Latest Breach Information

Below is a list of the last 25 known data breaches and any information we may have about them.


QuestionPro

Added Date: 8/4/2022
Breach Date: 5/21/2022
Updated Date: 8/5/2022
Breach Count: 22,229,637
Content: Browser user agent details, Email addresses, IP addresses, Survey results
Domain: questionpro.com

Description:

In May 2022, the survey website QuestionPro was the target of an extortion attempt relating to an alleged data breach. Over 100GB of data containing 22M unique email addresses (some of which appear to be generated by the platform), are alleged to have been extracted from the service along with IP addresses, browser user agents and results relating to surveys. QuestionPro would not confirm whether a breach had occurred (although they did confirm they were the target of an extortion attempt), so the data was initially flagged as "unverified". Subsequent verification by impacted HIBP subscribers later led to the removal of the unverified flag.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Tuned Global

Added Date: 8/2/2022
Breach Date: 3/16/2016
Updated Date: 8/2/2022
Breach Count: 985,586
Content: Email addresses, Names, Passwords, Phone numbers, Physical addresses
Domain: tunedglobal.com

Description:

In January 2021, data from a number of breached services including Tuned Global were released to a public hacking forum. The breach appears to date back to 2016 and includes 985k records containing email addresses, names, a small number of physical addresses and phone numbers and passwords stored in plain text.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Mecho Download

Added Date: 8/1/2022
Breach Date: 10/31/2013
Updated Date: 8/1/2022
Breach Count: 437,928
Content: Email addresses, IP addresses, Passwords, Usernames
Domain: mechodownload.com

Description:

In October 2013, the (now defunct) downloads website "Mecho Download" suffered a data breach that exposed 438k records. Data from the vBulletin based website included email and IP addresses, usernames and passwords stored as salted MD5 hashes.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Battlefy

Added Date: 7/28/2022
Breach Date: 1/11/2016
Updated Date: 7/28/2022
Breach Count: 83,610
Content: Email addresses, Passwords, Usernames
Domain: battlefy.com

Description:

In January 2016, the esports website Battlefy suffered a data breach that exposed 83k customer records. The impacted data included email addresses, usernames and passwords stored as bcrypt hashes.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Paytm

Added Date: 7/26/2022
Breach Date: 8/30/2020
Updated Date: 7/28/2022
Breach Count: 3,395,101
Content: Dates of birth, Email addresses, Genders, Geographic locations, Income levels, Names, Phone numbers, Purchases
Domain: paytm.com

Description:

In August 2020, the Indian payment provider Paytm was reported as having suffered a data breach and subsequent ransom demand, after which the data was circulated publicly. Further investigation into the data concluded that the breach was fabricated and did not originate from Paytm. The impacted data covered 3.4M unique email addresses along with names, phone numbers, genders, dates of birth, income levels and previous purchases.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Shadi.com

Added Date: 7/20/2022
Breach Date: 7/9/2016
Updated Date: 7/20/2022
Breach Count: 2,021,984
Content: Email addresses, Passwords
Domain: shadi.com

Description:

In July 2016, the Muslim dating site Shadi.com suffered a data breach that exposed over 2M members' email addresses. The breach also exposed passwords stored as MD5 hashes alongside their plain text equivalents. The data was provided to HIBP by a source who requested it be attributed to "[email protected]".

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

PPCGeeks

Added Date: 7/18/2022
Breach Date: 8/19/2016
Updated Date: 7/18/2022
Breach Count: 492,518
Content: Dates of birth, Email addresses, IP addresses, Passwords, Usernames
Domain: ppcgeeks.com

Description:

In August 2016, the pocket PC fan site forum PPCGeeks suffered a data breach that exposed over 490k records. The breach of the vBulletin forum exposed email and IP addresses, usernames, dates of birth and passwords stored as salted MD5 hashes. The data was provided to HIBP by a source who requested it be attributed to "[email protected]".

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

JukinMedia

Added Date: 7/16/2022
Breach Date: 10/28/2021
Updated Date: 7/16/2022
Breach Count: 314,290
Content: Email addresses, Employers, IP addresses, Names, Occupations, Passwords, Phone numbers
Domain: jukinmedia.com

Description:

In October 2021, the "global leader in user-generated entertainment" Jukin Media suffered a data breach. The breach exposed 13GB of code, configuration and data consisting of 314k unique email addresses along with names, phone numbers, IP addresses and bcrypt password hashes.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Famm

Added Date: 7/16/2022
Breach Date: 10/8/2020
Updated Date: 7/16/2022
Breach Count: 535,240
Content: Dates of birth, Email addresses, Genders, Names, Passwords
Domain: famm.us

Description:

In late 2020, the Japanese family photos website Famm suffered a data breach that subsequently exposed 1.3M customer records, including 535k unique email addresses. Impacted data also included names, dates of birth, genders and passwords stored as SHA-256 hashes.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Eskimi

Added Date: 7/16/2022
Breach Date: 9/25/2020
Updated Date: 7/16/2022
Breach Count: 1,197,620
Content: Dates of birth, Email addresses, Genders, Geographic locations, Passwords, Usernames
Domain: eskimi.com

Description:

In late 2020, the AdTech platform Eskimi suffered a data breach that exposed 26M records with 1.2M unique email addresses. The data included usernames, dates of birth, genders and passwords stored as unsalted MD5 hashes.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

La Poste Mobile

Added Date: 7/13/2022
Breach Date: 7/4/2022
Updated Date: 7/13/2022
Breach Count: 533,886
Content: Bank account numbers, Dates of birth, Email addresses, Genders, Names, Phone numbers, Physical addresses
Domain: lapostemobile.fr

Description:

In July 2022, the French telecommunications company La Poste Mobile was the target of an attack by the LockBit ransomware which resulted in company data being published publicly. The impacted data included 533k unique email addresses along with names, physical addresses, phone numbers, dates of births, genders and banking information. 10 days after the attack, the La Poste Mobile website remained offline.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Mangatoon

Added Date: 7/6/2022
Breach Date: 5/13/2022
Updated Date: 7/6/2022
Breach Count: 23,040,238
Content: Auth tokens, Avatars, Email addresses, Genders, Names, Passwords, Social media profiles, Usernames
Domain: mangatoon.mobi

Description:

In May 2022, the Hong Kong based Manga service Mangatoon suffered a data breach that exposed 23M subscriber records. The breach exposed names, email addresses, genders, social media account identities, auth tokens from social logins and passwords stored as salted MD5 hashes. Mangatoon did not respond to multiple attempts to make contact regarding the breach.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Capital Economics

Added Date: 7/4/2022
Breach Date: 12/12/2020
Updated Date: 7/4/2022
Breach Count: 263,829
Content: Email addresses, Employers, Job titles, Names, Phone numbers, Physical addresses
Domain: capitaleconomics.com

Description:

In December 2020, the economic research company Capital Economics suffered a data breach that exposed 263k customer records. The exposed data included email and physical addresses, names, phone numbers, job titles and the employer of impacted customers.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Bookchor

Added Date: 7/3/2022
Breach Date: 1/28/2021
Updated Date: 7/3/2022
Breach Count: 498,297
Content: Dates of birth, Email addresses, Genders, IP addresses, Names, Passwords, Phone numbers, Social media profiles
Domain: bookchor.com

Description:

In January 2021, the Indian book trading website Bookchor suffered a data breach that exposed half a million customer records. The exposed data included email and IP addresses, names, genders, dates of birth, phone numbers and passwords stored as unsalted MD5 hashes. The data was subsequently traded on a popular hacking forum.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Bourse des Vols

Added Date: 7/3/2022
Breach Date: 1/12/2021
Updated Date: 7/3/2022
Breach Count: 1,460,130
Content: Dates of birth, Email addresses, Flights taken, IP addresses, Names, Phone numbers, Physical addresses, Purchases
Domain: bourse-des-vols.com

Description:

In January 2021, the French travel company Bourse des Vols suffered a data breach that exposed 1.46M unique email addresses across more than 1.2k .sql files and over 9GB of data. The impacted data exposed personal information and travel histories including names, phone numbers, IP and physical addresses, dates of birth along with flights taken and purchases.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

DivX SubTitles

Added Date: 6/13/2022
Breach Date: 1/1/2010
Updated Date: 6/13/2022
Breach Count: 783,058
Content: Email addresses, Passwords, Usernames
Domain: divxsubtitles.net

Description:

In approximately 2010, the now defunct website DivX SubTitles suffered a data breach that exposed 783k user accounts including email addresses, usernames and plain text passwords.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

CTARS

Added Date: 5/31/2022
Breach Date: 5/21/2021
Updated Date: 5/31/2022
Breach Count: 12,314
Content: Dates of birth, Email addresses, Genders, Names, Passwords, Personal health data, Phone numbers, Physical addresses, Salutations, Usernames
Domain: ctars.com.au

Description:

In May 2022, the client management system for the Australian government's NDIS (National Disability Insurance Scheme) suffered a data breach which was subsequently posted to an online hacking forum. The CTARS cloud platform is used by care providers to record information about NDIS participants and often contains sensitive medical information. Impacted data includes over 12k unique email addresses, physical addresses, names, dates of birth, phone numbers and data related to patient conditions and treatments.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Adecco

Added Date: 5/31/2022
Breach Date: 1/3/2021
Updated Date: 5/31/2022
Breach Count: 4,284,538
Content: Email addresses, Genders, Geographic locations, Marital statuses, Names, Passwords, Phone numbers
Domain: adecco.com

Description:

In March 2021, news broke of a massive data breach impacting millions of Adecco customers in South America which was subsequently sold on a popular hacking forum. The breach exposed over 4M unique email addresses as well as genders, dates of birth, marital statuses, phone numbers and passwords stored as bcrypt hashes.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

MGM Resorts (2022 Update)

Added Date: 5/28/2022
Breach Date: 7/25/2019
Updated Date: 5/28/2022
Breach Count: 24,842,001
Content: Dates of birth, Email addresses, Names, Phone numbers, Physical addresses
Domain: mgmresorts.com

Description:

In July 2019, MGM Resorts discovered a data breach of one of their cloud services. The breach included 10.6M guest records with 3.1M unique email addresses stemming back to 2017. In May 2022, a superset of the data totalling almost 25M unique email addresses across 142M rows was extensively shared on Telegram. On analysis, it's highly likely the data stems from the same incident with 142M records having been discovered for sale on a dark web marketplace in mid-2020. The exposed data included email and physical addresses, names, phone numbers and dates of birth.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Preen.Me

Added Date: 5/25/2022
Breach Date: 5/25/2020
Updated Date: 5/25/2022
Breach Count: 236,105
Content: Email addresses, Names, Social media profiles, Usernames
Domain: preen.me

Description:

In May 2020, social media marketing company Preen.Me was the target of a ransom attack that resulted in hundreds of thousands of records being publicly posted. Over 236k unique email addresses were exposed in the attack alongside names, usernames and links to social media profiles.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

























Account Search

This site simply searches online databases of compromised account information in an attempt to help you keep your accounts safe and secure. We do not actually have or store any information -- including the usernames and email addresses you enter above.

Share This!


Make a Donation To Keep Us Running