Latest Breach Information
Below is a list of the last 25 known data breaches and any information we may have about them.
Nitro
| Added Date: |
1/19/2021 |
| Breach Date: |
9/28/2020 |
| Updated Date: |
1/19/2021 |
| Breach Count: |
77,159,696 |
| Content: |
Email addresses, Names, Passwords |
| Domain: |
gonitro.com |
Description:
In September 2020, the Nitro PDF service suffered a massive data breach which exposed over 70 million unique email addresses. The breach also exposed names, bcrypt password hashes and the titles of converted documents. The data was provided to HIBP by dehashed.com.
Verified: 
,
Fabricated: 
,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Romwe
| Added Date: |
1/18/2021 |
| Breach Date: |
6/1/2018 |
| Updated Date: |
1/18/2021 |
| Breach Count: |
19,531,820 |
| Content: |
Geographic locations, IP addresses, Names, Passwords, Phone numbers, Physical addresses |
| Domain: |
romwe.com |
Description:
In mid-2018, the Hong Kong-based retailer Romwe suffered a data breach which exposed almost 20 million customers. The data was subsequently sold online and includes names, phone numbers, email and IP addresses, customer geographic locations and passwords stored as salted SHA-1 hashes. The data was provided to HIBP by dehashed.com.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Jobandtalent
| Added Date: |
1/17/2021 |
| Breach Date: |
2/1/2018 |
| Updated Date: |
1/17/2021 |
| Breach Count: |
10,981,207 |
| Content: |
Email addresses, IP addresses, Names, Passwords |
| Domain: |
jobandtalent.com |
Description:
In approximately February 2018, the employment website Jobandtalent suffered a data breach which then appeared for sale alongside other breaches a year later. The incident impacted 11 million subscribers and exposed their names, email and IP addresses and passwords stored as salted SHA-1 hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Glofox
| Added Date: |
1/9/2021 |
| Breach Date: |
3/27/2020 |
| Updated Date: |
1/9/2021 |
| Breach Count: |
2,330,735 |
| Content: |
Dates of birth, Email addresses, Genders, Names, Passwords, Phone numbers |
| Domain: |
glofox.com |
Description:
In March 2020, the Irish gym management software company Glofox suffered a data breach which exposed 2.3M membership records. The data included email addresses, names, phone numbers, genders, dates of birth and passwords stored as unsalted MD5 hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
GeniusU
| Added Date: |
1/8/2021 |
| Breach Date: |
10/2/2020 |
| Updated Date: |
1/9/2021 |
| Breach Count: |
1,301,460 |
| Content: |
Email addresses, Genders, IP addresses, Names, Passwords, Social media profiles |
| Domain: |
geniusu.com |
Description:
In November 2020, a collection of data breaches were made public including the "Entrepreneur Success Platform", GeniusU. Dating back to the previous month, the data included 1.3M names, email and IP addresses, genders, links to social media profiles and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Ledger
| Added Date: |
12/20/2020 |
| Breach Date: |
6/25/2020 |
| Updated Date: |
12/20/2020 |
| Breach Count: |
1,075,241 |
| Content: |
Email addresses, Names, Phone numbers, Physical addresses |
| Domain: |
ledger.com |
Description:
In June 2020, the hardware crypto wallet manufacturer Ledger suffered a data breach that exposed over 1 million email addresses. The data was initially sold before being dumped publicly in December 2020 and included names, physical addresses and phone numbers. The data was provided to HIBP by Alon Gal, CTO of cybercrime intelligence firm Hudson Rock.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Peatix
| Added Date: |
12/6/2020 |
| Breach Date: |
1/20/2019 |
| Updated Date: |
12/6/2020 |
| Breach Count: |
4,227,907 |
| Content: |
Email addresses, Names, Passwords |
| Domain: |
peatix.com |
Description:
In January 2019, the event organising platform Peatix suffered a data breach. The incident exposed 4.2M email addresses, names and salted password hashes. The data was provided to HIBP by dehashed.com.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Pluto TV
| Added Date: |
12/5/2020 |
| Breach Date: |
10/12/2018 |
| Updated Date: |
12/5/2020 |
| Breach Count: |
3,225,080 |
| Content: |
Dates of birth, Device information, Email addresses, Genders, IP addresses, Names, Passwords, Social media profiles, Usernames |
| Domain: |
pluto.tv |
Description:
In October 2018, the internet television service Pluto TV suffered a data breach which was then shared extensively in hacking communities. Pluto TV "decided not to proactively inform users of the breach" which contained 3.2M unique email and IP addresses, names, usernames, genders, dates of birth and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Cit0day
| Added Date: |
11/19/2020 |
| Breach Date: |
11/4/2020 |
| Updated Date: |
11/19/2020 |
| Breach Count: |
226,883,414 |
| Content: |
Email addresses, Passwords |
| Domain: |
cit0day.in |
Description:
In November 2020, a collection of more than 23,000 allegedly breached websites known as Cit0day were made available for download on several hacking forums. The data consisted of 226M unique email address alongside password pairs, often represented as both password hashes and the cracked, plain text versions. Independent verification of the data established it contains many legitimate, previously undisclosed breaches. The data was provided to HIBP by dehashed.com.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
123RF
| Added Date: |
11/14/2020 |
| Breach Date: |
3/22/2020 |
| Updated Date: |
11/14/2020 |
| Breach Count: |
8,661,578 |
| Content: |
Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Usernames |
| Domain: |
123rf.com |
Description:
In March 2020, the stock photo site 123RF suffered a data breach which impacted over 8 million subscribers and was subsequently sold online. The breach included email, IP and physical addresses, names, phone numbers and passwords stored as MD5 hashes. The data was provided to HIBP by dehashed.com.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Home Chef
| Added Date: |
11/12/2020 |
| Breach Date: |
2/10/2020 |
| Updated Date: |
11/12/2020 |
| Breach Count: |
8,815,692 |
| Content: |
Email addresses, Geographic locations, IP addresses, Names, Partial credit card data, Passwords, Phone numbers |
| Domain: |
homechef.com |
Description:
In early 2020, the food delivery service Home Chef suffered a data breach which was subsequently sold online. The breach exposed the personal information of almost 9 million customers including names, IP addresses, post codes, the last 4 digits of credit card numbers and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Animal Jam
| Added Date: |
11/11/2020 |
| Breach Date: |
10/12/2020 |
| Updated Date: |
11/11/2020 |
| Breach Count: |
7,104,998 |
| Content: |
Dates of birth, Email addresses, Genders, IP addresses, Names, Passwords, Physical addresses, Usernames |
| Domain: |
animaljam.com |
Description:
In October 2020, the online game for kids Animal Jam suffered a data breach which was subsequently shared through online hacking communities the following month. The data contained 46 million user accounts with over 7 million unique email addresses. Impacted data also included usernames, IP addresses and for some records, dates of birth (sometimes in partial form), physical addresses, parent names and passwords stored as PBKDF2 hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Mashable
| Added Date: |
11/9/2020 |
| Breach Date: |
6/1/2020 |
| Updated Date: |
11/9/2020 |
| Breach Count: |
1,414,677 |
| Content: |
Auth tokens, Email addresses, Genders, Geographic locations, IP addresses, Names, Partial dates of birth, Social media profiles |
| Domain: |
mashable.com |
Description:
In approximately mid-2020, Mashable suffered a data breach that subsequently turned up publicly in November 2020. The data included 1.4 million unique email addresses along with names, genders, expired auth tokens, physical locations, links to social media profiles and days and months of birth. The data was provided to HIBP by dehashed.com.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Lazada RedMart
| Added Date: |
11/9/2020 |
| Breach Date: |
7/30/2020 |
| Updated Date: |
11/9/2020 |
| Breach Count: |
1,107,789 |
| Content: |
Email addresses, Names, Partial credit card data, Passwords, Phone numbers, Physical addresses |
| Domain: |
redmart.lazada.sg |
Description:
In October 2020, news broke of Lazada RedMart data breach containing records as recent as July 2020 and being sold via an online marketplace. In all, the data contained 1.1 million customer email addresses alongside names, phone numbers, physical addresses, partial credit card numbers and passwords stored as SHA-1 hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
James
| Added Date: |
11/4/2020 |
| Breach Date: |
3/25/2020 |
| Updated Date: |
11/4/2020 |
| Breach Count: |
1,541,284 |
| Content: |
Email addresses, Geographic locations, Passwords |
| Domain: |
jamesdelivery.com.br |
Description:
In June 2020, 14 previously undisclosed data breaches appeared for sale including the Brazilian delivery service, "James". The breach occurred in March 2020 and exposed 1.5M unique email addresses, customer locations expressed in longitude and latitude and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Wongnai
| Added Date: |
11/4/2020 |
| Breach Date: |
10/28/2020 |
| Updated Date: |
11/4/2020 |
| Breach Count: |
3,924,454 |
| Content: |
Dates of birth, Email addresses, Geographic locations, IP addresses, Names, Passwords, Phone numbers, Social media profiles |
| Domain: |
wongnai.com |
Description:
In October 2020, 17 previously undisclosed data breaches appeared for sale including the Thai restaurant, hotel and attraction finding service, Wongnai. The breach exposed almost 4M unique customer records from some time during 2020 along with names, phone numbers, links to social media profiles and passwords stored as MD5 hashes. The data was self-submitted to HIBP by Wongnai.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Minted
| Added Date: |
11/3/2020 |
| Breach Date: |
5/6/2020 |
| Updated Date: |
11/3/2020 |
| Breach Count: |
4,418,182 |
| Content: |
Email addresses, Names, Passwords, Phone numbers, Physical addresses |
| Domain: |
minted.com |
Description:
In May 2020, the online marketplace for independent artists Minted suffered a data breach that exposed 4.4M unique customer records subsequently sold on a dark web marketplace. Exposed data also included names, physical addresses, phone numbers and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Promofarma
| Added Date: |
11/1/2020 |
| Breach Date: |
8/3/2019 |
| Updated Date: |
11/3/2020 |
| Breach Count: |
1,277,761 |
| Content: |
Email addresses, Names |
| Domain: |
promofarma.com |
Description:
In August 2019, a data breach from the Spanish online pharmacy Promofarma appeared for sale on a dark web marketplace. The breach exposed over 2.7M records and contained almost 1.3M unique customer email addresses. The data also included customer names and was provided to HIBP by dehashed.com.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
StarTribune
| Added Date: |
10/30/2020 |
| Breach Date: |
10/10/2019 |
| Updated Date: |
10/30/2020 |
| Breach Count: |
2,192,857 |
| Content: |
Dates of birth, Email addresses, Genders, Names, Passwords, Physical addresses, Usernames |
| Domain: |
startribune.com |
Description:
In October 2019, the Minnesota-based news service StarTribune suffered a data breach which was subsequently sold on the dark web. The breach exposed over 2 million unique email addresses alongside names, usernames, physical addresses, dates of birth, genders and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List:
Reincubate
| Added Date: |
10/29/2020 |
| Breach Date: |
5/11/2017 |
| Updated Date: |
10/29/2020 |
| Breach Count: |
616,146 |
| Content: |
Email addresses, Names, Passwords |
| Domain: |
reincubate.com |
Description:
In October 2020, the app data company Reincubate suffered a data breach which exposed a backup from November 2017 (the newest record in the data appeared several months earlier). The data included over 616k unique email addresses, names and passwords stored as PBKDF2 hashes.
Verified: ,
Fabricated: ,
Sensitive: ,
Active: ,
Retired: ,
Is Spam List: