Latest Breach Information
Below is a list of the last 25 known data breaches and any information we may have about them.
HeatGames
| Added Date: |
1/28/2025 |
| Breach Date: |
6/12/2021 |
| Updated Date: |
1/28/2025 |
| Breach Count: |
647,896 |
| Content: |
Email addresses, Geographic locations, IP addresses, Passwords |
| Domain: |
heatgames.me |
Description:
In June 2021, the (now defunct) gaming website HeatGames suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed almost 650k unique email addresses along with IP addresses, country and salted MD5 password hashes.
Verified: 
,
Fabricated: 
,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Doxbin Scrape
| Added Date: |
1/27/2025 |
| Breach Date: |
1/24/2025 |
| Updated Date: |
1/27/2025 |
| Breach Count: |
435,784 |
| Content: |
Email addresses |
| Domain: |
doxbin.com |
Description:
In January 2025, 435k email addresses were scraped from the "doxing" service Doxbin. Posts to the service are usually intended to disclose the personal information of non-consensually third parties. The data was provided to HIBP by a source who requested it be attributed to "oathnet.ru".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Frame & Optic
| Added Date: |
1/22/2025 |
| Breach Date: |
1/16/2025 |
| Updated Date: |
1/22/2025 |
| Breach Count: |
15,678 |
| Content: |
Email addresses, Geographic locations, Names, Phone numbers |
| Domain: |
frameandoptic.com |
Description:
In January 2025, the eyewear seller Frame & Optic suffered a data breach. The incident exposed almost 16k unique email addresses along with names, phone numbers and geolocation data including country, state and postcode. The data was provided to HIBP by a source who requested it be attributed to "oathnet.ru".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Welhof
| Added Date: |
1/22/2025 |
| Breach Date: |
12/1/2023 |
| Updated Date: |
1/23/2025 |
| Breach Count: |
107,292 |
| Content: |
Email addresses, Names, Physical addresses, Purchases |
| Domain: |
welhof.com |
Description:
In late 2023, the Dutch appliance store Welhof suffered a data breach. The incident exposed over 100k unique email addresses along with names, physical addresses and the value of purchases made. The data was provided to HIBP by a source who requested it be attributed to "oathnet.ru".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Otelier
| Added Date: |
1/18/2025 |
| Breach Date: |
7/1/2024 |
| Updated Date: |
1/18/2025 |
| Breach Count: |
436,855 |
| Content: |
Email addresses, Names, Partial credit card data, Phone numbers, Physical addresses, Purchases, Travel plans |
| Domain: |
otelier.com |
Description:
In July 2024, a threat actor gained access to the hotel management platform Otelier and retrieved customer data from well-known hotel brands including Marriott, Hilton, and Hyatt. The data included 437k customer email addresses (a further 868k generated email addresses from the booking.com and Expedia platforms were not loaded into HIBP), names, physical addresses, phone numbers, booking information related to travel plans, purchases recorded by the platform and in a small number of cases, partial credit card data. The data was provided to HIBP by a source who requested it be attributed to "[email protected]".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
MSI
| Added Date: |
1/16/2025 |
| Breach Date: |
7/7/2024 |
| Updated Date: |
1/16/2025 |
| Breach Count: |
249,990 |
| Content: |
Email addresses, Names, Phone numbers, Physical addresses, Warranty claims |
| Domain: |
msi.com |
Description:
In July 2024, MSI inadvertently exposed hundreds of thousands of customer records related to RMA claims that were subsequently found to be publicly accessible. The data included 250k unique email addresses alongside names, phone numbers, physical addresses and warranty claims. When contacted about the incident, MSI advised that "there is no evidence the information was ever accessed" and that "the security incident we had did not trigger state data breach notification obligations" due to the absence of "(social security number, driver's license number….etc)".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Le Coq Sportif Columbia
| Added Date: |
1/15/2025 |
| Breach Date: |
5/1/2023 |
| Updated Date: |
1/15/2025 |
| Breach Count: |
79,712 |
| Content: |
Dates of birth, Device information, Email addresses, Genders, IP addresses, Names, Passwords, Physical addresses, Purchases |
| Domain: |
lecoqsportif.com.co |
Description:
In January 2025, a data breach from the Columbian website for Le Coq Sportif was posted to a popular hacking forum. The data included almost 80k unique email addresses with the breach dating back to May 2023. Impacted data included physical and IP addresses, names, purchases, genders, dates of birth and bcrypt password hashes. The data was provided to HIBP by a source who requested it be attributed to "oathnet.ru".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Stealer Logs, Jan 2025
| Added Date: |
1/13/2025 |
| Breach Date: |
1/13/2025 |
| Updated Date: |
1/14/2025 |
| Breach Count: |
71,039,833 |
| Content: |
Email addresses, Passwords |
| Domain: |
n/a |
Description:
In January 2025, stealer logs with 71M email addresses were added to HIBP. Consisting of email address, password and the website the credentials were entered against, this breach marks the launch of a new HIBP feature enabling the retrieval of the specific websites the logs were collected against. The incident also resulted in 106M more passwords being added to the Pwned Passwords service.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Scholastic
| Added Date: |
1/12/2025 |
| Breach Date: |
1/8/2025 |
| Updated Date: |
1/12/2025 |
| Breach Count: |
4,247,768 |
| Content: |
Email addresses, Names, Phone numbers, Physical addresses |
| Domain: |
scholastic.com |
Description:
In January 2025, a data breach of the publishing company Scholastic surfaced. The breach contained 4.2M unique email addresses with many of the records also including name, phone number and physical address.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
SuperDraft
| Added Date: |
1/11/2025 |
| Breach Date: |
10/27/2024 |
| Updated Date: |
1/15/2025 |
| Breach Count: |
300,187 |
| Content: |
Dates of birth, Email addresses, Geographic locations, Passwords, Purchases, Usernames |
| Domain: |
superdraft.io |
Description:
In October 2024, the fantasy sports platform SuperDraft suffered a data breach that exposed over 300k customer records. The breach contained 24GB of data including email addresses, usernames, purchases, latitudes and longitudes, dates of birth and bcrypt password hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
GLAMIRA
| Added Date: |
1/3/2025 |
| Breach Date: |
12/16/2023 |
| Updated Date: |
1/10/2025 |
| Breach Count: |
874,594 |
| Content: |
Email addresses, Names, Phone numbers, Purchases |
| Domain: |
glamira.com |
Description:
In late 2023, the online jewellery store GLAMIRA suffered a data breach they attributed to "an unauthorised individual [who] briefly accessed one of our servers". The data was subsequently published on a popular hacking forum and included 875k email addresses, names, phone numbers and purchases. The data was provided to HIBP by a source who requested it be attributed to "oathnet.ru".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
French Citizens
| Added Date: |
12/20/2024 |
| Breach Date: |
9/25/2024 |
| Updated Date: |
12/20/2024 |
| Breach Count: |
28,445,106 |
| Content: |
Device information, Email addresses, IP addresses, Names, Partial credit card data, Phone numbers, Physical addresses |
| Domain: |
n/a |
Description:
In September 2024, over 90M rows of data on French Citizens was found left exposed in a publicly facing database. Compiled from various data breaches, the corpus contained 28M unique email addresses with the various source breaches each exposing different fields including name, physical and IP address, phone number and partial credit card data including payment type and last 4 digits.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Young Living Essential Oils
| Added Date: |
12/19/2024 |
| Breach Date: |
12/11/2024 |
| Updated Date: |
12/19/2024 |
| Breach Count: |
1,128,951 |
| Content: |
Dates of birth, Email addresses, Geographic locations, Names |
| Domain: |
youngliving.com |
Description:
In December 2024, data claimed to be breached from the multi-level marketing company Young Living Essential Oils was posted to a popular hacking forum. The data contained 1.1M unique email addresses alongside names, the country of the account and in many cases, their date of birth. The data was provided to HIBP by a source who requested it be attributed to "Threat Actor 888". Young Living Essential Oils did not respond to multiple attempts to contact them about the data.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
schenkYOU
| Added Date: |
12/19/2024 |
| Breach Date: |
8/15/2024 |
| Updated Date: |
12/19/2024 |
| Breach Count: |
237,349 |
| Content: |
Dates of birth, Email addresses, Names, Passwords |
| Domain: |
schenkyou.de |
Description:
In September 2024, data from the online German gift store schenkYOU was put up for sale on a popular hacking forum. Obtained the month before, the data included 237k unique email addresses alongside names, dates of birth and salted SHA-256 password hashes. The standalone store was subsequently shut down with all traffic redirected to their Amazon store.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
BitView
| Added Date: |
12/19/2024 |
| Breach Date: |
12/14/2024 |
| Updated Date: |
12/19/2024 |
| Breach Count: |
63,127 |
| Content: |
Bios, Comments, Dates of birth, Email addresses, Genders, Geographic locations, IP addresses, Passwords, Private messages, Usernames |
| Domain: |
bitview.net |
Description:
In December 2024, the video sharing Community BitView suffered a data breach that exposed 63k customer records. Attributed to a backup taken by a previous administrator earlier in the year, the breach exposed email and IP addresses, bcrypt password hashes, usernames, bios, private messages, video comments and for some records, gender, date of birth and country of location.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Hopamedia
| Added Date: |
12/16/2024 |
| Breach Date: |
8/30/2020 |
| Updated Date: |
12/16/2024 |
| Breach Count: |
23,835,870 |
| Content: |
Email addresses, Geographic locations, Names, Phone numbers, Telecommunications carrier |
| Domain: |
n/a |
Description:
In 2024, data relating to an unknown service referred to as "Hopamedia" and dating back to 2020 appeared in a publicly exposed database. The data included almost 24M records of email address, name, phone number, the country of the individual and their telecommunications carrier.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
MC2 Data
| Added Date: |
12/15/2024 |
| Breach Date: |
8/18/2024 |
| Updated Date: |
12/15/2024 |
| Breach Count: |
2,122,280 |
| Content: |
Email addresses, Names, Passwords |
| Domain: |
n/a |
Description:
In August 2024, data aggregator MC2 Data left a database publicly accessible without a password which was subsequently discovered by a security researcher. The breach exposed the personal information of 2.1M subscribers to the service which was marketed under a series of different brand names. The data included email addresses, names and salted SHA-256 password hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Yonéma
| Added Date: |
12/14/2024 |
| Breach Date: |
11/21/2024 |
| Updated Date: |
12/14/2024 |
| Breach Count: |
35,962 |
| Content: |
Dates of birth, Device information, Email addresses, IP addresses, Names, Passwords, Phone numbers |
| Domain: |
yonema.com |
Description:
In November 2024, data from the Senegalese payment platform Yonéma was posted to a popular hacking forum. The data included 36k unique email addresses alongside phone numbers, names and what appears to be encrypted passwords and dates of birth.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Tibber
| Added Date: |
12/14/2024 |
| Breach Date: |
11/10/2024 |
| Updated Date: |
12/14/2024 |
| Breach Count: |
50,002 |
| Content: |
Email addresses, Geographic locations, Names, Purchases |
| Domain: |
tibber.com |
Description:
In November 2024, the German electricity provider Tibber suffered a data breach that exposed the personal information of 50k customers. The data included names, email addresses, geographic locations (city and postcode) and total spend on purchases. The data was provided to HIBP by a source who requested it be attributed to "Threat Actor 888".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Senior Dating
| Added Date: |
12/9/2024 |
| Breach Date: |
11/23/2024 |
| Updated Date: |
12/9/2024 |
| Breach Count: |
765,517 |
| Content: |
Bios, Dates of birth, Drinking habits, Education levels, Email addresses, Genders, Geographic locations, Occupations, Profile photos, Relationship statuses, Smoking habits, Social media profiles |
| Domain: |
seniordating.app |
Description:
In 2024, the 40+ dating website Senior Dating suffered a data breach. Attributed to an exposed Firebase database, the breach included extensive personal information on 766k users of the service including email addresses, photos, genders, links to Facebook accounts, dates of birth and precise latitude and longitude, among other personal attributes. The website was shut down after the breach was acknowledged by the site operator in December, along with a breach of the "ladies.com" website run by the same organisation.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List: