5 | In July 2015, the torrent site Seedpeer was hacked and 282k member records 6 | were exposed. The data included usernames, email addresses and passwords 7 | stored as weak MD5 hashes. 8 |
9 | -------------------------------------------------------------------------------- /www/hibp/sumotorrent/index.html: -------------------------------------------------------------------------------- 1 |5 | In June 2014, the torrent site Sumo Torrent was hacked and 285k member records 6 | were exposed. The data included IP addresses, email addresses and passwords 7 | stored as weak MD5 hashes. 8 |
9 | -------------------------------------------------------------------------------- /www/hibp/interpals/index.html: -------------------------------------------------------------------------------- 1 |5 | In late 2015, the online penpal site InterPals had their website hacked and 6 | 3.4 million accounts exposed. The compromised data included email addresses, 7 | geographical locations, birthdates and salted hashes of passwords. 8 |
9 | -------------------------------------------------------------------------------- /www/hibp/nihonomaru/index.html: -------------------------------------------------------------------------------- 1 |5 | In late 2015, the anime community known as Nihonomaru had their vBulletin 6 | forum hacked and 1.7 million accounts exposed. The compromised data included 7 | email and IP addresses, usernames and salted hashes of passwords. 8 |
9 | -------------------------------------------------------------------------------- /www/hibp/mpgh/index.html: -------------------------------------------------------------------------------- 1 |5 | In October 2015, the multiplayer game hacking website 6 | MPGH was hacked and 3.1 million user 7 | accounts disclosed. The vBulletin forum breach contained usernames, email 8 | addresses, IP addresses and salted hashes of passwords. 9 |
10 | -------------------------------------------------------------------------------- /www/hibp/onverse/index.html: -------------------------------------------------------------------------------- 1 |5 | In January 2016, the online virtual world known as 6 | Onverse 7 | was hacked and 800k accounts were exposed. Along with email and IP addresses, 8 | the site also exposed salted MD5 password hashes. 9 |
10 | -------------------------------------------------------------------------------- /www/hibp/ovh/index.html: -------------------------------------------------------------------------------- 1 |5 | In mid-2015, the forum for the hosting provider known as 6 | OVH suffered 7 | a data breach. The vBulletin forum contained 453k accounts including 8 | usernames, email and IP addresses and passwords stored as salted MD5 hashes. 9 |
10 | -------------------------------------------------------------------------------- /www/hibp/wiiuiso/index.html: -------------------------------------------------------------------------------- 1 |5 | In September 2015, the Nintendo Wii U forum known as 6 | WIIU ISO 7 | was hacked and 458k accounts were exposed. Along with email and IP addresses, 8 | the vBulletin forum also exposed salted MD5 password hashes. 9 |
10 | -------------------------------------------------------------------------------- /www/hibp/mac-torrents/index.html: -------------------------------------------------------------------------------- 1 |5 | In October 2015, the torrent site 6 | Mac-Torrents 9 | was hacked and almost 94k usernames, email addresses and passwords were 10 | leaked. The passwords were hashed with MD5 and no salt. 11 |
12 | -------------------------------------------------------------------------------- /www/hibp/minecraftworldmap/index.html: -------------------------------------------------------------------------------- 1 |5 | In approximately January 2016, the Minecraft World Map site designed for 6 | sharing maps created for the game was hacked and over 71k user accounts were 7 | exposed. The data included usernames, email and IP addresses along with salted 8 | and hashed passwords. 9 |
10 | -------------------------------------------------------------------------------- /www/hibp/warinc/index.html: -------------------------------------------------------------------------------- 1 |5 | In mid-2012, the real-time strategy game 6 | War Inc. 7 | suffered a data breach. The attack resulted in the exposure of over 1 million 8 | accounts including usernames, email addresses and salted MD5 hashes of 9 | passwords. 10 |
11 | -------------------------------------------------------------------------------- /www/hibp/teracod/index.html: -------------------------------------------------------------------------------- 1 |5 | In May 2015, almost 100k user records were extracted from the Hungarian 6 | torrent site known as Teracod. The data was later discovered being torrented 7 | itself and included email addresses, passwords, private messages between 8 | members and the peering history of IP addresses using the service. 9 |
10 | -------------------------------------------------------------------------------- /www/hibp/pspiso/index.html: -------------------------------------------------------------------------------- 1 |5 | In approximately September 2015, the PlayStation PSP forum known as 6 | PSP ISO was 7 | hacked and almost 1.3 million accounts were exposed. Along with email and IP 8 | addresses, the vBulletin forum also exposed salted MD5 password hashes. 9 |
10 | -------------------------------------------------------------------------------- /www/hibp/thefappening/index.html: -------------------------------------------------------------------------------- 1 |5 | In December 2015, the forum for discussing naked celebrity photos known as 6 | "The Fappening" (named after the iCloud leaks of 2014) was 7 | compromised and 179k accounts were leaked. Exposed member data included 8 | usernames, email addresses and salted hashes of passwords. 9 |
10 | -------------------------------------------------------------------------------- /www/hibp/uiggy/index.html: -------------------------------------------------------------------------------- 1 |5 | In June 2016, the Facebook application known as 6 | Uiggy was 7 | hacked and 4.3M accounts were exposed, 2.7M of which had email addresses 8 | against them. The leaked accounts also exposed names, genders and the Facebook 9 | ID of the owners. 10 |
11 | -------------------------------------------------------------------------------- /www/hibp/acneorg/index.html: -------------------------------------------------------------------------------- 1 |5 | In November 2014, the acne website 6 | acne.org 7 | suffered a data breach that exposed over 430k forum members' accounts. The 8 | data was being actively traded on underground forums and included email 9 | addresses, birth dates and passwords. 10 |
11 | -------------------------------------------------------------------------------- /www/hibp/botoflegends/index.html: -------------------------------------------------------------------------------- 1 |5 | In November 2014, the forum for 6 | Bot of Legends 9 | suffered a data breach. The IP.Board forum contained 238k accounts including 10 | usernames, email and IP addresses and passwords stored as salted MD5 hashes. 11 |
12 | -------------------------------------------------------------------------------- /www/hibp/crackingforum/index.html: -------------------------------------------------------------------------------- 1 |5 | In approximately mid-2016, the cracking community forum known as 6 | CrackingForum 9 | suffered a data breach. The vBulletin based forum exposed 660k email and IP 10 | addresses, usernames and salted MD5 hashes. 11 |
12 | -------------------------------------------------------------------------------- /www/hibp/funimation/index.html: -------------------------------------------------------------------------------- 1 |5 | In July 2016, the anime site 6 | Funimation 9 | suffered a data breach that impacted 2.5 million accounts. The data contained 10 | usernames, email addresses, dates of birth and salted SHA1 hashes of 11 | passwords. 12 |
13 | -------------------------------------------------------------------------------- /www/hibp/modaco/index.html: -------------------------------------------------------------------------------- 1 |5 | In approximately January 2016, the UK based Android community known as 6 | MoDaCo 7 | suffered a data breach which exposed 880k subscriber identities. The data 8 | included email and IP addresses, usernames and passwords stored as salted MD5 9 | hashes. 10 |
11 | -------------------------------------------------------------------------------- /www/hibp/youku/index.html: -------------------------------------------------------------------------------- 1 |5 | In late 2016, the online Chinese video service 6 | Youku 7 | suffered a data breach. The incident exposed 92 million unique user accounts 8 | and corresponding MD5 password hashes. The data was contributed to Have I Been 9 | Pwned courtesy of rip@creep.im. 10 |
11 | -------------------------------------------------------------------------------- /www/hibp/avast/index.html: -------------------------------------------------------------------------------- 1 |5 | In May 2014, 6 | the Avast anti-virus forum was hacked 12 | and 423k member records were exposed. The Simple Machines Based forum included 13 | usernames, emails and password hashes. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/majorgeeks/index.html: -------------------------------------------------------------------------------- 1 |5 | In November 2015, almost 270k accounts from the 6 | MajorGeeks 9 | support forum were breached. The accounts were being actively sold and traded 10 | online and included email addresses, salted password hashes and IP addresses. 11 |
12 | -------------------------------------------------------------------------------- /.eleventy.js: -------------------------------------------------------------------------------- 1 | const pluginRss = require("@11ty/eleventy-plugin-rss"); 2 | 3 | module.exports = (eleventyConfig) => { 4 | eleventyConfig.addPlugin(pluginRss); 5 | 6 | eleventyConfig.addFilter("inspect", require("util").inspect); 7 | eleventyConfig.addFilter("arrSlice", (arr=[], len=10) => arr.slice(0, len)); 8 | eleventyConfig.addFilter("dateParse", str => new Date(str)); 9 | 10 | return { 11 | dir: { 12 | input: "src", 13 | output: "www" 14 | } 15 | }; 16 | }; 17 | -------------------------------------------------------------------------------- /www/hibp/2fast4u/index.html: -------------------------------------------------------------------------------- 1 |5 | In December 2017, the Belgian motorcycle forum 6 | 2fast4u 7 | discovered a data breach of their system. The breach of the vBulletin message 8 | board impacted over 17k individual users and exposed email addresses, 9 | usersnames and salted MD5 passwords. 10 |
11 | -------------------------------------------------------------------------------- /www/hibp/agusiqtorrents/index.html: -------------------------------------------------------------------------------- 1 |5 | In September 2019, Polish torrent site 6 | AgusiQ-Torrents.pl 9 | suffered a data breach. The incident exposed 90k member records including 10 | email and IP addresses, usernames and passwords stored as MD5 hashes. 11 |
12 | -------------------------------------------------------------------------------- /www/hibp/demonforums/index.html: -------------------------------------------------------------------------------- 1 |5 | In February 2019, the hacking forum 6 | Demon Forums 9 | suffered a data breach. The compromise of the vBulletin forum exposed 52k 10 | unique email addresses alongside usernames and passwords stored as salted MD5 11 | hashes. 12 |
13 | -------------------------------------------------------------------------------- /www/hibp/hongfire/index.html: -------------------------------------------------------------------------------- 1 |5 | In March 2015, the anime and manga forum 6 | HongFire 7 | suffered a data breach. The hack of their vBulletin forum led to the exposure 8 | of 1 million accounts along with email and IP addresses, usernames, dates of 9 | birth and salted MD5 passwords. 10 |
11 | -------------------------------------------------------------------------------- /www/hibp/mangafox/index.html: -------------------------------------------------------------------------------- 1 |5 | In approximately July 2016, the manga website known as 6 | mangafox.me 7 | suffered a data breach. The vBulletin based forum exposed 1.3 million accounts 8 | including usernames, email and IP addresses, dates of birth and salted MD5 9 | password hashes. 10 |
11 | -------------------------------------------------------------------------------- /www/hibp/xbox360iso/index.html: -------------------------------------------------------------------------------- 1 |5 | In approximately September 2015, the XBOX 360 forum known as 6 | XBOX360 ISO 9 | was hacked and 1.2 million accounts were exposed. Along with email and IP 10 | addresses, the vBulletin forum also exposed salted MD5 password hashes. 11 |
12 | -------------------------------------------------------------------------------- /www/hibp/cafemom/index.html: -------------------------------------------------------------------------------- 1 |5 | In 2014, the social network for mothers 6 | CafeMom 7 | suffered a data breach. The data surfaced alongside a number of other 8 | historical breaches including Kickstarter, Bitly and Disqus and contained 2.6 9 | million email addresses and plain text passwords. 10 |
11 | -------------------------------------------------------------------------------- /www/hibp/xat/index.html: -------------------------------------------------------------------------------- 1 |5 | In November 2015, the online chatroom known as 6 | "xat" was hacked 9 | and 6 million user accounts were exposed. Used as a chat engine on websites, 10 | the leaked data included usernames, email and IP addresses along with hashed 11 | passwords. 12 |
13 | -------------------------------------------------------------------------------- /src/pages/hibp.njk: -------------------------------------------------------------------------------- 1 | --- 2 | pagination: 3 | data: hibp 4 | size: 1 5 | alias: breach 6 | addAllPagesToCollections: true 7 | tags: 8 | - breach 9 | permalink: "/hibp/{{ breach.Name | slug }}/" 10 | eleventyComputed: 11 | title: "Breach: {{ breach.Title }}" 12 | date: "{{ breach.AddedDate }}" 13 | --- 14 | 15 |{{ breach.Description | safe }}
19 | -------------------------------------------------------------------------------- /www/hibp/btce/index.html: -------------------------------------------------------------------------------- 1 |5 | In October 2014, 6 | the Bitcoin exchange BTC-E was hacked 12 | and 568k accounts were exposed. The data included email and IP addresses, 13 | wallet balances and hashed passwords. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/d3scene/index.html: -------------------------------------------------------------------------------- 1 |5 | In January 2016, the gaming website D3Scene, suffered a data breach. The 6 | compromised vBulletin forum exposed 569k million email addresses, IP address, 7 | usernames and passwords stored as salted MD5 hashes. The data was provided to 8 | HIBP by 9 | dehashed.com. 11 |
12 | -------------------------------------------------------------------------------- /www/hibp/ffshrine/index.html: -------------------------------------------------------------------------------- 1 |5 | In September 2015, 6 | the Final Fantasy discussion forum known as FFShrine 9 | was breached and the data dumped publicly. Approximately 620k records were 10 | released containing email addresses, IP addresses and salted hashes of 11 | passwords. 12 |
13 | -------------------------------------------------------------------------------- /www/hibp/nulled/index.html: -------------------------------------------------------------------------------- 1 |5 | In May 2016, the cracking community forum known as 6 | Nulled.cr was 7 | hacked and 599k user accounts were leaked publicly. The compromised data 8 | included email and IP addresses, weak salted MD5 password hashes and hundreds 9 | of thousands of private messages between members. 10 |
11 | -------------------------------------------------------------------------------- /www/hibp/autocentrum/index.html: -------------------------------------------------------------------------------- 1 |5 | In February 2018, 6 | data belonging to the Polish motoring website autocentrum.pl was found 11 | online. The data contained 144k email addresses and plain text passwords. 13 |
14 | -------------------------------------------------------------------------------- /www/hibp/heroesofgaia/index.html: -------------------------------------------------------------------------------- 1 |5 | In early 2013, the online fantasy multiplayer game 6 | Heroes of Gaia 9 | suffered a data breach. The newest records in the data set indicate a breach 10 | date of 4 January 2013 and include usernames, IP and email addresses but no 11 | passwords. 12 |
13 | -------------------------------------------------------------------------------- /www/hibp/kimsufi/index.html: -------------------------------------------------------------------------------- 1 |5 | In mid-2015, the forum for the providers of affordable dedicated servers known 6 | as 7 | Kimsufi 8 | suffered a data breach. The vBulletin forum contained over half a million 9 | accounts including usernames, email and IP addresses and passwords stored as 10 | salted MD5 hashes. 11 |
12 | -------------------------------------------------------------------------------- /www/hibp/abandonia/index.html: -------------------------------------------------------------------------------- 1 |5 | In November 2015, the gaming website dedicated to classic DOS games 6 | Abandonia 9 | suffered a data breach resulting in the exposure of 776k unique user records. 10 | The data contained email and IP addresses, usernames and salted MD5 hashes of 11 | passwords. 12 |
13 | -------------------------------------------------------------------------------- /www/hibp/cheapassgamer/index.html: -------------------------------------------------------------------------------- 1 |5 | In approximately mid-2015, the forum for 6 | CheapAssGamer.com 9 | suffered a data breach. The database from the IP.Board based forum contained 10 | 445k accounts including usernames, email and IP addresses and salted MD5 11 | password hashes. 12 |
13 | -------------------------------------------------------------------------------- /www/hibp/gtagaming/index.html: -------------------------------------------------------------------------------- 1 |5 | In August 2016, the Grand Theft Auto forum 6 | GTAGaming was hacked and nearly 200k user accounts were leaked. The vBulletin based forum included usernames, email addresses and password 12 | hashes. 13 |
14 | -------------------------------------------------------------------------------- /www/hibp/hltv/index.html: -------------------------------------------------------------------------------- 1 |5 | In June 2016, the "home of competitive Counter Strike" website 6 | HLTV was hacked 12 | and 611k accounts were exposed. The attack led to the exposure of names, 13 | usernames, email addresses and bcrypt hashes of passwords. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/xbox-scene/index.html: -------------------------------------------------------------------------------- 1 |5 | In approximately February 2015, the Xbox forum known as 6 | Xbox-Scene 7 | was hacked and more than 432k accounts were exposed. The IP.Board forum 8 | included IP addresses and passwords stored as salted hashes using a weak 9 | implementation enabling many to be rapidly cracked. 10 |
11 | -------------------------------------------------------------------------------- /www/hibp/xsplit/index.html: -------------------------------------------------------------------------------- 1 |5 | In November 2013, the makers of gaming live streaming and recording software 6 | XSplit was compromised in an online attack. The data breach leaked almost 3M names, email addresses, usernames and 12 | hashed passwords. 13 |
14 | -------------------------------------------------------------------------------- /www/hibp/armyforceonline/index.html: -------------------------------------------------------------------------------- 1 |5 | In May 2016, the online gaming site 6 | Army Force Online 9 | suffered a data breach that exposed 1.5M accounts. The breached data was found 10 | being regularly traded online and included usernames, email and IP addresses 11 | and MD5 passwords. 12 |
13 | -------------------------------------------------------------------------------- /www/hibp/wildstar/index.html: -------------------------------------------------------------------------------- 1 |5 | In July 2015, the IP.Board forum for the gaming website 6 | WildStar 9 | suffered a data breach that exposed over 738k forum members' accounts. The 10 | data was being actively traded on underground forums and included email 11 | addresses, birth dates and passwords. 12 |
13 | -------------------------------------------------------------------------------- /www/hibp/bombujeu/index.html: -------------------------------------------------------------------------------- 1 |5 | In December 2018, the Slovak website for watching movies online for free 6 | Bombuj.eu 7 | suffered a data breach. The incident exposed over 575k unique email addresses 8 | and passwords stored as unsalted MD5 hashes. No response was received from 9 | Bombuj.eu when contacted about the incident. 10 |
11 | -------------------------------------------------------------------------------- /www/hibp/lotr/index.html: -------------------------------------------------------------------------------- 1 |5 | In August 2013, the interactive video game 6 | Lord of the Rings Online 9 | suffered a data breach that exposed over 1.1M players' accounts. The data was 10 | being actively traded on underground forums and included email addresses, 11 | birth dates and password hashes. 12 |
13 | -------------------------------------------------------------------------------- /www/hibp/ps3hax/index.html: -------------------------------------------------------------------------------- 1 |5 | In approximately July 2015, the Sony Playstation hacks and mods forum known as 6 | PS3Hax was 7 | hacked and more than 447k accounts were exposed. The vBulletin forum included 8 | IP addresses and passwords stored as salted hashes using a weak implementation 9 | enabling many to be rapidly cracked. 10 |
11 | -------------------------------------------------------------------------------- /www/hibp/psx-scene/index.html: -------------------------------------------------------------------------------- 1 |5 | In approximately February 2015, the Sony Playstation forum known as 6 | PSX-Scene 7 | was hacked and more than 340k accounts were exposed. The vBulletin forum 8 | included IP addresses and passwords stored as salted hashes using a weak 9 | implementation enabling many to be rapidly cracked. 10 |
11 | -------------------------------------------------------------------------------- /www/hibp/bannerbit/index.html: -------------------------------------------------------------------------------- 1 |5 | In approximately December 2018, the online ad platform 6 | BannerBit 7 | suffered a data breach. Containing 213k unique email addresses and plain text 8 | passwords, the data was provided to HIBP by a third party. Multiple attempts 9 | were made to contact BannerBit, but no response was received. 10 |
11 | -------------------------------------------------------------------------------- /www/hibp/ddo/index.html: -------------------------------------------------------------------------------- 1 |5 | In April 2013, the interactive video game 6 | Dungeons & Dragons Online 9 | suffered a data breach that exposed almost 1.6M players' accounts. The data 10 | was being actively traded on underground forums and included email addresses, 11 | birth dates and password hashes. 12 |
13 | -------------------------------------------------------------------------------- /www/hibp/ilikecheats/index.html: -------------------------------------------------------------------------------- 1 |5 | In October 2014, the game cheats website known as ILikeCheats suffered a data 6 | breach that exposed 189k accounts. The vBulletin based forum leaked usernames, 7 | IP and email addresses and weak MD5 hashes of passwords. The data was provided 8 | with support from 9 | dehashed.com. 11 |
12 | -------------------------------------------------------------------------------- /www/hibp/loungeboard/index.html: -------------------------------------------------------------------------------- 1 |5 | At some point in 2013, 45k accounts were 6 | breached from the Lounge Board "General Discussion Forum" and then dumped 8 | publicly. Lounge Board was a MyBB forum launched in 2012 and discontinued in mid 2013 10 | (the last activity in the logs was from August 2013). 11 |
12 | -------------------------------------------------------------------------------- /www/hibp/svenskamagic/index.html: -------------------------------------------------------------------------------- 1 |5 | Sometime in 2015, the Swedish magic website 6 | SvenskaMagic 9 | suffered a data breach that exposed over 30k records. The compromised data 10 | included usernames, email addresses and MD5 password hashes. The data was 11 | self-submitted to HIBP by SvenskaMagic. 12 |
13 | -------------------------------------------------------------------------------- /www/hibp/tianya/index.html: -------------------------------------------------------------------------------- 1 |5 | In December 2011, 6 | China's largest online forum known as Tianya was hacked 12 | and tens of millions of accounts were obtained by the attacker. The leaked 13 | data included names, usernames and email addresses. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/youporn/index.html: -------------------------------------------------------------------------------- 1 |5 | In February 2012, the adult website YouPorn 6 | had over 1.3M user accounts exposed in a data breach. The publicly released data included both email addresses and plain text 12 | passwords. 13 |
14 | -------------------------------------------------------------------------------- /www/hibp/boxee/index.html: -------------------------------------------------------------------------------- 1 |5 | In March 2014, the home theatre PC software maker Boxee had their forums 6 | compromised in an attack. The attackers obtained the entire vBulletin MySQL 7 | database and promptly posted it for download on the Boxee forum itself. The 8 | data included 160k users, password histories, private messages and a variety 9 | of other data exposed across nearly 200 publicly exposed tables. 10 |
11 | -------------------------------------------------------------------------------- /www/hibp/crackcommunity/index.html: -------------------------------------------------------------------------------- 1 |5 | In late 2013, the 6 | Crack Community 9 | forum specialising in cracks for games was compromised and over 19k accounts 10 | published online. Built on the MyBB forum platform, the compromised data 11 | included email addresses, IP addresses and salted MD5 passwords. 12 |
13 | -------------------------------------------------------------------------------- /www/hibp/serverpact/index.html: -------------------------------------------------------------------------------- 1 |5 | In mid-2015, the Dutch Minecraft site 6 | ServerPact was hacked 12 | and 73k accounts were exposed. Along with birth dates, email and IP addresses, 13 | the site also exposed SHA1 password hashes with the username as the salt. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/sktorrent/index.html: -------------------------------------------------------------------------------- 1 |5 | In February 2016, the Slovak torrent tracking site SkTorrent 6 | was hacked and over 117k records leaked online. The data dump included usernames, email addresses and passwords stored in 12 | plain text. 13 |
14 | -------------------------------------------------------------------------------- /www/hibp/thetvdb/index.html: -------------------------------------------------------------------------------- 1 |5 | In November 2017, the open television database known as 6 | TheTVDB.com suffered a data breach. The breached data was posted to a hacking forum and included 182k records 12 | with usernames, email addresses and MySQL password hashes. 13 |
14 | -------------------------------------------------------------------------------- /www/hibp/aternos/index.html: -------------------------------------------------------------------------------- 1 |5 | In December 2015, the service for creating and running free Minecraft servers 6 | known as 7 | Aternos suffered a data breach that impacted 1.4 million subscribers. The data included usernames, email and IP addresses and hashed passwords. 13 |
14 | -------------------------------------------------------------------------------- /www/hibp/flashflashrevolution/index.html: -------------------------------------------------------------------------------- 1 |5 | In February 2016, the music-based rhythm game known as 6 | Flash Flash Revolution 9 | was hacked and 1.8M accounts were exposed. Along with email and IP addresses, 10 | the vBulletin forum also exposed salted MD5 password hashes. 11 |
12 | -------------------------------------------------------------------------------- /www/hibp/gamigo/index.html: -------------------------------------------------------------------------------- 1 |5 | In March 2012, the German online game publisher Gamigo 6 | was hacked 12 | and more than 8 million accounts publicly leaked. The breach included email 13 | addresses and passwords stored as weak MD5 hashes with no salt. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/kickstarter/index.html: -------------------------------------------------------------------------------- 1 |5 | In February 2014, the crowdfunding platform 6 | Kickstarter announced they'd suffered a data breach. The breach contained almost 5.2 million unique email addresses, usernames 12 | and salted SHA1 hashes of passwords. 13 |
14 | -------------------------------------------------------------------------------- /www/hibp/ancestry/index.html: -------------------------------------------------------------------------------- 1 |5 | In November 2015, an Ancestry service known as 6 | RootsWeb suffered a data breach. The breach was not discovered until late 2017 when a file containing almost 12 | 300k email addresses and plain text passwords was identified. 13 |
14 | -------------------------------------------------------------------------------- /www/hibp/blackhatworld/index.html: -------------------------------------------------------------------------------- 1 |5 | In June 2014, the search engine optimisation forum 6 | Black Hat World 9 | had three quarters of a million accounts breached from their system. The 10 | breach included various personally identifiable attributes which were publicly 11 | released in a MySQL database script. 12 |
13 | -------------------------------------------------------------------------------- /www/hibp/dailymotion/index.html: -------------------------------------------------------------------------------- 1 |5 | In October 2016, the video sharing platform 6 | Dailymotion suffered a data breach. The attack led to the exposure of more than 85 million user accounts and 12 | included email addresses, usernames and bcrypt hashes of passwords. 13 |
14 | -------------------------------------------------------------------------------- /www/hibp/lookbook/index.html: -------------------------------------------------------------------------------- 1 |5 | In August 2012, the fashion site 6 | Lookbook suffered a data breach. The data later appeared listed for sale in June 2016 and included 1.1 12 | million usernames, email and IP addresses, birth dates and plain text 13 | passwords. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/minefield/index.html: -------------------------------------------------------------------------------- 1 |5 | In June 2015, the French Minecraft server known as 6 | Minefield 9 | was hacked and 188k member records were exposed. The IP.Board forum included 10 | email and IP addresses, birth dates and passwords stored as salted hashes 11 | using a weak implementation enabling many to be rapidly cracked. 12 |
13 | -------------------------------------------------------------------------------- /www/hibp/pokebip/index.html: -------------------------------------------------------------------------------- 1 |5 | In July 2015, the French Pokémon site 6 | Pokébip suffered a data breach 12 | which exposed 657k subscriber identities. The data included email and IP 13 | addresses, usernames and passwords stored as unsalted MD5 hashes. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/solomid/index.html: -------------------------------------------------------------------------------- 1 |5 | In December 2014, the electronic sports organisation known as 6 | Team SoloMid was hacked 12 | and 442k members accounts were leaked. The accounts included email and IP 13 | addresses, usernames and salted hashes of passwords. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/gamerzplanet/index.html: -------------------------------------------------------------------------------- 1 |5 | In approximately October 2015, the online gaming forum known as 6 | Gamerzplanet 9 | was hacked and more than 1.2M accounts were exposed. The vBulletin forum 10 | included IP addresses and passwords stored as salted hashes using a weak 11 | implementation enabling many to be rapidly cracked. 12 |
13 | -------------------------------------------------------------------------------- /www/hibp/bitly/index.html: -------------------------------------------------------------------------------- 1 |5 | In May 2014, the link management company 6 | Bitly announced they'd suffered a data breach. The breach contained over 9.3 million unique email addresses, usernames and 12 | hashed passwords, most using SHA1 with a small number using bcrypt. 13 |
14 | -------------------------------------------------------------------------------- /www/hibp/evony/index.html: -------------------------------------------------------------------------------- 1 |5 | In June 2016, the online multiplayer game 6 | Evony was hacked 12 | and over 29 million unique accounts were exposed. The attack led to the 13 | exposure of usernames, email and IP addresses and MD5 hashes of passwords 14 | (without salt). 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/morelenet/index.html: -------------------------------------------------------------------------------- 1 |5 | In October 2018, the Polish e-commerce website 6 | Morele.net suffered a data breach. The incident exposed almost 2.5 million unique email addresses alongside 12 | phone numbers, names and passwords stored as md5crypt hashes. 13 |
14 | -------------------------------------------------------------------------------- /www/hibp/myvidster/index.html: -------------------------------------------------------------------------------- 1 |5 | In August 2015, the social video sharing and bookmarking site 6 | MyVidster was hacked 12 | and nearly 20,000 accounts were dumped online. The dump included usernames, 13 | email addresses and hashed passwords. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/ownedcore/index.html: -------------------------------------------------------------------------------- 1 |5 | In approximately August 2013, the World of Warcraft exploits forum known as 6 | OwnedCore 9 | was hacked and more than 880k accounts were exposed. The vBulletin forum 10 | included IP addresses and passwords stored as salted hashes using a weak 11 | implementation enabling many to be rapidly cracked. 12 |
13 | -------------------------------------------------------------------------------- /www/hibp/pokemonnegro/index.html: -------------------------------------------------------------------------------- 1 |5 | In approximately October 2016, the Spanish Pokémon site 6 | Pokémon Negro 9 | suffered a data breach. The attack resulted in the disclosure of 830k accounts 10 | including email and IP addresses along with plain text passwords. Pokémon 11 | Negro did not respond when contacted about the breach. 12 |
13 | -------------------------------------------------------------------------------- /www/hibp/mappery/index.html: -------------------------------------------------------------------------------- 1 |5 | In December 2018, the mapping website 6 | Mappery 7 | suffered a data breach that exposed over 205k unique email addresses. The 8 | incident also exposed usernames, the geographic location of the user and 9 | passwords stored as unsalted SHA-1 hashes. No response was received from 10 | Mappery when contacted about the incident. 11 |
12 | -------------------------------------------------------------------------------- /www/hibp/plex/index.html: -------------------------------------------------------------------------------- 1 |5 | In July 2015, the discussion forum for Plex media centre 6 | was hacked and over 327k accounts exposed. The IP.Board forum included IP addresses and passwords stored as salted 12 | hashes using a weak implementation enabling many to be rapidly cracked. 13 |
14 | -------------------------------------------------------------------------------- /www/hibp/wpt/index.html: -------------------------------------------------------------------------------- 1 |5 | In January 2014, the 6 | World Poker Tour (WPT) Amateur Poker League website 9 | was hacked by the Twitter user @smitt3nz. The attack resulted in the public 10 | disclosure of 175,000 accounts including 148,000 email addresses. The plain 11 | text password for each account was also included in the breach. 12 |
13 | -------------------------------------------------------------------------------- /www/hibp/xkcd/index.html: -------------------------------------------------------------------------------- 1 |5 | In July 2019, 6 | the forum for webcomic XKCD 9 | suffered a data breach that impacted 562k subscribers. The breached phpBB 10 | forum leaked usernames, email and IP addresses and passwords stored in MD5 11 | phpBB3 format. The data was provided to HIBP by white hat security researcher 12 | and data analyst Adam Davies. 13 |
14 | -------------------------------------------------------------------------------- /www/hibp/dangdang/index.html: -------------------------------------------------------------------------------- 1 |5 | In 2011, the Chinese e-commerce site 6 | Dangdang suffered a data breach. The incident exposed over 4.8 million unique email addresses which were 12 | subsequently traded online over the ensuing years. 13 |
14 | -------------------------------------------------------------------------------- /www/hibp/emuparadise/index.html: -------------------------------------------------------------------------------- 1 |5 | In April 2018, the self-proclaimed "biggest retro gaming website on 6 | earth", Emuparadise, suffered a data breach. The compromised vBulletin 7 | forum exposed 1.1 million email addresses, IP address, usernames and passwords 8 | stored as salted MD5 hashes. The data was provided to HIBP by 9 | dehashed.com. 11 |
12 | -------------------------------------------------------------------------------- /www/hibp/patreon/index.html: -------------------------------------------------------------------------------- 1 |5 | In October 2015, the crowdfunding site 6 | Patreon was hacked 12 | and over 16GB of data was released publicly. The dump included almost 14GB of 13 | database records with more than 2.3M unique email addresses and millions of 14 | personal messages. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/torrentinvites/index.html: -------------------------------------------------------------------------------- 1 |5 | In December 2013, the torrent site 6 | Torrent Invites was hacked 12 | and over 352k accounts were exposed. The vBulletin forum contained usernames, 13 | email and IP addresses, birth dates and salted MD5 hashes of passwords. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/shotbow/index.html: -------------------------------------------------------------------------------- 1 |5 | In May 2016, the multiplayer server for Minecraft service 6 | Shotbow announced they'd suffered a data breach. The incident resulted in the exposure of over 1 million unique email 12 | addresses, usernames and salted SHA-256 password hashes. 13 |
14 | -------------------------------------------------------------------------------- /www/hibp/hemmelig/index.html: -------------------------------------------------------------------------------- 1 |5 | In December 2011, Norway's largest online sex shop hemmelig.com was 6 | hacked by a collective calling themselves "Team Appunity". The attack exposed over 28,000 usernames and email addresses along with 12 | nicknames, gender, year of birth and unsalted MD5 password hashes. 13 |
14 | -------------------------------------------------------------------------------- /www/hibp/phpfreaks/index.html: -------------------------------------------------------------------------------- 1 |5 | In October 2015, the PHP discussion board 6 | PHP Freaks was hacked 12 | and 173k user accounts were publicly leaked. The breach included multiple 13 | personal data attributes as well as salted and hashed passwords. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/trillian/index.html: -------------------------------------------------------------------------------- 1 |5 | In December 2015, the instant messaging application 6 | Trillian suffered a data breach. The breach became known in July 2016 and exposed various personal data 12 | attributes including names, email addresses and passwords stored as salted MD5 13 | hashes. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/muslimmatch/index.html: -------------------------------------------------------------------------------- 1 |5 | In June 2016, 6 | the Muslim Match dating website had 150k email addresses exposed. The data included private chats and messages between relationship seekers 12 | and numerous other personal attributes including passwords hashed with MD5. 13 |
14 | -------------------------------------------------------------------------------- /www/hibp/planetcalypso/index.html: -------------------------------------------------------------------------------- 1 |5 | In approximately July 2019, 6 | the forums for the Planet Calypso game suffered a data breach. The breach of the vBulletin based forum exposed email and IP addresses, 12 | usernames and passwords stored as salted MD5 hashes. 13 |
14 | -------------------------------------------------------------------------------- /www/hibp/ahashare/index.html: -------------------------------------------------------------------------------- 1 |5 | In May 2013, the torrent site 6 | AhaShare.com suffered a breach which 7 | resulted in more than 180k user accounts being published publicly. The breach 8 | included a raft of personal information on registered users plus despite 9 | assertions of not distributing personally identifiable information, the site 10 | also leaked the IP addresses used by the registered identities. 11 |
12 | -------------------------------------------------------------------------------- /www/hibp/bittorrent/index.html: -------------------------------------------------------------------------------- 1 |5 | In January 2016, the forum for the popular torrent software 6 | BitTorrent was hacked. The IP.Board based forum stored passwords as weak SHA1 salted hashes and 12 | the breached data also included usernames, email and IP addresses. 13 |
14 | -------------------------------------------------------------------------------- /www/hibp/epicnpc/index.html: -------------------------------------------------------------------------------- 1 |5 | In January 2016, the hacked account reseller 6 | EpicNPC 7 | suffered a data breach that impacted 409k subscribers. The impacted data 8 | included usernames, IP and email addresses and passwords stored as salted MD5 9 | hashes. The data was provided to HIBP by 10 | dehashed.com. 12 |
13 | -------------------------------------------------------------------------------- /www/hibp/tumblr/index.html: -------------------------------------------------------------------------------- 1 |5 | In early 2013, 6 | tumblr suffered a data breach 12 | which resulted in the exposure of over 65 million accounts. The data was later 13 | put up for sale on a dark market website and included email addresses and 14 | passwords stored as salted SHA1 hashes. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/whmcs/index.html: -------------------------------------------------------------------------------- 1 |5 | In May 2012, the web hosting, billing and automation company 6 | WHMCS suffered a data breach 12 | that exposed 134k email addresses. The breach included extensive information 13 | about customers and payment histories including partial credit card numbers. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/atlasquantum/index.html: -------------------------------------------------------------------------------- 1 |5 | In August 2018, the cryptocurrency investment platform 6 | Atlas Quantum suffered a data breach. The breach leaked the personal data of 261k investors on the platform 12 | including their names, phone numbers, email addresses and account balances. 13 |
14 | -------------------------------------------------------------------------------- /www/hibp/forumcommunity/index.html: -------------------------------------------------------------------------------- 1 |5 | In approximately mid-2016, the Italian-based service for creating forums known 6 | as 7 | ForumCommunity 10 | suffered a data breach. The incident impacted over 776k unique email addresses 11 | along with usernames and unsalted MD5 password hashes. No response was 12 | received from ForumCommunity when contacted. 13 |
14 | -------------------------------------------------------------------------------- /www/hibp/sweclockers/index.html: -------------------------------------------------------------------------------- 1 |5 | In early 2015, the Swedish tech news site 6 | SweClockers was hacked 12 | and 255k accounts were exposed. The attack led to the exposure of usernames, 13 | email addresses and salted hashes of passwords stored with a combination of 14 | MD5 and SHA512. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/androidforums/index.html: -------------------------------------------------------------------------------- 1 |5 | In October 2011, the Android Forums website 6 | was hacked 12 | and 745k user accounts were subsequently leaked publicly. The compromised data 13 | included email addresses, user birth dates and passwords stored as a salted 14 | MD5 hash. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/minehut/index.html: -------------------------------------------------------------------------------- 1 |5 | In May 2019, the Minecraft server website 6 | Minehut 7 | suffered a data breach. The company advised a database backup had been 8 | obtained after which they subsequently notified all impacted users. 397k email 9 | addresses from the incident were provided to HIBP. A data set with both email 10 | addresses and bcrypt password hashes was also later provided to HIBP. 11 |
12 | -------------------------------------------------------------------------------- /www/hibp/vianet/index.html: -------------------------------------------------------------------------------- 1 |5 | In April 2020, the Nepalese internet service provider 6 | Vianet suffered a data breach. The attack on the ISP led to the exposure of 177k customer records 12 | including 94k unique email addresses. Also exposed were names, phone numbers 13 | and physical addresses. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/mathway/index.html: -------------------------------------------------------------------------------- 1 |5 | In January 2020, the math solving website 6 | Mathway suffered a data breach that exposed over 25M records. The data was subsequently sold on a dark web marketplace and included 12 | names, Google and Facebook IDs, email addresses and salted password hashes. 13 |
14 | -------------------------------------------------------------------------------- /www/hibp/unicocampania/index.html: -------------------------------------------------------------------------------- 1 |5 | In August 2020, the Neapolitan public transport website 6 | Unico Campania was hacked and the data extensively circulated. The breach contained 166k user records with email addresses and plain text 12 | passwords. 13 |
14 | -------------------------------------------------------------------------------- /www/hibp/epicgames/index.html: -------------------------------------------------------------------------------- 1 |5 | In August 2016, 6 | the Epic Games forum suffered a data breach, allegedly due to a SQL injection vulnerability in vBulletin. The attack 12 | resulted in the exposure of 252k accounts including usernames, email addresses 13 | and salted MD5 hashes of passwords. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/kiwifarms/index.html: -------------------------------------------------------------------------------- 1 |5 | In September 2019, the forum for discussing "lolcows" (people who 6 | can be milked for laughs) 7 | Kiwi Farms suffered a data breach. The disclosure notice advised that email and IP addresses, dates of birth 13 | and content created by members were all exposed in the incident. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/linuxmint/index.html: -------------------------------------------------------------------------------- 1 |5 | In February 2016, the website for the Linux distro known as Linux Mint 6 | was hacked and the ISO infected with a backdoor. The site also ran a phpBB forum which was subsequently put up for sale 12 | complete with almost 145k email addresses, passwords and other personal 13 | subscriber information. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/malwarebytes/index.html: -------------------------------------------------------------------------------- 1 |5 | In November 2014, the 6 | Malwarebytes forum was hacked 12 | and 111k member records were exposed. The IP.Board forum included email and IP 13 | addresses, birth dates and passwords stored as salted hashes using a weak 14 | implementation enabling many to be rapidly cracked. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/qip/index.html: -------------------------------------------------------------------------------- 1 |5 | In mid-2011, the Russian instant messaging service known as 6 | QIP (Quiet Internet Pager) suffered a data breach. The attack resulted in the disclosure of over 26 million unique accounts 12 | including email addresses and passwords with the data eventually appearing in 13 | public years later. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/reincubate/index.html: -------------------------------------------------------------------------------- 1 |5 | In October 2020, the app data company 6 | Reincubate suffered a data breach 12 | which exposed a backup from November 2017 (the newest record in the data 13 | appeared several months earlier). The data included over 616k unique email 14 | addresses, names and passwords stored as PBKDF2 hashes. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/starnet/index.html: -------------------------------------------------------------------------------- 1 |5 | In February 2015, the Moldavian ISP "StarNet" 6 | had it's database published online. The dump included nearly 140k email addresses, many with personal details 12 | including contact information, usage patterns of the ISP and even passport 13 | numbers. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/cannabisforum/index.html: -------------------------------------------------------------------------------- 1 |5 | In February 2014, the vBulletin forum for the Marijuana site cannabis.com was 6 | breached and 7 | leaked publicly. Whilst there has been no public attribution of the breach, the leaked data 13 | included over 227k accounts and nearly 10k private messages between users of 14 | the forum. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/devkitpro/index.html: -------------------------------------------------------------------------------- 1 |5 | In February 2019, 6 | the devkitPro forum suffered a data breach. The phpBB based forum had 1,508 unique email addresses exposed in the 12 | breach alongside forum posts, private messages and passwords stored as weak 13 | salted hashes. The data breach was self-submitted to HIBP by the forum 14 | operator. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/htcmania/index.html: -------------------------------------------------------------------------------- 1 |5 | In January 2020, the Spanish mobile phone forum 6 | HTC Mania 9 | suffered a data breach of the vBulletin based site. The incident exposed 1.5M 10 | member email addresses, usernames, IP addresses, dates of birth and salted MD5 11 | password hashes and password histories. Data from the breach was subsequently 12 | redistributed on popular hacking websites. 13 |
14 | -------------------------------------------------------------------------------- /www/hibp/hub4tech/index.html: -------------------------------------------------------------------------------- 1 |5 | On an unknown date in approximately 2017, the Indian training and assessment 6 | service known as 7 | Hub4Tech 10 | suffered a data breach via a SQL injection attack. The incident exposed almost 11 | 37k unique email addresses and passwords stored as unsalted MD5 hashes. No 12 | response was received from Hub4Tech when contacted about the incident. 13 |
14 | -------------------------------------------------------------------------------- /www/hibp/utorrent/index.html: -------------------------------------------------------------------------------- 1 |5 | In early 2016, the forum for the uTorrent BitTorrent client 6 | suffered a data breach 12 | which came to light later in the year. The database from the IP.Board based 13 | forum contained 395k accounts including usernames, email addresses and MD5 14 | password hashes without a salt. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/elance/index.html: -------------------------------------------------------------------------------- 1 |5 | Sometime in 2009, staffing platform 6 | Elance suffered a data breach that impacted 1.3 million accounts. Appearing online 8 years later, the data contained usernames, email 12 | addresses, phone numbers and SHA1 hashes of passwords, amongst other personal 13 | data. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/everybodyedits/index.html: -------------------------------------------------------------------------------- 1 |5 | In March 2019, the multiplayer platform game 6 | Everybody Edits suffered a data breach. The incident exposed 871k unique email addresses alongside usernames and IP 12 | addresses. The data was subsequently distributed online across a collection of 13 | files. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/glofox/index.html: -------------------------------------------------------------------------------- 1 |5 | In March 2020, the Irish gym management software company 6 | Glofox suffered a data breach which exposed 2.3M membership records. The data included email addresses, names, phone numbers, genders, dates of 12 | birth and passwords stored as unsalted MD5 hashes. 13 |
14 | -------------------------------------------------------------------------------- /www/hibp/linuxforums/index.html: -------------------------------------------------------------------------------- 1 |5 | In May 2018, 6 | the Linux Forums website 9 | suffered a data breach which resulted in the disclosure of 276k unique email 10 | addresses. Running on an old version of vBulletin, the breach also disclosed 11 | usernames, IP addresses and salted MD5 password hashes. Linux Forums did not 12 | respond to multiple attempts to contact them about the breach. 13 |
14 | -------------------------------------------------------------------------------- /www/hibp/neteller/index.html: -------------------------------------------------------------------------------- 1 |5 | In May 2010, the e-wallet service known as Neteller 6 | suffered a data breach which exposed over 3.6M customers. The breach was not discovered until October 2015 and included names, email 12 | addresses, home addresses and account balances. 13 |
14 | -------------------------------------------------------------------------------- /www/hibp/nonnudegirls/index.html: -------------------------------------------------------------------------------- 1 |5 | In May 2013, the non-consensual voyeurism site 6 | "Non Nude Girls" suffered a data breach. The hack of the vBulletin forum led to the exposure of over 75k accounts 12 | along with email and IP addresses, names and plain text passwords. 13 |
14 | -------------------------------------------------------------------------------- /www/hibp/underworldempire/index.html: -------------------------------------------------------------------------------- 1 |5 | In April 2017, 6 | the vBulletin forum for the Underworld Empire game 9 | suffered a data breach that exposed 429k accounts. The data was then posted to 10 | a hacking forum in mid-February 2018 where it was made available to download. 11 | The source data contained IP and email addresses, usernames and salted MD5 12 | hashes. 13 |
14 | -------------------------------------------------------------------------------- /www/hibp/unrealengine/index.html: -------------------------------------------------------------------------------- 1 |5 | In August 2016, 6 | the Unreal Engine Forum suffered a data breach, allegedly due to a SQL injection vulnerability in vBulletin. The attack 12 | resulted in the exposure of 530k accounts including usernames, email addresses 13 | and salted MD5 hashes of passwords. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/verified/index.html: -------------------------------------------------------------------------------- 1 |5 | In January 2014, 6 | one of the largest communities of Eastern Europe cybercriminals known as 11 | "Verified" was hacked. The breach exposed nearly 17k users of the vBulletin forum including their 13 | personal messages and other potentially personally identifiable information. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/crackedto/index.html: -------------------------------------------------------------------------------- 1 |5 | In July 2019, the hacking website 6 | Cracked.to 7 | suffered a data breach. There were 749k unique email addresses spread across 8 | 321k forum users and other tables in the database. A rival hacking website 9 | claimed responsibility for breaching the MyBB based forum which disclosed 10 | email and IP addresses, usernames, private messages and passwords stored as 11 | bcrypt hashes. 12 |
13 | -------------------------------------------------------------------------------- /www/hibp/imesh/index.html: -------------------------------------------------------------------------------- 1 |5 | In September 2013, the media and file sharing client known as 6 | iMesh was hacked and approximately 50M accounts were exposed. The data was later put up for sale on a dark market website in mid-2016 and 12 | included email and IP addresses, usernames and salted MD5 hashes. 13 |
14 | -------------------------------------------------------------------------------- /www/hibp/peatix/index.html: -------------------------------------------------------------------------------- 1 |5 | In January 2019, the event organising platform 6 | Peatix suffered a data breach. The incident exposed 4.2M email addresses, names and salted password 12 | hashes. The data was provided to HIBP by 13 | dehashed.com. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/animegame/index.html: -------------------------------------------------------------------------------- 1 |5 | In February 2020, the gaming website 6 | AnimeGame 7 | suffered a data breach. The incident affected 1.4M subscribers and exposed 8 | email addresses, usernames and passwords stored as salted MD5 hashes. The data 9 | was subsequently shared on a popular hacking forum and was provided to HIBP by 10 | dehashed.com. 12 |
13 | -------------------------------------------------------------------------------- /www/hibp/cdprojektred/index.html: -------------------------------------------------------------------------------- 1 |5 | In March 2016, 6 | Polish game developer CD Projekt RED suffered a data breach. The hack of their forum led to the exposure of almost 1.9 million accounts 12 | along with usernames, email addresses and salted SHA1 passwords. 13 |
14 | -------------------------------------------------------------------------------- /www/hibp/comcast/index.html: -------------------------------------------------------------------------------- 1 |5 | In November 2015, the US internet and cable TV provider Comcast 6 | suffered a data breach that exposed 590k customer email addresses and plain 11 | text passwords. A further 27k accounts appeared with home addresses with the entire data 13 | set being sold on underground forums. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/faceup/index.html: -------------------------------------------------------------------------------- 1 |5 | In 2013, the Danish social media site 6 | FaceUP 7 | suffered a data breach. The incident exposed 87k unique email addresses 8 | alongside genders, dates of birth, names, phone numbers and passwords stored 9 | as unsalted MD5 hashes. When notified of the incident, FaceUP advised they had 10 | identified a SQL injection vulnerability at the time and forced password 11 | resets on impacted customers. 12 |
13 | -------------------------------------------------------------------------------- /www/hibp/napsgear/index.html: -------------------------------------------------------------------------------- 1 |5 | In October 2015, the anabolic steroids retailer 6 | NapsGear suffered a data breach. An extensive amount of personal information on 287k customers was exposed 12 | including email addresses, names, addresses, phone numbers, purchase histories 13 | and salted MD5 password hashes. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/nextgenupdate/index.html: -------------------------------------------------------------------------------- 1 |5 | Early in 2014, the video game website 6 | NextGenUpdate 9 | reportedly 10 | suffered a data breach 13 | that disclosed almost 1.2 million accounts. Amongst the data breach was 14 | usernames, email addresses, IP addresses and salted and hashed passwords. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/voidto/index.html: -------------------------------------------------------------------------------- 1 |5 | In June 2019, the hacking website 6 | Void.to suffered 7 | a data breach. There were 95k unique email addresses spread across 86k forum 8 | users and other tables in the database. A rival hacking website claimed 9 | responsibility for breaching the MyBB based forum which disclosed email and IP 10 | addresses, usernames, private messages and passwords stored as either salted 11 | MD5 or bcrypt hashes. 12 |
13 | -------------------------------------------------------------------------------- /www/hibp/artvalue/index.html: -------------------------------------------------------------------------------- 1 |5 | In June 2019, the France-based art valuation website 6 | Artvalue.com 7 | left their 158k member subscriber base publicly exposed in a text file on 8 | their website. The exposed data included names, usernames, email addresses and 9 | passwords stored as MD5 hashes. The site operator did not respond when 10 | contacted about the incident, although the exposed file was subsequently 11 | removed. 12 |
13 | -------------------------------------------------------------------------------- /www/hibp/babynames/index.html: -------------------------------------------------------------------------------- 1 |5 | In approximately 2008, the site to help parents name their children known as 6 | Baby Names 9 | suffered a data breach. The incident exposed 846k email addresses and 10 | passwords stored as salted MD5 hashes. When contacted in October 2018, Baby 11 | Names advised that "the breach happened at least ten years ago" and 12 | that members were notified at the time. 13 |
14 | -------------------------------------------------------------------------------- /www/hibp/beautifulpeople/index.html: -------------------------------------------------------------------------------- 1 |5 | In November 2015, the dating website 6 | Beautiful People was hacked 12 | and over 1.1M accounts were leaked. The data was being traded in underground 13 | circles and included a huge amount of personal information related to dating. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/dafont/index.html: -------------------------------------------------------------------------------- 1 |5 | In May 2017, 6 | font sharing site DaFont suffered a data breach 12 | resulting in the exposure of 637k records. Allegedly due to a SQL injection 13 | vulnerability exploited by multiple parties, the exposed data included 14 | usernames, email addresses and passwords stored as MD5 without a salt. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/dvdshopch/index.html: -------------------------------------------------------------------------------- 1 |5 | In December 2017, the online Swiss DVD store known as 6 | dvd-shop.ch suffered a data breach. The incident led to the exposure of 68k email addresses and plain text 12 | passwords. The site has since been updated to indicate that it is currently 13 | closed. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/gametuts/index.html: -------------------------------------------------------------------------------- 1 |5 | Likely in early 2015, the video game website GameTuts suffered a data breach 6 | and over 2 million user accounts were exposed. The site later 7 | shut down in July 2016 13 | but was identified as having been hosted on a vBulletin forum. The exposed 14 | data included usernames, email and IP addresses and salted MD5 hashes. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/gpsunderground/index.html: -------------------------------------------------------------------------------- 1 |5 | In early 2017, 6 | GPS Underground was amongst a collection of compromised vBulletin websites 11 | that were found being sold online. The breach dated back to mid-2016 and included 670k records with usernames, 13 | email and IP addresses, dates of birth and salted MD5 password hashes. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/r2-2017/index.html: -------------------------------------------------------------------------------- 1 |5 | In early 2017, the forum for the gaming website 6 | R2 Games was hacked. R2 had previously appeared on HIBP in 2015 after a prior incident. This one 12 | exposed over 1 million unique user accounts and corresponding MD5 password 13 | hashes with no salt. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/russianamerica/index.html: -------------------------------------------------------------------------------- 1 |5 | In approximately 2017, the website for Russian speakers in America known as 6 | Russian America 9 | suffered a data breach. The incident exposed 183k unique records including 10 | names, email addresses, phone numbers and passwords stored in both plain text 11 | and as MD5 hashes. Russian America was contacted about the breach but did not 12 | respond. 13 |
14 | -------------------------------------------------------------------------------- /www/hibp/slickwraps/index.html: -------------------------------------------------------------------------------- 1 |5 | In February 2020, the online store for consumer electronics wraps 6 | Slickwraps suffered a data breach. The incident resulted in the exposure of 858k unique email addresses across 12 | customer records and newsletter subscribers. Additional impacted data included 13 | names, physical addresses, phone numbers and purchase histories. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/tamodo/index.html: -------------------------------------------------------------------------------- 1 |5 | In February 2020, the affiliate marketing network 6 | Tamodo 7 | suffered a data breach which was subsequently shared on a popular hacking 8 | forum. The incident exposed almost 500k accounts including names, email 9 | addresses, dates of birth and passwords stored as bcrypt hashes. Tamodo failed 10 | to respond to multiple attempts to report the breach via published 11 | communication channels. 12 |
13 | -------------------------------------------------------------------------------- /www/hibp/vk/index.html: -------------------------------------------------------------------------------- 1 |5 | In approximately 2012, the Russian social media site known as 6 | VK was hacked 12 | and almost 100 million accounts were exposed. The data emerged in June 2016 13 | where it was being sold via a dark market website and included names, phone 14 | numbers email addresses and plain text passwords. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/win7vista/index.html: -------------------------------------------------------------------------------- 1 |5 | In September 2013, the 6 | Win7Vista 9 | Windows forum (since renamed to the "Beyond Windows 9" forum) was hacked and 10 | later 11 | had its internal database dumped. The dump included over 200k members’ personal information and other 14 | internal data extracted from the forum. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/wizishop/index.html: -------------------------------------------------------------------------------- 1 |5 | In July 2020, the French e-commerce platform 6 | WiziShop 7 | suffered a data breach. The breach exposed 18GB worth of data including names, 8 | phone numbers, dates of birth, physical and IP addresses, SHA-1 password 9 | hashes and almost 3 million unique email addresses. The data was provided to 10 | HIBP by a source who requested it be attributed to 11 | "pompompurin@riseup.net". 12 |
13 | -------------------------------------------------------------------------------- /www/hibp/xhamster/index.html: -------------------------------------------------------------------------------- 1 |5 | In November 2016, news broke that 6 | hackers were trading hundreds of thousands of xHamster porn account 11 | details. In total, the data contained almost 380k unique user records including 13 | email addresses, usernames and unsalted MD5 password hashes. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/000webhost/index.html: -------------------------------------------------------------------------------- 1 |5 | In approximately March 2015, the free web hosting provider 6 | 000webhost suffered a major data breach 12 | that exposed almost 15 million customer records. The data was sold and traded 13 | before 000webhost was alerted in October. The breach included names, email 14 | addresses and plain text passwords. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/fashionfantasygame/index.html: -------------------------------------------------------------------------------- 1 |5 | In late 2016, the fashion gaming website 6 | Fashion Fantasy Game suffered a data breach. The incident exposed 2.3 million unique user accounts and corresponding MD5 12 | password hashes with no salt. The data was contributed to Have I Been Pwned 13 | courtesy of rip@creep.im. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/furaffinity/index.html: -------------------------------------------------------------------------------- 1 |5 | In May 2016, the Fur Affinity website for people with an interest in 6 | anthropomorphic animal characters (also known as "furries") 7 | was hacked. The attack exposed 1.2M email addresses (many accounts had a different 13 | "first" and "last" email against them) and hashed passwords. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/r2games/index.html: -------------------------------------------------------------------------------- 1 |5 | In late 2015, the gaming website 6 | R2Games 7 | was hacked and more than 2.1M personal records disclosed. The vBulletin forum 8 | included IP addresses and passwords stored as salted hashes using a weak 9 | implementation enabling many to be rapidly cracked. A further 11M accounts 10 | were added to "Have I Been Pwned" in March 2016 and another 9M in July 2016 11 | bringing the total to over 22M. 12 |
13 | -------------------------------------------------------------------------------- /www/hibp/viewfines/index.html: -------------------------------------------------------------------------------- 1 |5 | In May 2018, the South African website for viewing traffic fines online known 6 | as 7 | ViewFines suffered a data breach. Over 934k records containing 778k unique email addresses were exposed and 13 | included names, phone numbers, government issued IDs and passwords stored in 14 | plain text. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/17media/index.html: -------------------------------------------------------------------------------- 1 |5 | In April 2016, customer data obtained from the streaming app known as 6 | "17" 7 | appeared listed for sale on a Tor hidden service marketplace. The data contained over 4 million unique email addresses along with IP 13 | addresses, usernames and passwords stored as unsalted MD5 hashes. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/cafepress/index.html: -------------------------------------------------------------------------------- 1 |5 | In February 2019, the custom merchandise retailer 6 | CafePress 9 | suffered a data breach. The exposed data included 23 million unique email 10 | addresses with some records also containing names, physical addresses, phone 11 | numbers and passwords stored as SHA-1 hashes. The data was provided to HIBP by 12 | a source who requested it be attributed to "JimScott.Sec@protonmail.com". 13 |
14 | -------------------------------------------------------------------------------- /www/hibp/creative/index.html: -------------------------------------------------------------------------------- 1 |5 | In May 2018, 6 | the forum for Singaporean hardware company Creative Technology 9 | suffered a data breach which resulted in the disclosure of 483k unique email 10 | addresses. Running on an old version of vBulletin, the breach also disclosed 11 | usernames, IP addresses and salted MD5 password hashes. After being notified 12 | of the incident, Creative permanently shut down the forum. 13 |
14 | -------------------------------------------------------------------------------- /www/hibp/payasugym/index.html: -------------------------------------------------------------------------------- 1 |5 | In December 2016, 6 | an attacker breached PayAsUGym's website 12 | exposing over 400k customers' personal data. The data was consequently leaked 13 | publicly and broadly distributed via Twitter. The leaked data contained 14 | personal information including email addresses and passwords hashed using MD5 15 | without a salt. 16 |
17 | -------------------------------------------------------------------------------- /www/hibp/chowbus/index.html: -------------------------------------------------------------------------------- 1 |5 | In October 2020, the Asian food delivery app 6 | Chowbus suffered a data breach which led to over 800,000 records being 11 | emailed to customers. The email contained a link to a CSV file with customer data including 13 | physical addresses, names, phone numbers and over 444,000 unique email 14 | addresses. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/nulledch/index.html: -------------------------------------------------------------------------------- 1 |5 | In May 2020, the hacking forum 6 | Nulled.ch 7 | was breached and the data published to a rival hacking forum. Over 43k records 8 | were compromised and included IP and email addresses, usernames and passwords 9 | stored as salted MD5 hashes alongside the private message history of the 10 | website's admin. The data was provided to HIBP by a source who requested it be 11 | attributed to "Split10". 12 |
13 | -------------------------------------------------------------------------------- /www/hibp/adultfriendfinder/index.html: -------------------------------------------------------------------------------- 1 |5 | In May 2015, the adult hookup site 6 | Adult FriendFinder was hacked 12 | and nearly 4 million records dumped publicly. The data dump included extremely 13 | sensitive personal information about individuals and their relationship 14 | statuses and sexual preferences combined with personally identifiable 15 | information. 16 |
17 | -------------------------------------------------------------------------------- /www/hibp/appartoo/index.html: -------------------------------------------------------------------------------- 1 |5 | In March 2017, the French Flatsharing site known as 6 | Appartoo 7 | suffered a data breach. The incident exposed an extensive amount of personal 8 | information on almost 50k members including email addresses, genders, ages, 9 | private messages sent between users of the service and passwords stored as 10 | SHA-256 hashes. Appartoo advised that all subscribers were notified of the 11 | incident in early 2017. 12 |
13 | -------------------------------------------------------------------------------- /www/hibp/facepunch/index.html: -------------------------------------------------------------------------------- 1 |5 | In June 2016, the game development studio 6 | Facepunch 7 | suffered a data breach that exposed 343k users. The breached data included 8 | usernames, email and IP addresses, dates of birth and salted MD5 password 9 | hashes. Facepunch advised they were aware of the incident and had notified 10 | people at the time. The data was provided to HIBP by whitehat security 11 | researcher and data analyst Adam Davies. 12 |
13 | -------------------------------------------------------------------------------- /www/hibp/gogames/index.html: -------------------------------------------------------------------------------- 1 |5 | In approximately October 2015, the manga website 6 | Go Games 7 | suffered a data breach. The exposed data included 3.4M customer records 8 | including email and IP addresses, usernames and passwords stored as salted MD5 9 | hashes. Go Games did not respond when contacted about the incident. The data 10 | was provided to HIBP by 11 | dehashed.com. 13 |
14 | -------------------------------------------------------------------------------- /www/hibp/indianrailways/index.html: -------------------------------------------------------------------------------- 1 |5 | In November 2019, 6 | the website for Indian Rail left more than 2M records exposed on an 11 | unprotected Firebase database instance. The exposed data included 583k unique email addresses alongside usernames 13 | and passwords stored in plain text. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/lightshope/index.html: -------------------------------------------------------------------------------- 1 |5 | In June 2018, the World of Warcraft service 6 | Light's Hope suffered a data breach 12 | which they subsequently self-submitted to HIBP. Over 30K unique users were 13 | impacted and their exposed data included email addresses, dates of birth, 14 | private messages and passwords stored as bcrypt hashes. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/pixelfederation/index.html: -------------------------------------------------------------------------------- 1 |5 | In December 2013, a 6 | breach of the web-based game community based in Slovakia 12 | exposed over 38,000 accounts which were promptly posted online. The breach 13 | included email addresses and unsalted MD5 hashed passwords, many of which were 14 | easily converted back to plain text. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/smogon/index.html: -------------------------------------------------------------------------------- 1 |5 | In April 2018, the Pokémon website known as 6 | Smogon announced they'd suffered a data breach. The breach dated back to September 2017 and affected their XenForo based 12 | forum. The exposed data included usernames, email addresses, genders and both 13 | bcrypt and MD5 password hashes. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/victoryphones/index.html: -------------------------------------------------------------------------------- 1 |5 | In January 2017, the automated telephony services company 6 | Victory Phones left a Mongo DB database publicly facing without a 11 | password. Subsequently, 213GB of data was downloaded by an unauthorised party 13 | including names, addresses, phone numbers and over 166k unique email 14 | addresses. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/aptoide/index.html: -------------------------------------------------------------------------------- 1 |5 | In April 2020, the independent Android app store 6 | Aptoide suffered a data breach. The incident resulted in the exposure of 20M customer records which were 12 | subsequently shared online via a popular hacking forum. Impacted data included 13 | email and IP addresses, names, IP addresses and passwords stored as SHA-1 14 | hashes without a salt. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/littlemonsters/index.html: -------------------------------------------------------------------------------- 1 |5 | In approximately January 2017, 6 | the Lady Gaga fan site known as "Little Monsters" suffered a data 11 | breach that impacted 1 million accounts. The data contained usernames, email addresses, dates of birth and bcrypt 13 | hashes of passwords. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/moneybookers/index.html: -------------------------------------------------------------------------------- 1 |5 | Sometime in 2009, the e-wallet service known as Money Bookers 6 | suffered a data breach which exposed almost 4.5M customers. Now called Skrill, the breach was not discovered until October 2015 and 12 | included names, email addresses, home addresses and IP addresses. 13 |
14 | -------------------------------------------------------------------------------- /www/hibp/soundwave/index.html: -------------------------------------------------------------------------------- 1 |5 | In approximately mid 2015, the music tracking app 6 | Soundwave suffered a data breach. The breach stemmed from an incident whereby "production data had been 9 | used to populate the test database" and was then inadvertently exposed in 10 | a MongoDB. The data contained 130k records and included email addresses, dates 11 | of birth, genders and MD5 hashes of passwords without a salt. 12 |
13 | -------------------------------------------------------------------------------- /www/hibp/thecandidboard/index.html: -------------------------------------------------------------------------------- 1 |5 | In September 2015, the non-consensual voyeurism site 6 | "The Candid Board" suffered a data breach. The hack of the vBulletin forum led to the exposure of over 178k accounts 12 | along with email and IP addresses, dates of birth and salted passwords hashed 13 | with MD5. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/warmane/index.html: -------------------------------------------------------------------------------- 1 |5 | In approximately December 2016, the online service for World of Warcraft 6 | private servers 7 | Warmane 8 | suffered a data breach. The incident exposed over 1.1M accounts including 9 | usernames, email addresses, dates of birth and salted MD5 password hashes. The 10 | data was subsequently extensively circulated online and was later provided to 11 | HIBP by whitehat security researcher and data analyst Adam Davies. 12 |
13 | -------------------------------------------------------------------------------- /www/hibp/aerserv/index.html: -------------------------------------------------------------------------------- 1 |5 | In April 2018, the ad management platform known as 6 | AerServ 7 | suffered a data breach. Acquired by InMobi earlier in the year, the AerServ 8 | breach impacted over 66k unique email addresses and also included contact 9 | information and passwords stored as salted SHA-512 hashes. The data was 10 | publicly posted to Twitter later in 2018 after which InMobi was notified and 11 | advised they were aware of the incident. 12 |
13 | -------------------------------------------------------------------------------- /www/hibp/parapa/index.html: -------------------------------------------------------------------------------- 1 |5 | In August 2016, 6 | the Russian gaming site known as Пара Па (or parapa.mail.ru) was hacked 12 | along with a number of other forums on the Russian mail provider, mail.ru. The 13 | vBulletin forum contained 4.9 million accounts including usernames, email 14 | addresses and passwords stored as salted MD5 hashes. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/reverb-nation/index.html: -------------------------------------------------------------------------------- 1 |5 | In January 2014, the online service for assisting musicians to build their 6 | careers 7 | ReverbNation suffered a data breach which wasn't identified until September 12 | the following year. The breach contained over 7 million accounts with unique email addresses 14 | and salted SHA1 passwords. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/ulmon/index.html: -------------------------------------------------------------------------------- 1 |5 | In January 2020, the travel app creator 6 | Ulmon suffered a data breach. The service had almost 1.3M records with 777k unique email addresses, 12 | names, passwords stored as bcrypt hashes and in some cases, social media 13 | profile IDs, telephone numbers and bios. The data was subsequently posted to a 14 | popular hacking forum. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/weheartit/index.html: -------------------------------------------------------------------------------- 1 |5 | In November 2013, the image-based social network 6 | We Heart It suffered a data breach. The incident wasn't discovered until October 2017 when 8.6 million user 12 | records were sent to HIBP. The data contained user names, email addresses and 13 | password hashes, 80% of which were salted SHA-256 with the remainder being MD5 14 | with no salt. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/businessacumen/index.html: -------------------------------------------------------------------------------- 1 |5 | In April 2014, the Australian "Business Acumen Magazine" website was 6 | hacked by an attacker known as 1337MiR. The breach resulted in over 26,000 accounts being exposed including 12 | usernames, email addresses and password stored with a weak cryptographic 13 | hashing algorithm (MD5 with no salt). 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/daniweb/index.html: -------------------------------------------------------------------------------- 1 |5 | In late 2015, the technology and social site 6 | DaniWeb 7 | suffered a data breach. The attack resulted in the disclosure of 1.1 million 8 | accounts including email and IP addresses which were also accompanied by 9 | salted MD5 hashes of passwords. However, DaniWeb have advised that "the 10 | breached password hashes and salts are incorrect" and that they have 11 | since switched to new infrastructure and software. 12 |
13 | -------------------------------------------------------------------------------- /www/hibp/hthstudios/index.html: -------------------------------------------------------------------------------- 1 |5 | In August 2018, the adult furry interactive game creator 6 | HTH Studios 9 | suffered a data breach impacting multiple repositories of customer data. 10 | Several months later, the data surfaced on a popular hacking forum and 11 | included 411k unique email addresses along with physical and IP addresses, 12 | names, orders, salted SHA-1 and salted MD5 hashes. HTH Studios is aware of the 13 | incident. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/mindjolt/index.html: -------------------------------------------------------------------------------- 1 |5 | In March 2019, the online gaming website 6 | MindJolt suffered a data breach that exposed 28M unique email addresses. Also impacted were names and dates of birth, but no passwords. The data was 12 | provided to HIBP by a source who requested it be attributed to 13 | "JimScott.Sec@protonmail.com". 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/quidd/index.html: -------------------------------------------------------------------------------- 1 |5 | In 2019, online marketplace for trading stickers, cards, toys, and other 6 | collectibles 7 | Quidd suffered a data breach. The breach exposed almost 4 million users' email addresses, usernames and 13 | passwords stored as bcrypt hashes. The data was subsequently sold then 14 | redistributed extensively via hacking forums. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/vodafone/index.html: -------------------------------------------------------------------------------- 1 |5 | In November 2013, 6 | Vodafone in Iceland suffered an attack 12 | attributed to the Turkish hacker collective "Maxn3y". The data was 13 | consequently publicly exposed and included user names, email addresses, social 14 | security numbers, SMS message, server logs and passwords from a variety of 15 | different internal sources. 16 |
17 | -------------------------------------------------------------------------------- /www/hibp/ipmart/index.html: -------------------------------------------------------------------------------- 1 |5 | During 2015, the 6 | iPmart forum 9 | (now known as Mobi NUKE) was hacked and over 2 million forum members' details 10 | were exposed. The vBulletin forum included IP addresses, birth dates and 11 | passwords stored as salted hashes using a weak implementation enabling many to 12 | be rapidly cracked. A further 368k accounts were added to "Have I Been 13 | Pwned" in March 2016 bringing the total to over 2.4M. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/mcbans/index.html: -------------------------------------------------------------------------------- 1 |5 | In October 2016, the Minecraft banning service known as 6 | MCBans 7 | suffered a data breach resulting in the exposure of 120k unique user records. 8 | The data contained email and IP addresses, usernames and password hashes of 9 | unknown format. The site was previously reported as compromised on the 10 | Vigilante.pw 13 | breached database directory. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/rbxrocks/index.html: -------------------------------------------------------------------------------- 1 |5 | In August 2018, the Roblox trading site 6 | Rbx.Rocks 7 | suffered a data breach. Almost 25k records were sent to HIBP in November and 8 | included names, email addresses and passwords stored as bcrypt hashes. In July 9 | 2019, a further 125k records emerged bringing the total size of the incident 10 | to 150k. The website has since gone offline with a message stating that 11 | "Rbx.Rocks v2.0 is currently under construction". 12 |
13 | -------------------------------------------------------------------------------- /www/hibp/snail/index.html: -------------------------------------------------------------------------------- 1 |5 | In March 2015, the gaming website 6 | Snail suffered a data breach 12 | that impacted 1.4 million subscribers. The impacted data included usernames, 13 | IP and email addresses and passwords stored as unsalted MD5 hashes. The data 14 | was provided to HIBP by 15 | dehashed.com. 17 |
18 | -------------------------------------------------------------------------------- /www/hibp/blackspigotmc/index.html: -------------------------------------------------------------------------------- 1 |5 | In July 2019, the hacking website 6 | BlackSpigotMC suffered a data breach. The XenForo forum based site was allegedly compromised by a rival hacking 9 | website and resulted in 8.5GB of data being leaked including the database and 10 | website itself. The exposed data included 140k unique email addresses, 11 | usernames, IP addresses, genders, geographic locations and passwords stored as 12 | bcrypt hashes. 13 |
14 | -------------------------------------------------------------------------------- /www/hibp/freshmenu/index.html: -------------------------------------------------------------------------------- 1 |5 | In July 2016, the India-based food delivery service 6 | FreshMenu 9 | suffered a data breach. The incident exposed the personal data of over 110k 10 | customers and included their names, email addresses, phone numbers, home 11 | addresses and order histories. When advised of the incident, FreshMenu 12 | acknowledged being already aware of the breach but stated they had decided not 13 | to notify impacted customers. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/jobandtalent/index.html: -------------------------------------------------------------------------------- 1 |5 | In approximately February 2018, 6 | the employment website Jobandtalent suffered a data breach which then 11 | appeared for sale alongside other breaches a year later. The incident impacted 11 million subscribers and exposed their names, email 13 | and IP addresses and passwords stored as salted SHA-1 hashes. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/mrexcel/index.html: -------------------------------------------------------------------------------- 1 |5 | In December 2016, the forum for the Microsoft Excel tips and solutions site 6 | Mr Excel suffered a data breach. The hack of the vBulletin forum led to the exposure of over 366k accounts 12 | along with email and IP addresses, dates of birth and salted passwords hashed 13 | with MD5. The owner of the MrExcel forum subsequently self-submitted the data 14 | to HIBP. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/nexusmods/index.html: -------------------------------------------------------------------------------- 1 |5 | In December 2015, the game modding site Nexus Mods 6 | released a statement notifying users that they had been hacked. They subsequently dated the hack as having occurred in July 2013 although 12 | there is evidence to suggest the data was being traded months in advance of 13 | that. The breach contained usernames, email addresses and passwords stored as 14 | a salted hashes. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/poshmark/index.html: -------------------------------------------------------------------------------- 1 |5 | In mid-2018, social commerce marketplace 6 | Poshmark suffered a data breach 12 | that exposed 36M user accounts. The compromised data included email addresses, 13 | names, usernames, genders, locations and passwords stored as bcrypt hashes. 14 | The data was provided to HIBP by a source who requested it be attributed to 15 | "JimScott.Sec@protonmail.com". 16 |
17 | -------------------------------------------------------------------------------- /www/hibp/quantumbooter/index.html: -------------------------------------------------------------------------------- 1 |5 | In March 2014, the 6 | booter service 9 | Quantum Booter (also referred to as Quantum Stresser) suffered a breach which 10 | lead to the disclosure of their internal database. The leaked data included 11 | private discussions relating to malicious activity Quantum Booter users were 12 | performing against online adversaries, including the IP addresses of those 13 | using the service to mount DDoS attacks. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/vins/index.html: -------------------------------------------------------------------------------- 1 |5 | In June 2017, 6 | an unsecured database with more than 10 million VINs (vehicle 11 | identification numbers) was discovered by researchers. Believed to be sourced from US car dealerships, the data included a raft of 13 | personal information and vehicle data along with 397k unique email addresses. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/chegg/index.html: -------------------------------------------------------------------------------- 1 |5 | In April 2018, the textbook rental service 6 | Chegg suffered a data breach 12 | that impacted 40 million subscribers. The exposed data included email 13 | addresses, usernames, names and passwords stored as unsalted MD5 hashes. The 14 | data was provided to HIBP by a source who requested it be attributed to 15 | "JimScott.Sec@protonmail.com". 16 |
17 | -------------------------------------------------------------------------------- /www/hibp/crossfire/index.html: -------------------------------------------------------------------------------- 1 |5 | In August 2016, 6 | the Russian gaming forum known as Cross Fire (or cfire.mail.ru) was 11 | hacked 13 | along with a number of other forums on the Russian mail provider, mail.ru. The 14 | vBulletin forum contained 12.8 million accounts including usernames, email 15 | addresses and passwords stored as salted MD5 hashes. 16 |
17 | -------------------------------------------------------------------------------- /www/hibp/petflow/index.html: -------------------------------------------------------------------------------- 1 |5 | In December 2017, the pet care delivery service 6 | PetFlow suffered a data breach which consequently appeared for sale on a 11 | dark web marketplace. Almost 1M accounts were impacted and exposed email addresses and passwords 13 | stored as unsalted MD5 hashes. The data was provided to HIBP by a source who 14 | requested it be attributed to "nano@databases.pw". 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/animeplanet/index.html: -------------------------------------------------------------------------------- 1 |5 | In approximately 2016, the anime website 6 | Anime-Planet 9 | suffered a data breach that impacted 369k subscribers. The exposed data 10 | included usernames, IP and email addresses, dates of birth and passwords 11 | stored as unsalted MD5 hashes and for newer accounts, bcrypt hashes. The data 12 | was provided to HIBP by 13 | dehashed.com. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/biohackme/index.html: -------------------------------------------------------------------------------- 1 |5 | In December 2016, the forum for the biohacking website 6 | Biohack.me suffered a data breach 12 | that exposed 3.4k accounts. The data included usernames, email addresses and 13 | hashed passwords along with the private messages of forum members. The data 14 | was self-submitted to HIBP by the Biohack.me operators. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/lanwar/index.html: -------------------------------------------------------------------------------- 1 |5 | In July 2018, staff of 6 | the Lanwar gaming site 9 | discovered a data breach they believe dates back to sometime over the previous 10 | several months. The data contained 45k names, email addresses, usernames and 11 | plain text passwords. A Lanwar staff member self-submitted the breach to HIBP 12 | and has also contacted the relevant authorities about the incident after 13 | identifying a phishing attempt to extort Bitcoin from a user. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/playgar/index.html: -------------------------------------------------------------------------------- 1 |5 | In approximately April 2016, the gaming website 6 | Guns and Robots 9 | suffered a data breach resulting in the exposure of 143k unique records. The 10 | data contained email and IP addresses, usernames and SHA-1 password hashes. 11 | The site was previously reported as compromised on the 12 | Vigilante.pw 15 | breached database directory. 16 |
17 | -------------------------------------------------------------------------------- /www/hibp/vbulletin/index.html: -------------------------------------------------------------------------------- 1 |5 | In November 2015, the forum software maker 6 | vBulletin suffered a serious data breach. The attack lead to the release of both forum user and customer accounts 12 | totalling almost 519k records. The breach included email addresses, birth 13 | dates, security questions and answers for customers and salted hashes of 14 | passwords for both sources. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/wienerbuchereien/index.html: -------------------------------------------------------------------------------- 1 |5 | In June 2019, 6 | the library of Vienna (Wiener Büchereien) suffered a data breach. The compromised data included 224k unique email addresses, names, physical 12 | addresses, phone numbers and dates of birth. The breached data was 13 | subsequently posted to Twitter by the alleged perpetrator of the breach. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/animoto/index.html: -------------------------------------------------------------------------------- 1 |5 | In July 2018, the cloud-based video making service 6 | Animoto suffered a data breach. The breach exposed 22 million unique email addresses alongside names, dates 12 | of birth, country of origin and salted password hashes. The data was provided 13 | to HIBP by a source who requested it be attributed to 14 | "JimScott.Sec@protonmail.com". 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/forbes/index.html: -------------------------------------------------------------------------------- 1 |5 | In February 2014, the Forbes website 6 | succumbed to an attack that leaked over 1 million user accounts. The attack was attributed to the Syrian Electronic Army, allegedly as 12 | retribution for a perceived "Hate of Syria". The attack not only leaked user 13 | credentials, but also resulted in the posting of fake news stories to 14 | forbes.com. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/lizardsquad/index.html: -------------------------------------------------------------------------------- 1 |5 | In January 2015, the hacker collective known as "Lizard Squad" 6 | created a DDoS service by the name of "Lizard Stresser" which could 7 | be procured to mount attacks against online targets. Shortly thereafter, the 8 | service 9 | suffered a data breach 13 | which resulted in the public disclosure of over 13k user accounts including 14 | passwords stored in plain text. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/thishabboforum/index.html: -------------------------------------------------------------------------------- 1 | 2 |In 2014, the ThisHabbo forum (a fan site for Habbo.com, a Finnish social networking site) appeared among a list of compromised sites which has subsequently been removed from the internet. Whilst the actual date of the exploit is not clear, the breached data includes usernames, email addresses, IP addresses and salted hashes of passwords. A further 584k records were added from a more comprehensive breach file provided in October 2016.
6 | -------------------------------------------------------------------------------- /www/hibp/yatra/index.html: -------------------------------------------------------------------------------- 1 |5 | In September 2013, the Indian bookings website known as 6 | Yatra had 7 | 5 million records exposed in a data breach. The data contained email and 8 | physical addresses, dates of birth and phone numbers along with both PINs and 9 | passwords stored in plain text. The site was previously reported as 10 | compromised on the 11 | Vigilante.pw 14 | breached database directory. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/zynga/index.html: -------------------------------------------------------------------------------- 1 |5 | In September 2019, game developer 6 | Zynga (the creator of Words with Friends) suffered a data breach. The incident exposed 173M unique email addresses alongside usernames and 12 | passwords stored as salted SHA-1 hashes. The data was provided to HIBP by 13 | dehashed.com. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/bolt/index.html: -------------------------------------------------------------------------------- 1 |5 | In approximately March 2017, the file sharing website 6 | Bolt suffered a 7 | data breach resulting in the exposure of 995k unique user records. The data 8 | was sourced from their vBulletin forum and contained email and IP addresses, 9 | usernames and salted MD5 password hashes. The site was previously reported as 10 | compromised on the 11 | Vigilante.pw 14 | breached database directory. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/cashcrate/index.html: -------------------------------------------------------------------------------- 1 |5 | In June 2017, news broke that 6 | CashCrate had suffered a data breach exposing 6.8 million records. The breach of the cash-for-surveys site dated back to November 2016 and 12 | exposed names, physical addresses, email addresses and passwords stored in 13 | plain text for older accounts along with weak MD5 hashes for newer ones. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/gaadi/index.html: -------------------------------------------------------------------------------- 1 |5 | In May 2015, the Indian motoring website known as 6 | Gaadi had 7 | 4.3 million records exposed in a data breach. The data contained usernames, 8 | email and IP addresses, genders, the city of users as well as passwords stored 9 | in both plain text and as MD5 hashes. The site was previously reported as 10 | compromised on the 11 | Vigilante.pw 14 | breached database directory. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/rosebuttboard/index.html: -------------------------------------------------------------------------------- 1 |5 | Some time prior to May 2016, 6 | the forum known as "Rosebutt Board" was hacked 12 | and 107k accounts were exposed. The self-described "top one board for 13 | anal fisting, prolapse, huge insertions and rosebutt fans" had email and 14 | IP addresses, usernames and weakly stored salted MD5 password hashes hacked 15 | from the IP.Board based forum. 16 |
17 | -------------------------------------------------------------------------------- /www/hibp/socialengineered/index.html: -------------------------------------------------------------------------------- 1 |5 | In June 2019, the "Art of Human Hacking" site 6 | Social Engineered 9 | suffered a data breach. The breach of the MyBB forum was published on a rival 10 | hacking forum and included 89k unique email addresses spread across 55k forum 11 | users and other tables in the database. The exposed data also included 12 | usernames, IP addresses, private messages and passwords stored as salted MD5 13 | hashes. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/artsy/index.html: -------------------------------------------------------------------------------- 1 |5 | In April 2018, the online arts database 6 | Artsy suffered a data breach which consequently appeared for sale on a dark 11 | web marketplace. Over 1M accounts were impacted and included IP and email addresses, names 13 | and passwords stored as salted SHA-512 hashes. The data was provided to HIBP 14 | by a source who requested it be attributed to "nano@databases.pw". 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/battlefieldheroes/index.html: -------------------------------------------------------------------------------- 1 |5 | In June 2011 as part of a final breached data dump, the hacker collective 6 | "LulzSec" 7 | obtained and released over half a million usernames and passwords from the 12 | game Battlefield Heroes. The passwords were stored as MD5 hashes with no salt and many were easily 14 | converted back to their plain text versions. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/funnygames/index.html: -------------------------------------------------------------------------------- 1 |5 | In April 2018, the online entertainment site 6 | Funny Games 9 | suffered a data breach that disclosed 764k records including usernames, email 10 | and IP addresses and salted MD5 password hashes. The incident was disclosed to 11 | Funny Games in July who acknowledged the breach and identified it had been 12 | caused by legacy code no longer in use. The record count in the breach 13 | constitute approximately half of the user base. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/lifeboat/index.html: -------------------------------------------------------------------------------- 1 |5 | In January 2016, the Minecraft community known as Lifeboat 6 | was hacked and more than 7 million accounts leaked. Lifeboat knew of the incident for three months before the breach was made 12 | public but elected not to advise customers. The leaked data included 13 | usernames, email addresses and passwords stored as straight MD5 hashes. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/powerbot/index.html: -------------------------------------------------------------------------------- 1 |5 | In approximately September 2014, the RuneScape bot website 6 | Powerbot 7 | suffered a data breach resulting in the exposure of over half a million unique 8 | user records. The data contained email and IP addresses, usernames and salted 9 | MD5 hashes of passwords. The site was previously reported as compromised on 10 | the 11 | Vigilante.pw 14 | breached database directory. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/roll20/index.html: -------------------------------------------------------------------------------- 1 |5 | In December 2018, the tabletop role-playing games website 6 | Roll20 suffered a data breach. Almost 4 million customers were impacted by the breach and had email and IP 12 | addresses, names, bcrypt hashes of passwords and the last 4 digits of credit 13 | cards exposed. The data was provided to HIBP by a source who requested it be 14 | attributed to "JimScott.Sec@protonmail.com". 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/eyeem/index.html: -------------------------------------------------------------------------------- 1 |5 | In February 2018, 6 | photography website EyeEm suffered a data breach. The breach was identified among a collection of other large incidents and 12 | exposed almost 20M unique email addresses, names, usernames, bios and password 13 | hashes. The data was provided to HIBP by a source who asked for it to be 14 | attributed to "Kuroi'sh or Gabriel Kimiaie-Asadi Bildstein". 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/heroesofnewerth/index.html: -------------------------------------------------------------------------------- 1 |5 | In December 2012, the multiplayer online battle arena game known as 6 | Heroes of Newerth 9 | 14 | was hacked 16 | and over 8 million accounts extracted from the system. The compromised data 17 | included usernames, email addresses and passwords. 18 |
19 | -------------------------------------------------------------------------------- /www/hibp/mate1/index.html: -------------------------------------------------------------------------------- 1 |5 | In February 2016, the dating site 6 | mate1.com suffered a huge data breach 12 | resulting in the disclosure of over 27 million subscribers' information. The 13 | data included deeply personal information about their private lives including 14 | drug and alcohol habits, incomes levels and sexual fetishes as well as 15 | passwords stored in plain text. 16 |
17 | -------------------------------------------------------------------------------- /www/hibp/toondoo/index.html: -------------------------------------------------------------------------------- 1 |5 | In August 2019, the comic strip creation website 6 | ToonDoo suffered a data breach. The data was subsequently redistributed on a popular hacking forum in 12 | November where the personal information of over 6M subscribers was shared. 13 | Impacted data included email and IP addresses, usernames, genders, the 14 | location of the individual and salted password hashes. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/bitcointalk/index.html: -------------------------------------------------------------------------------- 1 |5 | In May 2015, the Bitcoin forum 6 | Bitcoin Talk was hacked 12 | and over 500k unique email addresses were exposed. The attack led to the 13 | exposure of a raft of personal data including usernames, email and IP 14 | addresses, genders, birth dates, security questions and MD5 hashes of their 15 | answers plus hashes of the passwords themselves. 16 |
17 | -------------------------------------------------------------------------------- /www/hibp/fling/index.html: -------------------------------------------------------------------------------- 1 |5 | In 2011, the self-proclaimed "World's Best Adult Social Network" 6 | website known as Fling 7 | was hacked and more than 40 million accounts obtained by the attacker. The breached data included highly sensitive personal attributes such as 13 | sexual orientation and sexual interests as well as email addresses and 14 | passwords stored in plain text. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/foodora/index.html: -------------------------------------------------------------------------------- 1 |5 | In April 2016, the online food delivery service 6 | Foodora suffered a data breach 12 | which was then extensively redistributed online. The breach included the 13 | personal information of hundreds of thousands of customers from multiple 14 | countries including their names, delivery addresses, phone numbers and 15 | passwords stored as either a salted MD5 or a bcrypt hash. 16 |
17 | -------------------------------------------------------------------------------- /www/hibp/lazada/index.html: -------------------------------------------------------------------------------- 1 |5 | In October 2020, 6 | news broke of Lazada RedMart data breach 12 | containing records as recent as July 2020 and being sold via an online 13 | marketplace. In all, the data contained 1.1 million customer email addresses 14 | alongside names, phone numbers, physical addresses, partial credit card 15 | numbers and passwords stored as SHA-1 hashes. 16 |
17 | -------------------------------------------------------------------------------- /www/hibp/linkedin/index.html: -------------------------------------------------------------------------------- 1 |5 | In May 2016, 6 | LinkedIn had 164 million email addresses and passwords exposed. Originally hacked in 2012, the data remained out of sight until being 12 | offered for sale on a dark market site 4 years later. The passwords in the 13 | breach were stored as SHA1 hashes without salt, the vast majority of which 14 | were quickly cracked in the days following the release of the data. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/macforums/index.html: -------------------------------------------------------------------------------- 1 |5 | In July 2016, the self-proclaimed "Ultimate Source For Your Mac" 6 | website 7 | Mac Forums 10 | suffered a data breach. The vBulletin-based system exposed over 326k 11 | usernames, email and IP addresses, dates of birth and passwords stored as 12 | salted MD5 hashes. The data was later discovered being traded on a popular 13 | hacking forum. Mac Forums did not respond when contacted about the incident 14 | via their contact us form. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/naughtyamerica/index.html: -------------------------------------------------------------------------------- 1 |5 | In March 2016, the adult website 6 | Naughty America was hacked and the data consequently sold online. The breach included data from numerous systems with various personal 12 | identity attributes, the largest of which had passwords stored as easily 13 | crackable MD5 hashes. There were 1.4 million unique email addresses in the 14 | breach. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/nitro/index.html: -------------------------------------------------------------------------------- 1 |5 | In September 2020, 6 | the Nitro PDF service suffered a massive data breach which exposed over 70 11 | million unique email addresses. The breach also exposed names, bcrypt password hashes and the titles of 13 | converted documents. The data was provided to HIBP by 14 | dehashed.com. 16 |
17 | -------------------------------------------------------------------------------- /www/hibp/policeone/index.html: -------------------------------------------------------------------------------- 1 |5 | In February 2017, the law enforcement website 6 | PoliceOne confirmed they'd suffered a data breach. The breach contained over 700k accounts which appeared for sale by a data 12 | broker and included email and IP addresses, usernames and salted MD5 password 13 | hashes. The file the data was contained in indicated the original breach dated 14 | back to July 2014. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/truefire/index.html: -------------------------------------------------------------------------------- 1 |5 | In February 2020, the guitar tuition website 6 | TrueFire suffered a data breach 12 | which impacted 600k members. The breach exposed extensive personal information 13 | including names, email and physical addresses, account balances and unsalted 14 | MD5 password hashes. The data was provided to HIBP by 15 | dehashed.com. 17 |
18 | -------------------------------------------------------------------------------- /www/hibp/vedantu/index.html: -------------------------------------------------------------------------------- 1 |5 | In mid-2019, the Indian interactive online tutoring platform 6 | Vedantu 7 | suffered a data breach which exposed the personal data of 687k users. The JSON 8 | formatted database dump exposed extensive personal information including email 9 | and IP address, names, phone numbers, genders and passwords stored as bcrypt 10 | hashes. When contacted about the incident, Vedantu advised that they were 11 | aware of the breach and were in the process of informing their customers. 12 |
13 | -------------------------------------------------------------------------------- /www/hibp/astropid/index.html: -------------------------------------------------------------------------------- 1 |5 | In December 2013, the vBulletin forum for the social engineering site known as 6 | "AstroPID" was breached and 7 | leaked publicly. The site provided tips on fraudulently obtaining goods and services, often 13 | by providing a legitimate "PID" or Product Information Description. The breach 14 | resulted in nearly 6k user accounts and over 220k private messages between 15 | forum members being exposed. 16 |
17 | -------------------------------------------------------------------------------- /www/hibp/b2busabusinesses/index.html: -------------------------------------------------------------------------------- 1 |5 | In mid-2017, a spam list of over 105 million individuals in corporate America 6 | was discovered online. Referred to as "B2B USA Businesses", the list 7 | categorised email addresses by employer, providing information on individuals' 8 | job titles plus their work phone numbers and physical addresses. 9 | Read more about spam lists in HIBP. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/clashofkings/index.html: -------------------------------------------------------------------------------- 1 |5 | In July 2016, 6 | the forum for the game "Clash of Kings" suffered a data breach 12 | that impacted 1.6 million subscribers. The impacted data included usernames, 13 | IP and email addresses and passwords stored as MD5 hashes. The data was 14 | provided to HIBP by 15 | dehashed.com. 17 |
18 | -------------------------------------------------------------------------------- /www/hibp/gamesalad/index.html: -------------------------------------------------------------------------------- 1 |5 | In February 2019, the education and game creation website 6 | Game Salad suffered a data breach. The incident impacted 1.5M accounts and exposed email addresses, usernames, 12 | IP addresses and passwords stored as SHA-256 hashes. The data was provided to 13 | HIBP by a source who requested it be attributed to 14 | "JimScott.Sec@protonmail.com". 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/canva/index.html: -------------------------------------------------------------------------------- 1 |5 | In May 2019, the graphic design tool website 6 | Canva suffered a data breach 12 | that impacted 137 million subscribers. The exposed data included email 13 | addresses, usernames, names, cities of residence and passwords stored as 14 | bcrypt hashes for users not using social logins. The data was provided to HIBP 15 | by a source who requested it be attributed to "JimScott.Sec@protonmail.com". 16 |
17 | -------------------------------------------------------------------------------- /www/hibp/tout/index.html: -------------------------------------------------------------------------------- 1 |5 | In approximately September 2014, the now defunct social networking service 6 | Tout 12 | suffered a data breach. The breach subsequently appeared years later and 13 | included 653k unique email addresses, names, IP addresses, the location of the 14 | user, their bio and passwords stored as bcrypt hashes. The data was provided 15 | to HIBP by a source who requested it to be attributed to 16 | "nmapthis@protonmail.com". 17 |
18 | -------------------------------------------------------------------------------- /www/hibp/truckersmp/index.html: -------------------------------------------------------------------------------- 1 |5 | In February 2016, the online trucking simulator mod 6 | TruckersMP suffered a data breach 9 | which exposed 84k user accounts. In a first for "Have I Been Pwned", 10 | the breached data was self-submitted directly by the organisation that was 15 | breached itself. 17 |
18 | -------------------------------------------------------------------------------- /www/hibp/universarium/index.html: -------------------------------------------------------------------------------- 1 |5 | In approximately November 2019, the Russian "Remote preparatory faculty 6 | for IT specialties" 7 | Universarium 10 | suffered a data breach. The incident exposed 565k email addresses and 11 | passwords in plain text. Universarium did not respond to multiple attempts to 12 | make contact over a period of many weeks. The data was provided to HIBP by 13 | dehashed.com. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/experian2020/index.html: -------------------------------------------------------------------------------- 1 |5 | In August 2020, 6 | Experian South Africa suffered a data breach 12 | which exposed the personal information of tens of millions of individuals. 13 | Only 1.3M of the records contained email addresses, whilst most contained 14 | government issued identity numbers, names, addresses, occupations and 15 | employers, amongst other person information. 16 |
17 | -------------------------------------------------------------------------------- /www/hibp/foxybingo/index.html: -------------------------------------------------------------------------------- 1 |5 | In April 2007, the online gambling site 6 | Foxy Bingo 9 | was hacked and 252,000 accounts were obtained by the hackers. The breached 10 | records 11 | were subsequently sold and traded 17 | and included personal information data such as plain text passwords, birth 18 | dates and home addresses. 19 |
20 | -------------------------------------------------------------------------------- /www/hibp/lifebear/index.html: -------------------------------------------------------------------------------- 1 |5 | In early 2019, the Japanese schedule app 6 | Lifebear appeared for sale on a dark web marketplace amongst a raft of 11 | other hacked websites. The breach exposed almost 3.7M unique email addresses, usernames and 13 | passwords stored as salted MD5 hashes. The data was provided to HIBP by a 14 | source who requested it be attributed to "nano@databases.pw". 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/storybird/index.html: -------------------------------------------------------------------------------- 1 |5 | In August 2015, the storytelling service 6 | StoryBird suffered a data breach 12 | exposing 4 million records with 1 million unique email addresses. Impacted 13 | data also included names, usernames and passwords stored as PBKDF2 hashes. The 14 | data was provided to HIBP by 15 | dehashed.com. 17 |
18 | -------------------------------------------------------------------------------- /www/hibp/wpsandbox/index.html: -------------------------------------------------------------------------------- 1 |5 | In November 2018, the WordPress sandboxing service that allows people to 6 | create temporary websites 7 | WP Sandbox 8 | discovered their service was being used to host a phishing site attempting to 9 | collect Microsoft OneDrive accounts. After identifying the malicious site, WP 10 | Sandbox took it offline, contacted the 858 people who provided information to 11 | it then self-submitted their addresses to HIBP. The phishing page requested 12 | both email addresses and passwords. 13 |
14 | -------------------------------------------------------------------------------- /www/hibp/8fit/index.html: -------------------------------------------------------------------------------- 1 |5 | In July 2018, the health and fitness service 6 | 8fit suffered a data breach. The data subsequently appeared for sale on a dark web marketplace in 12 | February 2019 and included over 15M unique email addresses alongside names, 13 | genders, IP addresses and passwords stored as bcrypt hashes. The data was 14 | provided to HIBP by 15 | dehashed.com. 17 |
18 | -------------------------------------------------------------------------------- /www/hibp/brazzers/index.html: -------------------------------------------------------------------------------- 1 |5 | In April 2013, the adult website known as 6 | Brazzers was hacked 12 | and 790k accounts were exposed publicly. Each record included a username, 13 | email address and password stored in plain text. The breach was brought to 14 | light by the 15 | Vigilante.pw 16 | data breach reporting site in September 2016. 17 |
18 | -------------------------------------------------------------------------------- /www/hibp/europajobs/index.html: -------------------------------------------------------------------------------- 1 |5 | In August 2019, the now defunct European jobs website 6 | europa.jobs 12 | (Google cache link) suffered a data breach. The incident exposed 226k unique 13 | email addresses alongside extensive personal information including names, 14 | dates of birth, job applications and passwords. The data was subsequently 15 | redistributed on a popular hacking forum. 16 |
17 | -------------------------------------------------------------------------------- /www/hibp/minecraftpocketeditionforum/index.html: -------------------------------------------------------------------------------- 1 |5 | In May 2015, the 6 | Minecraft Pocket Edition forum was hacked 12 | and over 16k accounts were dumped public. Allegedly hacked by 13 | @rmsg0d, the forum data included numerous personal pieces of data for each user. The 15 | forum has subsequently been decommissioned. 16 |
17 | -------------------------------------------------------------------------------- /www/hibp/mspy/index.html: -------------------------------------------------------------------------------- 1 |5 | In May 2015, the "monitoring" software known as 6 | mSpy suffered 7 | a 8 | major data breach. The software (allegedly often used to spy on unsuspecting victims), stored 14 | extensive personal information within their online service which after being 15 | breached, was made freely available on the internet. 16 |
17 | -------------------------------------------------------------------------------- /www/hibp/rambler/index.html: -------------------------------------------------------------------------------- 1 |5 | In late 2016, a data dump of almost 100M accounts from Rambler, sometimes 6 | referred to as "The Russian Yahoo", 7 | was discovered being traded online. The data set provided to Have I Been Pwned included 91M unique usernames 13 | (which also form part of Rambler email addresses) and plain text passwords. 14 | According to Rambler, the data dates back to March 2014. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/siae/index.html: -------------------------------------------------------------------------------- 1 |5 | In November 2018, the Società Italiana degli Autori ed Editori (Italian 6 | Society of Authors and Publishers, or SIAE) 7 | was hacked, defaced and almost 4GB of data leaked publicly via Twitter. The data included over 14k registered users' names, email addresses and 13 | passwords. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/coinmama/index.html: -------------------------------------------------------------------------------- 1 |5 | In August 2017, the crypto coin brokerage service 6 | Coinmama suffered a data breach 12 | that impacted 479k subscribers. The breach was discovered in February 2019 13 | with exposed data including email addresses, usernames and passwords stored as 14 | MD5 WordPress hashes. The data was provided to HIBP by white hat security 15 | researcher and data analyst Adam Davies. 16 |
17 | -------------------------------------------------------------------------------- /www/hibp/insanelyi/index.html: -------------------------------------------------------------------------------- 1 |5 | In July 2014, the iOS forum 6 | Insanelyi 7 | was 8 | hacked by an attacker known as Kim Jong-Cracks. A popular source of information for users of jailbroken iOS devices running 14 | Cydia, the Insanelyi breach disclosed over 104k users' emails addresses, user 15 | names and weakly hashed passwords (salted MD5). 16 |
17 | -------------------------------------------------------------------------------- /www/hibp/paddypower/index.html: -------------------------------------------------------------------------------- 1 |5 | In October 2010, the Irish bookmaker 6 | Paddy Power suffered a data breach 12 | that exposed 750,000 customer records with nearly 600,000 unique email 13 | addresses. The breach was not disclosed until July 2014 and contained 14 | extensive personal information including names, addresses, phone numbers and 15 | plain text security questions and answers. 16 |
17 | -------------------------------------------------------------------------------- /www/hibp/spirol/index.html: -------------------------------------------------------------------------------- 1 |5 | In February 2014, Connecticut based Spirol Fastening Solutions 6 | suffered a data breach that exposed over 70,000 customer records. The attack was allegedly mounted by exploiting a SQL injection 12 | vulnerability which yielded data from Spirol’s CRM system ranging from 13 | customers’ names, companies, contact information and over 55,000 unique email 14 | addresses. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/stockx/index.html: -------------------------------------------------------------------------------- 1 |5 | In July 2019, the fashion and sneaker trading platform 6 | StockX suffered a data breach 12 | which was subsequently sold via a dark webmarketplace. The exposed data 13 | included 6.8 million unique email addresses, names, physical addresses, 14 | purchases and passwords stored as salted MD5 hashes. The data was provided to 15 | HIBP by 16 | dehashed.com. 18 |
19 | -------------------------------------------------------------------------------- /www/hibp/strongholdkingdoms/index.html: -------------------------------------------------------------------------------- 1 |5 | In July 2018, the massive multiplayer online game 6 | Stronghold Kingdoms suffered a data breach. Almost 5.2 million accounts were impacted by the incident which exposed 12 | emails addresses, usernames and passwords stored as salted SHA-1 hashes. The 13 | data was provided to HIBP by a source who requested it be attributed to 14 | "JimScott.Sec@protonmail.com". 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/yahoo/index.html: -------------------------------------------------------------------------------- 1 |5 | In July 2012, Yahoo! had their online publishing service "Voices" 6 | compromised via a SQL injection attack. The breach resulted in the disclosure 7 | of nearly half a million usernames and passwords stored in plain text. The 8 | breach showed that of the compromised accounts, a staggering 9 | 59% of people who also had accounts in the Sony breach reused their 14 | passwords across both services. 16 |
17 | -------------------------------------------------------------------------------- /www/hibp/edmodo/index.html: -------------------------------------------------------------------------------- 1 |5 | In May 2017, the education platform 6 | Edmodo was hacked 12 | resulting in the exposure of 77 million records comprised of over 43 million 13 | unique customer email addresses. The data was consequently published to a 14 | popular hacking forum and made freely available. The records in the breach 15 | included usernames, email addresses and bcrypt hashes of passwords. 16 |
17 | -------------------------------------------------------------------------------- /www/hibp/lyricsmania/index.html: -------------------------------------------------------------------------------- 1 |5 | In December 2017, the song lyrics website known as 6 | Lyrics Mania 9 | suffered a data breach. The data in the breach included 109k usernames, email 10 | addresses and plain text passwords. 11 | Numerous attempts were made to contact Lyrics Mania about the incident, however no responses were received. 17 |
18 | -------------------------------------------------------------------------------- /www/hibp/programmingforums/index.html: -------------------------------------------------------------------------------- 1 |5 | In approximately late 2015, the programming forum at 6 | programmingforums.org 9 | suffered a data breach resulting in the exposure of 707k unique user records. 10 | The data contained email and IP addresses, usernames and salted MD5 hashes of 11 | passwords. The site was previously reported as compromised on the 12 | Vigilante.pw 15 | breached database directory. 16 |
17 | -------------------------------------------------------------------------------- /www/hibp/zomato/index.html: -------------------------------------------------------------------------------- 1 |5 | In May 2017, the restaurant guide website 6 | Zomato was hacked 12 | resulting in the exposure of almost 17 million accounts. The data was 13 | consequently redistributed online and contains email addresses, usernames and 14 | salted MD5 hashes of passwords (the password hash was not present on all 15 | accounts). This data was provided to HIBP by whitehat security researcher and 16 | data analyst Adam Davies. 17 |
18 | -------------------------------------------------------------------------------- /www/hibp/armorgames/index.html: -------------------------------------------------------------------------------- 1 |5 | In January 2019, the game portal website website 6 | Armor Games suffered a data breach. A total of 10.6 million email addresses were impacted by the breach which 12 | also exposed usernames, IP addresses, birthdays of administrator accounts and 13 | passwords stored as salted SHA-1 hashes. The data was provided to HIBP by a 14 | source who requested it be attributed to 15 | "JimScott.Sec@protonmail.com". 16 |
17 | -------------------------------------------------------------------------------- /www/hibp/clubpenguinrewrittenjul2019/index.html: -------------------------------------------------------------------------------- 1 |5 | In July 2019, the children's gaming site 6 | Club Penguin Rewritten 9 | (CPRewritten) suffered a data breach (note: CPRewritten is an independent 10 | recreation of Disney's Club Penguin game). In addition to an earlier data 11 | breach that impacted 1.7 million accounts, the subsequent breach exposed 4 12 | million unique email addresses alongside IP addresses, usernames and passwords 13 | stored as bcrypt hashes. 14 |
15 | -------------------------------------------------------------------------------- /www/hibp/dunzo/index.html: -------------------------------------------------------------------------------- 1 |5 | In approximately June 2019, the Indian delivery service 6 | Dunzo suffered a data breach. Exposing 3.5 million unique email addresses, the Dunzo breach also included 12 | names, phone numbers and IP addresses which were all broadly distributed 13 | online via a hacking forum. The data was provided to HIBP by 14 | dehashed.com. 16 |
17 | -------------------------------------------------------------------------------- /www/hibp/eatstreet/index.html: -------------------------------------------------------------------------------- 1 |5 | In May 2019, the online food ordering service 6 | EatStreet suffered a data breach affecting 6.4 million customers. An extensive amount of personal data was obtained including names, phone 12 | numbers, addresses, partial credit card data and passwords stored as bcrypt 13 | hashes. The data was provided to HIBP by a source who requested it be 14 | attributed to "JimScott.Sec@protonmail.com". 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/epicbot/index.html: -------------------------------------------------------------------------------- 1 |5 | In September 2019, the RuneScape bot provider 6 | EpicBot suffered a data breach that impacted 817k subscribers. Data from the breach was subsequently shared on a popular hacking forum and 12 | included usernames, email and IP addresses and passwords stored as either 13 | salted MD5 or bcrypt hashes. EpicBot did not respond when contacted about the 14 | incident. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/ixigo/index.html: -------------------------------------------------------------------------------- 1 |5 | In January 2019, the travel and hotel booking site 6 | ixigo suffered a data breach. The data appeared for sale on a dark web marketplace the following month 12 | and included over 17M unique email addresses alongside names, genders, phone 13 | numbers, connections to Facebook profiles and passwords stored as MD5 hashes. 14 | The data was provided to HIBP by a source who requested it to be attributed to 15 | "BenjaminBlue@exploit.im". 16 |
17 | -------------------------------------------------------------------------------- /www/hibp/muslimdirectory/index.html: -------------------------------------------------------------------------------- 1 |5 | In February 2014, the UK guide to services and business known as the Muslim 6 | Directory was 7 | attacked by the hacker known as @th3inf1d3l. The data was consequently dumped publicly and included the web accounts of 13 | tens of thousands of users which contained data including their names, home 14 | address, age group, email, website activity and password in plain text. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/nemoweb/index.html: -------------------------------------------------------------------------------- 1 |5 | In September 2016, almost 21GB of data from the French website used for 6 | "standardised and decentralized means of exchange for publishing 7 | newsgroup articles" 8 | NemoWeb 9 | was leaked from what appears to have been an unprotected Mongo DB. The data 10 | consisted of a large volume of emails sent to the service and included almost 11 | 3.5M unique addresses, albeit many of them auto-generated. Multiple attempts 12 | were made to contact the operators of NemoWeb but no response was received. 13 |
14 | -------------------------------------------------------------------------------- /www/hibp/nival/index.html: -------------------------------------------------------------------------------- 1 |5 | In February 2016, the Russian gaming company 6 | Nival was the 7 | target of an attack which was consequently 8 | detailed on Reddit. Allegedly protesting "the foreign policy of Russia in regards to 14 | Ukraine", Nival was one of several Russian sites in the breach and 15 | impacted over 1.5M accounts including sensitive personal information. 16 |
17 | -------------------------------------------------------------------------------- /www/hibp/tesco/index.html: -------------------------------------------------------------------------------- 1 |5 | In February 2014, 6 | over 2,000 Tesco accounts with usernames, passwords and loyalty card 11 | balances appeared on Pastebin. Whilst the source of the breach is not clear, many confirmed the 13 | credentials were valid for Tesco and indeed 14 | 19 | they have a history of poor online security. 21 |
22 | -------------------------------------------------------------------------------- /www/hibp/coachella/index.html: -------------------------------------------------------------------------------- 1 |5 | In February 2017, 6 | hundreds of thousands of records from the Coachella music festival were 11 | discovered being sold online. Allegedly taken from a combination of the main Coachella website and their 13 | vBulletin-based message board, the data included almost 600k usernames, IP and 14 | email addresses and salted hashes of passwords (MD5 in the case of the message 15 | board). 16 |
17 | -------------------------------------------------------------------------------- /www/hibp/dailyobjects/index.html: -------------------------------------------------------------------------------- 1 |5 | In approximately January 2018, a collection of more than 464k customer records 6 | from the Indian online retailer 7 | DailyObjects 10 | were leaked online. The data included names, physical and email addresses, 11 | phone numbers and "pincodes" stored in plain text. After multiple 12 | attempts to contact them, DailyObjects responded and received a copy of the 13 | data for verification, however failed to respond to multiple contact attempts 14 | following that. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/hautelook/index.html: -------------------------------------------------------------------------------- 1 |5 | In mid-2018, the fashion shopping site 6 | HauteLook was among a raft of sites that were breached and their data then 11 | sold in early-2019. The data included over 28 million unique email addresses alongside names, 13 | genders, dates of birth and passwords stored as bcrypt hashes. The data was 14 | provided to HIBP by 15 | dehashed.com. 17 |
18 | -------------------------------------------------------------------------------- /www/hibp/hookersnl/index.html: -------------------------------------------------------------------------------- 1 |5 | In October 2019, the Dutch prostitution forum 6 | Hookers.nl suffered a data breach 12 | which exposed the personal information of sex workers and their customers. The 13 | IP and email addresses, usernames and either bcrypt or salted MD5 password 14 | hashes of 291k members were accessed via an unpatched vulnerability in the 15 | vBulletin forum software. 16 |
17 | -------------------------------------------------------------------------------- /www/hibp/kmru/index.html: -------------------------------------------------------------------------------- 1 |5 | In February 2016, the Russian portal and email service 6 | KM.RU was the target 7 | of an attack which was consequently 8 | detailed on Reddit. Allegedly protesting "the foreign policy of Russia in regards to 14 | Ukraine", KM.RU was one of several Russian sites in the breach and 15 | impacted almost 1.5M accounts including sensitive personal information. 16 |
17 | -------------------------------------------------------------------------------- /www/hibp/pixlr/index.html: -------------------------------------------------------------------------------- 1 |5 | In October 2020, the online photo editing application 6 | Pixlr suffered a data breach 12 | exposing 1.9 million subscribers. Impacted data included names, email 13 | addresses, social media profiles, the country signed up from and passwords 14 | stored as SHA-512 hashes. The data was provided to HIBP by 15 | dehashed.com. 17 |
18 | -------------------------------------------------------------------------------- /www/hibp/promofarma/index.html: -------------------------------------------------------------------------------- 1 |5 | In August 2019, 6 | a data breach from the Spanish online pharmacy Promofarma appeared for sale 11 | on a dark web marketplace. The breach exposed over 2.7M records and contained almost 1.3M unique 13 | customer email addresses. The data also included customer names and was 14 | provided to HIBP by 15 | dehashed.com. 17 |
18 | -------------------------------------------------------------------------------- /www/hibp/tailieu/index.html: -------------------------------------------------------------------------------- 1 |5 | In November 2019, the Vietnamese education website 6 | TaiLieu 7 | allegedly suffered a data breach exposing 7.3M customer records. Impacted data 8 | included names and usernames, email addresses, dates of birth, genders and 9 | passwords stored as unsalted MD5 hashes. The data was provided to HIBP by 10 | dehashed.com 13 | after being shared on a popular hacking forum. TaiLieu did not respond when 14 | contacted about the incident. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/tokopedia/index.html: -------------------------------------------------------------------------------- 1 |5 | In April 2020, Indonesia's largest online store 6 | Tokopedia suffered a data breach. The incident resulted in 15M rows of data being posted to a popular hacking 12 | forum. An additional 76M rows were later provided to HIBP in July 2020. In 13 | total, the data included over 71M unique email addresses alongside names, 14 | genders, birth dates and passwords stored as SHA2-384 hashes. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/123rf/index.html: -------------------------------------------------------------------------------- 1 |5 | In March 2020, the stock photo site 6 | 123RF suffered a data breach 12 | which impacted over 8 million subscribers and was subsequently sold online. 13 | The breach included email, IP and physical addresses, names, phone numbers and 14 | passwords stored as MD5 hashes. The data was provided to HIBP by 15 | dehashed.com. 17 |
18 | -------------------------------------------------------------------------------- /www/hibp/bukalapak/index.html: -------------------------------------------------------------------------------- 1 |5 | In March 2019, the Indonesian e-commerce website 6 | Bukalapak discovered a data breach of the organisation's backups dating 11 | back to October 2017. The incident exposed approximately 13 million unique email addresses 13 | alongside IP addresses, names and passwords stored as bcrypt and salted 14 | SHA-512 hashes. The data was provided to HIBP by a source who requested it to 15 | be attributed to "Maxime Thalet". 16 |
17 | -------------------------------------------------------------------------------- /www/hibp/evermotion/index.html: -------------------------------------------------------------------------------- 1 |5 | In May 2015, the Polish 3D modelling website known as 6 | Evermotion 9 | suffered a data breach resulting in the exposure of 435k unique user records. 10 | The data was sourced from a vBulletin forum and contained email addresses, 11 | usernames, dates of birth and salted MD5 hashes of passwords. The site was 12 | previously reported as compromised on the 13 | Vigilante.pw 16 | breached database directory. 17 |
18 | -------------------------------------------------------------------------------- /www/hibp/netprospex/index.html: -------------------------------------------------------------------------------- 1 |5 | In 2016, a list of over 33 million individuals in corporate America sourced 6 | from Dun & Bradstreet's NetProspex service 7 | was leaked online. D&B believe the targeted marketing data was lost by a customer who 13 | purchased it from them. It contained extensive personal and corporate 14 | information including names, email addresses, job titles and general 15 | information about the employer. 16 |
17 | -------------------------------------------------------------------------------- /www/hibp/ogusers2020/index.html: -------------------------------------------------------------------------------- 1 |5 | In April 2020, the account hijacking and SIM swapping forum 6 | OGUsers suffered their second data breach in less than a year. As with the previous breach, the exposed data included email and IP 12 | addresses, usernames, private messages and passwords stored as salted MD5 13 | hashes. A total of 263k email addresses across user accounts and other tables 14 | were posted to a rival hacking forum. 15 |
16 | -------------------------------------------------------------------------------- /www/hibp/staminus/index.html: -------------------------------------------------------------------------------- 1 |5 | In March 2016, the DDoS protection service 6 | Staminus was "massively hacked" 12 | resulting in an outage of more than 20 hours and the disclosure of customer 13 | credentials (with unsalted MD5 hashes), support tickets, credit card numbers 14 | and other sensitive data. 27k unique email addresses were found in the data 15 | which was subsequently released to the public. Staminus is no longer in 16 | operation. 17 |
18 | -------------------------------------------------------------------------------- /www/hibp/streeteasy/index.html: -------------------------------------------------------------------------------- 1 |5 | In approximately June 2016, the real estate website 6 | StreetEasy suffered a data breach. In total, 988k unique email addresses were included in the breach alongside 12 | names, usernames and SHA-1 hashes of passwords, all of which appeared for sale 13 | on a dark web marketplace in February 2019. The data was provided to HIBP by a 14 | source who requested it be attributed to 15 | "JimScott.Sec@protonmail.com". 16 |
17 | --------------------------------------------------------------------------------