Latest Breach Information

Below is a list of the last 25 known data breaches and any information we may have about them.


Read Novel

Added Date: 5/16/2022
Breach Date: 5/1/2019
Updated Date: 5/16/2022
Breach Count: 22,424,472
Content: Email addresses, Genders, Passwords, Phone numbers, Usernames
Domain: readnovel.com

Description:

In May 2019, the Chinese literature website Read Novel allegedly suffered a data breach that exposed 22M unique email addresses. Data also included usernames, genders, phone numbers and passwords stored as salted MD5 hashes. The data was provided to HIBP by a source who requested it be attributed to "[email protected]". Read more about Chinese data breaches in Have I Been Pwned.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

BlackBerry Fans

Added Date: 5/15/2022
Breach Date: 5/6/2022
Updated Date: 5/15/2022
Breach Count: 174,168
Content: Email addresses, IP addresses, Passwords, Usernames
Domain: blackberryfans.org

Description:

In May 2022, the Chinese BlackBerry enthusiasts website BlackBerry Fans suffered a data breach that exposed 174k member records. The impacted data included usernames, email and IP addresses and passwords stored as salted MD5 hashes.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

OGUsers (2021 breach)

Added Date: 5/15/2022
Breach Date: 4/11/2021
Updated Date: 5/15/2022
Breach Count: 348,302
Content: Email addresses, IP addresses, Passwords, Usernames
Domain: ogusers.com

Description:

In April 2021, the account hijacking and SIM swapping forum OGusers suffered a data breach, the fourth since December 2018. The breach was subsequently sold on a rival hacking forum and contained usernames, email and IP addresses and passwords stored as either salted MD5 or argon2 hashes. A total of 348k unique email addresses appeared in the breach.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Paragon Cheats

Added Date: 5/13/2022
Breach Date: 5/22/2021
Updated Date: 5/13/2022
Breach Count: 188,089
Content: Browser user agent details, Email addresses, IP addresses, Usernames
Domain: paragoncheats.com

Description:

In May 2021, the Grand Theft Auto Online cheats website Paragon Cheats suffered a data breach that lead to the shutdown of the service. The breach exposed 188k customer records including usernames, email and IP addresses. The data was provided to HIBP by a source who requested it be attributed to "VRAirhead and xFueY".

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

PayHere

Added Date: 5/2/2022
Breach Date: 3/27/2022
Updated Date: 5/2/2022
Breach Count: 1,580,249
Content: Email addresses, IP addresses, Names, Partial credit card data, Phone numbers, Physical addresses, Purchases
Domain: payhere.lk

Description:

In late March 2022, the Sri Lankan payment gateway PayHere suffered a data breach that exposed more than 65GB of payment records including over 1.5M unique email addresses. The data also included IP and physical addresses, names, phone numbers, purchase histories and partially obfuscated credit card data (card type, first 6 and last 4 digits plus expiry date). A month later, PayHere published a blog on the incident titled Ensuring Integrity on PayHere Cybersecurity Incident.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Aimware

Added Date: 5/1/2022
Breach Date: 4/28/2019
Updated Date: 5/1/2022
Breach Count: 305,470
Content: Email addresses, IP addresses, Passwords, Private messages, Usernames, Website activity
Domain: aimware.net

Description:

In mid-2019, the video game cheats website "Aimware" suffered a data breach that exposed hundreds of thousands of subscribers' personal information. Data included email and IP addresses, usernames, forum posts, private messages, website activity and passwords stored as salted MD5 hashes. The data was provided to HIBP by a source who requested it be attributed to "clerk/anthrax/soontoberichh".

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Devil-Torrents.pl

Added Date: 5/1/2022
Breach Date: 1/4/2021
Updated Date: 5/1/2022
Breach Count: 63,451
Content: Email addresses, Passwords
Domain: devil-torrents.pl

Description:

In early 2021, the Polish torrents website Devil-Torrents.pl suffered a data breach. A subset of the data including 63k unique email addresses and cracked passwords were subsequently socialised on a popular data breach sharing service.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Avvo

Added Date: 4/14/2022
Breach Date: 12/17/2019
Updated Date: 4/14/2022
Breach Count: 4,101,101
Content: Email addresses, Passwords
Domain: avvo.com

Description:

In approximately December 2019, an alleged data breach of the lawyer directory service Avvo was published to an online hacking forum and used in an extortion scam (it's possible the exposure dates back earlier than that). The data contained 4.1M unique email addresses alongside SHA-1 hashes, most likely representing user passwords. Multiple attempts at contacting Avvo over the course of a week were unsuccessful and the authenticity of the data was eventually verified with common Avvo and HIBP subscribers.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Travelio

Added Date: 4/7/2022
Breach Date: 11/23/2021
Updated Date: 4/7/2022
Breach Count: 471,376
Content: Auth tokens, Dates of birth, Email addresses, Names, Passwords, Phone numbers, Physical addresses
Domain: travelio.com

Description:

In November 2021, the Indonesian real estate website Travelio suffered a data breach that exposed over 470k customer accounts. The data included email addresses, names, password hashes, phone numbers and for some accounts, dates of birth, physical address and Facebook auth tokens. The data was provided to HIBP by a source who requested it be attributed to "[email protected]".

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Royal Enfield

Added Date: 3/31/2022
Breach Date: 1/1/2019
Updated Date: 3/31/2022
Breach Count: 420,873
Content: Dates of birth, Email addresses, Genders, Names, Passwords, Phone numbers, Physical addresses, Social media profiles, Vehicle details
Domain: royalenfield.com

Description:

In January 2020, motorcycle maker Royal Enfield left a database publicly exposed that resulted in the inadvertent publication of over 400k customers. The impacted data included email and physical addresses, names, motorcycle information, social media profiles, passwords, and other personal information. The data was provided to HIBP by a source who requested it be attributed to "[email protected]".

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

ZAP-Hosting

Added Date: 3/19/2022
Breach Date: 11/22/2021
Updated Date: 3/19/2022
Breach Count: 746,682
Content: Browser user agent details, Chat logs, Email addresses, IP addresses, Names, Phone numbers, Physical addresses, Purchases
Domain: zap-hosting.com

Description:

In November 2021, web host ZAP-Hosting suffered a data breach that exposed over 60GB of data containing 746k unique email addresses. The breach also contained support chat logs, IP addresses, names, purchases, physical addresses and phone numbers.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

CDEK

Added Date: 3/17/2022
Breach Date: 3/9/2022
Updated Date: 3/17/2022
Breach Count: 19,218,203
Content: Email addresses, Names, Phone numbers
Domain: cdek.ru

Description:

In early 2022, a collective known as IT Army whose stated goal is to "completely de-anonymise most Russian users by leaking hundreds of gigabytes of databases" published over 30GB of data allegedly sourced from Russian courier service CDEK. The data contained over 19M unique email addresses along with names and phone numbers. The authenticity of the breach could not be independently established and has been flagged as "unverfieid".

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Robinhood

Added Date: 3/3/2022
Breach Date: 11/3/2021
Updated Date: 3/3/2022
Breach Count: 5,003,937
Content: Email addresses
Domain: robinhood.com

Description:

In November 2021, the online trading platform Robinhood suffered a data breach after a customer service representative was socially engineered. The incident exposed over 5M customer email addresses and 2M customer names. The data was provided to HIBP by a source who requested it be attributed to "Jarand Moen Romtviet".

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

MacGeneration

Added Date: 3/2/2022
Breach Date: 1/29/2022
Updated Date: 3/2/2022
Breach Count: 101,004
Content: Email addresses, Passwords, Usernames
Domain: macg.co

Description:

In January 2022, the French Apple news website MacGeneration suffered a data breach. The incident exposed over 100k usernames, email addresses and passwords stored as salted SHA-512 hashes. After discovering the incident, MacGeneration self-submitted data to HIBP.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

NVIDIA

Added Date: 3/2/2022
Breach Date: 2/23/2022
Updated Date: 3/2/2022
Breach Count: 71,335
Content: Email addresses, Passwords
Domain: nvidia.com

Description:

In February 2022, microchip company NVIDIA suffered a data breach that exposed employee credentials and proprietary code. Impacted data included over 70k employee email addresses and NTLM password hashes, many of which were subsequently cracked and circulated within the hacking community.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

GiveSendGo

Added Date: 2/14/2022
Breach Date: 2/7/2022
Updated Date: 2/14/2022
Breach Count: 89,966
Content: Email addresses, Geographic locations, Names, Purchases
Domain: givesendgo.com

Description:

In February 2022, the Christian fundraising service GiveSendGo suffered a data breach which exposed the personal data of 90k donors to the Canadian "Freedom Convoy" protest against vaccine mandates. The breach exposed names, email addresses, post codes, donation amount and comments left at the time of donation.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

RedDoorz

Added Date: 1/27/2022
Breach Date: 9/4/2020
Updated Date: 1/27/2022
Breach Count: 5,890,277
Content: Dates of birth, Email addresses, Genders, Names, Occupations, Passwords, Phone numbers
Domain: reddoorz.com

Description:

In September 2020, the hotel management & booking platform RedDoorz suffered a data breach that exposed over 5.8M user accounts. The breached data included names, email addresses, phone numbers, genders, dates of birth and passwords stored as bcrypt hashes. The data was provided to HIBP by a source who requested it be attributed to "[email protected]".

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

BTC-Alpha

Added Date: 1/27/2022
Breach Date: 11/2/2021
Updated Date: 1/27/2022
Breach Count: 362,426
Content: Email addresses, IP addresses, Passwords, Usernames
Domain: btc-alpha.com

Description:

In November 2021, the crypto exchange platform BTC-Alpha suffered a ransomware attack data breach after which customer data was publicly dumped. The impacted data included 362k email and IP addresses, usernames and passwords stored as PBKDF2 hashes. The data was provided to HIBP by a source who requested it be attributed to "[email protected]".

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

ShockGore

Added Date: 1/19/2022
Breach Date: 8/11/2020
Updated Date: 1/19/2022
Breach Count: 73,944
Content: Email addresses, Genders, IP addresses, Passwords, Private messages, Usernames
Domain: shockgore.com

Description:

In August 2020, the website for sharing graphic videos and images of gore and animal cruelty suffered a data breach. The breach exposed 74k unique email addresses alongside usernames, IP addresses, genders and unsalted SHA-1 password hashes. Private messages were also exposed, many containing requests for material of a depraved nature. The data was provided to HIBP by a source who requested it be attributed to "[email protected]".

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Open Subtitles

Added Date: 1/18/2022
Breach Date: 8/1/2021
Updated Date: 1/18/2022
Breach Count: 6,783,158
Content: Email addresses, Geographic locations, IP addresses, Passwords, Usernames
Domain: opensubtitles.org

Description:

In August 2021, the subtitling website Open Subtitles suffered a data breach and subsequent ransom demand. The breach exposed almost 7M subscribers' personal data including email and IP addresses, usernames, the country of the user and passwords stored as unsalted MD5 hashes.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

























Account Search

This site simply searches online databases of compromised account information in an attempt to help you keep your accounts safe and secure. We do not actually have or store any information -- including the usernames and email addresses you enter above.

Share This!


Make a Donation To Keep Us Running