Latest Breach Information
Below is a list of the last 25 known data breaches and any information we may have about them.
Color Dating
Added Date: |
3/2/2025 |
Breach Date: |
9/5/2018 |
Updated Date: |
3/2/2025 |
Breach Count: |
220,503 |
Content: |
Bios, Dates of birth, Email addresses, Geographic locations, Names, Passwords, Profile photos |
Domain: |
colordatingapp.com |
Description:
In September 2018, the dating app to match people with different ethnicities Color Dating suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 220k unique email addresses along with bios, names, profile photos and bcrypt password hashes. The data was provided to HIBP by a source who requested it be attributed to "ANK (Veles)".
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
Flat Earth Sun, Moon and Zodiac App
Added Date: |
3/1/2025 |
Breach Date: |
10/15/2024 |
Updated Date: |
3/1/2025 |
Breach Count: |
33,294 |
Content: |
Dates of birth, Email addresses, Genders, Geographic locations, Names, Passwords, Usernames |
Domain: |
flatearthdave.com |
Description:
In October 2024, the flat earth sun, moon and zodiac app created by Flat Earth Dave was found to be leaking extensive personal information of its users. The data included 33k unique email addresses along with usernames, latitudes and longitudes (their position on the globe) and passwords stored in plain text. A small number of profiles also contained names, dates of birth and genders.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
Spyzie
Added Date: |
2/27/2025 |
Breach Date: |
2/22/2024 |
Updated Date: |
2/27/2025 |
Breach Count: |
518,643 |
Content: |
Email addresses |
Domain: |
spyzie.io |
Description:
In February 2025, the spyware service Spyzie suffered a data breach along with sibling spyware services, Spyic and Cocospy. The Spyzie breach alone exposed almost 519k customer email addresses which were provided to HIBP, and reportedly also enabled unauthorised access to captured messages, photos, call logs, and more. The data was provided to HIBP by a source who requested it be attributed to "[email protected]".
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
Orange Romania
Added Date: |
2/26/2025 |
Breach Date: |
2/24/2025 |
Updated Date: |
2/26/2025 |
Breach Count: |
556,557 |
Content: |
Email addresses, Partial credit card data, Phone numbers |
Domain: |
orange.ro |
Description:
In February 2025, the Romanian arm of telecommunications company Orange suffered a data breach which was subsequently published to a popular hacking forum. The data included 556k email addresses (of which hundreds of thousands were in the form of [phone number]@as1.romtelecom.net), phone numbers, subscription details, partial credit card data (type, last 4 digits, expiration date and issuing bank). The breach also exposed an extensive number of internal documents.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
ALIEN TXTBASE Stealer Logs
Added Date: |
2/25/2025 |
Breach Date: |
2/15/2025 |
Updated Date: |
2/25/2025 |
Breach Count: |
284,132,969 |
Content: |
Email addresses, Passwords |
Domain: |
n/a |
Description:
In February 2025, 23 billion rows of stealer logs were obtained from a Telegram channel known as ALIEN TXTBASE. The data contained 284M unique email addresses alongside the websites they were entered into and the passwords used. This data is now searchable in HIBP by both email domain and the domain of the target website.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
Spyic
Added Date: |
2/20/2025 |
Breach Date: |
2/14/2025 |
Updated Date: |
2/20/2025 |
Breach Count: |
875,999 |
Content: |
Email addresses |
Domain: |
spyic.com |
Description:
In February 2025, the spyware service Spyic suffered a data breach along with sibling spyware service, Cocospy. The Spyic breach alone exposed almost 876k customer email addresses which were provided to HIBP, and reportedly also enabled unauthorised access to captured messages, photos, call logs, and more. The data was provided to HIBP by a source who requested it be attributed to "[email protected]".
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
Cocospy
Added Date: |
2/20/2025 |
Breach Date: |
2/14/2025 |
Updated Date: |
2/20/2025 |
Breach Count: |
1,798,059 |
Content: |
Email addresses |
Domain: |
cocospy.com |
Description:
In February 2025, the spyware service Cocospy suffered a data breach along with sibling spyware service, Spyic. The Cocospy breach alone exposed almost 1.8M customer email addresses which were provided to HIBP, and reportedly also enabled unauthorised access to captured messages, photos, call logs, and more. The data was provided to HIBP by a source who requested it be attributed to "[email protected]".
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
Storenvy
Added Date: |
2/16/2025 |
Breach Date: |
4/4/2019 |
Updated Date: |
2/16/2025 |
Breach Count: |
11,052,071 |
Content: |
Dates of birth, Email addresses, Genders, Geographic locations, IP addresses, Passwords, Usernames |
Domain: |
storenvy.com |
Description:
In mid-2019, the e-commerce website Storenvy suffered a data breach that exposed millions of customer records. A portion of the breached records were subsequently posted to a hacking forum with cracked password hashes, whilst the entire corpus of 23M rows was put up for sale. The data contained 11M unique email addresses alongside usernames, IP addresses, the user's city, gender date of birth and original salted SHA-1 password hash.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
Doxbin (TOoDA)
Added Date: |
2/13/2025 |
Breach Date: |
2/12/2024 |
Updated Date: |
2/13/2025 |
Breach Count: |
136,461 |
Content: |
Email addresses, Usernames |
Domain: |
doxbin.com |
Description:
In February 2025, the "doxing" website Doxbin was compromised by a group calling themselves "TOoDA" and the data dumped publicly. Included in the breach were 336k unique email addresses alongside usernames. The data was provided to HIBP by a source who requested it be attributed to "emo.rip".
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
Zacks (2024)
Added Date: |
2/12/2025 |
Breach Date: |
6/22/2024 |
Updated Date: |
2/12/2025 |
Breach Count: |
11,994,223 |
Content: |
Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Usernames |
Domain: |
zacks.com |
Description:
In June 2024, the investment research company Zacks was allegedly breached, and data was later published to a popular hacking forum. This comes after a separate Zacks data breach confirmed by the organisation in 2023 with the subsequent breach disclosing millions of additional records representing a superset of data from the first incident. The 2024 breach included 12M unique email addresses along with IP and physical addresses, names, usernames, phone numbers and unsalted SHA-256 password hashes. Zacks did not respond to multiple attempts to contact them about the incident.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
LandAirSea
Added Date: |
2/10/2025 |
Breach Date: |
1/12/2025 |
Updated Date: |
2/13/2025 |
Breach Count: |
337,373 |
Content: |
Email addresses, Names, Partial credit card data, Passwords, Physical addresses, Usernames |
Domain: |
landairsea.com |
Description:
In January 2025, the GPS tracking service LandAirSea suffered a data breach that exposed 337k unique customer email addresses alongside names, usernames and password hashes. The breach also exposed partial credit card data (card type, last 4 digits and expiration), and GPS device identifiers and locations. LandAirSea is aware of the breach and has remediated the underlying vulnerability. The data was provided to HIBP by a source who requested it be attributed to "[email protected]".
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
Adopt Me Trading Values
Added Date: |
2/9/2025 |
Breach Date: |
7/1/2022 |
Updated Date: |
2/9/2025 |
Breach Count: |
86,136 |
Content: |
Email addresses, IP addresses, Passwords, Usernames |
Domain: |
adoptmetradingvalues.com |
Description:
In July 2022, the Adopt Me Trading Values website for assessing the value of pet trades within the "Adopt Me!" Roblox game suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 86k unique email addresses along with usernames (and Roblox usernames), IP addresses and bcrypt password hashes. The data was provided to HIBP by a source who requested it be attributed to "Leidhall".
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
Youthmanual
Added Date: |
2/9/2025 |
Breach Date: |
1/31/2019 |
Updated Date: |
2/9/2025 |
Breach Count: |
937,912 |
Content: |
Bios, Dates of birth, Email addresses, Genders, Names, Passwords, Phone numbers, Physical addresses, Places of birth |
Domain: |
youthmanual.com |
Description:
In January 2019, the Indonesian college and career platform Youthmanual suffered a data breach that exposed 1.1M records of data. The breached included 938k unique email addresses along with extensive personal information including names, genders, dates and places of birth, phone numbers, physical addresses and salted SHA-1 password hashes.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
Thermomix Recipe World Forum
Added Date: |
2/6/2025 |
Breach Date: |
1/30/2025 |
Updated Date: |
2/6/2025 |
Breach Count: |
3,123,439 |
Content: |
Bios, Dates of birth, Email addresses, Names, Phone numbers, Physical addresses, Usernames |
Domain: |
rezeptwelt.de |
Description:
In January 2025, the Rezeptwelt (German for "recipe world") forum for Thermomix owners suffered a data breach. The incident exposed 3.1M registered users' details including names, email and physical addresses, phone numbers, dates of birth and bios (usually cooking related). The data was provided to HIBP by a source who requested it be attributed to "[email protected]".
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
Hakko Corporation
Added Date: |
2/5/2025 |
Breach Date: |
3/28/2019 |
Updated Date: |
2/5/2025 |
Breach Count: |
9,665 |
Content: |
Dates of birth, Email addresses, Genders, Names, Passwords, Phone numbers, Physical addresses, Usernames |
Domain: |
hakko.com |
Description:
In March 2019, the Japanese solder-related business Hakko Corporation suffered a data breach. The incident exposed almost 10k customer records including email and physical addresses, phone numbers, names, usernames, genders, dates of birth and plain text passwords.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
PoinCampus
Added Date: |
2/3/2025 |
Breach Date: |
11/14/2024 |
Updated Date: |
2/3/2025 |
Breach Count: |
89,116 |
Content: |
Dates of birth, Email addresses, Names, Phone numbers |
Domain: |
poincampus.com |
Description:
In November 2024, the South Korean education platform PoinCampus suffered a data breach which was later published to a popular hacking forum. The data included 89k unique email addresses, names and a small number of phone numbers and dates of birth. The data was provided to HIBP by a source who requested it be attributed to "Threat Actor 888".
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
1win
Added Date: |
2/3/2025 |
Breach Date: |
11/2/2024 |
Updated Date: |
2/5/2025 |
Breach Count: |
96,166,543 |
Content: |
Dates of birth, Email addresses, Geographic locations, IP addresses, Passwords, Phone numbers |
Domain: |
1win.com |
Description:
In November 2024, the online betting platform 1win suffered a data breach that exposed 96M users. The exposed data included email and IP addresses, phone numbers, dates of birth, country and SHA-256 password hashes. The data was provided to HIBP by a source who requested it be attributed to "Leidhall".
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
DragonNest
Added Date: |
2/2/2025 |
Breach Date: |
8/23/2013 |
Updated Date: |
2/2/2025 |
Breach Count: |
511,290 |
Content: |
Email addresses, IP addresses, Passwords, Usernames |
Domain: |
dragonnest.com |
Description:
In August 2013, the massively multiplayer online role-playing game (MMORGP) DragonNest suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed over 500k unique email addresses along with usernames, IP addresses and plain text passwords. The service later suffered a massive data loss.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
9Lives
Added Date: |
2/1/2025 |
Breach Date: |
10/1/2014 |
Updated Date: |
2/5/2025 |
Breach Count: |
109,515 |
Content: |
Email addresses, Passwords, Usernames |
Domain: |
9lives.be |
Description:
In October 2014, the (now defunct) Belgian gaming news forum 9Lives suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 109k unique email addresses along with usernames and salted MD5 password hashes. The data was provided to HIBP by a source who requested it be attributed to "Leidhall".
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
Speedio
Added Date: |
1/30/2025 |
Breach Date: |
12/24/2024 |
Updated Date: |
1/30/2025 |
Breach Count: |
27,501,041 |
Content: |
Company names, Email addresses, Phone numbers, Physical addresses |
Domain: |
speedio.com.br |
Description:
In December 2024, data alleged to have been taken from the Brazilian lead generation platform Speedio was posted for sale to a popular hacking forum. The data was allegedly obtained from an unsecured Elasticsearch instance and contained over 62M records of largely public business information including company names, phone numbers and physical addresses, along with 27M unique email addresses, predominantly from public services such as Gmail and Outlook. Speedio did not respond to multiple attempts to disclose the incident, and the origin of the data could not be independently verified. The data was provided to HIBP by a source who requested it be attributed to "[email protected]".
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List: