Latest Breach Information
Below is a list of the last 25 known data breaches and any information we may have about them.
FlipaClip
| Added Date: |
11/20/2024 |
| Breach Date: |
11/18/2024 |
| Updated Date: |
11/20/2024 |
| Breach Count: |
892,854 |
| Content: |
Dates of birth, Email addresses, Geographic locations, Names |
| Domain: |
flipaclip.com |
Description:
In November 2024, the animation app FlipaClip suffered a data breach that exposed almost 900k records due to an exposed Firebase server. The impacted data included name, email address, country and date of birth. FlipaClip advised the issue has since been rectified.
Verified: 
,
Fabricated: 
,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Finsure
| Added Date: |
11/18/2024 |
| Breach Date: |
10/15/2024 |
| Updated Date: |
11/18/2024 |
| Breach Count: |
296,124 |
| Content: |
Email addresses, Names, Phone numbers, Physical addresses |
| Domain: |
finsure.com.au |
Description:
In October 2024, almost 300k unique email addresses from Australian mortgage broking group Finsure were obtained from the ActivePipe real estate marketing platform. The impacted data also included names, phone numbers and physical addresses. The incident did not directly affect any of Finsure's systems or expose any passwords or financial data.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
DemandScience by Pure Incubation
| Added Date: |
11/13/2024 |
| Breach Date: |
2/28/2024 |
| Updated Date: |
11/13/2024 |
| Breach Count: |
121,796,165 |
| Content: |
Email addresses, Employers, Job titles, Names, Phone numbers, Physical addresses, Social media profiles |
| Domain: |
demandscience.com |
Description:
In early 2024, a large corpus of data from DemandScience (a company owned by Pure Incubation), appeared for sale on a popular hacking forum. Later attributed to a leak from a decommissioned legacy system, the breach contained extensive data that was largely business contact information aggregated from public sources. Specifically, the data included 122M unique corporate email addresses, physical addresses, phone numbers, employers and job titles. It also included names and for many individuals, a link to their LinkedIn profile.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Hot Topic
| Added Date: |
11/11/2024 |
| Breach Date: |
10/19/2024 |
| Updated Date: |
11/11/2024 |
| Breach Count: |
56,904,909 |
| Content: |
Dates of birth, Email addresses, Genders, Names, Partial credit card data, Phone numbers, Physical addresses, Purchases, Salutations |
| Domain: |
hottopic.com |
Description:
In October 2024, retailer Hot Topic suffered a data breach that exposed 57 million unique email addresses. The impacted data also included physical addresses, phone numbers, purchases, genders, dates of birth and partial credit data containing card type, expiry and last 4 digits.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Earth 2
| Added Date: |
11/6/2024 |
| Breach Date: |
10/16/2024 |
| Updated Date: |
11/6/2024 |
| Breach Count: |
420,961 |
| Content: |
Email addresses, Usernames |
| Domain: |
earth2.io |
Description:
In October 2024, 421k unique email addresses from the virtual earth game Earth 2 were derived from embedded Gravatar images. Appearing alongside player usernames, the root cause was related to how Gravatar presents links to avatars as MD5 hashes within consuming services, a feature Earth 2 advised has now been disabled on their platform. This incident did not expose any further personal information, passwords or financial data.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Dennis Kirk
| Added Date: |
11/5/2024 |
| Breach Date: |
9/4/2021 |
| Updated Date: |
11/5/2024 |
| Breach Count: |
1,356,026 |
| Content: |
Email addresses, Geographic locations, Names, Phone numbers, Purchases |
| Domain: |
denniskirk.com |
Description:
In October 2024, almost 20GB of data containing 1.3M unique email addresses from motorcycle supplies store Dennis Kirk was circulated. Dating back to September 2021, the data also contained purchases from the online store along with customer names, phone numbers and postcodes. Dennis Kirk did not respond to multiple attempts to make contact about the breach. The data was provided to HIBP by a source who requested it be attributed to "IntelBroker, almighty444 & EnergyWeaponUser".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Altenen
| Added Date: |
11/5/2024 |
| Breach Date: |
6/24/2022 |
| Updated Date: |
11/5/2024 |
| Breach Count: |
1,267,701 |
| Content: |
Cryptocurrency wallet addresses, Email addresses, Passwords, Usernames |
| Domain: |
altenens.is |
Description:
In June 2022, the malicious "carding" (referring to credit card fraud) website Altenen suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 1.3M unique email addresses, usernames, bcrypt password hashes and cryptocurrency wallet addresses.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Z-lib
| Added Date: |
11/3/2024 |
| Breach Date: |
6/20/2024 |
| Updated Date: |
11/3/2024 |
| Breach Count: |
9,737,374 |
| Content: |
Cryptocurrency wallet addresses, Email addresses, Geographic locations, Passwords, Purchases, Usernames |
| Domain: |
z-lib.is |
Description:
In June 2024, almost 10M user records from Z-lib were discovered exposed online. Now defunct, Z-lib was a malicious clone of Z-Library, a well-known shadow online platform for pirating books and academic papers. The exposed data included usernames, email addresses, countries of residence, Bitcoin and Monero cryptocurrency wallet addresses, purchases and bcrypt password hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Stalker Online
| Added Date: |
10/31/2024 |
| Breach Date: |
5/5/2020 |
| Updated Date: |
10/31/2024 |
| Breach Count: |
1,385,472 |
| Content: |
Email addresses, IP addresses, Passwords, Usernames |
| Domain: |
stalker.so |
Description:
In May 2020, over 1.3M records from the MMO game Stalker Online were breached. The data included email and IP addresses, usernames and hashed passwords.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
TNAFlix
| Added Date: |
10/30/2024 |
| Breach Date: |
6/1/2022 |
| Updated Date: |
10/30/2024 |
| Breach Count: |
1,374,344 |
| Content: |
Email addresses, IP addresses, Passwords, Usernames |
| Domain: |
tnaflix.com |
Description:
In June 2022, the adult website TNAFlix suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 1.4M records of email and IP addresses, usernames and plain text passwords.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
VimeWorld
| Added Date: |
10/30/2024 |
| Breach Date: |
10/1/2018 |
| Updated Date: |
10/30/2024 |
| Breach Count: |
3,118,964 |
| Content: |
Email addresses, IP addresses, Passwords, Usernames |
| Domain: |
vimeworld.com |
Description:
In October 2018, the Russian Minecraft service VimeWorld suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 3.1M records of usernames, email and IP addresses and passwords stored as either MD5 or bcrypt hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
StreamCraft
| Added Date: |
10/27/2024 |
| Breach Date: |
7/6/2020 |
| Updated Date: |
10/27/2024 |
| Breach Count: |
1,772,620 |
| Content: |
Email addresses, IP addresses, Passwords, Usernames |
| Domain: |
streamcraft.net |
Description:
In July 2020, the Russian Minecraft service StreamCraft suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 1.8M records of usernames, email and IP addresses and passwords stored as either MD5 or bcrypt hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
The Club Penguin Experience
| Added Date: |
10/26/2024 |
| Breach Date: |
10/14/2024 |
| Updated Date: |
10/26/2024 |
| Breach Count: |
6,342 |
| Content: |
Age groups, Email addresses, Password hints, Passwords, Usernames |
| Domain: |
thecpexperience.com |
Description:
In October 2024, The Club Penguin Experience (TCPE) suffered a data breach. The incident exposed over 6k subscribers' email addresses alongside usernames, age groups, passwords stored as bcrypt hashes and in some cases, plain text password hints. TCPE sent prompt disclosure notices to impacted customers following the breach.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
digiDirect
| Added Date: |
10/24/2024 |
| Breach Date: |
9/29/2024 |
| Updated Date: |
10/24/2024 |
| Breach Count: |
304,337 |
| Content: |
Dates of birth, Email addresses, Names, Phone numbers, Physical addresses |
| Domain: |
digidirect.com.au |
Description:
In September 2024, a data breach sourced from the Australian retailer digiDirect was published to a popular hacking forum. The breach exposed over 300k rows of data including email and physical address, name, phone number and date of birth. Approximately half the email addresses were on domains from external marketplaces including Amazon, eBay and Westfield.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Fair Vote Canada
| Added Date: |
10/21/2024 |
| Breach Date: |
3/2/2024 |
| Updated Date: |
10/21/2024 |
| Breach Count: |
134,336 |
| Content: |
Email addresses, Names, Phone numbers, Physical addresses, Political donations |
| Domain: |
fairvote.ca |
Description:
In March 2024, the Canadian national citizens' campaign for proportional representation Fair Vote Canada suffered a data breach. The incident was attributed to "a well-meaning volunteer" who inadvertently exposed data from 2020 which included 134k unique email addresses, names, physical addresses, phone numbers and, for some individuals, date and amount of a donation.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
AlpineReplay
| Added Date: |
10/16/2024 |
| Breach Date: |
8/27/2019 |
| Updated Date: |
10/16/2024 |
| Breach Count: |
898,681 |
| Content: |
Dates of birth, Email addresses, Genders, Names, Passwords, Physical attributes, Usernames |
| Domain: |
traceup.com |
Description:
In 2019, the snow sports tracking app AlpineReplay suffered a data breach that exposed 900k unique email addresses. Later rolled into the Trace service, the breach included names, usernames, genders, dates of birth, weights and passwords stored as either unsalted MD5 or bcrypt hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Internet Archive
| Added Date: |
10/9/2024 |
| Breach Date: |
9/28/2024 |
| Updated Date: |
10/9/2024 |
| Breach Count: |
31,081,179 |
| Content: |
Email addresses, Passwords, Usernames |
| Domain: |
archive.org |
Description:
In September 2024, the digital library of internet sites Internet Archive suffered a data breach that exposed 31M records. The breach exposed user records including email addresses, screen names and bcrypt password hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Muah.AI
| Added Date: |
10/8/2024 |
| Breach Date: |
9/17/2024 |
| Updated Date: |
10/8/2024 |
| Breach Count: |
1,910,261 |
| Content: |
Email addresses, Sexual fetishes |
| Domain: |
muah.ai |
Description:
In September 2024, the "AI girlfriend" website Muah.AI suffered a data breach. The breach exposed 1.9M email addresses alongside prompts to generate AI-based images. Many of the prompts were highly sexual in nature, with many also describing child exploitation scenarios.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Switch
| Added Date: |
10/5/2024 |
| Breach Date: |
10/1/2024 |
| Updated Date: |
10/5/2024 |
| Breach Count: |
5,397 |
| Content: |
Email addresses, Job applications, Names, Social media profiles |
| Domain: |
switchit.hu |
Description:
In October 2024, the Hungarian IT headhunting service Switch inadvertently exposed thousands of customer records via a public GitHub repository. The exposed data contained job applications with names, email addresses and in some cases, commentary on the applicant.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
BudTrader
| Added Date: |
10/1/2024 |
| Breach Date: |
6/27/2024 |
| Updated Date: |
10/1/2024 |
| Breach Count: |
2,721,185 |
| Content: |
Email addresses, Passwords, Usernames |
| Domain: |
budtrader.com |
Description:
In July 2024, a data breach of the now defunct cannabis social platform BudTrader was posted for sale on a hacking forum. Dating back to the previous month, the breach of the website exposed 2.7M email addresses, usernames and WordPress password hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List: