Latest Breach Information
Below is a list of the last 25 known data breaches and any information we may have about them.
Read Novel
| Added Date: |
5/16/2022 |
| Breach Date: |
5/1/2019 |
| Updated Date: |
5/16/2022 |
| Breach Count: |
22,424,472 |
| Content: |
Email addresses, Genders, Passwords, Phone numbers, Usernames |
| Domain: |
readnovel.com |
Description:
In May 2019, the Chinese literature website Read Novel allegedly suffered a data breach that exposed 22M unique email addresses. Data also included usernames, genders, phone numbers and passwords stored as salted MD5 hashes. The data was provided to HIBP by a source who requested it be attributed to "[email protected]". Read more about Chinese data breaches in Have I Been Pwned.
Verified: 
,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
BlackBerry Fans
| Added Date: |
5/15/2022 |
| Breach Date: |
5/6/2022 |
| Updated Date: |
5/15/2022 |
| Breach Count: |
174,168 |
| Content: |
Email addresses, IP addresses, Passwords, Usernames |
| Domain: |
blackberryfans.org |
Description:
In May 2022, the Chinese BlackBerry enthusiasts website BlackBerry Fans suffered a data breach that exposed 174k member records. The impacted data included usernames, email and IP addresses and passwords stored as salted MD5 hashes.
Verified: 
,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
OGUsers (2021 breach)
| Added Date: |
5/15/2022 |
| Breach Date: |
4/11/2021 |
| Updated Date: |
5/15/2022 |
| Breach Count: |
348,302 |
| Content: |
Email addresses, IP addresses, Passwords, Usernames |
| Domain: |
ogusers.com |
Description:
In April 2021, the account hijacking and SIM swapping forum OGusers suffered a data breach, the fourth since December 2018. The breach was subsequently sold on a rival hacking forum and contained usernames, email and IP addresses and passwords stored as either salted MD5 or argon2 hashes. A total of 348k unique email addresses appeared in the breach.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Paragon Cheats
| Added Date: |
5/13/2022 |
| Breach Date: |
5/22/2021 |
| Updated Date: |
5/13/2022 |
| Breach Count: |
188,089 |
| Content: |
Browser user agent details, Email addresses, IP addresses, Usernames |
| Domain: |
paragoncheats.com |
Description:
In May 2021, the Grand Theft Auto Online cheats website Paragon Cheats suffered a data breach that lead to the shutdown of the service. The breach exposed 188k customer records including usernames, email and IP addresses. The data was provided to HIBP by a source who requested it be attributed to "VRAirhead and xFueY".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
PayHere
| Added Date: |
5/2/2022 |
| Breach Date: |
3/27/2022 |
| Updated Date: |
5/2/2022 |
| Breach Count: |
1,580,249 |
| Content: |
Email addresses, IP addresses, Names, Partial credit card data, Phone numbers, Physical addresses, Purchases |
| Domain: |
payhere.lk |
Description:
In late March 2022, the Sri Lankan payment gateway PayHere suffered a data breach that exposed more than 65GB of payment records including over 1.5M unique email addresses. The data also included IP and physical addresses, names, phone numbers, purchase histories and partially obfuscated credit card data (card type, first 6 and last 4 digits plus expiry date). A month later, PayHere published a blog on the incident titled Ensuring Integrity on PayHere Cybersecurity Incident.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Aimware
| Added Date: |
5/1/2022 |
| Breach Date: |
4/28/2019 |
| Updated Date: |
5/1/2022 |
| Breach Count: |
305,470 |
| Content: |
Email addresses, IP addresses, Passwords, Private messages, Usernames, Website activity |
| Domain: |
aimware.net |
Description:
In mid-2019, the video game cheats website "Aimware" suffered a data breach that exposed hundreds of thousands of subscribers' personal information. Data included email and IP addresses, usernames, forum posts, private messages, website activity and passwords stored as salted MD5 hashes. The data was provided to HIBP by a source who requested it be attributed to "clerk/anthrax/soontoberichh".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Devil-Torrents.pl
| Added Date: |
5/1/2022 |
| Breach Date: |
1/4/2021 |
| Updated Date: |
5/1/2022 |
| Breach Count: |
63,451 |
| Content: |
Email addresses, Passwords |
| Domain: |
devil-torrents.pl |
Description:
In early 2021, the Polish torrents website Devil-Torrents.pl suffered a data breach. A subset of the data including 63k unique email addresses and cracked passwords were subsequently socialised on a popular data breach sharing service.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Avvo
| Added Date: |
4/14/2022 |
| Breach Date: |
12/17/2019 |
| Updated Date: |
4/14/2022 |
| Breach Count: |
4,101,101 |
| Content: |
Email addresses, Passwords |
| Domain: |
avvo.com |
Description:
In approximately December 2019, an alleged data breach of the lawyer directory service Avvo was published to an online hacking forum and used in an extortion scam (it's possible the exposure dates back earlier than that). The data contained 4.1M unique email addresses alongside SHA-1 hashes, most likely representing user passwords. Multiple attempts at contacting Avvo over the course of a week were unsuccessful and the authenticity of the data was eventually verified with common Avvo and HIBP subscribers.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Travelio
| Added Date: |
4/7/2022 |
| Breach Date: |
11/23/2021 |
| Updated Date: |
4/7/2022 |
| Breach Count: |
471,376 |
| Content: |
Auth tokens, Dates of birth, Email addresses, Names, Passwords, Phone numbers, Physical addresses |
| Domain: |
travelio.com |
Description:
In November 2021, the Indonesian real estate website Travelio suffered a data breach that exposed over 470k customer accounts. The data included email addresses, names, password hashes, phone numbers and for some accounts, dates of birth, physical address and Facebook auth tokens. The data was provided to HIBP by a source who requested it be attributed to "[email protected]".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Royal Enfield
| Added Date: |
3/31/2022 |
| Breach Date: |
1/1/2019 |
| Updated Date: |
3/31/2022 |
| Breach Count: |
420,873 |
| Content: |
Dates of birth, Email addresses, Genders, Names, Passwords, Phone numbers, Physical addresses, Social media profiles, Vehicle details |
| Domain: |
royalenfield.com |
Description:
In January 2020, motorcycle maker Royal Enfield left a database publicly exposed that resulted in the inadvertent publication of over 400k customers. The impacted data included email and physical addresses, names, motorcycle information, social media profiles, passwords, and other personal information. The data was provided to HIBP by a source who requested it be attributed to "[email protected]".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
ZAP-Hosting
| Added Date: |
3/19/2022 |
| Breach Date: |
11/22/2021 |
| Updated Date: |
3/19/2022 |
| Breach Count: |
746,682 |
| Content: |
Browser user agent details, Chat logs, Email addresses, IP addresses, Names, Phone numbers, Physical addresses, Purchases |
| Domain: |
zap-hosting.com |
Description:
In November 2021, web host ZAP-Hosting suffered a data breach that exposed over 60GB of data containing 746k unique email addresses. The breach also contained support chat logs, IP addresses, names, purchases, physical addresses and phone numbers.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
CDEK
| Added Date: |
3/17/2022 |
| Breach Date: |
3/9/2022 |
| Updated Date: |
3/17/2022 |
| Breach Count: |
19,218,203 |
| Content: |
Email addresses, Names, Phone numbers |
| Domain: |
cdek.ru |
Description:
In early 2022, a collective known as IT Army whose stated goal is to "completely de-anonymise most Russian users by leaking hundreds of gigabytes of databases" published over 30GB of data allegedly sourced from Russian courier service CDEK. The data contained over 19M unique email addresses along with names and phone numbers. The authenticity of the breach could not be independently established and has been flagged as "unverfieid".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Robinhood
| Added Date: |
3/3/2022 |
| Breach Date: |
11/3/2021 |
| Updated Date: |
3/3/2022 |
| Breach Count: |
5,003,937 |
| Content: |
Email addresses |
| Domain: |
robinhood.com |
Description:
In November 2021, the online trading platform Robinhood suffered a data breach after a customer service representative was socially engineered. The incident exposed over 5M customer email addresses and 2M customer names. The data was provided to HIBP by a source who requested it be attributed to "Jarand Moen Romtviet".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
MacGeneration
| Added Date: |
3/2/2022 |
| Breach Date: |
1/29/2022 |
| Updated Date: |
3/2/2022 |
| Breach Count: |
101,004 |
| Content: |
Email addresses, Passwords, Usernames |
| Domain: |
macg.co |
Description:
In January 2022, the French Apple news website MacGeneration suffered a data breach. The incident exposed over 100k usernames, email addresses and passwords stored as salted SHA-512 hashes. After discovering the incident, MacGeneration self-submitted data to HIBP.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
NVIDIA
| Added Date: |
3/2/2022 |
| Breach Date: |
2/23/2022 |
| Updated Date: |
3/2/2022 |
| Breach Count: |
71,335 |
| Content: |
Email addresses, Passwords |
| Domain: |
nvidia.com |
Description:
In February 2022, microchip company NVIDIA suffered a data breach that exposed employee credentials and proprietary code. Impacted data included over 70k employee email addresses and NTLM password hashes, many of which were subsequently cracked and circulated within the hacking community.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
GiveSendGo
| Added Date: |
2/14/2022 |
| Breach Date: |
2/7/2022 |
| Updated Date: |
2/14/2022 |
| Breach Count: |
89,966 |
| Content: |
Email addresses, Geographic locations, Names, Purchases |
| Domain: |
givesendgo.com |
Description:
In February 2022, the Christian fundraising service GiveSendGo suffered a data breach which exposed the personal data of 90k donors to the Canadian "Freedom Convoy" protest against vaccine mandates. The breach exposed names, email addresses, post codes, donation amount and comments left at the time of donation.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
RedDoorz
| Added Date: |
1/27/2022 |
| Breach Date: |
9/4/2020 |
| Updated Date: |
1/27/2022 |
| Breach Count: |
5,890,277 |
| Content: |
Dates of birth, Email addresses, Genders, Names, Occupations, Passwords, Phone numbers |
| Domain: |
reddoorz.com |
Description:
In September 2020, the hotel management & booking platform RedDoorz suffered a data breach that exposed over 5.8M user accounts. The breached data included names, email addresses, phone numbers, genders, dates of birth and passwords stored as bcrypt hashes. The data was provided to HIBP by a source who requested it be attributed to "[email protected]".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
BTC-Alpha
| Added Date: |
1/27/2022 |
| Breach Date: |
11/2/2021 |
| Updated Date: |
1/27/2022 |
| Breach Count: |
362,426 |
| Content: |
Email addresses, IP addresses, Passwords, Usernames |
| Domain: |
btc-alpha.com |
Description:
In November 2021, the crypto exchange platform BTC-Alpha suffered a ransomware attack data breach after which customer data was publicly dumped. The impacted data included 362k email and IP addresses, usernames and passwords stored as PBKDF2 hashes. The data was provided to HIBP by a source who requested it be attributed to "[email protected]".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
ShockGore
| Added Date: |
1/19/2022 |
| Breach Date: |
8/11/2020 |
| Updated Date: |
1/19/2022 |
| Breach Count: |
73,944 |
| Content: |
Email addresses, Genders, IP addresses, Passwords, Private messages, Usernames |
| Domain: |
shockgore.com |
Description:
In August 2020, the website for sharing graphic videos and images of gore and animal cruelty suffered a data breach. The breach exposed 74k unique email addresses alongside usernames, IP addresses, genders and unsalted SHA-1 password hashes. Private messages were also exposed, many containing requests for material of a depraved nature. The data was provided to HIBP by a source who requested it be attributed to "[email protected]".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Open Subtitles
| Added Date: |
1/18/2022 |
| Breach Date: |
8/1/2021 |
| Updated Date: |
1/18/2022 |
| Breach Count: |
6,783,158 |
| Content: |
Email addresses, Geographic locations, IP addresses, Passwords, Usernames |
| Domain: |
opensubtitles.org |
Description:
In August 2021, the subtitling website Open Subtitles suffered a data breach and subsequent ransom demand. The breach exposed almost 7M subscribers' personal data including email and IP addresses, usernames, the country of the user and passwords stored as unsalted MD5 hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List: