Latest Breach Information

Below is a list of the last 25 known data breaches and any information we may have about them.


DivX SubTitles

Added Date: 6/13/2022
Breach Date: 1/1/2010
Updated Date: 6/13/2022
Breach Count: 783,058
Content: Email addresses, Passwords, Usernames
Domain: divxsubtitles.net

Description:

In approximately 2010, the now defunct website DivX SubTitles suffered a data breach that exposed 783k user accounts including email addresses, usernames and plain text passwords.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

CTARS

Added Date: 5/31/2022
Breach Date: 5/21/2021
Updated Date: 5/31/2022
Breach Count: 12,314
Content: Dates of birth, Email addresses, Genders, Names, Passwords, Personal health data, Phone numbers, Physical addresses, Salutations, Usernames
Domain: ctars.com.au

Description:

In May 2022, the client management system for the Australian government's NDIS (National Disability Insurance Scheme) suffered a data breach which was subsequently posted to an online hacking forum. The CTARS cloud platform is used by care providers to record information about NDIS participants and often contains sensitive medical information. Impacted data includes over 12k unique email addresses, physical addresses, names, dates of birth, phone numbers and data related to patient conditions and treatments.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Adecco

Added Date: 5/31/2022
Breach Date: 1/3/2021
Updated Date: 5/31/2022
Breach Count: 4,284,538
Content: Email addresses, Genders, Geographic locations, Marital statuses, Names, Passwords, Phone numbers
Domain: adecco.com

Description:

In March 2021, news broke of a massive data breach impacting millions of Adecco customers in South America which was subsequently sold on a popular hacking forum. The breach exposed over 4M unique email addresses as well as genders, dates of birth, marital statuses, phone numbers and passwords stored as bcrypt hashes.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

MGM Resorts (2022 Update)

Added Date: 5/28/2022
Breach Date: 7/25/2019
Updated Date: 5/28/2022
Breach Count: 24,842,001
Content: Dates of birth, Email addresses, Names, Phone numbers, Physical addresses
Domain: mgmresorts.com

Description:

In July 2019, MGM Resorts discovered a data breach of one of their cloud services. The breach included 10.6M guest records with 3.1M unique email addresses stemming back to 2017. In May 2022, a superset of the data totalling almost 25M unique email addresses across 142M rows was extensively shared on Telegram. On analysis, it's highly likely the data stems from the same incident with 142M records having been discovered for sale on a dark web marketplace in mid-2020. The exposed data included email and physical addresses, names, phone numbers and dates of birth.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Preen.Me

Added Date: 5/25/2022
Breach Date: 5/25/2020
Updated Date: 5/25/2022
Breach Count: 236,105
Content: Email addresses, Names, Social media profiles, Usernames
Domain: preen.me

Description:

In May 2020, social media marketing company Preen.Me was the target of a ransom attack that resulted in hundreds of thousands of records being publicly posted. Over 236k unique email addresses were exposed in the attack alongside names, usernames and links to social media profiles.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Amart Furniture

Added Date: 5/25/2022
Breach Date: 5/16/2022
Updated Date: 5/25/2022
Breach Count: 108,940
Content: Email addresses, Names, Passwords, Phone numbers, Physical addresses
Domain: amartfurniture.com.au

Description:

In May 2022, the Australian retailer Amart Furniture advised that their warranty claims database hosted on Amazon Web Services had been the target of a cyber attack. Over 100k records containing email and physical address, names, phone numbers and passwords stored as bcrypt hashes were exposed and shared online by the attacker.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Wendy's

Added Date: 5/24/2022
Breach Date: 3/31/2018
Updated Date: 5/24/2022
Breach Count: 52,485
Content: Education levels, Email addresses, IP addresses, Job applications, Names, Passwords, Phone numbers, Physical addresses
Domain: wendys.com.ph

Description:

In March 2018, Wendy's in the Philippines suffered a data breach which impacted over 52k customers and job applicants. The breach exposed extensive personal information including names, email and IP addresses, physical addresses, phone numbers and passwords stored as MD5 hashes.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

SirHurt

Added Date: 5/24/2022
Breach Date: 4/23/2021
Updated Date: 5/24/2022
Breach Count: 90,655
Content: Email addresses, IP addresses, Passwords, Usernames
Domain: sirhurt.net

Description:

In April 2021, the the Roblox cheats website SirHurt suffered a data breach that exposed over 90k customer records. The exposed data included email and IP addresses, usernames and passwords stored as MD5 hashes.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Fanpass

Added Date: 5/23/2022
Breach Date: 4/30/2022
Updated Date: 5/24/2022
Breach Count: 112,251
Content: Email addresses, Genders, Names, Partial dates of birth, Passwords, Phone numbers, Physical addresses, Purchases, Social media profiles
Domain: fanpass.co.uk

Description:

In April 2022, the UK based website for buying and selling soccer tickets Fanpass suffered a data breach which exposed 112k customer records. Impacted data includes names, phone numbers, physical addresses, purchase histories and salted password hashes. The data was provided to HIBP by a source who requested it be attributed to "breaches.net".

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Read Novel

Added Date: 5/16/2022
Breach Date: 5/1/2019
Updated Date: 5/16/2022
Breach Count: 22,424,472
Content: Email addresses, Genders, Passwords, Phone numbers, Usernames
Domain: readnovel.com

Description:

In May 2019, the Chinese literature website Read Novel allegedly suffered a data breach that exposed 22M unique email addresses. Data also included usernames, genders, phone numbers and passwords stored as salted MD5 hashes. The data was provided to HIBP by a source who requested it be attributed to "[email protected]". Read more about Chinese data breaches in Have I Been Pwned.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

BlackBerry Fans

Added Date: 5/15/2022
Breach Date: 5/6/2022
Updated Date: 5/15/2022
Breach Count: 174,168
Content: Email addresses, IP addresses, Passwords, Usernames
Domain: blackberryfans.org

Description:

In May 2022, the Chinese BlackBerry enthusiasts website BlackBerry Fans suffered a data breach that exposed 174k member records. The impacted data included usernames, email and IP addresses and passwords stored as salted MD5 hashes.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

OGUsers (2021 breach)

Added Date: 5/15/2022
Breach Date: 4/11/2021
Updated Date: 5/15/2022
Breach Count: 348,302
Content: Email addresses, IP addresses, Passwords, Usernames
Domain: ogusers.com

Description:

In April 2021, the account hijacking and SIM swapping forum OGusers suffered a data breach, the fourth since December 2018. The breach was subsequently sold on a rival hacking forum and contained usernames, email and IP addresses and passwords stored as either salted MD5 or argon2 hashes. A total of 348k unique email addresses appeared in the breach.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Paragon Cheats

Added Date: 5/13/2022
Breach Date: 5/22/2021
Updated Date: 5/13/2022
Breach Count: 188,089
Content: Browser user agent details, Email addresses, IP addresses, Usernames
Domain: paragoncheats.com

Description:

In May 2021, the Grand Theft Auto Online cheats website Paragon Cheats suffered a data breach that lead to the shutdown of the service. The breach exposed 188k customer records including usernames, email and IP addresses. The data was provided to HIBP by a source who requested it be attributed to "VRAirhead and xFueY".

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

PayHere

Added Date: 5/2/2022
Breach Date: 3/27/2022
Updated Date: 5/2/2022
Breach Count: 1,580,249
Content: Email addresses, IP addresses, Names, Partial credit card data, Phone numbers, Physical addresses, Purchases
Domain: payhere.lk

Description:

In late March 2022, the Sri Lankan payment gateway PayHere suffered a data breach that exposed more than 65GB of payment records including over 1.5M unique email addresses. The data also included IP and physical addresses, names, phone numbers, purchase histories and partially obfuscated credit card data (card type, first 6 and last 4 digits plus expiry date). A month later, PayHere published a blog on the incident titled Ensuring Integrity on PayHere Cybersecurity Incident.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Aimware

Added Date: 5/1/2022
Breach Date: 4/28/2019
Updated Date: 5/1/2022
Breach Count: 305,470
Content: Email addresses, IP addresses, Passwords, Private messages, Usernames, Website activity
Domain: aimware.net

Description:

In mid-2019, the video game cheats website "Aimware" suffered a data breach that exposed hundreds of thousands of subscribers' personal information. Data included email and IP addresses, usernames, forum posts, private messages, website activity and passwords stored as salted MD5 hashes. The data was provided to HIBP by a source who requested it be attributed to "clerk/anthrax/soontoberichh".

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Devil-Torrents.pl

Added Date: 5/1/2022
Breach Date: 1/4/2021
Updated Date: 5/1/2022
Breach Count: 63,451
Content: Email addresses, Passwords
Domain: devil-torrents.pl

Description:

In early 2021, the Polish torrents website Devil-Torrents.pl suffered a data breach. A subset of the data including 63k unique email addresses and cracked passwords were subsequently socialised on a popular data breach sharing service.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Avvo

Added Date: 4/14/2022
Breach Date: 12/17/2019
Updated Date: 4/14/2022
Breach Count: 4,101,101
Content: Email addresses, Passwords
Domain: avvo.com

Description:

In approximately December 2019, an alleged data breach of the lawyer directory service Avvo was published to an online hacking forum and used in an extortion scam (it's possible the exposure dates back earlier than that). The data contained 4.1M unique email addresses alongside SHA-1 hashes, most likely representing user passwords. Multiple attempts at contacting Avvo over the course of a week were unsuccessful and the authenticity of the data was eventually verified with common Avvo and HIBP subscribers.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Travelio

Added Date: 4/7/2022
Breach Date: 11/23/2021
Updated Date: 4/7/2022
Breach Count: 471,376
Content: Auth tokens, Dates of birth, Email addresses, Names, Passwords, Phone numbers, Physical addresses
Domain: travelio.com

Description:

In November 2021, the Indonesian real estate website Travelio suffered a data breach that exposed over 470k customer accounts. The data included email addresses, names, password hashes, phone numbers and for some accounts, dates of birth, physical address and Facebook auth tokens. The data was provided to HIBP by a source who requested it be attributed to "[email protected]".

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Royal Enfield

Added Date: 3/31/2022
Breach Date: 1/1/2019
Updated Date: 3/31/2022
Breach Count: 420,873
Content: Dates of birth, Email addresses, Genders, Names, Passwords, Phone numbers, Physical addresses, Social media profiles, Vehicle details
Domain: royalenfield.com

Description:

In January 2020, motorcycle maker Royal Enfield left a database publicly exposed that resulted in the inadvertent publication of over 400k customers. The impacted data included email and physical addresses, names, motorcycle information, social media profiles, passwords, and other personal information. The data was provided to HIBP by a source who requested it be attributed to "[email protected]".

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

ZAP-Hosting

Added Date: 3/19/2022
Breach Date: 11/22/2021
Updated Date: 3/19/2022
Breach Count: 746,682
Content: Browser user agent details, Chat logs, Email addresses, IP addresses, Names, Phone numbers, Physical addresses, Purchases
Domain: zap-hosting.com

Description:

In November 2021, web host ZAP-Hosting suffered a data breach that exposed over 60GB of data containing 746k unique email addresses. The breach also contained support chat logs, IP addresses, names, purchases, physical addresses and phone numbers.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

























Account Search

This site simply searches online databases of compromised account information in an attempt to help you keep your accounts safe and secure. We do not actually have or store any information -- including the usernames and email addresses you enter above.

Share This!


Make a Donation To Keep Us Running