Latest Breach Information

Below is a list of the last 25 known data breaches and any information we may have about them.


TAP Air Portugal

Added Date: 9/23/2022
Breach Date: 8/25/2022
Updated Date: 9/23/2022
Breach Count: 5,067,990
Content: Dates of birth, Email addresses, Genders, Names, Nationalities, Phone numbers, Physical addresses, Salutations, Spoken languages
Domain: flytap.com

Description:

In August 2022, the Portuguese airline TAP Air Portugal was the target of a ransomware attack perpetrated by the Ragnar Locker gang who later leaked the compromised data via a public dark web site. Over 5M unique email addresses were exposed alongside other personal data including names, genders, DoBs, phone numbers and physical addresses.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Brand New Tube

Added Date: 9/8/2022
Breach Date: 8/14/2022
Updated Date: 9/8/2022
Breach Count: 349,627
Content: Email addresses, Genders, IP addresses, Passwords, Private messages, Usernames
Domain: brandnewtube.com

Description:

In August 2022, the streaming website Brand New Tube suffered a data breach that exposed the personal information of almost 350k subscribers. The impacted data included email and IP addresses, usernames, genders, passwords stored as unsalted SHA-1 hashes and private messages.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Stripchat

Added Date: 8/31/2022
Breach Date: 11/5/2021
Updated Date: 8/31/2022
Breach Count: 10,001,355
Content: Email addresses, IP addresses, Usernames
Domain: stripchat.com

Description:

In November 2021, the live sex cams and adult chat website Stripchat left several databases exposed and unsecured. In June the following year, over 10M Stripchat records appeared on a popular hacking forum. The exposed data included usernames, email addresses and IP addresses.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

START

Added Date: 8/29/2022
Breach Date: 6/1/2021
Updated Date: 8/29/2022
Breach Count: 7,455,386
Content: Email addresses, Geographic locations, Names, Passwords
Domain: start.film

Description:

In August 2022, news broke of an attack against the Russian streaming service "START". The incident led to the exposure of 44M records containing 7.4M unique email addresses. The impacted data also included the subscriber's country and password hash. START subsequently acknowledged the incident in a Telegram post and stated that the data dated back to 2021.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Banorte

Added Date: 8/18/2022
Breach Date: 8/18/2014
Updated Date: 8/18/2022
Breach Count: 2,107,000
Content: Account balances, Email addresses, Genders, Government issued IDs, Names, Phone numbers, Physical addresses
Domain: banorte.com

Description:

In August 2022, millions of records from Mexican bank "Banorte" were publicly dumped on a popular hacking forum including 2.1M unique email addresses, physical addresses, names, phone numbers, RFC (tax) numbers, genders and bank balances. Banorte have stated that the data is "outdated", although have not yet indicated how far back it dates to. Anecdotal feedback from HIBP subscribers suggests the data may date back 8 years to 2014.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

SitePoint

Added Date: 8/17/2022
Breach Date: 6/20/2020
Updated Date: 8/17/2022
Breach Count: 1,021,790
Content: Bios, Email addresses, IP addresses, Names, Passwords, Usernames
Domain: sitepoint.com

Description:

In June 2020, the web development site SitePoint suffered a data breach that exposed over 1M customer records. Impacted data included email and IP addresses, names, usernames, bios and passwords stored as bcrypt hashes.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Shitexpress

Added Date: 8/16/2022
Breach Date: 8/8/2022
Updated Date: 8/16/2022
Breach Count: 23,817
Content: Email addresses, IP addresses, Names, Physical addresses, Private messages, Purchases
Domain: shitexpress.com

Description:

In August 2022, the online faeces delivery service Shitexpress suffered a data breach that exposed 24k unique email addresses. The addresses spanned invoices, gift cards, promotions and PayPal records. The breach also exposed the IP and email addresses of senders, physical addresses of recipients and messages accompanying the shit delivery.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Twitter

Added Date: 8/12/2022
Breach Date: 1/1/2022
Updated Date: 8/12/2022
Breach Count: 6,682,453
Content: Bios, Email addresses, Geographic locations, Names, Phone numbers, Profile photos, Usernames
Domain: twitter.com

Description:

In January 2022, a vulnerability in Twitter's platform allowed an attacker to build a database of the email addresses and phone numbers of millions of users of the social platform. In a disclosure notice later shared in August 2022, Twitter advised that the vulnerability was related to a bug introduced in June 2021 and that they are directly notifying impacted customers. The impacted data included either email address or phone number alongside other public information including the username, display name, bio, location and profile photo. The data included 6.7M unique email addresses across both active and suspended accounts, the latter appearing in a separate list of 1.4M addresses.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

QuestionPro

Added Date: 8/4/2022
Breach Date: 5/21/2022
Updated Date: 8/5/2022
Breach Count: 22,229,637
Content: Browser user agent details, Email addresses, IP addresses, Survey results
Domain: questionpro.com

Description:

In May 2022, the survey website QuestionPro was the target of an extortion attempt relating to an alleged data breach. Over 100GB of data containing 22M unique email addresses (some of which appear to be generated by the platform), are alleged to have been extracted from the service along with IP addresses, browser user agents and results relating to surveys. QuestionPro would not confirm whether a breach had occurred (although they did confirm they were the target of an extortion attempt), so the data was initially flagged as "unverified". Subsequent verification by impacted HIBP subscribers later led to the removal of the unverified flag.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Tuned Global

Added Date: 8/2/2022
Breach Date: 3/16/2016
Updated Date: 8/2/2022
Breach Count: 985,586
Content: Email addresses, Names, Passwords, Phone numbers, Physical addresses
Domain: tunedglobal.com

Description:

In January 2021, data from a number of breached services including Tuned Global were released to a public hacking forum. The breach appears to date back to 2016 and includes 985k records containing email addresses, names, a small number of physical addresses and phone numbers and passwords stored in plain text.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Mecho Download

Added Date: 8/1/2022
Breach Date: 10/31/2013
Updated Date: 8/1/2022
Breach Count: 437,928
Content: Email addresses, IP addresses, Passwords, Usernames
Domain: mechodownload.com

Description:

In October 2013, the (now defunct) downloads website "Mecho Download" suffered a data breach that exposed 438k records. Data from the vBulletin based website included email and IP addresses, usernames and passwords stored as salted MD5 hashes.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Battlefy

Added Date: 7/28/2022
Breach Date: 1/11/2016
Updated Date: 7/28/2022
Breach Count: 83,610
Content: Email addresses, Passwords, Usernames
Domain: battlefy.com

Description:

In January 2016, the esports website Battlefy suffered a data breach that exposed 83k customer records. The impacted data included email addresses, usernames and passwords stored as bcrypt hashes.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Paytm

Added Date: 7/26/2022
Breach Date: 8/30/2020
Updated Date: 7/28/2022
Breach Count: 3,395,101
Content: Dates of birth, Email addresses, Genders, Geographic locations, Income levels, Names, Phone numbers, Purchases
Domain: paytm.com

Description:

In August 2020, the Indian payment provider Paytm was reported as having suffered a data breach and subsequent ransom demand, after which the data was circulated publicly. Further investigation into the data concluded that the breach was fabricated and did not originate from Paytm. The impacted data covered 3.4M unique email addresses along with names, phone numbers, genders, dates of birth, income levels and previous purchases.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Shadi.com

Added Date: 7/20/2022
Breach Date: 7/9/2016
Updated Date: 7/20/2022
Breach Count: 2,021,984
Content: Email addresses, Passwords
Domain: shadi.com

Description:

In July 2016, the Muslim dating site Shadi.com suffered a data breach that exposed over 2M members' email addresses. The breach also exposed passwords stored as MD5 hashes alongside their plain text equivalents. The data was provided to HIBP by a source who requested it be attributed to "[email protected]".

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

PPCGeeks

Added Date: 7/18/2022
Breach Date: 8/19/2016
Updated Date: 7/18/2022
Breach Count: 492,518
Content: Dates of birth, Email addresses, IP addresses, Passwords, Usernames
Domain: ppcgeeks.com

Description:

In August 2016, the pocket PC fan site forum PPCGeeks suffered a data breach that exposed over 490k records. The breach of the vBulletin forum exposed email and IP addresses, usernames, dates of birth and passwords stored as salted MD5 hashes. The data was provided to HIBP by a source who requested it be attributed to "[email protected]".

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

JukinMedia

Added Date: 7/16/2022
Breach Date: 10/28/2021
Updated Date: 7/16/2022
Breach Count: 314,290
Content: Email addresses, Employers, IP addresses, Names, Occupations, Passwords, Phone numbers
Domain: jukinmedia.com

Description:

In October 2021, the "global leader in user-generated entertainment" Jukin Media suffered a data breach. The breach exposed 13GB of code, configuration and data consisting of 314k unique email addresses along with names, phone numbers, IP addresses and bcrypt password hashes.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Famm

Added Date: 7/16/2022
Breach Date: 10/8/2020
Updated Date: 7/16/2022
Breach Count: 535,240
Content: Dates of birth, Email addresses, Genders, Names, Passwords
Domain: famm.us

Description:

In late 2020, the Japanese family photos website Famm suffered a data breach that subsequently exposed 1.3M customer records, including 535k unique email addresses. Impacted data also included names, dates of birth, genders and passwords stored as SHA-256 hashes.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Eskimi

Added Date: 7/16/2022
Breach Date: 9/25/2020
Updated Date: 7/16/2022
Breach Count: 1,197,620
Content: Dates of birth, Email addresses, Genders, Geographic locations, Passwords, Usernames
Domain: eskimi.com

Description:

In late 2020, the AdTech platform Eskimi suffered a data breach that exposed 26M records with 1.2M unique email addresses. The data included usernames, dates of birth, genders and passwords stored as unsalted MD5 hashes.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

La Poste Mobile

Added Date: 7/13/2022
Breach Date: 7/4/2022
Updated Date: 7/13/2022
Breach Count: 533,886
Content: Bank account numbers, Dates of birth, Email addresses, Genders, Names, Phone numbers, Physical addresses
Domain: lapostemobile.fr

Description:

In July 2022, the French telecommunications company La Poste Mobile was the target of an attack by the LockBit ransomware which resulted in company data being published publicly. The impacted data included 533k unique email addresses along with names, physical addresses, phone numbers, dates of births, genders and banking information. 10 days after the attack, the La Poste Mobile website remained offline.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Mangatoon

Added Date: 7/6/2022
Breach Date: 5/13/2022
Updated Date: 7/6/2022
Breach Count: 23,040,238
Content: Auth tokens, Avatars, Email addresses, Genders, Names, Passwords, Social media profiles, Usernames
Domain: mangatoon.mobi

Description:

In May 2022, the Hong Kong based Manga service Mangatoon suffered a data breach that exposed 23M subscriber records. The breach exposed names, email addresses, genders, social media account identities, auth tokens from social logins and passwords stored as salted MD5 hashes. Mangatoon did not respond to multiple attempts to make contact regarding the breach.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

























Account Search

This site simply searches online databases of compromised account information in an attempt to help you keep your accounts safe and secure. We do not actually have or store any information -- including the usernames and email addresses you enter above.

Share This!


Make a Donation To Keep Us Running