Latest Breach Information
Below is a list of the last 25 known data breaches and any information we may have about them.
Not Acxiom
| Added Date: |
11/22/2022 |
| Breach Date: |
6/21/2020 |
| Updated Date: |
11/22/2022 |
| Breach Count: |
51,730,831 |
| Content: |
Email addresses, IP addresses, Names, Phone numbers, Physical addresses |
| Domain: |
n/a |
Description:
In 2020, a corpus of data containing almost a quarter of a billion records spanning over 400 different fields was misattributed to database marketing company Acxiom and subsequently circulated within the hacking community. On review, Acxiom concluded that "the claims are indeed false and that the data, which has been readily available across multiple environments, does not come from Acxiom and is in no way the subject of an Acxiom breach". The data contained almost 52M unique email addresses.
Verified: 
,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Get Revenge On Your Ex
| Added Date: |
11/14/2022 |
| Breach Date: |
9/9/2022 |
| Updated Date: |
11/14/2022 |
| Breach Count: |
79,195 |
| Content: |
|
| Domain: |
getrevengeonyourex.com |
Description:
In September 2022, the revenge website Get Revenge On Your Ex suffered a data breach that exposed almost 80k unique email addresses. The data spanned both customers and victims including names, IP and physical addresses, phone numbers, purchase histories and plain text passwords. The data was subsequently shared on a public hacking forum, Get Revenge On Your Ex did not reply when contacted.
Verified: 
,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
GGCorp
| Added Date: |
11/8/2022 |
| Breach Date: |
8/11/2022 |
| Updated Date: |
11/8/2022 |
| Breach Count: |
2,376,330 |
| Content: |
Email addresses, IP addresses, Passwords, Usernames |
| Domain: |
ggcorp.me |
Description:
In August 2022, the MMORPG website GGCorp suffered a data breach that exposed almost 2.4M unique email addresses. The data also included IP addresses, usernames and MD5 password hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Lolzteam
| Added Date: |
11/5/2022 |
| Breach Date: |
5/13/2018 |
| Updated Date: |
11/5/2022 |
| Breach Count: |
398,011 |
| Content: |
Email addresses, Usernames |
| Domain: |
lolzteam.net |
Description:
In May 2018, the Russian hacking forum Lolzteam suffered a data breach that exposed 400k members. The impacted data included usernames and email addresses which were later redistributed via another hacking forum. The data was provided to HIBP by a source who requested it be attributed to "ZAN @ BF".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Doomworld
| Added Date: |
10/24/2022 |
| Breach Date: |
10/12/2022 |
| Updated Date: |
10/24/2022 |
| Breach Count: |
34,478 |
| Content: |
Email addresses, IP addresses, Passwords, Usernames |
| Domain: |
doomworld.com |
Description:
In October 2022, the Doomworld fourm suffered a data breach that exposed 34k member records. The data included email and IP addresses, usernames and bcrypt password hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
E-Pal
| Added Date: |
10/23/2022 |
| Breach Date: |
4/15/2022 |
| Updated Date: |
10/23/2022 |
| Breach Count: |
108,887 |
| Content: |
Email addresses, Purchases, Usernames |
| Domain: |
epal.gg |
Description:
In October 2022, the service dedicated to finding friends on Discord known as E-Pal disclosed a data breach. The compromised data included over 100k unique email addresses and usernames spanning approximately 1M orders. The data was subsequently distributed via a popular hacking forum.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Wakanim
| Added Date: |
10/6/2022 |
| Breach Date: |
8/28/2022 |
| Updated Date: |
10/6/2022 |
| Breach Count: |
6,706,951 |
| Content: |
Browser user agent details, Email addresses, IP addresses, Names, Physical addresses, Usernames |
| Domain: |
wakanim.tv |
Description:
In August 2022, the European streaming service Wakanim suffered a data breach which was subsequently advertised and sold on a popular hacking forum. The breach exposed 6.7M customer records including email, IP and physical addresses, names and usernames.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Bhinneka
| Added Date: |
10/6/2022 |
| Breach Date: |
1/27/2020 |
| Updated Date: |
10/6/2022 |
| Breach Count: |
1,274,340 |
| Content: |
Dates of birth, Email addresses, Genders, Names, Passwords, Phone numbers, Physical addresses |
| Domain: |
bhinneka.com |
Description:
In early 2020, the Indonesian consumer electronics website Bhinneka suffered a data breach that exposed almost 1.3M customer records. The data included email and physical addresses, names, genders, dates of birth, phone numbers and salted password hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
TAP Air Portugal
| Added Date: |
9/23/2022 |
| Breach Date: |
8/25/2022 |
| Updated Date: |
9/23/2022 |
| Breach Count: |
5,067,990 |
| Content: |
Dates of birth, Email addresses, Genders, Names, Nationalities, Phone numbers, Physical addresses, Salutations, Spoken languages |
| Domain: |
flytap.com |
Description:
In August 2022, the Portuguese airline TAP Air Portugal was the target of a ransomware attack perpetrated by the Ragnar Locker gang who later leaked the compromised data via a public dark web site. Over 5M unique email addresses were exposed alongside other personal data including names, genders, DoBs, phone numbers and physical addresses.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Brand New Tube
| Added Date: |
9/8/2022 |
| Breach Date: |
8/14/2022 |
| Updated Date: |
9/8/2022 |
| Breach Count: |
349,627 |
| Content: |
Email addresses, Genders, IP addresses, Passwords, Private messages, Usernames |
| Domain: |
brandnewtube.com |
Description:
In August 2022, the streaming website Brand New Tube suffered a data breach that exposed the personal information of almost 350k subscribers. The impacted data included email and IP addresses, usernames, genders, passwords stored as unsalted SHA-1 hashes and private messages.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Stripchat
| Added Date: |
8/31/2022 |
| Breach Date: |
11/5/2021 |
| Updated Date: |
8/31/2022 |
| Breach Count: |
10,001,355 |
| Content: |
Email addresses, IP addresses, Usernames |
| Domain: |
stripchat.com |
Description:
In November 2021, the live sex cams and adult chat website Stripchat left several databases exposed and unsecured. In June the following year, over 10M Stripchat records appeared on a popular hacking forum. The exposed data included usernames, email addresses and IP addresses.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
START
| Added Date: |
8/29/2022 |
| Breach Date: |
6/1/2021 |
| Updated Date: |
8/29/2022 |
| Breach Count: |
7,455,386 |
| Content: |
Email addresses, Geographic locations, Names, Passwords |
| Domain: |
start.film |
Description:
In August 2022, news broke of an attack against the Russian streaming service "START". The incident led to the exposure of 44M records containing 7.4M unique email addresses. The impacted data also included the subscriber's country and password hash. START subsequently acknowledged the incident in a Telegram post and stated that the data dated back to 2021.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Banorte
| Added Date: |
8/18/2022 |
| Breach Date: |
8/18/2014 |
| Updated Date: |
8/18/2022 |
| Breach Count: |
2,107,000 |
| Content: |
Account balances, Email addresses, Genders, Government issued IDs, Names, Phone numbers, Physical addresses |
| Domain: |
banorte.com |
Description:
In August 2022, millions of records from Mexican bank "Banorte" were publicly dumped on a popular hacking forum including 2.1M unique email addresses, physical addresses, names, phone numbers, RFC (tax) numbers, genders and bank balances. Banorte have stated that the data is "outdated", although have not yet indicated how far back it dates to. Anecdotal feedback from HIBP subscribers suggests the data may date back 8 years to 2014.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
SitePoint
| Added Date: |
8/17/2022 |
| Breach Date: |
6/20/2020 |
| Updated Date: |
8/17/2022 |
| Breach Count: |
1,021,790 |
| Content: |
Bios, Email addresses, IP addresses, Names, Passwords, Usernames |
| Domain: |
sitepoint.com |
Description:
In June 2020, the web development site SitePoint suffered a data breach that exposed over 1M customer records. Impacted data included email and IP addresses, names, usernames, bios and passwords stored as bcrypt hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Shitexpress
| Added Date: |
8/16/2022 |
| Breach Date: |
8/8/2022 |
| Updated Date: |
8/16/2022 |
| Breach Count: |
23,817 |
| Content: |
Email addresses, IP addresses, Names, Physical addresses, Private messages, Purchases |
| Domain: |
shitexpress.com |
Description:
In August 2022, the online faeces delivery service Shitexpress suffered a data breach that exposed 24k unique email addresses. The addresses spanned invoices, gift cards, promotions and PayPal records. The breach also exposed the IP and email addresses of senders, physical addresses of recipients and messages accompanying the shit delivery.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Twitter
| Added Date: |
8/12/2022 |
| Breach Date: |
1/1/2022 |
| Updated Date: |
8/12/2022 |
| Breach Count: |
6,682,453 |
| Content: |
Bios, Email addresses, Geographic locations, Names, Phone numbers, Profile photos, Usernames |
| Domain: |
twitter.com |
Description:
In January 2022, a vulnerability in Twitter's platform allowed an attacker to build a database of the email addresses and phone numbers of millions of users of the social platform. In a disclosure notice later shared in August 2022, Twitter advised that the vulnerability was related to a bug introduced in June 2021 and that they are directly notifying impacted customers. The impacted data included either email address or phone number alongside other public information including the username, display name, bio, location and profile photo. The data included 6.7M unique email addresses across both active and suspended accounts, the latter appearing in a separate list of 1.4M addresses.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
QuestionPro
| Added Date: |
8/4/2022 |
| Breach Date: |
5/21/2022 |
| Updated Date: |
8/5/2022 |
| Breach Count: |
22,229,637 |
| Content: |
Browser user agent details, Email addresses, IP addresses, Survey results |
| Domain: |
questionpro.com |
Description:
In May 2022, the survey website QuestionPro was the target of an extortion attempt relating to an alleged data breach. Over 100GB of data containing 22M unique email addresses (some of which appear to be generated by the platform), are alleged to have been extracted from the service along with IP addresses, browser user agents and results relating to surveys. QuestionPro would not confirm whether a breach had occurred (although they did confirm they were the target of an extortion attempt), so the data was initially flagged as "unverified". Subsequent verification by impacted HIBP subscribers later led to the removal of the unverified flag.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Tuned Global
| Added Date: |
8/2/2022 |
| Breach Date: |
3/16/2016 |
| Updated Date: |
8/2/2022 |
| Breach Count: |
985,586 |
| Content: |
Email addresses, Names, Passwords, Phone numbers, Physical addresses |
| Domain: |
tunedglobal.com |
Description:
In January 2021, data from a number of breached services including Tuned Global were released to a public hacking forum. The breach appears to date back to 2016 and includes 985k records containing email addresses, names, a small number of physical addresses and phone numbers and passwords stored in plain text.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Mecho Download
| Added Date: |
8/1/2022 |
| Breach Date: |
10/31/2013 |
| Updated Date: |
8/1/2022 |
| Breach Count: |
437,928 |
| Content: |
Email addresses, IP addresses, Passwords, Usernames |
| Domain: |
mechodownload.com |
Description:
In October 2013, the (now defunct) downloads website "Mecho Download" suffered a data breach that exposed 438k records. Data from the vBulletin based website included email and IP addresses, usernames and passwords stored as salted MD5 hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Battlefy
| Added Date: |
7/28/2022 |
| Breach Date: |
1/11/2016 |
| Updated Date: |
7/28/2022 |
| Breach Count: |
83,610 |
| Content: |
Email addresses, Passwords, Usernames |
| Domain: |
battlefy.com |
Description:
In January 2016, the esports website Battlefy suffered a data breach that exposed 83k customer records. The impacted data included email addresses, usernames and passwords stored as bcrypt hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List: