Latest Breach Information

Below is a list of the last 25 known data breaches and any information we may have about them.


Activision

Added Date: 10/3/2023
Breach Date: 12/4/2022
Updated Date: 10/3/2023
Breach Count: 16,006
Content: Email addresses, Geographic locations, Job titles, Names, Phone numbers
Domain: activision.com

Description:

In December 2022, attackers socially engineered an Activision HR employee into disclosing information which led to the breach of almost 20k employee records. The data contained 16k unique email addresses along with names, phone numbers, job titles and the office location of the employee. Activision advised that no sensitive employee information was included in the breach.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Horse Isle

Added Date: 10/2/2023
Breach Date: 9/19/2020
Updated Date: 10/2/2023
Breach Count: 27,786
Content: Email addresses, Genders, IP addresses, Names, Passwords, Purchases, Usernames
Domain: horseisle.com

Description:

In June 2020 then again in September that same year, Horse Isle "The Secrent Land of Horses" suffered a data breach. The incident exposed 28k unique email addresses along with names, usernames, IP addresses, genders, purchases and plain text passwords. The system also stored and exposed failed password attempts for each user with the password retained in plain text.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

ApexSMS

Added Date: 9/21/2023
Breach Date: 4/15/2019
Updated Date: 9/21/2023
Breach Count: 23,246,481
Content: Email addresses, Genders, Geographic locations, IP addresses, Names, Phone numbers, Telecommunications carrier
Domain: n/a

Description:

In May 2019, news broke of a massive SMS spam operation known as "ApexSMS" which was discovered after a MongoDB instance of the same name was found exposed without a password. The incident leaked over 80M records with 23M unique email addresses alongside names, phone numbers and carriers, geographic locations (state and country), genders and IP addresses.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

dBforums

Added Date: 9/20/2023
Breach Date: 7/4/2016
Updated Date: 9/20/2023
Breach Count: 363,468
Content: Dates of birth, Email addresses, IP addresses, Passwords, Usernames
Domain: dbforums.com

Description:

In July 2016, a data breach of the now defunct database forum "dBforums" appeared for sale alongside several others hacked from the parent company, Penton. The breach of the vBulletin based forum contained 363k unique email addresses alongside usernames, IP addresses, dates of birth and salted MD5 password hashes.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

MalindoAir

Added Date: 9/14/2023
Breach Date: 3/1/2019
Updated Date: 9/14/2023
Breach Count: 4,328,232
Content: Dates of birth, Email addresses, Genders, Loyalty program details, Names, Nationalities, Passport numbers, Phone numbers, Physical addresses, Salutations
Domain: malindoair.com

Description:

In early 2019, the Malaysian airline Malindo Air suffered a data breach that exposed tens of millions of customer records. Containing 4.3M unique email addresses, the breach also exposed extensive personal information including names, dates of birth, genders, physical addresses, phone numbers and passport details. The data was later extensively shared on popular hacking forums.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Viva Air

Added Date: 9/11/2023
Breach Date: 3/14/2022
Updated Date: 9/11/2023
Breach Count: 932,232
Content: Email addresses, IP addresses, Names, Partial credit card data, Phone numbers, Physical addresses, Purchases
Domain: vivaair.com

Description:

In March 2022, the now defunct Columbian airline Viva Air suffered a data breach and subsequent ransomware attack. Among a trove of other ransomed data, the incident exposed a log of 2.6M transactions with 932k unique email addresses, physical and IP addresses, names, phone numbers and partial credit card data (last 4 digits).

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Dymocks

Added Date: 9/8/2023
Breach Date: 6/20/2023
Updated Date: 9/8/2023
Breach Count: 836,120
Content: Dates of birth, Email addresses, Genders, Names, Phone numbers, Physical addresses
Domain: dymocks.com.au

Description:

In September 2023, the Australian book retailer Dymocks announced a data breach. The data dated back to June 2023 and contained 1.2M records with 836k unique email addresses. The breach also exposed names, dates of birth, genders, phone numbers and physical addresses.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Phished Data via CERT Poland

Added Date: 8/31/2023
Breach Date: 2/25/2023
Updated Date: 8/31/2023
Breach Count: 67,943
Content: Email addresses, Passwords
Domain: n/a

Description:

In August 2023, CERT Poland observed a phishing campaign that collected credentials from 68k victims. The campaign collected email addresses and passwords via a phishing email masquerading as a purchase order confirmation. CERT Poland identified a further 202 other phishing campaigns operating on the same C2 server, which has now been dismantled.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Pampling

Added Date: 8/31/2023
Breach Date: 1/4/2020
Updated Date: 9/3/2023
Breach Count: 383,468
Content: Email addresses, Names, Passwords, Usernames
Domain: pampling.com

Description:

In January 2020, the online clothing retailer Pampling suffered a data breach that exposed 383k unique customer email addresses. The data was later shared on a popular hacking forum and also included names, usernames and unsalted MD5 password hashes.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

PlayCyberGames

Added Date: 8/30/2023
Breach Date: 8/9/2023
Updated Date: 8/30/2023
Breach Count: 3,681,753
Content: Email addresses, Passwords, Usernames
Domain: playcybergames.com

Description:

In August 2023, PlayCyberGames which "allows users to play any games with LAN function or games using IP address" suffered a data breach which exposed 3.7M customer records. The data included email addresses, usernames and MD5 password hashes with a constant value in the "salt" field. PlayCyberGames did not respond to multiple attempts to disclose the breach.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Qakbot

Added Date: 8/29/2023
Breach Date: 8/29/2023
Updated Date: 8/29/2023
Breach Count: 6,431,319
Content: Email addresses, Passwords
Domain: n/a

Description:

In August 2023, the US Justice Department announced a multinational operation involving actions in the United States, France, Germany, the Netherlands, and the United Kingdom to disrupt the botnet and malware known as Qakbot and take down its infrastructure. After the takedown, 6.43M email addresses were provided to HIBP to help notify victims of the malware.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

SevenRooms

Added Date: 8/24/2023
Breach Date: 12/11/2022
Updated Date: 8/24/2023
Breach Count: 1,205,385
Content: Email addresses, Names, Purchases
Domain: sevenrooms.com

Description:

In December 2022, over 400GB of data belonging to restaurant customer management platform SevenRooms was posted for sale to a popular hacking forum. The data included 1.2M unique email addresses alongside names and purchases. SevenRooms advised that the breach was due to unauthorised access of "a file transfer interface of a third-party vendor".

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Duolingo

Added Date: 8/22/2023
Breach Date: 1/24/2023
Updated Date: 8/22/2023
Breach Count: 2,676,696
Content: Email addresses, Names, Spoken languages, Usernames
Domain: duolingo.com

Description:

In August 2023, 2.6M records of data scraped from Duolingo were broadly distributed on a popular hacking forum. Obtained by enumerating a vulnerable API, the data had earlier appeared for sale in January 2023 and contained email addresses, names, the languages being learned, XP (experience points), and other data related to learning progress on Duolingo. Whilst some of the data attributes are intentionally public, the ability to map private email addresses to them presents an ongoing risk to user privacy.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Atmeltomo

Added Date: 8/21/2023
Breach Date: 4/16/2021
Updated Date: 8/21/2023
Breach Count: 580,177
Content: Email addresses, IP addresses, Passwords, Usernames
Domain: atmeltomo.com

Description:

In April 2021, "Japan's largest e-mail friend search site" Atmeltomo suffered a data breach that was later sold on a popular hacking forum. The breach exposed 1.3M records with 580k unique email addresses along with usernames, IP addresses and unsalted MD5 password hashes.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

ECCIE

Added Date: 8/21/2023
Breach Date: 7/1/2021
Updated Date: 8/21/2023
Breach Count: 536,923
Content: Dates of birth, Email addresses, IP addresses, Passwords, Usernames
Domain: eccie.net

Description:

In January 2021, the adult escort forum ECCIE suffered a data breach which was later posted to a popular hacking forum. The data included 536k user records with email and IP addresses, usernames, dates of birth and salted MD5 password hashes.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

iMenu360

Added Date: 8/17/2023
Breach Date: 8/11/2022
Updated Date: 8/17/2023
Breach Count: 3,425,860
Content: Email addresses, Names, Phone numbers, Physical addresses
Domain: imenu360.com

Description:

In approximately late 2022, 3.4M customer records from iMenu360 ("The world's #1 most trusted online ordering platform") were exposed. The data appeared to be from ordering systems using the platform and contained email and physical addresses, latitudes and longitudes, names and phone numbers. Numerous attempts were made to contact iMenu360 about the incident between April and August 2023, but no response was received.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Manipulated Caiman

Added Date: 8/15/2023
Breach Date: 7/16/2023
Updated Date: 8/15/2023
Breach Count: 39,901,389
Content: Email addresses
Domain: n/a

Description:

In July 2023, Perception Point reported on a phishing operation dubbed "Manipulated Caiman". Targeting primarily the citizens of Mexico, the campaign attempted to gain access to victims' bank accounts via spear phishing attacks using malicious attachments. Researchers obtained almost 40M email addresses targeted in the campaign and provided the data to HIBP to alert potential victims.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Jobzone

Added Date: 8/14/2023
Breach Date: 4/15/2023
Updated Date: 8/14/2023
Breach Count: 29,708
Content: Dates of birth, Email addresses, Family members' names, Genders, Government issued IDs, Names, Phone numbers, Physical addresses
Domain: jobzone.co.il

Description:

In April 2023, data from the Israeli jobs website Jobzone was posted online. The data included 30k records of email addresses, names, social security numbers, genders, dates of birth, fathers' names and physical addresses.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Rightbiz

Added Date: 8/10/2023
Breach Date: 7/9/2023
Updated Date: 8/10/2023
Breach Count: 65,376
Content: Email addresses, Names, Phone numbers, Physical addresses
Domain: rightdev.co.uk

Description:

In June 2023, data belonging to the "UK's No.1 Business Marketplace" Rightbiz appeared on a popular hacking forum. Comprising of more than 18M rows of data, the breach included 65k unique email addresses along with names, phone numbers and physical address. Rightbiz didn't respond to mulitple attempts to disclose the incident. The data was provided to HIBP by a source who requested it be attributed to "https://discord.gg/gN9C9em".

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

CraftRise

Added Date: 8/8/2023
Breach Date: 3/5/2022
Updated Date: 8/8/2023
Breach Count: 2,532,527
Content: Email addresses, Geographic locations, Passwords, Usernames
Domain: craftrise.com.tr

Description:

In May 2023, news broke of a data breach of the Turkish Minecraft server known as CraftRise. The data of over 2.5M users was subsequently shared on a popular hacking forum and included email addresses, usernames, geographic locations and plain text passwords. The newest records indicate the data was obtained in March 2022.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

























Account Search

This site simply searches online databases of compromised account information in an attempt to help you keep your accounts safe and secure. We do not actually have or store any information -- including the usernames and email addresses you enter above.

Share This!


Make a Donation To Keep Us Running