Latest Breach Information
Below is a list of the last 25 known data breaches and any information we may have about them.
Activision
Added Date: |
10/3/2023 |
Breach Date: |
12/4/2022 |
Updated Date: |
10/3/2023 |
Breach Count: |
16,006 |
Content: |
Email addresses, Geographic locations, Job titles, Names, Phone numbers |
Domain: |
activision.com |
Description:
In December 2022, attackers socially engineered an Activision HR employee into disclosing information which led to the breach of almost 20k employee records. The data contained 16k unique email addresses along with names, phone numbers, job titles and the office location of the employee. Activision advised that no sensitive employee information was included in the breach.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
Horse Isle
Added Date: |
10/2/2023 |
Breach Date: |
9/19/2020 |
Updated Date: |
10/2/2023 |
Breach Count: |
27,786 |
Content: |
Email addresses, Genders, IP addresses, Names, Passwords, Purchases, Usernames |
Domain: |
horseisle.com |
Description:
In June 2020 then again in September that same year, Horse Isle "The Secrent Land of Horses" suffered a data breach. The incident exposed 28k unique email addresses along with names, usernames, IP addresses, genders, purchases and plain text passwords. The system also stored and exposed failed password attempts for each user with the password retained in plain text.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
ApexSMS
Added Date: |
9/21/2023 |
Breach Date: |
4/15/2019 |
Updated Date: |
9/21/2023 |
Breach Count: |
23,246,481 |
Content: |
Email addresses, Genders, Geographic locations, IP addresses, Names, Phone numbers, Telecommunications carrier |
Domain: |
n/a |
Description:
In May 2019, news broke of a massive SMS spam operation known as "ApexSMS" which was discovered after a MongoDB instance of the same name was found exposed without a password. The incident leaked over 80M records with 23M unique email addresses alongside names, phone numbers and carriers, geographic locations (state and country), genders and IP addresses.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
dBforums
Added Date: |
9/20/2023 |
Breach Date: |
7/4/2016 |
Updated Date: |
9/20/2023 |
Breach Count: |
363,468 |
Content: |
Dates of birth, Email addresses, IP addresses, Passwords, Usernames |
Domain: |
dbforums.com |
Description:
In July 2016, a data breach of the now defunct database forum "dBforums" appeared for sale alongside several others hacked from the parent company, Penton. The breach of the vBulletin based forum contained 363k unique email addresses alongside usernames, IP addresses, dates of birth and salted MD5 password hashes.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
MalindoAir
Added Date: |
9/14/2023 |
Breach Date: |
3/1/2019 |
Updated Date: |
9/14/2023 |
Breach Count: |
4,328,232 |
Content: |
Dates of birth, Email addresses, Genders, Loyalty program details, Names, Nationalities, Passport numbers, Phone numbers, Physical addresses, Salutations |
Domain: |
malindoair.com |
Description:
In early 2019, the Malaysian airline Malindo Air suffered a data breach that exposed tens of millions of customer records. Containing 4.3M unique email addresses, the breach also exposed extensive personal information including names, dates of birth, genders, physical addresses, phone numbers and passport details. The data was later extensively shared on popular hacking forums.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
Viva Air
Added Date: |
9/11/2023 |
Breach Date: |
3/14/2022 |
Updated Date: |
9/11/2023 |
Breach Count: |
932,232 |
Content: |
Email addresses, IP addresses, Names, Partial credit card data, Phone numbers, Physical addresses, Purchases |
Domain: |
vivaair.com |
Description:
In March 2022, the now defunct Columbian airline Viva Air suffered a data breach and subsequent ransomware attack. Among a trove of other ransomed data, the incident exposed a log of 2.6M transactions with 932k unique email addresses, physical and IP addresses, names, phone numbers and partial credit card data (last 4 digits).
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
Dymocks
Added Date: |
9/8/2023 |
Breach Date: |
6/20/2023 |
Updated Date: |
9/8/2023 |
Breach Count: |
836,120 |
Content: |
Dates of birth, Email addresses, Genders, Names, Phone numbers, Physical addresses |
Domain: |
dymocks.com.au |
Description:
In September 2023, the Australian book retailer Dymocks announced a data breach. The data dated back to June 2023 and contained 1.2M records with 836k unique email addresses. The breach also exposed names, dates of birth, genders, phone numbers and physical addresses.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
Phished Data via CERT Poland
Added Date: |
8/31/2023 |
Breach Date: |
2/25/2023 |
Updated Date: |
8/31/2023 |
Breach Count: |
67,943 |
Content: |
Email addresses, Passwords |
Domain: |
n/a |
Description:
In August 2023, CERT Poland observed a phishing campaign that collected credentials from 68k victims. The campaign collected email addresses and passwords via a phishing email masquerading as a purchase order confirmation. CERT Poland identified a further 202 other phishing campaigns operating on the same C2 server, which has now been dismantled.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
Pampling
Added Date: |
8/31/2023 |
Breach Date: |
1/4/2020 |
Updated Date: |
9/3/2023 |
Breach Count: |
383,468 |
Content: |
Email addresses, Names, Passwords, Usernames |
Domain: |
pampling.com |
Description:
In January 2020, the online clothing retailer Pampling suffered a data breach that exposed 383k unique customer email addresses. The data was later shared on a popular hacking forum and also included names, usernames and unsalted MD5 password hashes.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
PlayCyberGames
Added Date: |
8/30/2023 |
Breach Date: |
8/9/2023 |
Updated Date: |
8/30/2023 |
Breach Count: |
3,681,753 |
Content: |
Email addresses, Passwords, Usernames |
Domain: |
playcybergames.com |
Description:
In August 2023, PlayCyberGames which "allows users to play any games with LAN function or games using IP address" suffered a data breach which exposed 3.7M customer records. The data included email addresses, usernames and MD5 password hashes with a constant value in the "salt" field. PlayCyberGames did not respond to multiple attempts to disclose the breach.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
Qakbot
Added Date: |
8/29/2023 |
Breach Date: |
8/29/2023 |
Updated Date: |
8/29/2023 |
Breach Count: |
6,431,319 |
Content: |
Email addresses, Passwords |
Domain: |
n/a |
Description:
In August 2023, the US Justice Department announced a multinational operation involving actions in the United States, France, Germany, the Netherlands, and the United Kingdom to disrupt the botnet and malware known as Qakbot and take down its infrastructure. After the takedown, 6.43M email addresses were provided to HIBP to help notify victims of the malware.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
SevenRooms
Added Date: |
8/24/2023 |
Breach Date: |
12/11/2022 |
Updated Date: |
8/24/2023 |
Breach Count: |
1,205,385 |
Content: |
Email addresses, Names, Purchases |
Domain: |
sevenrooms.com |
Description:
In December 2022, over 400GB of data belonging to restaurant customer management platform SevenRooms was posted for sale to a popular hacking forum. The data included 1.2M unique email addresses alongside names and purchases. SevenRooms advised that the breach was due to unauthorised access of "a file transfer interface of a third-party vendor".
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
Duolingo
Added Date: |
8/22/2023 |
Breach Date: |
1/24/2023 |
Updated Date: |
8/22/2023 |
Breach Count: |
2,676,696 |
Content: |
Email addresses, Names, Spoken languages, Usernames |
Domain: |
duolingo.com |
Description:
In August 2023, 2.6M records of data scraped from Duolingo were broadly distributed on a popular hacking forum. Obtained by enumerating a vulnerable API, the data had earlier appeared for sale in January 2023 and contained email addresses, names, the languages being learned, XP (experience points), and other data related to learning progress on Duolingo. Whilst some of the data attributes are intentionally public, the ability to map private email addresses to them presents an ongoing risk to user privacy.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
Atmeltomo
Added Date: |
8/21/2023 |
Breach Date: |
4/16/2021 |
Updated Date: |
8/21/2023 |
Breach Count: |
580,177 |
Content: |
Email addresses, IP addresses, Passwords, Usernames |
Domain: |
atmeltomo.com |
Description:
In April 2021, "Japan's largest e-mail friend search site" Atmeltomo suffered a data breach that was later sold on a popular hacking forum. The breach exposed 1.3M records with 580k unique email addresses along with usernames, IP addresses and unsalted MD5 password hashes.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
ECCIE
Added Date: |
8/21/2023 |
Breach Date: |
7/1/2021 |
Updated Date: |
8/21/2023 |
Breach Count: |
536,923 |
Content: |
Dates of birth, Email addresses, IP addresses, Passwords, Usernames |
Domain: |
eccie.net |
Description:
In January 2021, the adult escort forum ECCIE suffered a data breach which was later posted to a popular hacking forum. The data included 536k user records with email and IP addresses, usernames, dates of birth and salted MD5 password hashes.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
iMenu360
Added Date: |
8/17/2023 |
Breach Date: |
8/11/2022 |
Updated Date: |
8/17/2023 |
Breach Count: |
3,425,860 |
Content: |
Email addresses, Names, Phone numbers, Physical addresses |
Domain: |
imenu360.com |
Description:
In approximately late 2022, 3.4M customer records from iMenu360 ("The world's #1 most trusted online ordering platform") were exposed. The data appeared to be from ordering systems using the platform and contained email and physical addresses, latitudes and longitudes, names and phone numbers. Numerous attempts were made to contact iMenu360 about the incident between April and August 2023, but no response was received.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
Manipulated Caiman
Added Date: |
8/15/2023 |
Breach Date: |
7/16/2023 |
Updated Date: |
8/15/2023 |
Breach Count: |
39,901,389 |
Content: |
Email addresses |
Domain: |
n/a |
Description:
In July 2023, Perception Point reported on a phishing operation dubbed "Manipulated Caiman". Targeting primarily the citizens of Mexico, the campaign attempted to gain access to victims' bank accounts via spear phishing attacks using malicious attachments. Researchers obtained almost 40M email addresses targeted in the campaign and provided the data to HIBP to alert potential victims.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
Jobzone
Added Date: |
8/14/2023 |
Breach Date: |
4/15/2023 |
Updated Date: |
8/14/2023 |
Breach Count: |
29,708 |
Content: |
Dates of birth, Email addresses, Family members' names, Genders, Government issued IDs, Names, Phone numbers, Physical addresses |
Domain: |
jobzone.co.il |
Description:
In April 2023, data from the Israeli jobs website Jobzone was posted online. The data included 30k records of email addresses, names, social security numbers, genders, dates of birth, fathers' names and physical addresses.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
Rightbiz
Added Date: |
8/10/2023 |
Breach Date: |
7/9/2023 |
Updated Date: |
8/10/2023 |
Breach Count: |
65,376 |
Content: |
Email addresses, Names, Phone numbers, Physical addresses |
Domain: |
rightdev.co.uk |
Description:
In June 2023, data belonging to the "UK's No.1 Business Marketplace" Rightbiz appeared on a popular hacking forum. Comprising of more than 18M rows of data, the breach included 65k unique email addresses along with names, phone numbers and physical address. Rightbiz didn't respond to mulitple attempts to disclose the incident. The data was provided to HIBP by a source who requested it be attributed to "https://discord.gg/gN9C9em".
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
CraftRise
Added Date: |
8/8/2023 |
Breach Date: |
3/5/2022 |
Updated Date: |
8/8/2023 |
Breach Count: |
2,532,527 |
Content: |
Email addresses, Geographic locations, Passwords, Usernames |
Domain: |
craftrise.com.tr |
Description:
In May 2023, news broke of a data breach of the Turkish Minecraft server known as CraftRise. The data of over 2.5M users was subsequently shared on a popular hacking forum and included email addresses, usernames, geographic locations and plain text passwords. The newest records indicate the data was obtained in March 2022.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List: