Latest Breach Information
Below is a list of the last 25 known data breaches and any information we may have about them.
Udemy
| Added Date: |
4/26/2026 |
| Breach Date: |
4/24/2026 |
| Updated Date: |
4/26/2026 |
| Breach Count: |
1,401,259 |
| Content: |
Email addresses, Employers, Job titles, Names, Payment methods, Phone numbers, Physical addresses |
| Domain: |
udemy.com |
Description:
In April 2026, online training company Udemy was the victim of a “pay or leak” extortion attempt perpetrated by the ShinyHunters group. The data was subsequently leaked publicly and contained 1.4M unique email addresses belonging to customers and instructors. The data also included names, physical addresses, phone numbers, employer information and instructor payout methods including PayPal, cheque and bank transfer.
Verified: 
,
Fabricated: 
,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Carnival
| Added Date: |
4/23/2026 |
| Breach Date: |
4/18/2026 |
| Updated Date: |
4/23/2026 |
| Breach Count: |
7,531,359 |
| Content: |
Dates of birth, Email addresses, Genders, Geographic locations, Loyalty program details, Names, Salutations |
| Domain: |
carnivalcorp.com |
Description:
In April 2026, the notorious hacking collective ShinyHunters claimed they had obtained a substantial volume of data belonging to the Carnival cruise operator and attempted to extort the organisation to prevent the data from being leaked. The following week, the group published the data publicly, which contained 8.7M records with 7.5M unique email addresses. The data contained fields indicating it related to the Mariner Society loyalty program run by Holland America, a cruise line brand under Carnival, and included names, dates of birth, genders and data relating to status within the loyalty program. Carnival acknowledged a phishing incident involving a single user account and advised they were working to better understand the scope of the unauthorised activity.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Amtrak
| Added Date: |
4/16/2026 |
| Breach Date: |
4/3/2026 |
| Updated Date: |
4/16/2026 |
| Breach Count: |
2,147,679 |
| Content: |
Email addresses, Names, Physical addresses, Support tickets |
| Domain: |
amtrak.com |
Description:
In April 2026, the hacking group ShinyHunters claimed they had breached Amtrak. The group typically compromises organisations' Salesforce instances before demanding a ransom and later, if not paid, dumping the data publicly. They subsequently published the alleged data which contained over 2M unique email addresses along with names, physical addresses and customer support records.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
McGraw Hill
| Added Date: |
4/15/2026 |
| Breach Date: |
4/10/2026 |
| Updated Date: |
4/15/2026 |
| Breach Count: |
13,500,136 |
| Content: |
Email addresses, Names, Phone numbers, Physical addresses |
| Domain: |
mheducation.com |
Description:
In April 2026, education company McGraw Hill confirmed a data breach following an extortion attempt. Attributed to a Salesforce misconfiguration, the company stated the incident exposed "a limited set of data from a webpage hosted by Salesforce on its platform". More than 100GB of data was later publicly distributed, containing 13.5M unique email addresses across multiple files, with additional fields such as name, physical address and phone number appearing inconsistently across some records.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Hallmark
| Added Date: |
4/11/2026 |
| Breach Date: |
3/31/2026 |
| Updated Date: |
4/11/2026 |
| Breach Count: |
1,736,520 |
| Content: |
Email addresses, Names, Phone numbers, Physical addresses, Support tickets |
| Domain: |
hallmark.com |
Description:
In March 2026, Hallmark suffered an alleged breach and subsequent extortion after attackers gained access to data stored within Salesforce. The data was later published after the extortion deadline passed, exposing 1.7M unique email addresses across both Hallmark and the Hallmark+ streaming service, along with names, phone numbers, physical addresses and support tickets.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
My Lovely AI
| Added Date: |
4/7/2026 |
| Breach Date: |
4/7/2026 |
| Updated Date: |
4/7/2026 |
| Breach Count: |
106,271 |
| Content: |
Email addresses, Social media profiles |
| Domain: |
mylovely.ai |
Description:
In April 2026, the NSFW AI girlfriend platform My Lovely AI suffered a data breach that exposed over 100k users. The data included user-created prompts and links to the resulting AI-generated images, along with a small number of Discord and X usernames.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Crunchyroll
| Added Date: |
4/3/2026 |
| Breach Date: |
3/12/2026 |
| Updated Date: |
4/3/2026 |
| Breach Count: |
1,195,684 |
| Content: |
Email addresses |
| Domain: |
https://www.crunchyroll.com/ |
Description:
In March 2026, the anime streaming service Crunchyroll suffered a data breach alleged to have impacted 6.8M users. The exposed data is reported to have originated from the company's Zendesk support system where "name, login name, email address, IP address, general geographic location and the contents of the support tickets" were exposed. A subset of 1.2M email addresses from an alleged 2M record dataset being sold was later provided to HIBP.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
SongTrivia2
| Added Date: |
4/3/2026 |
| Breach Date: |
4/2/2026 |
| Updated Date: |
4/3/2026 |
| Breach Count: |
291,739 |
| Content: |
Auth tokens, Avatars, Email addresses, Names, Passwords, Usernames |
| Domain: |
songtrivia2.io |
Description:
In April 2026, the music trivia platform SongTrivia2 suffered a data breach that was subsequently published to a public hacking forum. The data contained a total of 291k unique email addresses sourced from either Google OAuth logins or accounts created on the site, the latter also containing bcrypt password hashes. The data also included names, usernames and avatars.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
SUCCESS
| Added Date: |
4/1/2026 |
| Breach Date: |
3/4/2026 |
| Updated Date: |
4/1/2026 |
| Breach Count: |
253,510 |
| Content: |
Device information, Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Purchases |
| Domain: |
success.com |
Description:
In March 2026, the personal development and achievement media brand SUCCESS suffered a data breach. The incident exposed 250k unique email addresses along with names, IP addresses, phone numbers and, for a limited number of staff members, bcrypt password hashes. The data also included orders containing physical addresses and the payment method used. In SUCCESS' disclosure notice, they advised their system had also been abused to send offensive newsletters with quotes falsely attributed to contributors.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Cuties AI
| Added Date: |
3/31/2026 |
| Breach Date: |
3/21/2025 |
| Updated Date: |
3/31/2026 |
| Breach Count: |
144,250 |
| Content: |
Avatars, Display names, Email addresses |
| Domain: |
cuties.ai |
Description:
In March 2026, the NSFW AI companion platform Cuties AI suffered a data breach that was subsequently published to a public hacking forum. The incident exposed 144k unique email addresses along with display names, avatars, prompts and descriptions used to generate AI adult images, as well as URLs to the generated content. The data also included the account that created the content and a stated "preference" of either female or trans.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
BreachForums Version 5
| Added Date: |
3/26/2026 |
| Breach Date: |
3/26/2026 |
| Updated Date: |
3/26/2026 |
| Breach Count: |
339,778 |
| Content: |
Email addresses, Passwords, Usernames |
| Domain: |
breachforums.bf |
Description:
In March 2026, a breach of one of the many iterations of the BreachForums hacking forum known as "Version 5" was publicly disclosed. The incident exposed 340k unique email addresses along with usernames and argon2 password hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Scuf Gaming
| Added Date: |
3/26/2026 |
| Breach Date: |
6/5/2015 |
| Updated Date: |
3/26/2026 |
| Breach Count: |
128,683 |
| Content: |
Display names, Email addresses, IP addresses, Passwords, Usernames |
| Domain: |
scufgaming.com |
Description:
In June 2015, custom gaming controller maker Scuf Gaming suffered a data breach. The incident exposed 129k unique email addresses along with usernames, display names, IP addresses and password hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Sound Radix
| Added Date: |
3/25/2026 |
| Breach Date: |
3/25/2026 |
| Updated Date: |
3/26/2026 |
| Breach Count: |
292,993 |
| Content: |
Email addresses, Names, Passwords |
| Domain: |
soundradix.com |
Description:
In March 2026, the audio production tools company Sound Radix disclosed a data breach that they subsequently self-submitted to HIBP. The incident impacted 293k unique email addresses and names. Sound Radix advised that it is possible that additional data including hashed passwords may have been exposed, and that no financial or credit card information was impacted.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
RuneScape Boards
| Added Date: |
3/23/2026 |
| Breach Date: |
12/26/2011 |
| Updated Date: |
3/23/2026 |
| Breach Count: |
222,762 |
| Content: |
Email addresses, IP addresses, Passwords, Usernames |
| Domain: |
rsboards.com |
Description:
In around 2011, the now defunct RuneScape Boards forum (also known as RSBoards) suffered a data breach that was later redistributed as part of a larger corpus of data. The vBulletin-based service exposed 223k unique email addresses along with usernames, IP addresses and salted MD5 password hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Aura
| Added Date: |
3/18/2026 |
| Breach Date: |
3/6/2026 |
| Updated Date: |
3/18/2026 |
| Breach Count: |
903,080 |
| Content: |
Customer service comments, Email addresses, IP addresses, Names, Phone numbers, Physical addresses |
| Domain: |
aura.com |
Description:
In March 2026, the online safety service Aura disclosed a data breach that exposed 900k unique email addresses. The data was primarily associated with a marketing tool from a previously acquired company, with fewer than 20k active Aura customers affected. Exposed data included names, phone numbers, physical and IP addresses, and customer service notes. Aura advised that no Social Security numbers, passwords or financial information were compromised.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Divine Skins
| Added Date: |
3/15/2026 |
| Breach Date: |
3/13/2026 |
| Updated Date: |
3/15/2026 |
| Breach Count: |
105,814 |
| Content: |
Email addresses, Purchases, Usernames |
| Domain: |
divineskins.gg |
Description:
In March 2026, the League of Legends custom skins service Divine Skins suffered a data breach. The incident was disclosed via the service's Discord server, where Divine Skins stated that an unauthorised third party accessed part of its systems, deleted all skins from the database and exposed email addresses and usernames. The data also contained a history of purchases made by users.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Baydöner
| Added Date: |
3/14/2026 |
| Breach Date: |
3/8/2026 |
| Updated Date: |
3/14/2026 |
| Breach Count: |
1,266,822 |
| Content: |
Dates of birth, Email addresses, Genders, Geographic locations, Government issued IDs, Names, Passwords, Phone numbers, Purchases |
| Domain: |
baydoner.com |
Description:
In March 2026, the Turkish restaurant chain Baydöner suffered a data breach which was subsequently published to a public hacking forum. The incident exposed over 1.2M unique email addresses along with names, phone numbers, cities of residence and plaintext passwords. A small number of records also included Turkish national ID number and date of birth. In their disclosure notice, Baydöner stated that payment and financial data was not affected.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Provecho
| Added Date: |
3/3/2026 |
| Breach Date: |
1/30/2026 |
| Updated Date: |
3/3/2026 |
| Breach Count: |
712,904 |
| Content: |
Email addresses, Usernames |
| Domain: |
provecho.bio |
Description:
In early 2026, data purportedly sourced from the recipe and meal planning service Provecho was alleged to have been obtained in a breach. The exposed data included 713k unique email address along with username and the creator account holders followed. Provecho has been notified and is aware of the claims surrounding the incident.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Lovora
| Added Date: |
3/2/2026 |
| Breach Date: |
2/25/2026 |
| Updated Date: |
3/2/2026 |
| Breach Count: |
495,556 |
| Content: |
Display names, Email addresses, Profile photos |
| Domain: |
n/a |
Description:
In February 2026, the couples and relationship app Lovora allegedly suffered a data breach that exposed 496k unique email addresses. The data also included users’ display names and profile photos, along with other personal information collected through use of the app. The app’s maker, Plantake, did not respond to multiple attempts to contact them about the incident.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Quitbro
| Added Date: |
3/1/2026 |
| Breach Date: |
2/17/2026 |
| Updated Date: |
3/1/2026 |
| Breach Count: |
22,874 |
| Content: |
Email addresses, Partial dates of birth, Usernames |
| Domain: |
quitbro.app |
Description:
In February 2026, the porn addiction app Quitbro allegedly suffered a data breach that exposed 23k unique email addresses. The data also included users’ years of birth, responses to questions within the app and their last recorded relapse time. The app’s maker, Plantake, did not respond to multiple attempts to contact them about the incident.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List: