Latest Breach Information
Below is a list of the last 25 known data breaches and any information we may have about them.
Thingiverse
| Added Date: |
10/14/2021 |
| Breach Date: |
10/13/2020 |
| Updated Date: |
10/14/2021 |
| Breach Count: |
228,102 |
| Content: |
Dates of birth, Email addresses, IP addresses, Names, Passwords, Physical addresses, Usernames |
| Domain: |
thingiverse.com |
Description:
In October 2021, a database backup taken from the 3D model sharing service Thingiverse began extensively circulating within the hacking community. Dating back to October 2020, the 36GB file contained 228 thousand unique email addresses, mostly alongside comments left on 3D models. The data also included usernames, IP addresses, full names and passwords stored as either unsalted SHA-1 or bcrypt hashes. In some cases, physical addresses was also exposed. Thingiverse's owner, MakerBot, is aware of the incident but at the time of writing, is yet to issue a disclosure statement. The data was provided to HIBP by dehashed.com.
Verified: 
,
Fabricated: 
,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Playbook
| Added Date: |
10/11/2021 |
| Breach Date: |
10/19/2020 |
| Updated Date: |
10/11/2021 |
| Breach Count: |
50,538 |
| Content: |
Email addresses, Job titles, Names, Passwords, Phone numbers, Social media profiles |
| Domain: |
playbook.vc |
Description:
In September 2021, a publicly accessible PostgresSQL database belonging to the Playbook service was identified. Run by VC firm Plug and Play Ventures, the database had been exposed since October 2020 and contained more than 50 thousand unique email addresses along with names, phone numbers, job titles and passwords stored as PBKDF2 hashes. It took more than 2 weeks after being notified of the exposed data to properly secure it. It's unknown whether Plug and Play Ventures notified impacted individuals as they ceased responding to queries from the press.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Fantasy Football Hub
| Added Date: |
10/7/2021 |
| Breach Date: |
10/2/2021 |
| Updated Date: |
10/7/2021 |
| Breach Count: |
66,479 |
| Content: |
Email addresses, IP addresses, Names, Passwords, Purchases, Usernames |
| Domain: |
fantasyfootballhub.co.uk |
Description:
In October 2021, the fantasy premier league (soccer) website Fantasy Football Hub suffered a data breach that exposed 66 thousand unique email addresses. The data included names, usernames, IP addresses, transactions and passwords stored as WordPress MD5 hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Republican Party of Texas
| Added Date: |
10/6/2021 |
| Breach Date: |
9/11/2021 |
| Updated Date: |
10/6/2021 |
| Breach Count: |
72,596 |
| Content: |
Browser user agent details, Email addresses, Geographic locations, IP addresses, Names |
| Domain: |
texasgop.org |
Description:
In September 2021, the Republican Party of Texas was hacked by a group claiming to be "Anonymous" in retaliation for the state's controversial abortion ban. The September defacement was followed by a leak of data and documents which included material from the hosting provider Epik. Impacted data included over 72 thousand unique email addresses across various tables, some also including names, geographic location data, IP addresses and browser user agents.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
LinkedIn Scraped Data
| Added Date: |
10/2/2021 |
| Breach Date: |
4/8/2021 |
| Updated Date: |
10/2/2021 |
| Breach Count: |
125,698,496 |
| Content: |
Education levels, Email addresses, Genders, Geographic locations, Job titles, Names, Social media profiles |
| Domain: |
linkedin.com |
Description:
During the first half of 2021, LinkedIn was targeted by attackers who scraped data from hundreds of millions of public profiles and later sold them online. Whilst the scraping did not constitute a data breach nor did it access any personal data not intended to be publicly accessible, the data was still monetised and later broadly circulated in hacking circles. The scraped data contains approximately 400M records with 125M unique email addresses, as well as names, geographic locations, genders and job titles. LinkedIn specifically addresses the incident in their post on An update on report of scraped data.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Ajarn
| Added Date: |
9/25/2021 |
| Breach Date: |
12/13/2018 |
| Updated Date: |
9/25/2021 |
| Breach Count: |
266,399 |
| Content: |
Dates of birth, Education levels, Email addresses, Genders, Geographic locations, Job applications, Marital statuses, Names, Nationalities, Passwords, Phone numbers, Profile photos |
| Domain: |
ajarn.com |
Description:
In September 2021, the Thai-based English language teaching website Ajarn discovered they'd been the victim of a data breach dating back to December 2018. The breach was self-submitted to HIBP and included 266k email addresses, names, genders, phone numbers and other personal information. Hashed passwords were also impacted in the breach.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Epik
| Added Date: |
9/19/2021 |
| Breach Date: |
9/13/2021 |
| Updated Date: |
9/19/2021 |
| Breach Count: |
15,003,961 |
| Content: |
Email addresses, Names, Phone numbers, Physical addresses, Purchases |
| Domain: |
epik.com |
Description:
In September 2021, the domain registrar and web host Epik suffered a significant data breach, allegedly in retaliation for hosting alt-right websites. The breach exposed a huge volume of data not just of Epik customers, but also scraped WHOIS records belonging to individuals and organisations who were not Epik customers. The data included over 15 million unique email addresses (including anonymised versions for domain privacy), names, phone numbers, physical addresses, purchases and passwords stored in various formats.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
IndiaMART
| Added Date: |
8/27/2021 |
| Breach Date: |
5/23/2021 |
| Updated Date: |
8/27/2021 |
| Breach Count: |
20,154,583 |
| Content: |
Email addresses, Names, Phone numbers, Physical addresses |
| Domain: |
indiamart.com |
Description:
In August 2021, 38 million records from Indian e-commerce company IndiaMART were found being traded on a popular hacking forum. Dated several months earlier, the data included over 20 million unique email addresses alongside names, phone numbers and physical addresses. It's unclear whether IndiaMART intentionally exposed the data attributes as part of the intended design of the platform or whether the data was obtained by exploiting a vulnerability in the service.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Imavex
| Added Date: |
8/26/2021 |
| Breach Date: |
8/20/2021 |
| Updated Date: |
8/26/2021 |
| Breach Count: |
878,209 |
| Content: |
Email addresses, Genders, Names, Partial credit card data, Passwords, Phone numbers, Physical addresses, Purchases, Usernames |
| Domain: |
imavex.com |
Description:
In August 2021, the website development company Imavex suffered a data breach that exposed 878 thousand unique email addresses. The data included user records containing names, usernames and password material with some records also containing genders and partial credit card data, including the last 4 digits of the card and expiry date. Hundreds of thousands of form submissions and orders via Imavex customers were also exposed and contained further personal information of submitters and the contents of the form.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
SubaGames
| Added Date: |
8/25/2021 |
| Breach Date: |
11/1/2016 |
| Updated Date: |
8/25/2021 |
| Breach Count: |
6,137,666 |
| Content: |
Email addresses, Passwords, Usernames |
| Domain: |
subagames.com |
Description:
In November 2016, the game developer Suba Games suffered a data breach which led to the exposure of 6.1M unique email addresses. Impacted data also included usernames and passwords, most of which appeared circulating in the breached file in plain text after being cracked from salted MD5 hashes. The data was provided to HIBP by dehashed.com.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Eatigo
| Added Date: |
8/24/2021 |
| Breach Date: |
10/16/2018 |
| Updated Date: |
8/24/2021 |
| Breach Count: |
2,789,609 |
| Content: |
Email addresses, Genders, Names, Passwords, Phone numbers, Social media profiles |
| Domain: |
eatigo.com |
Description:
In October 2018, the restaurant reservation service Eatigo suffered a data breach that exposed 2.8 million accounts. The data included email addresses, names, phone numbers, social media profiles, genders and passwords stored as unsalted MD5 hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
OrderSnapp
| Added Date: |
8/7/2021 |
| Breach Date: |
6/29/2020 |
| Updated Date: |
8/7/2021 |
| Breach Count: |
1,304,447 |
| Content: |
Dates of birth, Email addresses, Names, Passwords, Phone numbers |
| Domain: |
ordersnapp.com |
Description:
In June 2020, the restaurant solutions provider OrderSnapp suffered a data breach which exposed 1.3M unique email addresses. Impacted data also included names, phone numbers, dates of birth and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
MMG Fusion
| Added Date: |
8/7/2021 |
| Breach Date: |
12/20/2020 |
| Updated Date: |
8/7/2021 |
| Breach Count: |
2,660,295 |
| Content: |
Appointments, Dates of birth, Email addresses, Genders, Marital statuses, Names, Passwords, Phone numbers, Physical addresses |
| Domain: |
mmgfusion.com |
Description:
In December 2020, the dental practice management service MMG Fusion was the victim of a data breach which exposed 2.6M unique email addresses. The data also included patient appointments, names, phone numbers, dates of birth, genders and physical addresses. A small number of records also included passwords stored as bcrypt hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Audi
| Added Date: |
7/23/2021 |
| Breach Date: |
8/14/2019 |
| Updated Date: |
7/23/2021 |
| Breach Count: |
2,743,539 |
| Content: |
Dates of birth, Driver's licenses, Email addresses, Names, Phone numbers, Physical addresses, Social security numbers, Vehicle details |
| Domain: |
audiusa.com |
Description:
In August 2019, Audi USA suffered a data breach after a vendor left data unsecured and exposed on the internet. The data contained 2.7M unique email addresses along with names, phone numbers, physical addresses and vehicle information including VIN. In a disclosure statement from Audi, they also advised some customers had driver's licenses, dates of birth, social security numbers and other personal information exposed.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Guntrader
| Added Date: |
7/21/2021 |
| Breach Date: |
7/17/2021 |
| Updated Date: |
7/21/2021 |
| Breach Count: |
112,031 |
| Content: |
Browser user agent details, Email addresses, Geographic locations, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Salutations |
| Domain: |
guntrader.uk |
Description:
In July 2021, the United Kingdom based website Guntrader suffered a data breach that exposed 112k unique email addresses. Extensive personal information was also exposed including names, phone numbers, geolocation data, IP addresses and various physical address attributes (cities for all users, complete addresses for some). Passwords stored as bcrypt hashes were also exposed.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Short Édition
| Added Date: |
7/18/2021 |
| Breach Date: |
6/26/2021 |
| Updated Date: |
7/18/2021 |
| Breach Count: |
505,466 |
| Content: |
Dates of birth, Email addresses, Genders, Names, Passwords, Phone numbers, Physical addresses, Social media profiles, Usernames |
| Domain: |
short-edition.com |
Description:
In June 2021, the French publishing house of short literature Short Édition suffered a data breach that exposed 505k records. Impacted data included email and physical addresses, names, usernames, phone numbers, dates of birth, genders and passwords stored as either salted SHA-1 or salted SHA-512 hashes. Short Édition self-submitted the impacted data to HIBP.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Vastaamo
| Added Date: |
7/16/2021 |
| Breach Date: |
3/31/2019 |
| Updated Date: |
8/27/2021 |
| Breach Count: |
30,433 |
| Content: |
Email addresses, Names, Personal health data, Social security numbers |
| Domain: |
vastaamo.fi |
Description:
In October 2020, the Finnish psychotherapy service Vastaamo was the subject of a ransomware attack targeting first the company itself, followed by their patients directly. The original security incident dates back to a period between late 2018 and early 2019 and exposed data including 30k unique email addresses, names, social security numbers and notes on individuals' psychotherapy sessions. This breach has been flagged as "sensitive" and is only searchable by owners of the email addresses and domains exposed in the incident.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Raychat
| Added Date: |
7/3/2021 |
| Breach Date: |
1/31/2021 |
| Updated Date: |
7/3/2021 |
| Breach Count: |
938,981 |
| Content: |
Browser user agent details, Email addresses, IP addresses, Names, Passwords |
| Domain: |
raychat.ir |
Description:
In January 2021, the now defunct Iranian social media platform Raychat suffered a data breach that exposed 939 thousand unique email addresses. The data included names, IP addresses, browser user agent strings and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Teespring
| Added Date: |
6/25/2021 |
| Breach Date: |
4/1/2020 |
| Updated Date: |
6/25/2021 |
| Breach Count: |
8,234,193 |
| Content: |
Email addresses, Geographic locations, Names, Social media profiles |
| Domain: |
teespring.com |
Description:
In April 2020, the custom printed apparel website Teespring suffered a data breach that exposed 8.2 million customer records. The data included email addresses, names, geographic locations and social media IDs.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
yotepresto.com
| Added Date: |
6/25/2021 |
| Breach Date: |
6/22/2020 |
| Updated Date: |
6/25/2021 |
| Breach Count: |
1,444,629 |
| Content: |
Email addresses, IP addresses, Passwords, Usernames |
| Domain: |
yotepresto.com |
Description:
In June 2020, the Mexican lending platform yotepresto.com suffered a data breach. Over 1.4 million customers were impacted by the breach which disclosed email and IP addresses, usernames and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List: