Latest Breach Information
Below is a list of the last 25 known data breaches and any information we may have about them.
Exvagos
Added Date: |
3/28/2024 |
Breach Date: |
7/21/2022 |
Updated Date: |
3/28/2024 |
Breach Count: |
2,121,789 |
Content: |
Dates of birth, Email addresses, IP addresses, Passwords, Usernames |
Domain: |
exvagos.org |
Description:
In July 2022, the direct download website Exvagos suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 2.1M unique email addresses along with IP addresses, usernames, dates of birth and MD5 password hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
GSM Hosting
Added Date: |
3/27/2024 |
Breach Date: |
8/1/2016 |
Updated Date: |
3/27/2024 |
Breach Count: |
2,607,440 |
Content: |
Email addresses, IP addresses, Passwords, Usernames |
Domain: |
gsmhosting.com |
Description:
In August 2016, breached data from the vBulletin forum for GSM-Hosting appeared for sale alongside dozens of other hacked services. The breach impacted 2.6M users of the service and included email and IP addresses, usernames and salted MD5 password hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
SwordFantasy
Added Date: |
3/26/2024 |
Breach Date: |
1/20/2017 |
Updated Date: |
3/26/2024 |
Breach Count: |
2,690,657 |
Content: |
Email addresses, IP addresses, Passwords, Usernames |
Domain: |
swordfantasy.com |
Description:
In January 2019, the now defunct MMO and RPG game SwordFantasy suffered a data breach that exposed 2.7M unique email addresses. Other impacted data included username, IP address and salted MD5 password hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
MediaWorks
Added Date: |
3/22/2024 |
Breach Date: |
3/15/2023 |
Updated Date: |
3/22/2024 |
Breach Count: |
162,710 |
Content: |
Dates of birth, Email addresses, Genders, Phone numbers, Physical addresses |
Domain: |
mediaworks.co.nz |
Description:
In March 2024, millions of rows of data from the New Zealand media company MediaWorks was publicly posted to a popular hacking forum. The incident exposed 163k unique email addresses provided by visitors who filled out online competitions and included names, physical addresses, phone numbers, dates of birth, genders and the responses to questions in the competition. Some victims of the breach subsequently received ransom demands requesting payment to have their data deleted.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Alleged AT&T
Added Date: |
3/19/2024 |
Breach Date: |
8/20/2021 |
Updated Date: |
3/19/2024 |
Breach Count: |
49,102,176 |
Content: |
Dates of birth, Email addresses, Government issued IDs, Names, Phone numbers, Physical addresses |
Domain: |
n/a |
Description:
In March 2024, tens of millions of records allegedly breached from AT&T were posted to a popular hacking forum. Dating back to August 2021, the data was originally posted for sale before later being freely released. AT&T maintains that there has not been a breach of their systems and that the data originated from elsewhere. The incident exposed names, email and physical addresses, dates of birth, phone numbers and US social security numbers.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
ClickASnap
Added Date: |
3/12/2024 |
Breach Date: |
9/24/2022 |
Updated Date: |
3/12/2024 |
Breach Count: |
3,262,980 |
Content: |
Email addresses, Names, Passwords, Physical addresses, Purchases, Social media profiles, Usernames |
Domain: |
clickasnap.com |
Description:
In September 2022, the online photo sharing platform ClickASnap suffered a data breach. The incident exposed almost 3.3M personal records including email addresses, usernames and passwords stored as SHA-512 hashes. Further, a collection of paid subscriptions were also included and contained names, physical addresses and amounts paid.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Flipkart
Added Date: |
3/12/2024 |
Breach Date: |
9/2/2022 |
Updated Date: |
3/12/2024 |
Breach Count: |
552,094 |
Content: |
Email addresses, Geographic locations, Names, Phone numbers |
Domain: |
flipkart.com |
Description:
In September 2022, over 500k customer records from the Indian e-commerce service Flipkart appeared on a popular hacking forum. The breach exposed email addresses, latitudes and longitudes, names and phone numbers.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Habib's
Added Date: |
3/9/2024 |
Breach Date: |
8/5/2021 |
Updated Date: |
3/9/2024 |
Breach Count: |
3,517,679 |
Content: |
Dates of birth, Email addresses, IP addresses, Names, Phone numbers, Social media profiles |
Domain: |
habibs.com.br |
Description:
In August 2021, the Brazilian fast food company "Habib's" suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 3.5M unique email addresses along with IP addresses, names, phone numbers, dates of birth and links to social media profiles.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
APK.TW
Added Date: |
3/8/2024 |
Breach Date: |
9/3/2022 |
Updated Date: |
3/8/2024 |
Breach Count: |
2,451,197 |
Content: |
Email addresses, IP addresses, Passwords, Usernames |
Domain: |
apk.tw |
Description:
In September 2022, the Taiwanese Android forum APK.TW suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 2.5M unique email addresses along with IP addresses, usernames and salted MD5 password hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Online Trade (Онлайн Трейд)
Added Date: |
3/7/2024 |
Breach Date: |
9/19/2022 |
Updated Date: |
3/7/2024 |
Breach Count: |
3,805,265 |
Content: |
Dates of birth, Email addresses, IP addresses, Names, Passwords, Phone numbers |
Domain: |
onlinetrade.ru |
Description:
In September 2022, the Russian e-commerce website Online Trade (Онлайн Трейд) suffered a data breach that exposed 3.8M customer records. The data included email and IP addresses, names, phone numbers, dates of birth and MD5 password hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
WoTLabs
Added Date: |
3/6/2024 |
Breach Date: |
3/3/2024 |
Updated Date: |
3/6/2024 |
Breach Count: |
21,994 |
Content: |
Dates of birth, Email addresses, IP addresses, Time zones, Usernames |
Domain: |
wotlabs.net |
Description:
In March 2024, WoTLabs (World of Tanks Statistics and Resources) suffered a data breach and website defacement attributed to "chromebook breachers". The breach exposed 22k forum members' personal data including email and IP addresses, usernames, dates of birth and time zones.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Mr. Green Gaming
Added Date: |
3/3/2024 |
Breach Date: |
3/1/2024 |
Updated Date: |
3/3/2024 |
Breach Count: |
27,123 |
Content: |
Dates of birth, Email addresses, Geographic locations, IP addresses, Usernames |
Domain: |
mrgreengaming.com |
Description:
In March 2024, the online games community Mr. Green Gaming suffered a data breach that exposed 27k user records. Acknowledged on their Discord server, the incident exposed email and IP addresses, usernames, geographic locations and dates of birth.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Cutout.Pro
Added Date: |
2/28/2024 |
Breach Date: |
2/26/2024 |
Updated Date: |
2/28/2024 |
Breach Count: |
19,972,829 |
Content: |
Email addresses, IP addresses, Names, Passwords |
Domain: |
cutout.pro |
Description:
In February 2024, the AI-powered visual design platform Cutout.Pro suffered a data breach that exposed 20M records. The data included email and IP addresses, names and salted MD5 password hashes which were subsequently broadly distributed on a popular hacking forum and Telegram channels.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Tangerine
Added Date: |
2/27/2024 |
Breach Date: |
2/18/2024 |
Updated Date: |
2/27/2024 |
Breach Count: |
243,462 |
Content: |
Dates of birth, Email addresses, Names, Passwords, Phone numbers, Physical addresses, Salutations |
Domain: |
tangerinetelecom.com.au |
Description:
In February 2024, the Australian Telco Tangerine suffered a data breach that exposed over 200k customer records. Attributed to a legacy customer database, the data included physical and email addresses, names, phone numbers and dates of birth. Whilst the Tangerine login process involves sending a one-time password after entering an email address and phone number, it previously used a traditional password which was also exposed as a bcrypt hash.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Facebook Marketplace
Added Date: |
2/21/2024 |
Breach Date: |
10/1/2023 |
Updated Date: |
2/21/2024 |
Breach Count: |
77,267 |
Content: |
Email addresses, Geographic locations, Names, Passwords, Phone numbers, Social media profiles |
Domain: |
facebook.com |
Description:
In February 2024, 200k Facebook Marketplace records allegedly obtained from a Meta contractor in October 2023 were posted to a popular hacking forum. The data contained 77k unique email addresses alongside names, phone numbers, Facebook profile IDs and geographic locations. The data also contained bcrypt password hashes, although there is no indication these belong to the corresponding Facebook accounts.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Spoutible
Added Date: |
2/5/2024 |
Breach Date: |
1/31/2024 |
Updated Date: |
2/5/2024 |
Breach Count: |
207,114 |
Content: |
Email addresses, Genders, IP addresses, Names, Passwords, Phone numbers, Usernames |
Domain: |
spoutible.com |
Description:
In January 2024, Spoutible had 207k records scraped from a misconfigured API that inadvertently returned excessive personal information. The data included names, usernames, email and IP addresses, phone numbers (where provided to the platform), genders and bcrypt password hashes. The incident also exposed 2FA secrets and backup codes along with password reset tokens.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
MyPertamina
Added Date: |
1/26/2024 |
Breach Date: |
11/1/2022 |
Updated Date: |
1/26/2024 |
Breach Count: |
5,970,416 |
Content: |
Dates of birth, Email addresses, Genders, Names, Phone numbers, Physical addresses, Purchases |
Domain: |
mypertamina.id |
Description:
In November 2022, the Indonesian oil and gas company Pertamina suffered a data breach of their MyPertamina service. The incident exposed 44M records with 6M unique email addresses along with names, dates of birth, genders, physical addresses and purchases.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Trello
Added Date: |
1/22/2024 |
Breach Date: |
1/16/2024 |
Updated Date: |
1/22/2024 |
Breach Count: |
15,111,945 |
Content: |
Email addresses, Names, Usernames |
Domain: |
trello.com |
Description:
In January 2024, data was scraped from Trello and posted for sale on a popular hacking forum. Containing over 15M email addresses, names and usernames, the data was obtained by enumerating a publicly accessible resource using email addresses from previous breach corpuses. Trello advised that no unauthorised access had occurred.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Naz.API
Added Date: |
1/17/2024 |
Breach Date: |
9/20/2023 |
Updated Date: |
1/17/2024 |
Breach Count: |
70,840,771 |
Content: |
Email addresses, Passwords |
Domain: |
n/a |
Description:
In September 2023, over 100GB of stealer logs and credential stuffing lists titled "Naz.API" was posted to a popular hacking forum. The incident contained a combination of email address and plain text password pairs alongside the service they were entered into, and standalone credential pairs obtained from unnamed sources. In total, the corpus of data included 71M unique email addresses and 100M unique passwords.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Hathway
Added Date: |
1/12/2024 |
Breach Date: |
12/17/2023 |
Updated Date: |
1/12/2024 |
Breach Count: |
4,670,080 |
Content: |
Device information, Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Salutations, Support tickets |
Domain: |
hathway.com |
Description:
In December 2023, hundreds of gigabytes of data allegedly taken from Indian ISP and digital TV provider Hathway appeared on a popular hacking website. The incident exposed extensive personal information including 4.7M unique email addresses along with names, physical and IP addresses, phone numbers, password hashes and support ticket logs.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List: