Latest Breach Information
Below is a list of the last 25 known data breaches and any information we may have about them.
SpyX
| Added Date: |
3/19/2025 |
| Breach Date: |
6/24/2024 |
| Updated Date: |
3/19/2025 |
| Breach Count: |
1,977,011 |
| Content: |
Device information, Email addresses, Geographic locations, IP addresses, Passwords |
| Domain: |
spyx.com |
Description:
In June 2024, spyware maker SpyX suffered a data breach that exposed almost 2M unique email addresses. The breach also exposed IP addresses, countries of residence, device information and 6-digit PINs in the password field. Further, a collection of iCloud credentials likely used to monitor targets directly via the cloud were also in the breach and contained the target's email address and plain text Apple password.
Verified: 
,
Fabricated: 
,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Lexipol
| Added Date: |
3/18/2025 |
| Breach Date: |
2/11/2025 |
| Updated Date: |
3/18/2025 |
| Breach Count: |
672,546 |
| Content: |
Email addresses, Names, Passwords, Phone numbers, Usernames |
| Domain: |
lexipol.com |
Description:
In February 2025, the public safety policy management systems company Lexipol suffered a data breach. Attributed to the self-proclaimed "Puppygirl Hacker Polycule", the breach exposed an extensive number of documents and user records which were subsequently published publicly. The breach included over 670k unique email addresses in the user records, along with names, phone numbers, system-generated usernames and passwords stored as either MD5 or SHA-256 hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Color Dating
| Added Date: |
3/2/2025 |
| Breach Date: |
9/5/2018 |
| Updated Date: |
3/2/2025 |
| Breach Count: |
220,503 |
| Content: |
Bios, Dates of birth, Email addresses, Geographic locations, Names, Passwords, Profile photos |
| Domain: |
colordatingapp.com |
Description:
In September 2018, the dating app to match people with different ethnicities Color Dating suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 220k unique email addresses along with bios, names, profile photos and bcrypt password hashes. The data was provided to HIBP by a source who requested it be attributed to "ANK (Veles)".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Flat Earth Sun, Moon and Zodiac App
| Added Date: |
3/1/2025 |
| Breach Date: |
10/15/2024 |
| Updated Date: |
3/1/2025 |
| Breach Count: |
33,294 |
| Content: |
Dates of birth, Email addresses, Genders, Geographic locations, Names, Passwords, Usernames |
| Domain: |
flatearthdave.com |
Description:
In October 2024, the flat earth sun, moon and zodiac app created by Flat Earth Dave was found to be leaking extensive personal information of its users. The data included 33k unique email addresses along with usernames, latitudes and longitudes (their position on the globe) and passwords stored in plain text. A small number of profiles also contained names, dates of birth and genders.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Spyzie
| Added Date: |
2/27/2025 |
| Breach Date: |
2/22/2024 |
| Updated Date: |
2/27/2025 |
| Breach Count: |
518,643 |
| Content: |
Email addresses |
| Domain: |
spyzie.io |
Description:
In February 2025, the spyware service Spyzie suffered a data breach along with sibling spyware services, Spyic and Cocospy. The Spyzie breach alone exposed almost 519k customer email addresses which were provided to HIBP, and reportedly also enabled unauthorised access to captured messages, photos, call logs, and more. The data was provided to HIBP by a source who requested it be attributed to "[email protected]".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Orange Romania
| Added Date: |
2/26/2025 |
| Breach Date: |
2/24/2025 |
| Updated Date: |
2/26/2025 |
| Breach Count: |
556,557 |
| Content: |
Email addresses, Partial credit card data, Phone numbers |
| Domain: |
orange.ro |
Description:
In February 2025, the Romanian arm of telecommunications company Orange suffered a data breach which was subsequently published to a popular hacking forum. The data included 556k email addresses (of which hundreds of thousands were in the form of [phone number]@as1.romtelecom.net), phone numbers, subscription details, partial credit card data (type, last 4 digits, expiration date and issuing bank). The breach also exposed an extensive number of internal documents.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
ALIEN TXTBASE Stealer Logs
| Added Date: |
2/25/2025 |
| Breach Date: |
2/15/2025 |
| Updated Date: |
2/25/2025 |
| Breach Count: |
284,132,969 |
| Content: |
Email addresses, Passwords |
| Domain: |
n/a |
Description:
In February 2025, 23 billion rows of stealer logs were obtained from a Telegram channel known as ALIEN TXTBASE. The data contained 284M unique email addresses alongside the websites they were entered into and the passwords used. This data is now searchable in HIBP by both email domain and the domain of the target website.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Spyic
| Added Date: |
2/20/2025 |
| Breach Date: |
2/14/2025 |
| Updated Date: |
2/20/2025 |
| Breach Count: |
875,999 |
| Content: |
Email addresses |
| Domain: |
spyic.com |
Description:
In February 2025, the spyware service Spyic suffered a data breach along with sibling spyware service, Cocospy. The Spyic breach alone exposed almost 876k customer email addresses which were provided to HIBP, and reportedly also enabled unauthorised access to captured messages, photos, call logs, and more. The data was provided to HIBP by a source who requested it be attributed to "[email protected]".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Cocospy
| Added Date: |
2/20/2025 |
| Breach Date: |
2/14/2025 |
| Updated Date: |
2/20/2025 |
| Breach Count: |
1,798,059 |
| Content: |
Email addresses |
| Domain: |
cocospy.com |
Description:
In February 2025, the spyware service Cocospy suffered a data breach along with sibling spyware service, Spyic. The Cocospy breach alone exposed almost 1.8M customer email addresses which were provided to HIBP, and reportedly also enabled unauthorised access to captured messages, photos, call logs, and more. The data was provided to HIBP by a source who requested it be attributed to "[email protected]".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Storenvy
| Added Date: |
2/16/2025 |
| Breach Date: |
4/4/2019 |
| Updated Date: |
2/16/2025 |
| Breach Count: |
11,052,071 |
| Content: |
Dates of birth, Email addresses, Genders, Geographic locations, IP addresses, Passwords, Usernames |
| Domain: |
storenvy.com |
Description:
In mid-2019, the e-commerce website Storenvy suffered a data breach that exposed millions of customer records. A portion of the breached records were subsequently posted to a hacking forum with cracked password hashes, whilst the entire corpus of 23M rows was put up for sale. The data contained 11M unique email addresses alongside usernames, IP addresses, the user's city, gender date of birth and original salted SHA-1 password hash.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Doxbin (TOoDA)
| Added Date: |
2/13/2025 |
| Breach Date: |
2/12/2024 |
| Updated Date: |
2/13/2025 |
| Breach Count: |
136,461 |
| Content: |
Email addresses, Usernames |
| Domain: |
doxbin.com |
Description:
In February 2025, the "doxing" website Doxbin was compromised by a group calling themselves "TOoDA" and the data dumped publicly. Included in the breach were 336k unique email addresses alongside usernames. The data was provided to HIBP by a source who requested it be attributed to "emo.rip".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Zacks (2024)
| Added Date: |
2/12/2025 |
| Breach Date: |
6/22/2024 |
| Updated Date: |
2/12/2025 |
| Breach Count: |
11,994,223 |
| Content: |
Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Usernames |
| Domain: |
zacks.com |
Description:
In June 2024, the investment research company Zacks was allegedly breached, and data was later published to a popular hacking forum. This comes after a separate Zacks data breach confirmed by the organisation in 2023 with the subsequent breach disclosing millions of additional records representing a superset of data from the first incident. The 2024 breach included 12M unique email addresses along with IP and physical addresses, names, usernames, phone numbers and unsalted SHA-256 password hashes. Zacks did not respond to multiple attempts to contact them about the incident.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
LandAirSea
| Added Date: |
2/10/2025 |
| Breach Date: |
1/12/2025 |
| Updated Date: |
2/13/2025 |
| Breach Count: |
337,373 |
| Content: |
Email addresses, Names, Partial credit card data, Passwords, Physical addresses, Usernames |
| Domain: |
landairsea.com |
Description:
In January 2025, the GPS tracking service LandAirSea suffered a data breach that exposed 337k unique customer email addresses alongside names, usernames and password hashes. The breach also exposed partial credit card data (card type, last 4 digits and expiration), and GPS device identifiers and locations. LandAirSea is aware of the breach and has remediated the underlying vulnerability. The data was provided to HIBP by a source who requested it be attributed to "[email protected]".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Adopt Me Trading Values
| Added Date: |
2/9/2025 |
| Breach Date: |
7/1/2022 |
| Updated Date: |
2/9/2025 |
| Breach Count: |
86,136 |
| Content: |
Email addresses, IP addresses, Passwords, Usernames |
| Domain: |
adoptmetradingvalues.com |
Description:
In July 2022, the Adopt Me Trading Values website for assessing the value of pet trades within the "Adopt Me!" Roblox game suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 86k unique email addresses along with usernames (and Roblox usernames), IP addresses and bcrypt password hashes. The data was provided to HIBP by a source who requested it be attributed to "Leidhall".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Youthmanual
| Added Date: |
2/9/2025 |
| Breach Date: |
1/31/2019 |
| Updated Date: |
2/9/2025 |
| Breach Count: |
937,912 |
| Content: |
Bios, Dates of birth, Email addresses, Genders, Names, Passwords, Phone numbers, Physical addresses, Places of birth |
| Domain: |
youthmanual.com |
Description:
In January 2019, the Indonesian college and career platform Youthmanual suffered a data breach that exposed 1.1M records of data. The breached included 938k unique email addresses along with extensive personal information including names, genders, dates and places of birth, phone numbers, physical addresses and salted SHA-1 password hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Thermomix Recipe World Forum
| Added Date: |
2/6/2025 |
| Breach Date: |
1/30/2025 |
| Updated Date: |
2/6/2025 |
| Breach Count: |
3,123,439 |
| Content: |
Bios, Dates of birth, Email addresses, Names, Phone numbers, Physical addresses, Usernames |
| Domain: |
rezeptwelt.de |
Description:
In January 2025, the Rezeptwelt (German for "recipe world") forum for Thermomix owners suffered a data breach. The incident exposed 3.1M registered users' details including names, email and physical addresses, phone numbers, dates of birth and bios (usually cooking related). The data was provided to HIBP by a source who requested it be attributed to "[email protected]".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Hakko Corporation
| Added Date: |
2/5/2025 |
| Breach Date: |
3/28/2019 |
| Updated Date: |
2/5/2025 |
| Breach Count: |
9,665 |
| Content: |
Dates of birth, Email addresses, Genders, Names, Passwords, Phone numbers, Physical addresses, Usernames |
| Domain: |
hakko.com |
Description:
In March 2019, the Japanese solder-related business Hakko Corporation suffered a data breach. The incident exposed almost 10k customer records including email and physical addresses, phone numbers, names, usernames, genders, dates of birth and plain text passwords.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
PoinCampus
| Added Date: |
2/3/2025 |
| Breach Date: |
11/14/2024 |
| Updated Date: |
2/3/2025 |
| Breach Count: |
89,116 |
| Content: |
Dates of birth, Email addresses, Names, Phone numbers |
| Domain: |
poincampus.com |
Description:
In November 2024, the South Korean education platform PoinCampus suffered a data breach which was later published to a popular hacking forum. The data included 89k unique email addresses, names and a small number of phone numbers and dates of birth. The data was provided to HIBP by a source who requested it be attributed to "Threat Actor 888".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
1win
| Added Date: |
2/3/2025 |
| Breach Date: |
11/2/2024 |
| Updated Date: |
2/5/2025 |
| Breach Count: |
96,166,543 |
| Content: |
Dates of birth, Email addresses, Geographic locations, IP addresses, Passwords, Phone numbers |
| Domain: |
1win.com |
Description:
In November 2024, the online betting platform 1win suffered a data breach that exposed 96M users. The exposed data included email and IP addresses, phone numbers, dates of birth, country and SHA-256 password hashes. The data was provided to HIBP by a source who requested it be attributed to "Leidhall".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
DragonNest
| Added Date: |
2/2/2025 |
| Breach Date: |
8/23/2013 |
| Updated Date: |
2/2/2025 |
| Breach Count: |
511,290 |
| Content: |
Email addresses, IP addresses, Passwords, Usernames |
| Domain: |
dragonnest.com |
Description:
In August 2013, the massively multiplayer online role-playing game (MMORGP) DragonNest suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed over 500k unique email addresses along with usernames, IP addresses and plain text passwords. The service later suffered a massive data loss.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List: