Latest Breach Information
Below is a list of the last 25 known data breaches and any information we may have about them.
Ualabee
| Added Date: |
6/13/2025 |
| Breach Date: |
5/6/2025 |
| Updated Date: |
6/13/2025 |
| Breach Count: |
472,296 |
| Content: |
Dates of birth, Email addresses, Names, Phone numbers, Profile photos |
| Domain: |
ualabee.com |
Description:
In May 2025, the South American mobility services platform Ualabee had hundreds of thousands of records scraped from an interface on their platform. The data included 472k unique email addresses along with names, profile photos, dates of birth and phone numbers.
Verified: 
,
Fabricated: 
,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
WiredBucks
| Added Date: |
6/10/2025 |
| Breach Date: |
5/25/2022 |
| Updated Date: |
6/10/2025 |
| Breach Count: |
918,529 |
| Content: |
Earnings, Email addresses, IP addresses, Names, Passwords, Physical addresses, Usernames |
| Domain: |
wiredbucks.com |
Description:
In May 2022, the now defunct social media influencer platform WiredBucks suffered a data breach that was later redistributed as part of a larger corpus of data. The incident exposed over 900k email and IP addresses alongside names, usernames, earnings via the platform, physical addresses and passwords stored as plain text.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Disk Union
| Added Date: |
6/7/2025 |
| Breach Date: |
6/24/2022 |
| Updated Date: |
6/7/2025 |
| Breach Count: |
690,667 |
| Content: |
Email addresses, Geographic locations, Names, Passwords, Phone numbers, Usernames |
| Domain: |
diskunion.net |
Description:
In June 2022, the Japanese record chain store Disk Union suffered a data breach. The incident exposed 690k unique email addresses along with names, post codes, phone numbers and plain text passwords.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
ColoCrossing
| Added Date: |
6/3/2025 |
| Breach Date: |
5/24/2025 |
| Updated Date: |
6/3/2025 |
| Breach Count: |
7,183 |
| Content: |
Email addresses, Names, Passwords |
| Domain: |
colocrossing.com |
Description:
In May 2025, hosting provider ColoCrossing identified a data breach that impacted customers of their ColoCloud virtual server product. ColoCrossing advised the incident was isolated to their cloud/VPS platform and stemmed from a single sign-on vulnerability. 7k email addresses were exposed in the incident along with names and MD5-Crypt password hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Free
| Added Date: |
5/27/2025 |
| Breach Date: |
10/17/2024 |
| Updated Date: |
5/27/2025 |
| Breach Count: |
13,926,173 |
| Content: |
Bank account numbers, Dates of birth, Genders, Names, Phone numbers, Physical addresses |
| Domain: |
free.fr |
Description:
In October 2024, French ISP "Free" suffered a data breach which was subsequently posted for sale and later, leaked publicly. The data included 14M unique email addresses along with names, physical addresses, phone numbers, genders, dates of birth and for many records, IBAN bank account numbers. Free advised that the numbers were "not enough to make a direct debit from a bank".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Operation Endgame 2.0
| Added Date: |
5/23/2025 |
| Breach Date: |
5/23/2025 |
| Updated Date: |
5/25/2025 |
| Breach Count: |
15,436,844 |
| Content: |
Email addresses, Passwords |
| Domain: |
n/a |
Description:
In May 2025, a coalition of law enforcement agencies took down the criminal infrastructure behind the malware used to launch ransomware attacks in a new phase of "Operation Endgame". This followed the first Operation Endgame exercise a year earlier, with the latest action resulting in 15.3M victim email addresses being provided to HIBP by law enforcement. A further 43.8M victim passwords were also provided for HIBP's Pwned Passwords service.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Fédération Francaise de Rugby
| Added Date: |
5/22/2025 |
| Breach Date: |
7/6/2023 |
| Updated Date: |
5/23/2025 |
| Breach Count: |
281,977 |
| Content: |
Dates of birth, Email addresses, Names, Phone numbers |
| Domain: |
ffr.fr |
Description:
In June 2023, the Fédération Francaise de Rugby (French Rugby Federation) suffered a data breach and attempted ransom. The breach exposed 282k unique email addresses along with names, dates of birth and phone numbers. The Federation subsequently published a disclosure notice and stated that the attack primarily affected email servers. The data was provided to HIBP by a source who requested it be attributed to "atix".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
OnRPG
| Added Date: |
5/8/2025 |
| Breach Date: |
7/1/2016 |
| Updated Date: |
5/8/2025 |
| Breach Count: |
1,047,640 |
| Content: |
Email addresses, IP addresses, Passwords, Usernames |
| Domain: |
onrpg.com |
Description:
In July 2016, the now defunct free online games list website OnRPG suffered a data breach that was later redistributed as part of a larger corpus of data. The incident exposed just over 1M email and IP addresses alongside usernames and passwords stored as salted MD5 hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
TehetségKapu
| Added Date: |
5/1/2025 |
| Breach Date: |
3/26/2025 |
| Updated Date: |
5/1/2025 |
| Breach Count: |
54,357 |
| Content: |
Email addresses, Names, Usernames |
| Domain: |
tehetsegkapu.hu |
Description:
In March 2025, almost 55k records were breached from the Hungarian education office website TehetségKapu. The data was subsequently published to a popular hacking forum and included email addresses, names and usernames.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Samsung Germany Customer Tickets
| Added Date: |
4/12/2025 |
| Breach Date: |
3/30/2025 |
| Updated Date: |
4/13/2025 |
| Breach Count: |
216,333 |
| Content: |
Email addresses, Names, Physical addresses, Purchases, Salutations, Shipment tracking numbers, Support tickets |
| Domain: |
samsung.de |
Description:
In March 2025, data from Samsung Germany was compromised in a data breach of their logistics provider, Spectos. Allegedly due to credentials being obtained by malware running on a Spectos employee's machine, the breach included 216k unique email addresses along with names, physical addresses, items purchased from Samsung Germany and related support tickets and shipping tracking numbers.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Qraved
| Added Date: |
4/9/2025 |
| Breach Date: |
7/9/2021 |
| Updated Date: |
4/9/2025 |
| Breach Count: |
984,519 |
| Content: |
Dates of birth, Email addresses, Names, Passwords, Phone numbers |
| Domain: |
qraved.com |
Description:
In July 2021, the Indonesian restaurant website Qraved suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed almost 1M unique email addresses along with names, phone numbers, dates of birth and passwords stored as MD5 hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Boulanger
| Added Date: |
4/8/2025 |
| Breach Date: |
9/6/2024 |
| Updated Date: |
4/10/2025 |
| Breach Count: |
2,077,078 |
| Content: |
Email addresses, Geographic locations, Names, Phone numbers, Physical addresses |
| Domain: |
boulanger.com |
Description:
In September 2024, French electronics retailer Boulanger suffered a data breach that exposed over 27M rows of data. The data included 2M unique email addresses along with names, physical addresses, phone numbers and latitude and longitude. The data was later publicly published to a popular hacking forum. The data was provided to HIBP by a source who requested it be attributed to "leidhall".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
German Doner Kebab
| Added Date: |
3/30/2025 |
| Breach Date: |
3/27/2025 |
| Updated Date: |
3/30/2025 |
| Breach Count: |
162,373 |
| Content: |
Email addresses, Names, Phone numbers, Physical addresses |
| Domain: |
germandonerkebab.com |
Description:
In March 2025, data allegedly sourced from German Doner Kebab was published on a popular hacking forum. The data included 162k unique email addresses alongside names, phone numbers and physical addresses. German Doner Kebab subsequently sent a disclosure notice to impacted individuals.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Troy Hunt's Mailchimp List
| Added Date: |
3/25/2025 |
| Breach Date: |
3/25/2025 |
| Updated Date: |
3/29/2025 |
| Breach Count: |
16,627 |
| Content: |
Email addresses, Geographic locations, IP addresses |
| Domain: |
troyhunt.com |
Description:
In March 2025, a phishing attack successfully gained access to Troy Hunt's Mailchimp account and automatically exported a list of people who had subscribed to the newsletter for his personal blog. The exported list contained 16k email addresses and other data automatically collected by Mailchimp including IP address and a derived latitude, longitude and time zone.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
SpyX
| Added Date: |
3/19/2025 |
| Breach Date: |
6/24/2024 |
| Updated Date: |
3/19/2025 |
| Breach Count: |
1,977,011 |
| Content: |
Device information, Email addresses, Geographic locations, IP addresses, Passwords |
| Domain: |
spyx.com |
Description:
In June 2024, spyware maker SpyX suffered a data breach that exposed almost 2M unique email addresses. The breach also exposed IP addresses, countries of residence, device information and 6-digit PINs in the password field. Further, a collection of iCloud credentials likely used to monitor targets directly via the cloud were also in the breach and contained the target's email address and plain text Apple password.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Lexipol
| Added Date: |
3/18/2025 |
| Breach Date: |
2/11/2025 |
| Updated Date: |
3/18/2025 |
| Breach Count: |
672,546 |
| Content: |
Email addresses, Names, Passwords, Phone numbers, Usernames |
| Domain: |
lexipol.com |
Description:
In February 2025, the public safety policy management systems company Lexipol suffered a data breach. Attributed to the self-proclaimed "Puppygirl Hacker Polycule", the breach exposed an extensive number of documents and user records which were subsequently published publicly. The breach included over 670k unique email addresses in the user records, along with names, phone numbers, system-generated usernames and passwords stored as either MD5 or SHA-256 hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Color Dating
| Added Date: |
3/2/2025 |
| Breach Date: |
9/5/2018 |
| Updated Date: |
3/2/2025 |
| Breach Count: |
220,503 |
| Content: |
Bios, Dates of birth, Email addresses, Geographic locations, Names, Passwords, Profile photos |
| Domain: |
colordatingapp.com |
Description:
In September 2018, the dating app to match people with different ethnicities Color Dating suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 220k unique email addresses along with bios, names, profile photos and bcrypt password hashes. The data was provided to HIBP by a source who requested it be attributed to "ANK (Veles)".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Flat Earth Sun, Moon and Zodiac App
| Added Date: |
3/1/2025 |
| Breach Date: |
10/15/2024 |
| Updated Date: |
3/1/2025 |
| Breach Count: |
33,294 |
| Content: |
Dates of birth, Email addresses, Genders, Geographic locations, Names, Passwords, Usernames |
| Domain: |
flatearthdave.com |
Description:
In October 2024, the flat earth sun, moon and zodiac app created by Flat Earth Dave was found to be leaking extensive personal information of its users. The data included 33k unique email addresses along with usernames, latitudes and longitudes (their position on the globe) and passwords stored in plain text. A small number of profiles also contained names, dates of birth and genders.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Spyzie
| Added Date: |
2/27/2025 |
| Breach Date: |
2/22/2024 |
| Updated Date: |
2/27/2025 |
| Breach Count: |
518,643 |
| Content: |
Email addresses |
| Domain: |
spyzie.io |
Description:
In February 2025, the spyware service Spyzie suffered a data breach along with sibling spyware services, Spyic and Cocospy. The Spyzie breach alone exposed almost 519k customer email addresses which were provided to HIBP, and reportedly also enabled unauthorised access to captured messages, photos, call logs, and more. The data was provided to HIBP by a source who requested it be attributed to "[email protected]".
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Orange Romania
| Added Date: |
2/26/2025 |
| Breach Date: |
2/24/2025 |
| Updated Date: |
2/26/2025 |
| Breach Count: |
556,557 |
| Content: |
Email addresses, Partial credit card data, Phone numbers |
| Domain: |
orange.ro |
Description:
In February 2025, the Romanian arm of telecommunications company Orange suffered a data breach which was subsequently published to a popular hacking forum. The data included 556k email addresses (of which hundreds of thousands were in the form of [phone number]@as1.romtelecom.net), phone numbers, subscription details, partial credit card data (type, last 4 digits, expiration date and issuing bank). The breach also exposed an extensive number of internal documents.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List: