Latest Breach Information
Below is a list of the last 25 known data breaches and any information we may have about them.
TAP Air Portugal
| Added Date: |
9/23/2022 |
| Breach Date: |
8/25/2022 |
| Updated Date: |
9/23/2022 |
| Breach Count: |
5,067,990 |
| Content: |
Dates of birth, Email addresses, Genders, Names, Nationalities, Phone numbers, Physical addresses, Salutations, Spoken languages |
| Domain: |
flytap.com |
Description:
In August 2022, the Portuguese airline TAP Air Portugal was the target of a ransomware attack perpetrated by the Ragnar Locker gang who later leaked the compromised data via a public dark web site. Over 5M unique email addresses were exposed alongside other personal data including names, genders, DoBs, phone numbers and physical addresses.
Verified: 
,
Fabricated: 
,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Brand New Tube
| Added Date: |
9/8/2022 |
| Breach Date: |
8/14/2022 |
| Updated Date: |
9/8/2022 |
| Breach Count: |
349,627 |
| Content: |
Email addresses, Genders, IP addresses, Passwords, Private messages, Usernames |
| Domain: |
brandnewtube.com |
Description:
In August 2022, the streaming website Brand New Tube suffered a data breach that exposed the personal information of almost 350k subscribers. The impacted data included email and IP addresses, usernames, genders, passwords stored as unsalted SHA-1 hashes and private messages.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Stripchat
| Added Date: |
8/31/2022 |
| Breach Date: |
11/5/2021 |
| Updated Date: |
8/31/2022 |
| Breach Count: |
10,001,355 |
| Content: |
Email addresses, IP addresses, Usernames |
| Domain: |
stripchat.com |
Description:
In November 2021, the live sex cams and adult chat website Stripchat left several databases exposed and unsecured. In June the following year, over 10M Stripchat records appeared on a popular hacking forum. The exposed data included usernames, email addresses and IP addresses.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
START
| Added Date: |
8/29/2022 |
| Breach Date: |
6/1/2021 |
| Updated Date: |
8/29/2022 |
| Breach Count: |
7,455,386 |
| Content: |
Email addresses, Geographic locations, Names, Passwords |
| Domain: |
start.film |
Description:
In August 2022, news broke of an attack against the Russian streaming service "START". The incident led to the exposure of 44M records containing 7.4M unique email addresses. The impacted data also included the subscriber's country and password hash. START subsequently acknowledged the incident in a Telegram post and stated that the data dated back to 2021.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Banorte
| Added Date: |
8/18/2022 |
| Breach Date: |
8/18/2014 |
| Updated Date: |
8/18/2022 |
| Breach Count: |
2,107,000 |
| Content: |
Account balances, Email addresses, Genders, Government issued IDs, Names, Phone numbers, Physical addresses |
| Domain: |
banorte.com |
Description:
In August 2022, millions of records from Mexican bank "Banorte" were publicly dumped on a popular hacking forum including 2.1M unique email addresses, physical addresses, names, phone numbers, RFC (tax) numbers, genders and bank balances. Banorte have stated that the data is "outdated", although have not yet indicated how far back it dates to. Anecdotal feedback from HIBP subscribers suggests the data may date back 8 years to 2014.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
SitePoint
| Added Date: |
8/17/2022 |
| Breach Date: |
6/20/2020 |
| Updated Date: |
8/17/2022 |
| Breach Count: |
1,021,790 |
| Content: |
Bios, Email addresses, IP addresses, Names, Passwords, Usernames |
| Domain: |
sitepoint.com |
Description:
In June 2020, the web development site SitePoint suffered a data breach that exposed over 1M customer records. Impacted data included email and IP addresses, names, usernames, bios and passwords stored as bcrypt hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Shitexpress
| Added Date: |
8/16/2022 |
| Breach Date: |
8/8/2022 |
| Updated Date: |
8/16/2022 |
| Breach Count: |
23,817 |
| Content: |
Email addresses, IP addresses, Names, Physical addresses, Private messages, Purchases |
| Domain: |
shitexpress.com |
Description:
In August 2022, the online faeces delivery service Shitexpress suffered a data breach that exposed 24k unique email addresses. The addresses spanned invoices, gift cards, promotions and PayPal records. The breach also exposed the IP and email addresses of senders, physical addresses of recipients and messages accompanying the shit delivery.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Twitter
| Added Date: |
8/12/2022 |
| Breach Date: |
1/1/2022 |
| Updated Date: |
8/12/2022 |
| Breach Count: |
6,682,453 |
| Content: |
Bios, Email addresses, Geographic locations, Names, Phone numbers, Profile photos, Usernames |
| Domain: |
twitter.com |
Description:
In January 2022, a vulnerability in Twitter's platform allowed an attacker to build a database of the email addresses and phone numbers of millions of users of the social platform. In a disclosure notice later shared in August 2022, Twitter advised that the vulnerability was related to a bug introduced in June 2021 and that they are directly notifying impacted customers. The impacted data included either email address or phone number alongside other public information including the username, display name, bio, location and profile photo. The data included 6.7M unique email addresses across both active and suspended accounts, the latter appearing in a separate list of 1.4M addresses.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
QuestionPro
| Added Date: |
8/4/2022 |
| Breach Date: |
5/21/2022 |
| Updated Date: |
8/5/2022 |
| Breach Count: |
22,229,637 |
| Content: |
Browser user agent details, Email addresses, IP addresses, Survey results |
| Domain: |
questionpro.com |
Description:
In May 2022, the survey website QuestionPro was the target of an extortion attempt relating to an alleged data breach. Over 100GB of data containing 22M unique email addresses (some of which appear to be generated by the platform), are alleged to have been extracted from the service along with IP addresses, browser user agents and results relating to surveys. QuestionPro would not confirm whether a breach had occurred (although they did confirm they were the target of an extortion attempt), so the data was initially flagged as "unverified". Subsequent verification by impacted HIBP subscribers later led to the removal of the unverified flag.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Tuned Global
| Added Date: |
8/2/2022 |
| Breach Date: |
3/16/2016 |
| Updated Date: |
8/2/2022 |
| Breach Count: |
985,586 |
| Content: |
Email addresses, Names, Passwords, Phone numbers, Physical addresses |
| Domain: |
tunedglobal.com |
Description:
In January 2021, data from a number of breached services including Tuned Global were released to a public hacking forum. The breach appears to date back to 2016 and includes 985k records containing email addresses, names, a small number of physical addresses and phone numbers and passwords stored in plain text.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Mecho Download
| Added Date: |
8/1/2022 |
| Breach Date: |
10/31/2013 |
| Updated Date: |
8/1/2022 |
| Breach Count: |
437,928 |
| Content: |
Email addresses, IP addresses, Passwords, Usernames |
| Domain: |
mechodownload.com |
Description:
In October 2013, the (now defunct) downloads website "Mecho Download" suffered a data breach that exposed 438k records. Data from the vBulletin based website included email and IP addresses, usernames and passwords stored as salted MD5 hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Battlefy
| Added Date: |
7/28/2022 |
| Breach Date: |
1/11/2016 |
| Updated Date: |
7/28/2022 |
| Breach Count: |
83,610 |
| Content: |
Email addresses, Passwords, Usernames |
| Domain: |
battlefy.com |
Description:
In January 2016, the esports website Battlefy suffered a data breach that exposed 83k customer records. The impacted data included email addresses, usernames and passwords stored as bcrypt hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Paytm
| Added Date: |
7/26/2022 |
| Breach Date: |
8/30/2020 |
| Updated Date: |
7/28/2022 |
| Breach Count: |
3,395,101 |
| Content: |
Dates of birth, Email addresses, Genders, Geographic locations, Income levels, Names, Phone numbers, Purchases |
| Domain: |
paytm.com |
Description:
In August 2020, the Indian payment provider Paytm was reported as having suffered a data breach and subsequent ransom demand, after which the data was circulated publicly. Further investigation into the data concluded that the breach was fabricated and did not originate from Paytm. The impacted data covered 3.4M unique email addresses along with names, phone numbers, genders, dates of birth, income levels and previous purchases.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Shadi.com
| Added Date: |
7/20/2022 |
| Breach Date: |
7/9/2016 |
| Updated Date: |
7/20/2022 |
| Breach Count: |
2,021,984 |
| Content: |
Email addresses, Passwords |
| Domain: |
shadi.com |
Description:
In July 2016, the Muslim dating site Shadi.com suffered a data breach that exposed over 2M members' email addresses. The breach also exposed passwords stored as MD5 hashes alongside their plain text equivalents. The data was provided to HIBP by a source who requested it be attributed to "[email protected]".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
PPCGeeks
| Added Date: |
7/18/2022 |
| Breach Date: |
8/19/2016 |
| Updated Date: |
7/18/2022 |
| Breach Count: |
492,518 |
| Content: |
Dates of birth, Email addresses, IP addresses, Passwords, Usernames |
| Domain: |
ppcgeeks.com |
Description:
In August 2016, the pocket PC fan site forum PPCGeeks suffered a data breach that exposed over 490k records. The breach of the vBulletin forum exposed email and IP addresses, usernames, dates of birth and passwords stored as salted MD5 hashes. The data was provided to HIBP by a source who requested it be attributed to "[email protected]".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
JukinMedia
| Added Date: |
7/16/2022 |
| Breach Date: |
10/28/2021 |
| Updated Date: |
7/16/2022 |
| Breach Count: |
314,290 |
| Content: |
Email addresses, Employers, IP addresses, Names, Occupations, Passwords, Phone numbers |
| Domain: |
jukinmedia.com |
Description:
In October 2021, the "global leader in user-generated entertainment" Jukin Media suffered a data breach. The breach exposed 13GB of code, configuration and data consisting of 314k unique email addresses along with names, phone numbers, IP addresses and bcrypt password hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Famm
| Added Date: |
7/16/2022 |
| Breach Date: |
10/8/2020 |
| Updated Date: |
7/16/2022 |
| Breach Count: |
535,240 |
| Content: |
Dates of birth, Email addresses, Genders, Names, Passwords |
| Domain: |
famm.us |
Description:
In late 2020, the Japanese family photos website Famm suffered a data breach that subsequently exposed 1.3M customer records, including 535k unique email addresses. Impacted data also included names, dates of birth, genders and passwords stored as SHA-256 hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Eskimi
| Added Date: |
7/16/2022 |
| Breach Date: |
9/25/2020 |
| Updated Date: |
7/16/2022 |
| Breach Count: |
1,197,620 |
| Content: |
Dates of birth, Email addresses, Genders, Geographic locations, Passwords, Usernames |
| Domain: |
eskimi.com |
Description:
In late 2020, the AdTech platform Eskimi suffered a data breach that exposed 26M records with 1.2M unique email addresses. The data included usernames, dates of birth, genders and passwords stored as unsalted MD5 hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
La Poste Mobile
| Added Date: |
7/13/2022 |
| Breach Date: |
7/4/2022 |
| Updated Date: |
7/13/2022 |
| Breach Count: |
533,886 |
| Content: |
Bank account numbers, Dates of birth, Email addresses, Genders, Names, Phone numbers, Physical addresses |
| Domain: |
lapostemobile.fr |
Description:
In July 2022, the French telecommunications company La Poste Mobile was the target of an attack by the LockBit ransomware which resulted in company data being published publicly. The impacted data included 533k unique email addresses along with names, physical addresses, phone numbers, dates of births, genders and banking information. 10 days after the attack, the La Poste Mobile website remained offline.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Mangatoon
| Added Date: |
7/6/2022 |
| Breach Date: |
5/13/2022 |
| Updated Date: |
7/6/2022 |
| Breach Count: |
23,040,238 |
| Content: |
Auth tokens, Avatars, Email addresses, Genders, Names, Passwords, Social media profiles, Usernames |
| Domain: |
mangatoon.mobi |
Description:
In May 2022, the Hong Kong based Manga service Mangatoon suffered a data breach that exposed 23M subscriber records. The breach exposed names, email addresses, genders, social media account identities, auth tokens from social logins and passwords stored as salted MD5 hashes. Mangatoon did not respond to multiple attempts to make contact regarding the breach.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List: