Latest Breach Information
Below is a list of the last 25 known data breaches and any information we may have about them.
IndiaMART
| Added Date: |
8/27/2021 |
| Breach Date: |
5/23/2021 |
| Updated Date: |
8/27/2021 |
| Breach Count: |
20,154,583 |
| Content: |
Email addresses, Names, Phone numbers, Physical addresses |
| Domain: |
indiamart.com |
Description:
In August 2021, 38 million records from Indian e-commerce company IndiaMART were found being traded on a popular hacking forum. Dated several months earlier, the data included over 20 million unique email addresses alongside names, phone numbers and physical addresses. It's unclear whether IndiaMART intentionally exposed the data attributes as part of the intended design of the platform or whether the data was obtained by exploiting a vulnerability in the service.
Verified: 
,
Fabricated: 
,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Imavex
| Added Date: |
8/26/2021 |
| Breach Date: |
8/20/2021 |
| Updated Date: |
8/26/2021 |
| Breach Count: |
878,209 |
| Content: |
Email addresses, Genders, Names, Partial credit card data, Passwords, Phone numbers, Physical addresses, Purchases, Usernames |
| Domain: |
imavex.com |
Description:
In August 2021, the website development company Imavex suffered a data breach that exposed 878 thousand unique email addresses. The data included user records containing names, usernames and password material with some records also containing genders and partial credit card data, including the last 4 digits of the card and expiry date. Hundreds of thousands of form submissions and orders via Imavex customers were also exposed and contained further personal information of submitters and the contents of the form.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
SubaGames
| Added Date: |
8/25/2021 |
| Breach Date: |
11/1/2016 |
| Updated Date: |
8/25/2021 |
| Breach Count: |
6,137,666 |
| Content: |
Email addresses, Passwords, Usernames |
| Domain: |
subagames.com |
Description:
In November 2016, the game developer Suba Games suffered a data breach which led to the exposure of 6.1M unique email addresses. Impacted data also included usernames and passwords, most of which appeared circulating in the breached file in plain text after being cracked from salted MD5 hashes. The data was provided to HIBP by dehashed.com.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Eatigo
| Added Date: |
8/24/2021 |
| Breach Date: |
10/16/2018 |
| Updated Date: |
8/24/2021 |
| Breach Count: |
2,789,609 |
| Content: |
Email addresses, Genders, Names, Passwords, Phone numbers, Social media profiles |
| Domain: |
eatigo.com |
Description:
In October 2018, the restaurant reservation service Eatigo suffered a data breach that exposed 2.8 million accounts. The data included email addresses, names, phone numbers, social media profiles, genders and passwords stored as unsalted MD5 hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
OrderSnapp
| Added Date: |
8/7/2021 |
| Breach Date: |
6/29/2020 |
| Updated Date: |
8/7/2021 |
| Breach Count: |
1,304,447 |
| Content: |
Dates of birth, Email addresses, Names, Passwords, Phone numbers |
| Domain: |
ordersnapp.com |
Description:
In June 2020, the restaurant solutions provider OrderSnapp suffered a data breach which exposed 1.3M unique email addresses. Impacted data also included names, phone numbers, dates of birth and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
MMG Fusion
| Added Date: |
8/7/2021 |
| Breach Date: |
12/20/2020 |
| Updated Date: |
8/7/2021 |
| Breach Count: |
2,660,295 |
| Content: |
Appointments, Dates of birth, Email addresses, Genders, Marital statuses, Names, Passwords, Phone numbers, Physical addresses |
| Domain: |
mmgfusion.com |
Description:
In December 2020, the dental practice management service MMG Fusion was the victim of a data breach which exposed 2.6M unique email addresses. The data also included patient appointments, names, phone numbers, dates of birth, genders and physical addresses. A small number of records also included passwords stored as bcrypt hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Audi
| Added Date: |
7/23/2021 |
| Breach Date: |
8/14/2019 |
| Updated Date: |
7/23/2021 |
| Breach Count: |
2,743,539 |
| Content: |
Dates of birth, Driver's licenses, Email addresses, Names, Phone numbers, Physical addresses, Social security numbers, Vehicle details |
| Domain: |
audiusa.com |
Description:
In August 2019, Audi USA suffered a data breach after a vendor left data unsecured and exposed on the internet. The data contained 2.7M unique email addresses along with names, phone numbers, physical addresses and vehicle information including VIN. In a disclosure statement from Audi, they also advised some customers had driver's licenses, dates of birth, social security numbers and other personal information exposed.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Guntrader
| Added Date: |
7/21/2021 |
| Breach Date: |
7/17/2021 |
| Updated Date: |
7/21/2021 |
| Breach Count: |
112,031 |
| Content: |
Browser user agent details, Email addresses, Geographic locations, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Salutations |
| Domain: |
guntrader.uk |
Description:
In July 2021, the United Kingdom based website Guntrader suffered a data breach that exposed 112k unique email addresses. Extensive personal information was also exposed including names, phone numbers, geolocation data, IP addresses and various physical address attributes (cities for all users, complete addresses for some). Passwords stored as bcrypt hashes were also exposed.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Short Édition
| Added Date: |
7/18/2021 |
| Breach Date: |
6/26/2021 |
| Updated Date: |
7/18/2021 |
| Breach Count: |
505,466 |
| Content: |
Dates of birth, Email addresses, Genders, Names, Passwords, Phone numbers, Physical addresses, Social media profiles, Usernames |
| Domain: |
short-edition.com |
Description:
In June 2021, the French publishing house of short literature Short Édition suffered a data breach that exposed 505k records. Impacted data included email and physical addresses, names, usernames, phone numbers, dates of birth, genders and passwords stored as either salted SHA-1 or salted SHA-512 hashes. Short Édition self-submitted the impacted data to HIBP.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Vastaamo
| Added Date: |
7/16/2021 |
| Breach Date: |
3/31/2019 |
| Updated Date: |
8/27/2021 |
| Breach Count: |
30,433 |
| Content: |
Email addresses, Names, Personal health data, Social security numbers |
| Domain: |
vastaamo.fi |
Description:
In October 2020, the Finnish psychotherapy service Vastaamo was the subject of a ransomware attack targeting first the company itself, followed by their patients directly. The original security incident dates back to a period between late 2018 and early 2019 and exposed data including 30k unique email addresses, names, social security numbers and notes on individuals' psychotherapy sessions. This breach has been flagged as "sensitive" and is only searchable by owners of the email addresses and domains exposed in the incident.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Raychat
| Added Date: |
7/3/2021 |
| Breach Date: |
1/31/2021 |
| Updated Date: |
7/3/2021 |
| Breach Count: |
938,981 |
| Content: |
Browser user agent details, Email addresses, IP addresses, Names, Passwords |
| Domain: |
raychat.ir |
Description:
In January 2021, the now defunct Iranian social media platform Raychat suffered a data breach that exposed 939 thousand unique email addresses. The data included names, IP addresses, browser user agent strings and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Teespring
| Added Date: |
6/25/2021 |
| Breach Date: |
4/1/2020 |
| Updated Date: |
6/25/2021 |
| Breach Count: |
8,234,193 |
| Content: |
Email addresses, Geographic locations, Names, Social media profiles |
| Domain: |
teespring.com |
Description:
In April 2020, the custom printed apparel website Teespring suffered a data breach that exposed 8.2 million customer records. The data included email addresses, names, geographic locations and social media IDs.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
yotepresto.com
| Added Date: |
6/25/2021 |
| Breach Date: |
6/22/2020 |
| Updated Date: |
6/25/2021 |
| Breach Count: |
1,444,629 |
| Content: |
Email addresses, IP addresses, Passwords, Usernames |
| Domain: |
yotepresto.com |
Description:
In June 2020, the Mexican lending platform yotepresto.com suffered a data breach. Over 1.4 million customers were impacted by the breach which disclosed email and IP addresses, usernames and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
University of California
| Added Date: |
6/20/2021 |
| Breach Date: |
12/24/2020 |
| Updated Date: |
7/3/2021 |
| Breach Count: |
547,422 |
| Content: |
Dates of birth, Education levels, Email addresses, Ethnicities, Genders, Job titles, Names, Phone numbers, Physical addresses, Social security numbers |
| Domain: |
universityofcalifornia.edu |
Description:
In December 2020, the University of California suffered a data breach due to vulnerability in in a third-party provider, Accellion. The breach exposed extensive personal data on both students and staff including 547 thousand unique email addresses, names, dates of birth, genders, social security numbers, ethnicities and other academic related data attributes. Further analysis is available in Exploring the Impact of the UC Data Breach. The data was provided to HIBP courtesy of Cyril Gorlla.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Fotolog
| Added Date: |
6/14/2021 |
| Breach Date: |
12/1/2018 |
| Updated Date: |
6/14/2021 |
| Breach Count: |
16,717,854 |
| Content: |
Email addresses, Passwords, Usernames |
| Domain: |
fotolog.com |
Description:
In December 2018, the photo sharing social network Fotolog suffered a data breach that exposed 16.7 million unique email addresses. The data also included usernames and unsalted SHA-256 password hashes. The site was dissolved the following year and repurposed as a news website based in Brcko, Bosnia and Herzegovina.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Nameless Malware
| Added Date: |
6/9/2021 |
| Breach Date: |
1/1/2020 |
| Updated Date: |
6/9/2021 |
| Breach Count: |
1,121,484 |
| Content: |
Email addresses |
| Domain: |
n/a |
Description:
In January 2021, NordLocker provided HIBP 1.1 million email addresses collected by nameless malware. The malware campaign ran between 2018 and 2020 and infected 3.25 million computers, stealing files, credentials and taking screenshots and photos using the computer's webcam. Read more in NordLocker's writeup about the Nameless malware that stole 1.2 TB of private data.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Domino's India
| Added Date: |
6/2/2021 |
| Breach Date: |
3/24/2021 |
| Updated Date: |
6/19/2021 |
| Breach Count: |
22,527,655 |
| Content: |
Email addresses, Names, Phone numbers, Physical addresses, Purchases |
| Domain: |
dominos.co.in |
Description:
In April 2021, 13TB of compromised Domino's India appeared for sale on a hacking forum after which the company acknowledged a major data breach they dated back to March. The compromised data included 22.5 million unique email addresses, names, phone numbers, order histories and physical addresses.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
JD
| Added Date: |
6/2/2021 |
| Breach Date: |
1/1/2013 |
| Updated Date: |
6/2/2021 |
| Breach Count: |
77,449,341 |
| Content: |
Email addresses, Passwords, Phone numbers, Usernames |
| Domain: |
jd.com |
Description:
In 2013 (exact date unknown), the Chinese e-commerce service JD suffered a data breach that exposed 13GB of data containing 77 million unique email addresses. The data also included usernames, phone numbers and passwords stored as SHA-1 hashes. The data was provided to HIBP by a source who requested it be attributed to "[email protected]".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
MobiFriends
| Added Date: |
5/22/2021 |
| Breach Date: |
1/6/2020 |
| Updated Date: |
5/22/2021 |
| Breach Count: |
3,512,952 |
| Content: |
Dates of birth, Email addresses, Genders, Passwords, Usernames |
| Domain: |
mobifriends.com |
Description:
In January 2020, the Barcelona-based dating app MobiFriends suffered a data breach that exposed 3.5 million unique email addresses. The data also included usernames, genders, dates of birth and MD5 password hashes. The data was provided to HIBP by a source who requested it be attributed to "[email protected]".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Moneycontrol
| Added Date: |
5/22/2021 |
| Breach Date: |
9/7/2017 |
| Updated Date: |
5/22/2021 |
| Breach Count: |
762,874 |
| Content: |
Email addresses, Genders, Geographic locations, Passwords, Phone numbers |
| Domain: |
moneycontrol.com |
Description:
In April 2021, hackers posted data for sale originating from the online Indian financial platform, Moneycontrol. The data included 763 thousand unique email addresses (allegedly a subset of a larger 40 million account breach), alongside geographic locations, phone numbers, genders, dates of birth and plain text passwords. The date of the original breach is unclear, although the breached data indicates the file was created in September 2017 and Moneycontrol has stated that the breach is "an old data set".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List: