Latest Breach Information
Below is a list of the last 25 known data breaches and any information we may have about them.
Abrigo
| Added Date: |
5/13/2026 |
| Breach Date: |
4/14/2026 |
| Updated Date: |
5/13/2026 |
| Breach Count: |
711,099 |
| Content: |
Email addresses, Employers, Job titles, Names, Phone numbers, Physical addresses |
| Domain: |
abrigo.com |
Description:
In April 2026, the fintech software company Abrigo was targeted in a "pay or leak" extortion attempt by the ShinyHunters group. Shortly after, data allegedly taken from the company's Salesforce instance was published publicly and contained over 700k unique email addresses belonging to both Abrigo staff and external contacts. Whilst separate from Abrigo's Salesforce compromise via the Drift application connector the previous year, the data fields described in that incident are consistent with the ShinyHunters data, namely that it was "business contact information" including "institution name, employee name, email addresses, and phone numbers".
Verified: 
,
Fabricated: 
,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Canada Life
| Added Date: |
5/13/2026 |
| Breach Date: |
4/20/2026 |
| Updated Date: |
5/13/2026 |
| Breach Count: |
237,810 |
| Content: |
Email addresses, Job titles, Names, Phone numbers, Physical addresses, Salutations, Support tickets |
| Domain: |
canadalife.com |
Description:
In April 2026, Canada Life was the victim of a "pay or leak" extortion campaign by the ShinyHunters group. The group subsequently published the data which contained over 200k unique email addresses along with names, phone numbers, physical addresses and, in some cases, customer support tickets. In their disclosure notice, Canada Life advised that "it is a small proportion of our customers who may have been impacted". In the wake of the incident, Canada Life also published an alert cautioning customers to be wary of phishing attacks, a pattern often seen after the public release of breached data.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Cushman & Wakefield
| Added Date: |
5/12/2026 |
| Breach Date: |
5/5/2026 |
| Updated Date: |
5/12/2026 |
| Breach Count: |
310,431 |
| Content: |
Email addresses, Job titles, Names, Phone numbers, Physical addresses, Salutations |
| Domain: |
cushmanwakefield.com |
Description:
In May 2026, the real estate services firm Cushman & Wakefield was the target of a "pay or leak" extortion campaign by the ShinyHunters group. Following the threat, the group publicly published data they alleged had been obtained from the firm, consisting mostly of C&W email addresses along with tens of thousands of external email addresses and corporate contact records. The exposed data was primarily business information, including names, job titles, company addresses and phone numbers.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Zara
| Added Date: |
5/8/2026 |
| Breach Date: |
4/15/2026 |
| Updated Date: |
5/8/2026 |
| Breach Count: |
197,376 |
| Content: |
Email addresses, Geographic locations, Purchases, Support tickets |
| Domain: |
zara.com |
Description:
In April 2026, the fashion brand Zara was among a number of organisations targeted by the ShinyHunters extortion group as part of their "pay or leak" campaign. The group claimed the breach was related to a compromise of the Anodot analytics platform and subsequently published a terabyte of data allegedly including 95M support ticket records. The data contained 197k unique email addresses alongside product SKUs, order IDs and the market the support ticket originated in. Zara's parent company Inditex advised that the incident didn't affect passwords or payment information.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Woflow
| Added Date: |
5/7/2026 |
| Breach Date: |
3/4/2026 |
| Updated Date: |
5/7/2026 |
| Breach Count: |
447,593 |
| Content: |
Email addresses, Names, Phone numbers, Physical addresses |
| Domain: |
woflow.com |
Description:
In March 2026, the AI-driven merchant data platform Woflow was named as a victim by the ShinyHunters data extortion group. The group subsequently published tens of thousands of files allegedly obtained from the company, comprising more than 2TB of data. The trove included hundreds of thousands of email addresses, names, phone numbers and physical addresses, with the data indicating it related to Woflow customers and, in turn, the customers of merchants using their platform.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
LegionProxy
| Added Date: |
5/6/2026 |
| Breach Date: |
4/6/2026 |
| Updated Date: |
5/6/2026 |
| Breach Count: |
10,144 |
| Content: |
Email addresses, Names, Passwords, Purchases |
| Domain: |
legionproxy.io |
Description:
In April 2026, the commercial residential and ISP proxy network LegionProxy suffered a data breach. The incident exposed 10k email addresses, bcrypt password hashes, names and purchases.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Vimeo
| Added Date: |
5/4/2026 |
| Breach Date: |
4/28/2026 |
| Updated Date: |
5/4/2026 |
| Breach Count: |
119,167 |
| Content: |
Email addresses, Names |
| Domain: |
vimeo.com |
Description:
In April 2026, the ShinyHunters extortion group listed Vimeo on their extortion portal as part of their "pay or leak" campaign. They subsequently published hundreds of gigabytes of data, predominantly consisting of video titles, technical data and metadata. The data also included 119k unique email addresses, sometimes accompanied by names. Vimeo attributed the exposure to a breach of Anodot, a third-party analytics vendor, and advised the incident does not include "Vimeo video content, valid user login credentials, or payment card information".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Reborn Gaming
| Added Date: |
5/3/2026 |
| Breach Date: |
4/30/2026 |
| Updated Date: |
5/3/2026 |
| Breach Count: |
126 |
| Content: |
Email addresses, IP addresses |
| Domain: |
reborngaming.net |
Description:
In April 2026, the gaming community Reborn Gaming suffered a data breach due to a vulnerability in cPanel and WebHost Manager (WHM). The breach exposed 126 unique email addresses along with IP addresses and Steam IDs. Reborn Gaming self-submitted the data to Have I Been Pwned.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Marcus & Millichap
| Added Date: |
5/3/2026 |
| Breach Date: |
4/12/2026 |
| Updated Date: |
5/3/2026 |
| Breach Count: |
1,837,078 |
| Content: |
Email addresses, Employers, Job titles, Names, Phone numbers, Physical addresses |
| Domain: |
marcusmillichap.com |
Description:
In April 2026, the commercial real estate brokerage firm Marcus & Millichap was named as one of multiple alleged victims of the ShinyHunters hacking and extortion group. Data alleged to have been obtained from the company was subsequently released publicly and included 1.8M unique email addresses, along with names, phone numbers and employment-related information including employer, job title and physical company address. In their disclosure notice, Marcus & Millichap advised that data which may have been accessed appeared limited to "company forms, templates, marketing materials, and general contact information".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
ZenBusiness
| Added Date: |
5/2/2026 |
| Breach Date: |
3/27/2026 |
| Updated Date: |
5/2/2026 |
| Breach Count: |
5,118,184 |
| Content: |
Email addresses, Names, Phone numbers |
| Domain: |
zenbusiness.com |
Description:
In March 2026, the hacker and extortion group "ShinyHunters" claimed to have obtained a substantial corpus of data from ZenBusiness, a business formation and compliance platform. The group claimed the data had been exfiltrated from platforms including Snowflake, Mixpanel and Salesforce, and threatened to publish it if a ransom was not paid. The following month, after claiming payment had not been made, ShinyHunters publicly released the data. The collection amounted to many terabytes across thousands of files that appeared to originate from multiple systems and business functions, including leads, support records and other CRM-related data. The data contained approximately 5M unique email addresses, often accompanied by name and phone number depending on the source file.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Aman
| Added Date: |
4/30/2026 |
| Breach Date: |
4/20/2026 |
| Updated Date: |
4/30/2026 |
| Breach Count: |
215,563 |
| Content: |
Dates of birth, Email addresses, Genders, Language preferences, Names, Nationalities, Phone numbers, Physical addresses, Spouses names, VIP statuses |
| Domain: |
aman.com |
Description:
In April 2026, the ultra-luxury hotel brand Aman was named by ShinyHunters as the target of a "pay or leak" extortion campaign, with the data allegedly obtained from their Salesforce CRM. The data was subsequently leaked publicly and contained over 200k unique email addresses. Whilst not present on all records, the data also included genders, physical addresses, phone numbers, nationalities, dates of birth, spouse names and VIP status codes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Pitney Bowes
| Added Date: |
4/27/2026 |
| Breach Date: |
4/20/2026 |
| Updated Date: |
4/27/2026 |
| Breach Count: |
8,243,989 |
| Content: |
Email addresses, Job titles, Names, Phone numbers, Physical addresses |
| Domain: |
pitneybowes.com |
Description:
In April 2026, the hacking collective ShinyHunters claimed to have obtained data from Pitney Bowes as part of a broader extortion campaign that also named several other organisations. After negotiations allegedly failed, the group publicly released the data which included 8.2M unique email addresses, along with names, phone numbers and physical addresses. A subset of the data also included Pitney Bowes employee records with job titles.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
ADT
| Added Date: |
4/27/2026 |
| Breach Date: |
4/20/2026 |
| Updated Date: |
4/27/2026 |
| Breach Count: |
5,488,888 |
| Content: |
Dates of birth, Email addresses, Names, Partial government issued IDs, Phone numbers, Physical addresses |
| Domain: |
adt.com |
Description:
In April 2026, home security firm ADT confirmed a data breach by ShinyHunters, which listed the company on its website as part of a "pay or leak" extortion attempt. The breach impacted 5.5M unique email addresses along with names, phone numbers and physical addresses. ADT also advised that "in a small percentage of cases, dates of birth and the last four digits of Social Security numbers or Tax IDs were included" and that it had contacted all affected people.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Udemy
| Added Date: |
4/26/2026 |
| Breach Date: |
4/24/2026 |
| Updated Date: |
4/26/2026 |
| Breach Count: |
1,401,259 |
| Content: |
Email addresses, Employers, Job titles, Names, Payment methods, Phone numbers, Physical addresses |
| Domain: |
udemy.com |
Description:
In April 2026, online training company Udemy was the victim of a “pay or leak” extortion attempt perpetrated by the ShinyHunters group. The data was subsequently leaked publicly and contained 1.4M unique email addresses belonging to customers and instructors. The data also included names, physical addresses, phone numbers, employer information and instructor payout methods including PayPal, cheque and bank transfer.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Carnival
| Added Date: |
4/23/2026 |
| Breach Date: |
4/18/2026 |
| Updated Date: |
4/23/2026 |
| Breach Count: |
7,531,359 |
| Content: |
Dates of birth, Email addresses, Genders, Geographic locations, Loyalty program details, Names, Salutations |
| Domain: |
carnivalcorp.com |
Description:
In April 2026, the notorious hacking collective ShinyHunters claimed they had obtained a substantial volume of data belonging to the Carnival cruise operator and attempted to extort the organisation to prevent the data from being leaked. The following week, the group published the data publicly, which contained 8.7M records with 7.5M unique email addresses. The data contained fields indicating it related to the Mariner Society loyalty program run by Holland America, a cruise line brand under Carnival, and included names, dates of birth, genders and data relating to status within the loyalty program. Carnival acknowledged a phishing incident involving a single user account and advised they were working to better understand the scope of the unauthorised activity.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Amtrak
| Added Date: |
4/16/2026 |
| Breach Date: |
4/3/2026 |
| Updated Date: |
4/16/2026 |
| Breach Count: |
2,147,679 |
| Content: |
Email addresses, Names, Physical addresses, Support tickets |
| Domain: |
amtrak.com |
Description:
In April 2026, the hacking group ShinyHunters claimed they had breached Amtrak. The group typically compromises organisations' Salesforce instances before demanding a ransom and later, if not paid, dumping the data publicly. They subsequently published the alleged data which contained over 2M unique email addresses along with names, physical addresses and customer support records.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
McGraw Hill
| Added Date: |
4/15/2026 |
| Breach Date: |
4/10/2026 |
| Updated Date: |
4/15/2026 |
| Breach Count: |
13,500,136 |
| Content: |
Email addresses, Names, Phone numbers, Physical addresses |
| Domain: |
mheducation.com |
Description:
In April 2026, education company McGraw Hill confirmed a data breach following an extortion attempt. Attributed to a Salesforce misconfiguration, the company stated the incident exposed "a limited set of data from a webpage hosted by Salesforce on its platform". More than 100GB of data was later publicly distributed, containing 13.5M unique email addresses across multiple files, with additional fields such as name, physical address and phone number appearing inconsistently across some records.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Hallmark
| Added Date: |
4/11/2026 |
| Breach Date: |
3/31/2026 |
| Updated Date: |
4/11/2026 |
| Breach Count: |
1,736,520 |
| Content: |
Email addresses, Names, Phone numbers, Physical addresses, Support tickets |
| Domain: |
hallmark.com |
Description:
In March 2026, Hallmark suffered an alleged breach and subsequent extortion after attackers gained access to data stored within Salesforce. The data was later published after the extortion deadline passed, exposing 1.7M unique email addresses across both Hallmark and the Hallmark+ streaming service, along with names, phone numbers, physical addresses and support tickets.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
My Lovely AI
| Added Date: |
4/7/2026 |
| Breach Date: |
4/7/2026 |
| Updated Date: |
4/7/2026 |
| Breach Count: |
106,271 |
| Content: |
Email addresses, Social media profiles |
| Domain: |
mylovely.ai |
Description:
In April 2026, the NSFW AI girlfriend platform My Lovely AI suffered a data breach that exposed over 100k users. The data included user-created prompts and links to the resulting AI-generated images, along with a small number of Discord and X usernames.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Crunchyroll
| Added Date: |
4/3/2026 |
| Breach Date: |
3/12/2026 |
| Updated Date: |
4/27/2026 |
| Breach Count: |
1,195,684 |
| Content: |
Email addresses |
| Domain: |
crunchyroll.com |
Description:
In March 2026, the anime streaming service Crunchyroll suffered a data breach alleged to have impacted 6.8M users. The exposed data is reported to have originated from the company's Zendesk support system where "name, login name, email address, IP address, general geographic location and the contents of the support tickets" were exposed. A subset of 1.2M email addresses from an alleged 2M record dataset being sold was later provided to HIBP.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List: