Latest Breach Information
Below is a list of the last 25 known data breaches and any information we may have about them.
Gravatar
| Added Date: |
12/5/2021 |
| Breach Date: |
10/3/2020 |
| Updated Date: |
12/5/2021 |
| Breach Count: |
113,990,759 |
| Content: |
Email addresses, Names, Usernames |
| Domain: |
gravatar.com |
Description:
In October 2020, a security researcher published a technique for scraping large volumes of data from Gravatar, the service for providing globally unique avatars . 167 million names, usernames and MD5 hashes of email addresses used to reference users' avatars were subsequently scraped and distributed within the hacking community. 114 million of the MD5 hashes were cracked and distributed alongside the source hash, thus disclosing the original email address and accompanying data.
Verified: 
,
Fabricated: 
,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
IDC Games
| Added Date: |
11/17/2021 |
| Breach Date: |
3/15/2021 |
| Updated Date: |
11/17/2021 |
| Breach Count: |
3,966,871 |
| Content: |
Email addresses, Passwords, Usernames |
| Domain: |
idcgames.com |
Description:
In March 2021, 4 million records sourced from IDC Games were shared on a public hacking forum. The data included usernames, email addresses and passwords stored as salted MD5 hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Ducks Unlimited
| Added Date: |
11/15/2021 |
| Breach Date: |
1/29/2021 |
| Updated Date: |
11/15/2021 |
| Breach Count: |
1,324,364 |
| Content: |
Dates of birth, Email addresses, Names, Passwords, Phone numbers, Physical addresses |
| Domain: |
ducks.org |
Description:
In mid-2021, Risk Based Security reported on a database sourced from Ducks Unlimited being traded online. The data dated back to January 2021 and contained 1.3M unique email addresses across both a membership list and a list of website users. Impacted data included names, phones numbers, physical addresses, dates of birth and passwords stored as unsalted MD5 hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
ActMobile
| Added Date: |
11/9/2021 |
| Breach Date: |
10/8/2021 |
| Updated Date: |
11/9/2021 |
| Breach Count: |
1,583,193 |
| Content: |
Email addresses, IP addresses |
| Domain: |
actmobile.com |
Description:
In October 2021, security researcher Bob Diachenko discovered an exposed database he attributed to ActMobile, the operators of Dash VPN and FreeVPN. The exposed data included 1.6 million unique email addresses along with IP addresses and password hashes, all of which were subsequently leaked on a popular hacking forum. Although usage of the service was verified by HIBP subscribers, ActMobile denied the data was sourced from them and the breach has subsequently been flagged as "unverified".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
CyberServe
| Added Date: |
11/4/2021 |
| Breach Date: |
10/29/2021 |
| Updated Date: |
11/4/2021 |
| Breach Count: |
1,107,034 |
| Content: |
Dates of birth, Drinking habits, Email addresses, Family structure, Genders, Geographic locations, HIV statuses, IP addresses, Names, Passwords, Personal health data, Phone numbers, Physical attributes, Private messages, Profile photos, Religions, Sexual orientations, Smoking habits, Usernames |
| Domain: |
cyberserve.co.il |
Description:
In October 2021, the Israeli hosting provider CyberServe was breached and ransomed before having a substantial amount of their customer data leaked publicly by a group known as "Black Shadow". Amongst the data was the LGBTQ dating site Atraf and the Machon Mor medical institute. Due to multiple different sites being compromised, the impacted data is broad and ranges from relationship information to medical data to email addresses and passwords stored in plain text. The data was made available to HIBP with support from May Brooks-Kempler, founder of the Think Safe Cyber community in Israel.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
CoinMarketCap
| Added Date: |
10/22/2021 |
| Breach Date: |
10/12/2021 |
| Updated Date: |
10/22/2021 |
| Breach Count: |
3,117,548 |
| Content: |
Email addresses |
| Domain: |
coinmarketcap.com |
Description:
During October 2021, 3.1 million email addresses with accounts on the cryptocurrency market capitalisation website CoinMarketCap were discovered being traded on hacking forums. Whilst the email addresses were found to correlate with CoinMarketCap accounts, it's unclear precisely how they were obtained. CoinMarketCap has provided the following statement on the data: "CoinMarketCap has become aware that batches of data have shown up online purporting to be a list of user accounts. While the data lists we have seen are only email addresses (no passwords), we have found a correlation with our subscriber base. We have not found any evidence of a data leak from our own servers — we are actively investigating this issue and will update our subscribers as soon as we have any new information."
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Thingiverse
| Added Date: |
10/14/2021 |
| Breach Date: |
10/13/2020 |
| Updated Date: |
10/14/2021 |
| Breach Count: |
228,102 |
| Content: |
Dates of birth, Email addresses, IP addresses, Names, Passwords, Physical addresses, Usernames |
| Domain: |
thingiverse.com |
Description:
In October 2021, a database backup taken from the 3D model sharing service Thingiverse began extensively circulating within the hacking community. Dating back to October 2020, the 36GB file contained 228 thousand unique email addresses, mostly alongside comments left on 3D models. The data also included usernames, IP addresses, full names and passwords stored as either unsalted SHA-1 or bcrypt hashes. In some cases, physical addresses was also exposed. Thingiverse's owner, MakerBot, is aware of the incident but at the time of writing, is yet to issue a disclosure statement. The data was provided to HIBP by dehashed.com.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Playbook
| Added Date: |
10/11/2021 |
| Breach Date: |
10/19/2020 |
| Updated Date: |
10/11/2021 |
| Breach Count: |
50,538 |
| Content: |
Email addresses, Job titles, Names, Passwords, Phone numbers, Social media profiles |
| Domain: |
playbook.vc |
Description:
In September 2021, a publicly accessible PostgresSQL database belonging to the Playbook service was identified. Run by VC firm Plug and Play Ventures, the database had been exposed since October 2020 and contained more than 50 thousand unique email addresses along with names, phone numbers, job titles and passwords stored as PBKDF2 hashes. It took more than 2 weeks after being notified of the exposed data to properly secure it. It's unknown whether Plug and Play Ventures notified impacted individuals as they ceased responding to queries from the press.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Fantasy Football Hub
| Added Date: |
10/7/2021 |
| Breach Date: |
10/2/2021 |
| Updated Date: |
10/7/2021 |
| Breach Count: |
66,479 |
| Content: |
Email addresses, IP addresses, Names, Passwords, Purchases, Usernames |
| Domain: |
fantasyfootballhub.co.uk |
Description:
In October 2021, the fantasy premier league (soccer) website Fantasy Football Hub suffered a data breach that exposed 66 thousand unique email addresses. The data included names, usernames, IP addresses, transactions and passwords stored as WordPress MD5 hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Republican Party of Texas
| Added Date: |
10/6/2021 |
| Breach Date: |
9/11/2021 |
| Updated Date: |
10/6/2021 |
| Breach Count: |
72,596 |
| Content: |
Browser user agent details, Email addresses, Geographic locations, IP addresses, Names |
| Domain: |
texasgop.org |
Description:
In September 2021, the Republican Party of Texas was hacked by a group claiming to be "Anonymous" in retaliation for the state's controversial abortion ban. The September defacement was followed by a leak of data and documents which included material from the hosting provider Epik. Impacted data included over 72 thousand unique email addresses across various tables, some also including names, geographic location data, IP addresses and browser user agents.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
LinkedIn Scraped Data
| Added Date: |
10/2/2021 |
| Breach Date: |
4/8/2021 |
| Updated Date: |
10/2/2021 |
| Breach Count: |
125,698,496 |
| Content: |
Education levels, Email addresses, Genders, Geographic locations, Job titles, Names, Social media profiles |
| Domain: |
linkedin.com |
Description:
During the first half of 2021, LinkedIn was targeted by attackers who scraped data from hundreds of millions of public profiles and later sold them online. Whilst the scraping did not constitute a data breach nor did it access any personal data not intended to be publicly accessible, the data was still monetised and later broadly circulated in hacking circles. The scraped data contains approximately 400M records with 125M unique email addresses, as well as names, geographic locations, genders and job titles. LinkedIn specifically addresses the incident in their post on An update on report of scraped data.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Ajarn
| Added Date: |
9/25/2021 |
| Breach Date: |
12/13/2018 |
| Updated Date: |
9/25/2021 |
| Breach Count: |
266,399 |
| Content: |
Dates of birth, Education levels, Email addresses, Genders, Geographic locations, Job applications, Marital statuses, Names, Nationalities, Passwords, Phone numbers, Profile photos |
| Domain: |
ajarn.com |
Description:
In September 2021, the Thai-based English language teaching website Ajarn discovered they'd been the victim of a data breach dating back to December 2018. The breach was self-submitted to HIBP and included 266k email addresses, names, genders, phone numbers and other personal information. Hashed passwords were also impacted in the breach.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Epik
| Added Date: |
9/19/2021 |
| Breach Date: |
9/13/2021 |
| Updated Date: |
9/19/2021 |
| Breach Count: |
15,003,961 |
| Content: |
Email addresses, Names, Phone numbers, Physical addresses, Purchases |
| Domain: |
epik.com |
Description:
In September 2021, the domain registrar and web host Epik suffered a significant data breach, allegedly in retaliation for hosting alt-right websites. The breach exposed a huge volume of data not just of Epik customers, but also scraped WHOIS records belonging to individuals and organisations who were not Epik customers. The data included over 15 million unique email addresses (including anonymised versions for domain privacy), names, phone numbers, physical addresses, purchases and passwords stored in various formats.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
IndiaMART
| Added Date: |
8/27/2021 |
| Breach Date: |
5/23/2021 |
| Updated Date: |
8/27/2021 |
| Breach Count: |
20,154,583 |
| Content: |
Email addresses, Names, Phone numbers, Physical addresses |
| Domain: |
indiamart.com |
Description:
In August 2021, 38 million records from Indian e-commerce company IndiaMART were found being traded on a popular hacking forum. Dated several months earlier, the data included over 20 million unique email addresses alongside names, phone numbers and physical addresses. It's unclear whether IndiaMART intentionally exposed the data attributes as part of the intended design of the platform or whether the data was obtained by exploiting a vulnerability in the service.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Imavex
| Added Date: |
8/26/2021 |
| Breach Date: |
8/20/2021 |
| Updated Date: |
8/26/2021 |
| Breach Count: |
878,209 |
| Content: |
Email addresses, Genders, Names, Partial credit card data, Passwords, Phone numbers, Physical addresses, Purchases, Usernames |
| Domain: |
imavex.com |
Description:
In August 2021, the website development company Imavex suffered a data breach that exposed 878 thousand unique email addresses. The data included user records containing names, usernames and password material with some records also containing genders and partial credit card data, including the last 4 digits of the card and expiry date. Hundreds of thousands of form submissions and orders via Imavex customers were also exposed and contained further personal information of submitters and the contents of the form.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
SubaGames
| Added Date: |
8/25/2021 |
| Breach Date: |
11/1/2016 |
| Updated Date: |
8/25/2021 |
| Breach Count: |
6,137,666 |
| Content: |
Email addresses, Passwords, Usernames |
| Domain: |
subagames.com |
Description:
In November 2016, the game developer Suba Games suffered a data breach which led to the exposure of 6.1M unique email addresses. Impacted data also included usernames and passwords, most of which appeared circulating in the breached file in plain text after being cracked from salted MD5 hashes. The data was provided to HIBP by dehashed.com.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Eatigo
| Added Date: |
8/24/2021 |
| Breach Date: |
10/16/2018 |
| Updated Date: |
8/24/2021 |
| Breach Count: |
2,789,609 |
| Content: |
Email addresses, Genders, Names, Passwords, Phone numbers, Social media profiles |
| Domain: |
eatigo.com |
Description:
In October 2018, the restaurant reservation service Eatigo suffered a data breach that exposed 2.8 million accounts. The data included email addresses, names, phone numbers, social media profiles, genders and passwords stored as unsalted MD5 hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
OrderSnapp
| Added Date: |
8/7/2021 |
| Breach Date: |
6/29/2020 |
| Updated Date: |
8/7/2021 |
| Breach Count: |
1,304,447 |
| Content: |
Dates of birth, Email addresses, Names, Passwords, Phone numbers |
| Domain: |
ordersnapp.com |
Description:
In June 2020, the restaurant solutions provider OrderSnapp suffered a data breach which exposed 1.3M unique email addresses. Impacted data also included names, phone numbers, dates of birth and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
MMG Fusion
| Added Date: |
8/7/2021 |
| Breach Date: |
12/20/2020 |
| Updated Date: |
8/7/2021 |
| Breach Count: |
2,660,295 |
| Content: |
Appointments, Dates of birth, Email addresses, Genders, Marital statuses, Names, Passwords, Phone numbers, Physical addresses |
| Domain: |
mmgfusion.com |
Description:
In December 2020, the dental practice management service MMG Fusion was the victim of a data breach which exposed 2.6M unique email addresses. The data also included patient appointments, names, phone numbers, dates of birth, genders and physical addresses. A small number of records also included passwords stored as bcrypt hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Audi
| Added Date: |
7/23/2021 |
| Breach Date: |
8/14/2019 |
| Updated Date: |
7/23/2021 |
| Breach Count: |
2,743,539 |
| Content: |
Dates of birth, Driver's licenses, Email addresses, Names, Phone numbers, Physical addresses, Social security numbers, Vehicle details |
| Domain: |
audiusa.com |
Description:
In August 2019, Audi USA suffered a data breach after a vendor left data unsecured and exposed on the internet. The data contained 2.7M unique email addresses along with names, phone numbers, physical addresses and vehicle information including VIN. In a disclosure statement from Audi, they also advised some customers had driver's licenses, dates of birth, social security numbers and other personal information exposed.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List: