breach Date: 7/30/2020
Updated Date: 11/9/2020
Breach Count: 1,107,789
Content: Email addresses, Names, Partial credit card data, Passwords, Phone numbers, Physical addresses
Domain: redmart.lazada.sg

Description:

In October 2020, news broke of Lazada RedMart data breach containing records as recent as July 2020 and being sold via an online marketplace. In all, the data contained 1.1 million customer email addresses alongside names, phone numbers, physical addresses, partial credit card numbers and passwords stored as SHA-1 hashes.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

James

Added Date: 11/4/2020
Breach Date: 3/25/2020
Updated Date: 11/4/2020
Breach Count: 1,541,284
Content: Email addresses, Geographic locations, Passwords
Domain: jamesdelivery.com.br

Description:

In June 2020, 14 previously undisclosed data breaches appeared for sale including the Brazilian delivery service, "James". The breach occurred in March 2020 and exposed 1.5M unique email addresses, customer locations expressed in longitude and latitude and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Wongnai

Added Date: 11/4/2020
Breach Date: 10/28/2020
Updated Date: 11/4/2020
Breach Count: 3,924,454
Content: Dates of birth, Email addresses, Geographic locations, IP addresses, Names, Passwords, Phone numbers, Social media profiles
Domain: wongnai.com

Description:

In October 2020, 17 previously undisclosed data breaches appeared for sale including the Thai restaurant, hotel and attraction finding service, Wongnai. The breach exposed almost 4M unique customer records from some time during 2020 along with names, phone numbers, links to social media profiles and passwords stored as MD5 hashes. The data was self-submitted to HIBP by Wongnai.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Minted

Added Date: 11/3/2020
Breach Date: 5/6/2020
Updated Date: 11/3/2020
Breach Count: 4,418,182
Content: Email addresses, Names, Passwords, Phone numbers, Physical addresses
Domain: minted.com

Description:

In May 2020, the online marketplace for independent artists Minted suffered a data breach that exposed 4.4M unique customer records subsequently sold on a dark web marketplace. Exposed data also included names, physical addresses, phone numbers and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Promofarma

Added Date: 11/1/2020
Breach Date: 8/3/2019
Updated Date: 11/3/2020
Breach Count: 1,277,761
Content: Email addresses, Names
Domain: promofarma.com

Description:

In August 2019, a data breach from the Spanish online pharmacy Promofarma appeared for sale on a dark web marketplace. The breach exposed over 2.7M records and contained almost 1.3M unique customer email addresses. The data also included customer names and was provided to HIBP by dehashed.com.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

StarTribune

Added Date: 10/30/2020
Breach Date: 10/10/2019
Updated Date: 10/30/2020
Breach Count: 2,192,857
Content: Dates of birth, Email addresses, Genders, Names, Passwords, Physical addresses, Usernames
Domain: startribune.com

Description:

In October 2019, the Minnesota-based news service StarTribune suffered a data breach which was subsequently sold on the dark web. The breach exposed over 2 million unique email addresses alongside names, usernames, physical addresses, dates of birth, genders and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Reincubate

Added Date: 10/29/2020
Breach Date: 5/11/2017
Updated Date: 10/29/2020
Breach Count: 616,146
Content: Email addresses, Names, Passwords
Domain: reincubate.com

Description:

In October 2020, the app data company Reincubate suffered a data breach which exposed a backup from November 2017 (the newest record in the data appeared several months earlier). The data included over 616k unique email addresses, names and passwords stored as PBKDF2 hashes.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

























Account Search

This site simply searches online databases of compromised account information in an attempt to help you keep your accounts safe and secure. We do not actually have or store any information -- including the usernames and email addresses you enter above.

Share This!


Make a Donation To Keep Us Running