Latest Breach Information
Below is a list of the last 25 known data breaches and any information we may have about them.
DivX SubTitles
Added Date: |
6/13/2022 |
Breach Date: |
1/1/2010 |
Updated Date: |
6/13/2022 |
Breach Count: |
783,058 |
Content: |
Email addresses, Passwords, Usernames |
Domain: |
divxsubtitles.net |
Description:
In approximately 2010, the now defunct website DivX SubTitles suffered a data breach that exposed 783k user accounts including email addresses, usernames and plain text passwords.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
CTARS
Added Date: |
5/31/2022 |
Breach Date: |
5/21/2021 |
Updated Date: |
5/31/2022 |
Breach Count: |
12,314 |
Content: |
Dates of birth, Email addresses, Genders, Names, Passwords, Personal health data, Phone numbers, Physical addresses, Salutations, Usernames |
Domain: |
ctars.com.au |
Description:
In May 2022, the client management system for the Australian government's NDIS (National Disability Insurance Scheme) suffered a data breach which was subsequently posted to an online hacking forum. The CTARS cloud platform is used by care providers to record information about NDIS participants and often contains sensitive medical information. Impacted data includes over 12k unique email addresses, physical addresses, names, dates of birth, phone numbers and data related to patient conditions and treatments.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
Adecco
Added Date: |
5/31/2022 |
Breach Date: |
1/3/2021 |
Updated Date: |
5/31/2022 |
Breach Count: |
4,284,538 |
Content: |
Email addresses, Genders, Geographic locations, Marital statuses, Names, Passwords, Phone numbers |
Domain: |
adecco.com |
Description:
In March 2021, news broke of a massive data breach impacting millions of Adecco customers in South America which was subsequently sold on a popular hacking forum. The breach exposed over 4M unique email addresses as well as genders, dates of birth, marital statuses, phone numbers and passwords stored as bcrypt hashes.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
MGM Resorts (2022 Update)
Added Date: |
5/28/2022 |
Breach Date: |
7/25/2019 |
Updated Date: |
5/28/2022 |
Breach Count: |
24,842,001 |
Content: |
Dates of birth, Email addresses, Names, Phone numbers, Physical addresses |
Domain: |
mgmresorts.com |
Description:
In July 2019, MGM Resorts discovered a data breach of one of their cloud services. The breach included 10.6M guest records with 3.1M unique email addresses stemming back to 2017. In May 2022, a superset of the data totalling almost 25M unique email addresses across 142M rows was extensively shared on Telegram. On analysis, it's highly likely the data stems from the same incident with 142M records having been discovered for sale on a dark web marketplace in mid-2020. The exposed data included email and physical addresses, names, phone numbers and dates of birth.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
Preen.Me
Added Date: |
5/25/2022 |
Breach Date: |
5/25/2020 |
Updated Date: |
5/25/2022 |
Breach Count: |
236,105 |
Content: |
Email addresses, Names, Social media profiles, Usernames |
Domain: |
preen.me |
Description:
In May 2020, social media marketing company Preen.Me was the target of a ransom attack that resulted in hundreds of thousands of records being publicly posted. Over 236k unique email addresses were exposed in the attack alongside names, usernames and links to social media profiles.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
Amart Furniture
Added Date: |
5/25/2022 |
Breach Date: |
5/16/2022 |
Updated Date: |
5/25/2022 |
Breach Count: |
108,940 |
Content: |
Email addresses, Names, Passwords, Phone numbers, Physical addresses |
Domain: |
amartfurniture.com.au |
Description:
In May 2022, the Australian retailer Amart Furniture advised that their warranty claims database hosted on Amazon Web Services had been the target of a cyber attack. Over 100k records containing email and physical address, names, phone numbers and passwords stored as bcrypt hashes were exposed and shared online by the attacker.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
Wendy's
Added Date: |
5/24/2022 |
Breach Date: |
3/31/2018 |
Updated Date: |
5/24/2022 |
Breach Count: |
52,485 |
Content: |
Education levels, Email addresses, IP addresses, Job applications, Names, Passwords, Phone numbers, Physical addresses |
Domain: |
wendys.com.ph |
Description:
In March 2018, Wendy's in the Philippines suffered a data breach which impacted over 52k customers and job applicants. The breach exposed extensive personal information including names, email and IP addresses, physical addresses, phone numbers and passwords stored as MD5 hashes.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
SirHurt
Added Date: |
5/24/2022 |
Breach Date: |
4/23/2021 |
Updated Date: |
5/24/2022 |
Breach Count: |
90,655 |
Content: |
Email addresses, IP addresses, Passwords, Usernames |
Domain: |
sirhurt.net |
Description:
In April 2021, the the Roblox cheats website SirHurt suffered a data breach that exposed over 90k customer records. The exposed data included email and IP addresses, usernames and passwords stored as MD5 hashes.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
Fanpass
Added Date: |
5/23/2022 |
Breach Date: |
4/30/2022 |
Updated Date: |
5/24/2022 |
Breach Count: |
112,251 |
Content: |
Email addresses, Genders, Names, Partial dates of birth, Passwords, Phone numbers, Physical addresses, Purchases, Social media profiles |
Domain: |
fanpass.co.uk |
Description:
In April 2022, the UK based website for buying and selling soccer tickets Fanpass suffered a data breach which exposed 112k customer records. Impacted data includes names, phone numbers, physical addresses, purchase histories and salted password hashes. The data was provided to HIBP by a source who requested it be attributed to "breaches.net".
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
Read Novel
Added Date: |
5/16/2022 |
Breach Date: |
5/1/2019 |
Updated Date: |
5/16/2022 |
Breach Count: |
22,424,472 |
Content: |
Email addresses, Genders, Passwords, Phone numbers, Usernames |
Domain: |
readnovel.com |
Description:
In May 2019, the Chinese literature website Read Novel allegedly suffered a data breach that exposed 22M unique email addresses. Data also included usernames, genders, phone numbers and passwords stored as salted MD5 hashes. The data was provided to HIBP by a source who requested it be attributed to "[email protected]". Read more about Chinese data breaches in Have I Been Pwned.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
BlackBerry Fans
Added Date: |
5/15/2022 |
Breach Date: |
5/6/2022 |
Updated Date: |
5/15/2022 |
Breach Count: |
174,168 |
Content: |
Email addresses, IP addresses, Passwords, Usernames |
Domain: |
blackberryfans.org |
Description:
In May 2022, the Chinese BlackBerry enthusiasts website BlackBerry Fans suffered a data breach that exposed 174k member records. The impacted data included usernames, email and IP addresses and passwords stored as salted MD5 hashes.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
OGUsers (2021 breach)
Added Date: |
5/15/2022 |
Breach Date: |
4/11/2021 |
Updated Date: |
5/15/2022 |
Breach Count: |
348,302 |
Content: |
Email addresses, IP addresses, Passwords, Usernames |
Domain: |
ogusers.com |
Description:
In April 2021, the account hijacking and SIM swapping forum OGusers suffered a data breach, the fourth since December 2018. The breach was subsequently sold on a rival hacking forum and contained usernames, email and IP addresses and passwords stored as either salted MD5 or argon2 hashes. A total of 348k unique email addresses appeared in the breach.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
Paragon Cheats
Added Date: |
5/13/2022 |
Breach Date: |
5/22/2021 |
Updated Date: |
5/13/2022 |
Breach Count: |
188,089 |
Content: |
Browser user agent details, Email addresses, IP addresses, Usernames |
Domain: |
paragoncheats.com |
Description:
In May 2021, the Grand Theft Auto Online cheats website Paragon Cheats suffered a data breach that lead to the shutdown of the service. The breach exposed 188k customer records including usernames, email and IP addresses. The data was provided to HIBP by a source who requested it be attributed to "VRAirhead and xFueY".
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
PayHere
Added Date: |
5/2/2022 |
Breach Date: |
3/27/2022 |
Updated Date: |
5/2/2022 |
Breach Count: |
1,580,249 |
Content: |
Email addresses, IP addresses, Names, Partial credit card data, Phone numbers, Physical addresses, Purchases |
Domain: |
payhere.lk |
Description:
In late March 2022, the Sri Lankan payment gateway PayHere suffered a data breach that exposed more than 65GB of payment records including over 1.5M unique email addresses. The data also included IP and physical addresses, names, phone numbers, purchase histories and partially obfuscated credit card data (card type, first 6 and last 4 digits plus expiry date). A month later, PayHere published a blog on the incident titled Ensuring Integrity on PayHere Cybersecurity Incident.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
Aimware
Added Date: |
5/1/2022 |
Breach Date: |
4/28/2019 |
Updated Date: |
5/1/2022 |
Breach Count: |
305,470 |
Content: |
Email addresses, IP addresses, Passwords, Private messages, Usernames, Website activity |
Domain: |
aimware.net |
Description:
In mid-2019, the video game cheats website "Aimware" suffered a data breach that exposed hundreds of thousands of subscribers' personal information. Data included email and IP addresses, usernames, forum posts, private messages, website activity and passwords stored as salted MD5 hashes. The data was provided to HIBP by a source who requested it be attributed to "clerk/anthrax/soontoberichh".
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
Devil-Torrents.pl
Added Date: |
5/1/2022 |
Breach Date: |
1/4/2021 |
Updated Date: |
5/1/2022 |
Breach Count: |
63,451 |
Content: |
Email addresses, Passwords |
Domain: |
devil-torrents.pl |
Description:
In early 2021, the Polish torrents website Devil-Torrents.pl suffered a data breach. A subset of the data including 63k unique email addresses and cracked passwords were subsequently socialised on a popular data breach sharing service.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
Avvo
Added Date: |
4/14/2022 |
Breach Date: |
12/17/2019 |
Updated Date: |
4/14/2022 |
Breach Count: |
4,101,101 |
Content: |
Email addresses, Passwords |
Domain: |
avvo.com |
Description:
In approximately December 2019, an alleged data breach of the lawyer directory service Avvo was published to an online hacking forum and used in an extortion scam (it's possible the exposure dates back earlier than that). The data contained 4.1M unique email addresses alongside SHA-1 hashes, most likely representing user passwords. Multiple attempts at contacting Avvo over the course of a week were unsuccessful and the authenticity of the data was eventually verified with common Avvo and HIBP subscribers.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
Travelio
Added Date: |
4/7/2022 |
Breach Date: |
11/23/2021 |
Updated Date: |
4/7/2022 |
Breach Count: |
471,376 |
Content: |
Auth tokens, Dates of birth, Email addresses, Names, Passwords, Phone numbers, Physical addresses |
Domain: |
travelio.com |
Description:
In November 2021, the Indonesian real estate website Travelio suffered a data breach that exposed over 470k customer accounts. The data included email addresses, names, password hashes, phone numbers and for some accounts, dates of birth, physical address and Facebook auth tokens. The data was provided to HIBP by a source who requested it be attributed to "[email protected]".
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
Royal Enfield
Added Date: |
3/31/2022 |
Breach Date: |
1/1/2019 |
Updated Date: |
3/31/2022 |
Breach Count: |
420,873 |
Content: |
Dates of birth, Email addresses, Genders, Names, Passwords, Phone numbers, Physical addresses, Social media profiles, Vehicle details |
Domain: |
royalenfield.com |
Description:
In January 2020, motorcycle maker Royal Enfield left a database publicly exposed that resulted in the inadvertent publication of over 400k customers. The impacted data included email and physical addresses, names, motorcycle information, social media profiles, passwords, and other personal information. The data was provided to HIBP by a source who requested it be attributed to "[email protected]".
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List:
ZAP-Hosting
Added Date: |
3/19/2022 |
Breach Date: |
11/22/2021 |
Updated Date: |
3/19/2022 |
Breach Count: |
746,682 |
Content: |
Browser user agent details, Chat logs, Email addresses, IP addresses, Names, Phone numbers, Physical addresses, Purchases |
Domain: |
zap-hosting.com |
Description:
In November 2021, web host ZAP-Hosting suffered a data breach that exposed over 60GB of data containing 746k unique email addresses. The breach also contained support chat logs, IP addresses, names, purchases, physical addresses and phone numbers.
Verified: 
,
Fabricated: 
,
Sensitive: 
,
Active: 
,
Retired: 
,
Is Spam List: