Breached Data History
Here's an overview of the various breaches.
000webhost
( Last Updated On ) : December 10, 2017 at 09:44:27 PMIn approximately March 2015, the free web hosting provider 000webhost suffered a major data breach that exposed almost 15 million customer records. The data was sold and traded before 000webhost was alerted in October. The breach included names, email addresses and plain text passwords.
Breach date :
2015-03-01
Domain Name :
000webhost.com
Compromised accounts :
"14,936,670"
Compromised data :
Email addresses, IP addresses, Names, Passwords
123RF
( Last Updated On ) : November 15, 2020 at 01:07:10 AMIn March 2020, the stock photo site 123RF suffered a data breach which impacted over 8 million subscribers and was subsequently sold online. The breach included email, IP and physical addresses, names, phone numbers and passwords stored as MD5 hashes. The data was provided to HIBP by dehashed.com.
Breach date :
2020-03-22
Domain Name :
123rf.com
Compromised accounts :
"8,661,578"
Compromised data :
Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Usernames
126
( Last Updated On ) : October 8, 2016 at 07:46:05 AMIn approximately 2012, it's alleged that the Chinese email service known as 126 suffered a data breach that impacted 6.4 million subscribers. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified". The data in the breach contains email addresses and plain text passwords. Read more about Chinese data breaches in Have I Been Pwned.
Breach date :
2012-01-01
Domain Name :
126.com
Compromised accounts :
"6,414,191"
Compromised data :
Email addresses, Passwords
17Media
( Last Updated On ) : July 8, 2016 at 01:55:03 AMIn April 2016, customer data obtained from the streaming app known as "17" appeared listed for sale on a Tor hidden service marketplace. The data contained over 4 million unique email addresses along with IP addresses, usernames and passwords stored as unsalted MD5 hashes.
Breach date :
2016-04-19
Domain Name :
17app.co
Compromised accounts :
"4,009,640"
Compromised data :
Device information, Email addresses, IP addresses, Passwords, Usernames
17173
( Last Updated On ) : April 28, 2018 at 04:53:15 AMIn late 2011, a series of data breaches in China affected up to 100 million users, including 7.5 million from the gaming site known as 17173. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified". The data in the breach contains usernames, email addresses and salted MD5 password hashes and was provided with support from dehashed.com. Read more about Chinese data breaches in Have I Been Pwned.
Breach date :
2011-12-28
Domain Name :
17173.com
Compromised accounts :
"7,485,802"
Compromised data :
Email addresses, Passwords, Usernames
1win
( Last Updated On ) : February 6, 2025 at 04:30:27 AMIn November 2024, the online betting platform 1win suffered a data breach that exposed 96M users. The exposed data included email and IP addresses, phone numbers, dates of birth, country and SHA-256 password hashes.
Breach date :
2024-11-02
Domain Name :
1win.com
Compromised accounts :
"96,166,543"
Compromised data :
Dates of birth, Email addresses, Geographic locations, IP addresses, Passwords, Phone numbers
2844Breaches
( Last Updated On ) : February 26, 2018 at 10:06:02 AMIn February 2018, a massive collection of almost 3,000 alleged data breaches was found online. Whilst some of the data had previously been seen in Have I Been Pwned, 2,844 of the files consisting of more than 80 million unique email addresses had not previously been seen. Each file contained both an email address and plain text password and were consequently loaded as a single "unverified" data breach.
Breach date :
2018-02-19
Domain Name :
"Unknown"
Compromised accounts :
"80,115,532"
Compromised data :
Email addresses, Passwords
2fast4u
( Last Updated On ) : January 7, 2018 at 08:19:39 AMIn December 2017, the Belgian motorcycle forum 2fast4u discovered a data breach of their system. The breach of the vBulletin message board impacted over 17k individual users and exposed email addresses, usersnames and salted MD5 passwords.
Breach date :
2017-12-20
Domain Name :
2fast4u.be
Compromised accounts :
"17,706"
Compromised data :
Email addresses, Passwords, Usernames
500px
( Last Updated On ) : March 25, 2019 at 08:01:09 AMIn mid-2018, the online photography community 500px suffered a data breach. The incident exposed almost 15 million unique email addresses alongside names, usernames, genders, dates of birth and either an MD5 or bcrypt password hash. In 2019, the data appeared listed for sale on a dark web marketplace (along with several other large breaches) and subsequently began circulating more broadly.
Breach date :
2018-07-05
Domain Name :
500px.com
Compromised accounts :
"14,867,999"
Compromised data :
Dates of birth, Email addresses, Genders, Geographic locations, Names, Passwords, Usernames
7k7k
( Last Updated On ) : September 26, 2017 at 09:54:01 PMIn approximately 2011, it's alleged that the Chinese gaming site known as 7k7k suffered a data breach that impacted 9.1 million subscribers. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified". The data in the breach contains usernames, email addresses and plain text passwords. Read more about Chinese data breaches in Have I Been Pwned.
Breach date :
2011-01-01
Domain Name :
7k7k.com
Compromised accounts :
"9,121,434"
Compromised data :
Email addresses, Passwords, Usernames
8fit
( Last Updated On ) : March 21, 2019 at 06:50:00 PMIn July 2018, the health and fitness service 8fit suffered a data breach. The data subsequently appeared for sale on a dark web marketplace in February 2019 and included over 15M unique email addresses alongside names, genders, IP addresses and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.
Breach date :
2018-07-01
Domain Name :
8fit.com
Compromised accounts :
"15,025,407"
Compromised data :
Email addresses, Genders, Geographic locations, IP addresses, Names, Passwords
8tracks
( Last Updated On ) : August 25, 2019 at 08:52:21 AMIn June 2017, the online playlists service known as 8Tracks suffered a data breach which impacted 18 million accounts. In their disclosure, 8Tracks advised that "the vector for the attack was an employee’s GitHub account, which was not secured using two-factor authentication". Salted SHA-1 password hashes for users who didn't sign up with either Google or Facebook authentication were also included. The data was provided to HIBP by whitehat security researcher and data analyst Adam Davies and contained almost 8 million unique email addresses. The complete set of 18M records was later provided by JimScott.Sec@protonmail.com and updated in HIBP accordingly.
Breach date :
2017-06-27
Domain Name :
8tracks.com
Compromised accounts :
"17,979,961"
Compromised data :
Email addresses, Passwords
9Lives
( Last Updated On ) : February 6, 2025 at 04:29:24 AMIn October 2014, the (now defunct) Belgian gaming news forum 9Lives suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 109k unique email addresses along with usernames and salted MD5 password hashes.
Breach date :
2014-10-01
Domain Name :
9lives.be
Compromised accounts :
"109,515"
Compromised data :
Email addresses, Passwords, Usernames
Abandonia
( Last Updated On ) : December 7, 2022 at 05:56:07 AMIn November 2015, the gaming website dedicated to classic DOS games Abandonia suffered a data breach resulting in the exposure of 776k unique user records. The data contained email and IP addresses, usernames and salted MD5 hashes of passwords.
Breach date :
2015-11-01
Domain Name :
abandonia.com
Compromised accounts :
"776,125"
Compromised data :
Email addresses, IP addresses, Passwords, Usernames
Abandonia2022
( Last Updated On ) : December 11, 2022 at 12:25:07 PMIn November 2022, the gaming website dedicated to classic DOS games Abandonia suffered a data breach resulting in the exposure of 920k unique user records. This breach was in addition to another one 7 years earlier in 2015. The data contained email and IP addresses, usernames and salted MD5 hashes of passwords.
Breach date :
2022-11-15
Domain Name :
abandonia.com
Compromised accounts :
"919,790"
Compromised data :
Email addresses, IP addresses, Passwords, Usernames
AbuseWithUs
( Last Updated On ) : October 9, 2017 at 11:08:45 AMIn 2016, the site dedicated to helping people hack email and online gaming accounts known as Abusewith.us suffered multiple data breaches. The site allegedly had an administrator in common with the nefarious LeakedSource site, both of which have since been shut down. The exposed data included more than 1.3 million unique email addresses, often accompanied by usernames, IP addresses and plain text or hashed passwords retrieved from various sources and intended to be used to compromise the victims' accounts.
Breach date :
2016-07-01
Domain Name :
abusewith.us
Compromised accounts :
"1,372,550"
Compromised data :
Email addresses, IP addresses, Passwords, Usernames
AcneOrg
( Last Updated On ) : March 6, 2016 at 11:07:41 AMIn November 2014, the acne website acne.org suffered a data breach that exposed over 430k forum members' accounts. The data was being actively traded on underground forums and included email addresses, birth dates and passwords.
Breach date :
2014-11-25
Domain Name :
acne.org
Compromised accounts :
"432,943"
Compromised data :
Dates of birth, Email addresses, IP addresses, Passwords, Usernames
Activision
( Last Updated On ) : October 3, 2023 at 07:09:49 AMIn December 2022, attackers socially engineered an Activision HR employee into disclosing information which led to the breach of almost 20k employee records. The data contained 16k unique email addresses along with names, phone numbers, job titles and the office location of the employee. Activision advised that no sensitive employee information was included in the breach.
Breach date :
2022-12-04
Domain Name :
activision.com
Compromised accounts :
"16,006"
Compromised data :
Email addresses, Geographic locations, Job titles, Names, Phone numbers
ActMobile
( Last Updated On ) : November 9, 2021 at 07:55:03 AMIn October 2021, security researcher Bob Diachenko discovered an exposed database he attributed to ActMobile, the operators of Dash VPN and FreeVPN. The exposed data included 1.6 million unique email addresses along with IP addresses and password hashes, all of which were subsequently leaked on a popular hacking forum. Although usage of the service was verified by HIBP subscribers, ActMobile denied the data was sourced from them and the breach has subsequently been flagged as "unverified".
Breach date :
2021-10-08
Domain Name :
actmobile.com
Compromised accounts :
"1,583,193"
Compromised data :
Email addresses, IP addresses
Acuity
( Last Updated On ) : November 15, 2023 at 07:16:23 AMIn mid-2020, a 437GB corpus of data attributed to an entity named "Acuity" was created and later extensively distributed. However, the source could not be confidently verified as any known companies named Acuity. The data totalled over 14M unique email addresses with each row containing extensive personal information across more than 400 columns of data including names, phone numbers, physical addresses, genders and dates of birth.
Breach date :
2020-06-18
Domain Name :
"Unknown"
Compromised accounts :
"14,055,729"
Compromised data :
Dates of birth, Email addresses, Genders, IP addresses, Names, Phone numbers, Physical addresses, Salutations
Adapt
( Last Updated On ) : November 22, 2018 at 07:43:06 PMIn November 2018, security researcher Bob Diachenko identified an unprotected database hosted by data aggregator "Adapt". A provider of "Fresh Quality Contacts", the service exposed over 9.3M unique records of individuals and employer information including their names, employers, job titles, contact information and data relating to the employer including organisation description, size and revenue. No response was received from Adapt when contacted.
Breach date :
2018-11-05
Domain Name :
adapt.io
Compromised accounts :
"9,363,740"
Compromised data :
Email addresses, Employers, Job titles, Names, Phone numbers, Physical addresses, Social media profiles
Adecco
( Last Updated On ) : May 31, 2022 at 06:37:53 AMIn March 2021, news broke of a massive data breach impacting millions of Adecco customers in South America which was subsequently sold on a popular hacking forum. The breach exposed over 4M unique email addresses as well as genders, dates of birth, marital statuses, phone numbers and passwords stored as bcrypt hashes.
Breach date :
2021-01-03
Domain Name :
adecco.com
Compromised accounts :
"4,284,538"
Compromised data :
Email addresses, Genders, Geographic locations, Marital statuses, Names, Passwords, Phone numbers
ABFRL
( Last Updated On ) : January 15, 2022 at 03:02:43 AMIn December 2021, Indian retailer Aditya Birla Fashion and Retail Ltd was breached and ransomed. The ransom demand was allegedly rejected and data containing 5.4M unique email addresses was subsequently dumped publicly on a popular hacking forum the next month. The data contained extensive personal customer information including names, phone numbers, physical addresses, DoBs, order histories and passwords stored as MD5 hashes. Employee data was also dumped publicly and included salary grades, marital statuses and religions.
Breach date :
2021-12-01
Domain Name :
abfrl.com
Compromised accounts :
"5,470,063"
Compromised data :
Email addresses, Genders, Income levels, Job titles, Marital statuses, Names, Passwords, Phone numbers, Physical addresses, Purchases, Religions, Salutations
Adobe
( Last Updated On ) : May 15, 2022 at 11:52:49 PMIn October 2013, 153 million Adobe accounts were breached with each containing an internal ID, username, email, encrypted password and a password hint in plain text. The password cryptography was poorly done and many were quickly resolved back to plain text. The unencrypted hints also disclosed much about the passwords adding further to the risk that hundreds of millions of Adobe customers already faced.
Breach date :
2013-10-04
Domain Name :
adobe.com
Compromised accounts :
"152,445,165"
Compromised data :
Email addresses, Password hints, Passwords, Usernames
AdoptMeTradingValues
( Last Updated On ) : February 10, 2025 at 02:58:18 AMIn July 2022, the Adopt Me Trading Values website for assessing the value of pet trades within the "Adopt Me!" Roblox game suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 86k unique email addresses along with usernames (and Roblox usernames), IP addresses and bcrypt password hashes.
Breach date :
2022-07-01
Domain Name :
adoptmetradingvalues.com
Compromised accounts :
"86,136"
Compromised data :
Email addresses, IP addresses, Passwords, Usernames
Adpost
( Last Updated On ) : October 7, 2025 at 12:16:52 AMIn February 2025, data allegedly obtained from an earlier Adpost breach surfaced. The dataset contained 3.3M records including email addresses, usernames, and display names. Multiple attempts to contact Adpost regarding the incident received no response.
Breach date :
2025-02-14
Domain Name :
adpost.com
Compromised accounts :
"3,339,512"
Compromised data :
Email addresses, Names, Usernames
AdultFriendFinder
( Last Updated On ) : February 7, 2020 at 01:11:13 AMIn May 2015, the adult hookup site Adult FriendFinder was hacked and nearly 4 million records dumped publicly. The data dump included extremely sensitive personal information about individuals and their relationship statuses and sexual preferences combined with personally identifiable information.
Breach date :
2015-05-21
Domain Name :
adultfriendfinder.com
Compromised accounts :
"3,867,997"
Compromised data :
Dates of birth, Email addresses, Genders, Geographic locations, IP addresses, Races, Relationship statuses, Sexual orientations, Spoken languages, Usernames
AdultFriendFinder2016
( Last Updated On ) : February 7, 2020 at 01:11:28 AMIn October 2016, the adult entertainment company Friend Finder Networks suffered a massive data breach. The incident impacted multiple separate online assets owned by the company, the largest of which was the Adult FriendFinder website alleged to be "the world's largest sex & swinger community". Exposed data included usernames, passwords stored as SHA-1 hashes and 170 million unique email addresses. This incident is separate to the 2015 data breach Adult FriendFinder also suffered. The data was provided to HIBP by dehashed.com.
Breach date :
2016-10-16
Domain Name :
adultfriendfinder.com
Compromised accounts :
"169,746,810"
Compromised data :
Email addresses, Passwords, Spoken languages, Usernames
AdultFanFiction
( Last Updated On ) : August 6, 2018 at 08:56:03 AMIn May 2018, the website for sharing adult-orientated works of fiction known as Adult-FanFiction.Org had 186k records exposed in a data breach. The data contained names, email addresses, dates of birth and passwords stored as both MD5 hashes and plain text. AFF did not respond when contacted about the breach and the site was previously reported as compromised on the Vigilante.pw breached database directory.
Breach date :
2018-05-30
Domain Name :
adult-fanfiction.org
Compromised accounts :
"186,082"
Compromised data :
Dates of birth, Email addresses, Names, Passwords
AdvanceAutoParts
( Last Updated On ) : June 24, 2024 at 09:51:11 AMIn June 2024, Advance Auto Parts confirmed they had suffered a data breach which was posted for sale to a popular hacking forum. Linked to unauthorised access to Snowflake cloud services, the breach exposed a large number of records related to both customers and employees. In total, 79M unique email addresses were included in the breach, alongside names, phone numbers, addresses and further data attributes related to company employees.
Breach date :
2024-06-05
Domain Name :
advanceautoparts.com
Compromised accounts :
"79,243,727"
Compromised data :
Email addresses, Names, Phone numbers, Physical addresses
AerServ
( Last Updated On ) : December 6, 2018 at 02:58:12 AMIn April 2018, the ad management platform known as AerServ suffered a data breach. Acquired by InMobi earlier in the year, the AerServ breach impacted over 66k unique email addresses and also included contact information and passwords stored as salted SHA-512 hashes. The data was publicly posted to Twitter later in 2018 after which InMobi was notified and advised they were aware of the incident.
Breach date :
2018-04-01
Domain Name :
aerserv.com
Compromised accounts :
"66,308"
Compromised data :
Email addresses, Employers, Job titles, Names, Passwords, Phone numbers, Physical addresses
AgusiQTorrents
( Last Updated On ) : December 4, 2019 at 09:54:50 PMIn September 2019, Polish torrent site AgusiQ-Torrents.pl suffered a data breach. The incident exposed 90k member records including email and IP addresses, usernames and passwords stored as MD5 hashes.
Breach date :
2019-09-24
Domain Name :
agusiq-torrents.pl
Compromised accounts :
"90,478"
Compromised data :
Email addresses, IP addresses, Passwords, Usernames
AhaShare
( Last Updated On ) : November 6, 2014 at 09:47:52 PMIn May 2013, the torrent site AhaShare.com suffered a breach which resulted in more than 180k user accounts being published publicly. The breach included a raft of personal information on registered users plus despite assertions of not distributing personally identifiable information, the site also leaked the IP addresses used by the registered identities.
Breach date :
2013-05-30
Domain Name :
ahashare.com
Compromised accounts :
"180,468"
Compromised data :
Email addresses, Genders, Geographic locations, IP addresses, Partial dates of birth, Passwords, Usernames, Website activity
AIType
( Last Updated On ) : December 8, 2017 at 09:31:25 PMIn December 2017, the virtual keyboard application ai.type was found to have left a huge amount of data publicly facing in an unsecured MongoDB instance. Discovered by researchers at The Kromtech Security Center, the 577GB data set included extensive personal information including over 20 million unique email addresses, social media profiles and address book contacts. The email addresses alone were provided to HIBP to enable impacted users to assess their exposure.
Breach date :
2017-12-05
Domain Name :
aitype.com
Compromised accounts :
"20,580,060"
Compromised data :
Address book contacts, Apps installed on devices, Cellular network names, Dates of birth, Device information, Email addresses, Genders, Geographic locations, IMEI numbers, IMSI numbers, IP addresses, Names, Phone numbers, Profile photos, Social media profiles
Aimware
( Last Updated On ) : May 2, 2022 at 02:23:27 AMIn mid-2019, the video game cheats website "Aimware" suffered a data breach that exposed hundreds of thousands of subscribers' personal information. Data included email and IP addresses, usernames, forum posts, private messages, website activity and passwords stored as salted MD5 hashes.
Breach date :
2019-04-28
Domain Name :
aimware.net
Compromised accounts :
"305,470"
Compromised data :
Email addresses, IP addresses, Passwords, Private messages, Usernames, Website activity
Aipai
( Last Updated On ) : November 7, 2016 at 09:55:29 PMIn September 2016, data allegedly obtained from the Chinese gaming website known as Aipai.com and containing 6.5M accounts was leaked online. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified". The data in the breach contains email addresses and MD5 password hashes. Read more about Chinese data breaches in Have I Been Pwned.
Breach date :
2016-09-27
Domain Name :
aipai.com
Compromised accounts :
"6,496,778"
Compromised data :
Email addresses, Passwords
Ajarn
( Last Updated On ) : September 26, 2021 at 03:45:38 AMIn September 2021, the Thai-based English language teaching website Ajarn discovered they'd been the victim of a data breach dating back to December 2018. The breach was self-submitted to HIBP and included 266k email addresses, names, genders, phone numbers and other personal information. Hashed passwords were also impacted in the breach.
Breach date :
2018-12-13
Domain Name :
ajarn.com
Compromised accounts :
"266,399"
Compromised data :
Dates of birth, Education levels, Email addresses, Genders, Geographic locations, Job applications, Marital statuses, Names, Nationalities, Passwords, Phone numbers, Profile photos
AKP
( Last Updated On ) : October 1, 2017 at 03:52:37 AMIn July 2016, a hacker known as Phineas Fisher hacked Turkey's ruling party (Justice and Development Party or "AKP") and gained access to 300k emails. The full contents of the emails were subsequently published by WikiLeaks and made searchable. HIBP identified over 917k unique email address patterns in the data set, including message IDs and a number of other non-user addresses.
Breach date :
2016-07-19
Domain Name :
akparti.org.tr
Compromised accounts :
"917,461"
Compromised data :
Email addresses, Email messages
AlienStealerLogs
( Last Updated On ) : February 25, 2025 at 07:25:18 PMIn February 2025, 23 billion rows of stealer logs were obtained from a Telegram channel known as ALIEN TXTBASE. The data contained 284M unique email addresses alongside the websites they were entered into and the passwords used. This data is now searchable in HIBP by both email domain and the domain of the target website.
Breach date :
2025-02-15
Domain Name :
"Unknown"
Compromised accounts :
"284,132,969"
Compromised data :
Email addresses, Passwords
AllianzLife
( Last Updated On ) : August 18, 2025 at 08:20:19 PMIn July 2025, Allianz Life was the victim of a cyber attack which resulted in millions of records later being leaked online. Allianz attributed the attack to "a social engineering technique" which targeted data on Salesforce and resulted in the exposure of 1.1M unique email addresses, names, genders, dates of birth, phone numbers and physical addresses.
Breach date :
2025-07-16
Domain Name :
allianzlife.com
Compromised accounts :
"1,115,061"
Compromised data :
Dates of birth, Email addresses, Genders, Names, Phone numbers, Physical addresses
AlpineReplay
( Last Updated On ) : October 17, 2024 at 04:01:13 AMIn 2019, the snow sports tracking app AlpineReplay suffered a data breach that exposed 900k unique email addresses. Later rolled into the Trace service, the breach included names, usernames, genders, dates of birth, weights and passwords stored as either unsalted MD5 or bcrypt hashes.
Breach date :
2019-08-27
Domain Name :
traceup.com
Compromised accounts :
"898,681"
Compromised data :
Dates of birth, Email addresses, Genders, Names, Passwords, Physical attributes, Usernames
Altenen
( Last Updated On ) : November 5, 2024 at 06:20:27 AMIn June 2022, the malicious "carding" (referring to credit card fraud) website Altenen suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 1.3M unique email addresses, usernames, bcrypt password hashes and cryptocurrency wallet addresses.
Breach date :
2022-06-24
Domain Name :
altenens.is
Compromised accounts :
"1,267,701"
Compromised data :
Cryptocurrency wallet addresses, Email addresses, Passwords, Usernames
AmartFurniture
( Last Updated On ) : May 25, 2022 at 11:43:23 PMIn May 2022, the Australian retailer Amart Furniture advised that their warranty claims database hosted on Amazon Web Services had been the target of a cyber attack. Over 100k records containing email and physical address, names, phone numbers and passwords stored as bcrypt hashes were exposed and shared online by the attacker.
Breach date :
2022-05-16
Domain Name :
amartfurniture.com.au
Compromised accounts :
"108,940"
Compromised data :
Email addresses, Names, Passwords, Phone numbers, Physical addresses
Ancestry
( Last Updated On ) : December 24, 2017 at 04:28:45 AMIn November 2015, an Ancestry service known as RootsWeb suffered a data breach. The breach was not discovered until late 2017 when a file containing almost 300k email addresses and plain text passwords was identified.
Breach date :
2015-11-07
Domain Name :
ancestry.com
Compromised accounts :
"297,806"
Compromised data :
Email addresses, Passwords
AndroidForums
( Last Updated On ) : August 7, 2020 at 11:29:01 PMIn October 2011, the Android Forums website was hacked and 745k user accounts were subsequently leaked publicly. The compromised data included email addresses, user birth dates and passwords stored as a salted MD5 hash.
Breach date :
2011-10-30
Domain Name :
androidforums.com
Compromised accounts :
"745,355"
Compromised data :
Dates of birth, Email addresses, Homepage URLs, Instant messenger identities, IP addresses, Passwords
AndroidLista
( Last Updated On ) : October 17, 2023 at 09:18:24 PMIn July 2021, the Android applications and games review site AndroidLista suffered a data breach. The incident exposed 6.6M user records containing email addresses, names, usernames and passwords stored as salted SHA-1 hashes, all of which were subsequently posted to a popular hacking forum. AndroidLista did not respond when contacted about the breach.
Breach date :
2021-07-28
Domain Name :
androidlista.com
Compromised accounts :
"6,640,643"
Compromised data :
Email addresses, Names, Passwords, Usernames
AnimalJam
( Last Updated On ) : November 12, 2020 at 01:18:50 AMIn October 2020, the online game for kids Animal Jam suffered a data breach which was subsequently shared through online hacking communities the following month. The data contained 46 million user accounts with over 7 million unique email addresses. Impacted data also included usernames, IP addresses and for some records, dates of birth (sometimes in partial form), physical addresses, parent names and passwords stored as PBKDF2 hashes.
Breach date :
2020-10-12
Domain Name :
animaljam.com
Compromised accounts :
"7,104,998"
Compromised data :
Dates of birth, Email addresses, Genders, IP addresses, Names, Passwords, Physical addresses, Usernames
AnimeGame
( Last Updated On ) : March 9, 2020 at 05:52:08 AMIn February 2020, the gaming website AnimeGame suffered a data breach. The incident affected 1.4M subscribers and exposed email addresses, usernames and passwords stored as salted MD5 hashes. The data was subsequently shared on a popular hacking forum and was provided to HIBP by dehashed.com.
Breach date :
2020-02-27
Domain Name :
animegame.me
Compromised accounts :
"1,431,378"
Compromised data :
Email addresses, Passwords, Usernames
Animeify
( Last Updated On ) : September 21, 2025 at 07:48:38 AMIn October 2021, the now defunct Arabic language Anime website Animeify suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 808k unique email addresses along with names, usernames, genders and plain text passwords.
Breach date :
2021-10-14
Domain Name :
animeify.net
Compromised accounts :
"808,034"
Compromised data :
Email addresses, Genders, Names, Passwords, Usernames
AnimeLeague
( Last Updated On ) : July 31, 2024 at 07:57:48 AMIn July 2024, AnimeLeague disclosed a data breach of their services. The data was posted for sale on a popular hacking forum and included 2 databases covering both event registration records and a dump of the phpBB bulletin board. The impacted data included passwords in various hashed formats including SHA-1, salted md5 and bcrypt, as well as usernames, private messages, dates of birth, purchases and 192k unique email addresses.
Breach date :
2024-07-04
Domain Name :
animeleague.net
Compromised accounts :
"192,134"
Compromised data :
Dates of birth, Email addresses, IP addresses, Passwords, Phone numbers, Private messages, Purchases, Usernames
AnimePlanet
( Last Updated On ) : July 28, 2019 at 12:35:07 AMIn approximately 2016, the anime website Anime-Planet suffered a data breach that impacted 369k subscribers. The exposed data included usernames, IP and email addresses, dates of birth and passwords stored as unsalted MD5 hashes and for newer accounts, bcrypt hashes. The data was provided to HIBP by dehashed.com.
Breach date :
2016-01-01
Domain Name :
anime-planet.com
Compromised accounts :
"368,507"
Compromised data :
Dates of birth, Email addresses, IP addresses, Passwords, Usernames
Animoto
( Last Updated On ) : July 18, 2019 at 05:04:08 AMIn July 2018, the cloud-based video making service Animoto suffered a data breach. The breach exposed 22 million unique email addresses alongside names, dates of birth, country of origin and salted password hashes.
Breach date :
2018-07-10
Domain Name :
animoto.com
Compromised accounts :
"22,437,749"
Compromised data :
Dates of birth, Email addresses, Geographic locations, Names, Passwords
AntiPublic
( Last Updated On ) : May 4, 2017 at 10:07:38 PMIn December 2016, a huge list of email address and password pairs appeared in a "combo list" referred to as "Anti Public". The list contained 458 million unique email addresses, many with multiple different passwords hacked from various online systems. The list was broadly circulated and used for "credential stuffing", that is attackers employ it in an attempt to identify other online systems where the account owner had reused their password. For detailed background on this incident, read Password reuse, credential stuffing and another billion records in Have I Been Pwned.
Breach date :
2016-12-16
Domain Name :
"Unknown"
Compromised accounts :
"457,962,538"
Compromised data :
Email addresses, Passwords
ApexSMS
( Last Updated On ) : September 21, 2023 at 02:57:43 PMIn May 2019, news broke of a massive SMS spam operation known as "ApexSMS" which was discovered after a MongoDB instance of the same name was found exposed without a password. The incident leaked over 80M records with 23M unique email addresses alongside names, phone numbers and carriers, geographic locations (state and country), genders and IP addresses.
Breach date :
2019-04-15
Domain Name :
"Unknown"
Compromised accounts :
"23,246,481"
Compromised data :
Email addresses, Genders, Geographic locations, IP addresses, Names, Phone numbers, Telecommunications carrier
APKTW
( Last Updated On ) : March 9, 2024 at 12:17:54 AMIn September 2022, the Taiwanese Android forum APK.TW suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 2.5M unique email addresses along with IP addresses, usernames and salted MD5 password hashes.
Breach date :
2022-09-03
Domain Name :
apk.tw
Compromised accounts :
"2,451,197"
Compromised data :
Email addresses, IP addresses, Passwords, Usernames
Apollo
( Last Updated On ) : October 23, 2018 at 04:01:48 AMIn July 2018, the sales engagement startup Apollo left a database containing billions of data points publicly exposed without a password. The data was discovered by security researcher Vinny Troia who subsequently sent a subset of the data containing 126 million unique email addresses to Have I Been Pwned. The data left exposed by Apollo was used in their "revenue acceleration platform" and included personal information such as names and email addresses as well as professional information including places of employment, the roles people hold and where they're located. Apollo stressed that the exposed data did not include sensitive information such as passwords, social security numbers or financial data. The Apollo website has a contact form for those looking to get in touch with the organisation.
Breach date :
2018-07-23
Domain Name :
apollo.io
Compromised accounts :
"125,929,660"
Compromised data :
Email addresses, Employers, Geographic locations, Job titles, Names, Phone numbers, Salutations, Social media profiles
Appartoo
( Last Updated On ) : May 2, 2019 at 07:07:24 AMIn March 2017, the French Flatsharing site known as Appartoo suffered a data breach. The incident exposed an extensive amount of personal information on almost 50k members including email addresses, genders, ages, private messages sent between users of the service and passwords stored as SHA-256 hashes. Appartoo advised that all subscribers were notified of the incident in early 2017.
Breach date :
2017-03-25
Domain Name :
appartoo.com
Compromised accounts :
"49,681"
Compromised data :
Ages, Auth tokens, Email addresses, Employment statuses, Genders, IP addresses, Marital statuses, Names, Passwords, Physical addresses, Private messages, Social media profiles
Appen
( Last Updated On ) : July 30, 2020 at 07:00:21 AMIn June 2020, the AI training data company Appen suffered a data breach exposing the details of almost 5.9 million users which were subsequently sold online. Included in the breach were names, email addresses and passwords stored as bcrypt hashes. Some records also contained phone numbers, employers and IP addresses. The data was provided to HIBP by dehashed.com.
Breach date :
2020-06-22
Domain Name :
appen.com
Compromised accounts :
"5,888,405"
Compromised data :
Email addresses, Employers, IP addresses, Names, Passwords, Phone numbers
Aptoide
( Last Updated On ) : April 19, 2020 at 03:07:42 AMIn April 2020, the independent Android app store Aptoide suffered a data breach. The incident resulted in the exposure of 20M customer records which were subsequently shared online via a popular hacking forum. Impacted data included email and IP addresses, names, IP addresses and passwords stored as SHA-1 hashes without a salt.
Breach date :
2020-04-13
Domain Name :
aptoide.com
Compromised accounts :
"20,012,235"
Compromised data :
Browser user agent details, Email addresses, IP addresses, Names, Passwords
ArmorGames
( Last Updated On ) : April 7, 2021 at 06:28:50 AMIn January 2019, the game portal website Armor Games suffered a data breach. A total of 10.6 million email addresses were impacted by the breach which also exposed usernames, IP addresses, birthdays of administrator accounts and passwords stored as salted SHA-1 hashes.
Breach date :
2019-01-01
Domain Name :
armorgames.com
Compromised accounts :
"10,604,307"
Compromised data :
Bios, Dates of birth, Email addresses, Genders, Geographic locations, IP addresses, Passwords, Usernames
ArmyForceOnline
( Last Updated On ) : August 7, 2020 at 03:19:40 AMIn May 2016, the online gaming site Army Force Online suffered a data breach that exposed 1.5M accounts. The breached data was found being regularly traded online and included usernames, email and IP addresses and MD5 passwords.
Breach date :
2016-05-18
Domain Name :
armyforceonline.com
Compromised accounts :
"1,531,235"
Compromised data :
Avatars, Email addresses, Geographic locations, IP addresses, Names, Passwords, Usernames, Website activity
ArtistsNClients
( Last Updated On ) : October 4, 2025 at 01:05:43 AMIn August 2025, the "marketplace that connects artists to prospective clients" Artists&Clients, suffered a data breach and subsequent ransom demand of US$50k. The data was subsequently leaked publicly and included 95k unique email addresses alongside usernames, IP addresses and bcrypt password hashes.
Breach date :
2025-08-31
Domain Name :
artistsnclients.com
Compromised accounts :
"95,351"
Compromised data :
Email addresses, IP addresses, Passwords, Usernames
Artsy
( Last Updated On ) : May 25, 2020 at 09:08:08 PMIn April 2018, the online arts database Artsy suffered a data breach which consequently appeared for sale on a dark web marketplace. Over 1M accounts were impacted and included IP and email addresses, names and passwords stored as salted SHA-512 hashes.
Breach date :
2018-04-01
Domain Name :
artsy.net
Compromised accounts :
"1,079,970"
Compromised data :
Email addresses, IP addresses, Names, Passwords
Artvalue
( Last Updated On ) : July 19, 2019 at 01:35:22 PMIn June 2019, the France-based art valuation website Artvalue.com left their 158k member subscriber base publicly exposed in a text file on their website. The exposed data included names, usernames, email addresses and passwords stored as MD5 hashes. The site operator did not respond when contacted about the incident, although the exposed file was subsequently removed.
Breach date :
2019-06-19
Domain Name :
artvalue.com
Compromised accounts :
"157,692"
Compromised data :
Email addresses, Names, Passwords, Salutations, Usernames
AshleyMadison
( Last Updated On ) : August 18, 2015 at 08:55:05 PMIn July 2015, the infidelity website Ashley Madison suffered a serious data breach. The attackers threatened Ashley Madison with the full disclosure of the breach unless the service was shut down. One month later, the database was dumped including more than 30M unique email addresses. This breach has been classed as "sensitive" and is not publicly searchable, although individuals may discover if they've been impacted by registering for notifications. Read about this approach in detail.
Breach date :
2015-07-19
Domain Name :
ashleymadison.com
Compromised accounts :
"30,811,934"
Compromised data :
Dates of birth, Email addresses, Ethnicities, Genders, Names, Passwords, Payment histories, Phone numbers, Physical addresses, Security questions and answers, Sexual orientations, Usernames, Website activity
AstroPID
( Last Updated On ) : July 6, 2014 at 03:49:45 AMIn December 2013, the vBulletin forum for the social engineering site known as "AstroPID" was breached and leaked publicly. The site provided tips on fraudulently obtaining goods and services, often by providing a legitimate "PID" or Product Information Description. The breach resulted in nearly 6k user accounts and over 220k private messages between forum members being exposed.
Breach date :
2013-12-19
Domain Name :
astropid.com
Compromised accounts :
"5,788"
Compromised data :
Email addresses, Instant messenger identities, IP addresses, Names, Passwords, Private messages, Usernames, Website activity
AllegedATT
( Last Updated On ) : March 31, 2024 at 03:04:13 AMIn March 2024, tens of millions of records allegedly breached from AT&T were posted to a popular hacking forum. Dating back to August 2021, the data was originally posted for sale before later being freely released. At the time, AT&T maintained that there had not been a breach of their systems and that the data originated from elsewhere. 12 days later, AT&T acknowledged that data fields specific to them were in the breach and that it was not yet known whether the breach occurred at their end or that of a vendor. AT&T also proceeded to reset customer account passcodes, an indicator that there was sufficient belief passcodes had been compromised. The incident exposed names, email and physical addresses, dates of birth, phone numbers and US social security numbers.
Breach date :
2021-08-20
Domain Name :
"Unknown"
Compromised accounts :
"49,102,176"
Compromised data :
Dates of birth, Email addresses, Government issued IDs, Names, Phone numbers, Physical addresses
Aternos
( Last Updated On ) : October 1, 2016 at 11:42:56 PMIn December 2015, the service for creating and running free Minecraft servers known as Aternos suffered a data breach that impacted 1.4 million subscribers. The data included usernames, email and IP addresses and hashed passwords.
Breach date :
2015-12-06
Domain Name :
aternos.org
Compromised accounts :
"1,436,486"
Compromised data :
Email addresses, IP addresses, Passwords, Usernames, Website activity
AtlasQuantum
( Last Updated On ) : August 28, 2018 at 09:17:47 PMIn August 2018, the cryptocurrency investment platform Atlas Quantum suffered a data breach. The breach leaked the personal data of 261k investors on the platform including their names, phone numbers, email addresses and account balances.
Breach date :
2018-08-25
Domain Name :
atlasquantum.com
Compromised accounts :
"261,463"
Compromised data :
Account balances, Email addresses, Names, Phone numbers
Atmeltomo
( Last Updated On ) : August 22, 2023 at 01:29:29 AMIn April 2021, "Japan's largest e-mail friend search site" Atmeltomo suffered a data breach that was later sold on a popular hacking forum. The breach exposed 1.3M records with 580k unique email addresses along with usernames, IP addresses and unsalted MD5 password hashes.
Breach date :
2021-04-16
Domain Name :
atmeltomo.com
Compromised accounts :
"580,177"
Compromised data :
Email addresses, IP addresses, Passwords, Usernames
Audi
( Last Updated On ) : July 23, 2021 at 09:57:33 PMIn August 2019, Audi USA suffered a data breach after a vendor left data unsecured and exposed on the internet. The data contained 2.7M unique email addresses along with names, phone numbers, physical addresses and vehicle information including VIN. In a disclosure statement from Audi, they also advised some customers had driver's licenses, dates of birth, social security numbers and other personal information exposed.
Breach date :
2019-08-14
Domain Name :
audiusa.com
Compromised accounts :
"2,743,539"
Compromised data :
Dates of birth, Driver's licenses, Email addresses, Names, Phone numbers, Physical addresses, Social security numbers, Vehicle details
Autocentrum
( Last Updated On ) : February 9, 2018 at 12:55:26 AMIn February 2018, data belonging to the Polish motoring website autocentrum.pl was found online. The data contained 144k email addresses and plain text passwords.
Breach date :
2018-02-04
Domain Name :
autocentrum.pl
Compromised accounts :
"143,717"
Compromised data :
Email addresses, Passwords
Autotrader
( Last Updated On ) : January 23, 2023 at 06:24:21 AMIn January 2023, 1.4M records from the Autotrader online vehicle marketplace appeared on a popular hacking forum. Autotrader stated that the "data in question relates to aged listing data that was generally publicly available on our site at the time and open to automated collection methods". The data contained 20k unique email addresses alongside physical addresses and phone numbers of dealers and vehicle details including VIN numbers.
Breach date :
2023-01-06
Domain Name :
autotrader.com
Compromised accounts :
"20,032"
Compromised data :
Email addresses, Phone numbers, Physical addresses, Vehicle details, Vehicle identification numbers (VINs)
Avast
( Last Updated On ) : March 12, 2016 at 10:08:58 PMIn May 2014, the Avast anti-virus forum was hacked and 423k member records were exposed. The Simple Machines Based forum included usernames, emails and password hashes.
Breach date :
2014-05-26
Domain Name :
avast.com
Compromised accounts :
"422,959"
Compromised data :
Email addresses, Passwords, Usernames
Avito
( Last Updated On ) : November 14, 2023 at 06:51:25 AMIn November 2022, the Moroccan e-commerce service Avito suffered a data breach that exposed the personal information of 2.7M customers. The data included name, email, phone, IP address and geographic location.
Breach date :
2022-11-18
Domain Name :
avito.ma
Compromised accounts :
"2,721,835"
Compromised data :
Email addresses, Geographic locations, IP addresses, Names, Phone numbers
Avvo
( Last Updated On ) : April 15, 2022 at 03:45:01 AMIn approximately December 2019, an alleged data breach of the lawyer directory service Avvo was published to an online hacking forum and used in an extortion scam (it's possible the exposure dates back earlier than that). The data contained 4.1M unique email addresses alongside SHA-1 hashes, most likely representing user passwords. Multiple attempts at contacting Avvo over the course of a week were unsuccessful and the authenticity of the data was eventually verified with common Avvo and HIBP subscribers.
Breach date :
2019-12-17
Domain Name :
avvo.com
Compromised accounts :
"4,101,101"
Compromised data :
Email addresses, Passwords
B2BUSABusinesses
( Last Updated On ) : July 18, 2017 at 07:38:04 AMIn mid-2017, a spam list of over 105 million individuals in corporate America was discovered online. Referred to as "B2B USA Businesses", the list categorised email addresses by employer, providing information on individuals' job titles plus their work phone numbers and physical addresses. Read more about spam lists in HIBP.
Breach date :
2017-07-18
Domain Name :
"Unknown"
Compromised accounts :
"105,059,554"
Compromised data :
Email addresses, Employers, Job titles, Names, Phone numbers, Physical addresses
BabyNames
( Last Updated On ) : October 24, 2018 at 06:27:30 AMIn approximately 2008, the site to help parents name their children known as Baby Names suffered a data breach. The incident exposed 846k email addresses and passwords stored as salted MD5 hashes. When contacted in October 2018, Baby Names advised that "the breach happened at least ten years ago" and that members were notified at the time.
Breach date :
2008-10-24
Domain Name :
babynames.com
Compromised accounts :
"846,742"
Compromised data :
Email addresses, Passwords
Badoo
( Last Updated On ) : July 6, 2016 at 08:16:03 AMIn June 2016, a data breach allegedly originating from the social website Badoo was found to be circulating amongst traders. Likely obtained several years earlier, the data contained 112 million unique email addresses with personal data including names, birthdates and passwords stored as MD5 hashes. Whilst there are many indicators suggesting Badoo did indeed suffer a data breach, the legitimacy of the data could not be emphatically proven so this breach has been categorised as "unverified".
Breach date :
2013-06-01
Domain Name :
badoo.com
Compromised accounts :
"112,005,531"
Compromised data :
Dates of birth, Email addresses, Genders, Names, Passwords, Usernames
BannerBit
( Last Updated On ) : January 8, 2019 at 10:56:34 AMIn approximately December 2018, the online ad platform BannerBit suffered a data breach. Containing 213k unique email addresses and plain text passwords, the data was provided to HIBP by a third party. Multiple attempts were made to contact BannerBit, but no response was received.
Breach date :
2018-12-29
Domain Name :
bannerbit.com
Compromised accounts :
"213,415"
Compromised data :
Email addresses, Passwords
Banorte
( Last Updated On ) : August 18, 2022 at 11:36:24 PMIn August 2022, millions of records from Mexican bank "Banorte" were publicly dumped on a popular hacking forum including 2.1M unique email addresses, physical addresses, names, phone numbers, RFC (tax) numbers, genders and bank balances. Banorte have stated that the data is "outdated", although have not yet indicated how far back it dates to. Anecdotal feedback from HIBP subscribers suggests the data may date back 8 years to 2014.
Breach date :
2014-08-18
Domain Name :
banorte.com
Compromised accounts :
"2,107,000"
Compromised data :
Account balances, Email addresses, Genders, Government issued IDs, Names, Phone numbers, Physical addresses
BattlefieldHeroes
( Last Updated On ) : January 23, 2014 at 01:10:29 PMIn June 2011 as part of a final breached data dump, the hacker collective "LulzSec" obtained and released over half a million usernames and passwords from the game Battlefield Heroes. The passwords were stored as MD5 hashes with no salt and many were easily converted back to their plain text versions.
Breach date :
2011-06-26
Domain Name :
battlefieldheroes.com
Compromised accounts :
"530,270"
Compromised data :
Passwords, Usernames
Battlefy
( Last Updated On ) : July 29, 2022 at 12:24:33 AMIn January 2016, the esports website Battlefy suffered a data breach that exposed 83k customer records. The impacted data included email addresses, usernames and passwords stored as bcrypt hashes.
Breach date :
2016-01-11
Domain Name :
battlefy.com
Compromised accounts :
"83,610"
Compromised data :
Email addresses, Passwords, Usernames
BeautifulPeople
( Last Updated On ) : April 25, 2016 at 10:05:34 AMIn November 2015, the dating website Beautiful People was hacked and over 1.1M accounts were leaked. The data was being traded in underground circles and included a huge amount of personal information related to dating.
Breach date :
2015-11-11
Domain Name :
beautifulpeople.com
Compromised accounts :
"1,100,089"
Compromised data :
Beauty ratings, Car ownership statuses, Dates of birth, Drinking habits, Education levels, Email addresses, Genders, Geographic locations, Home ownership statuses, Income levels, IP addresses, Job titles, Names, Passwords, Personal descriptions, Personal interests, Physical attributes, Sexual orientations, Smoking habits, Website activity
Bell
( Last Updated On ) : February 1, 2014 at 11:57:10 PMIn February 2014, Bell Canada suffered a data breach via the hacker collective known as NullCrew. The breach included data from multiple locations within Bell and exposed email addresses, usernames, user preferences and a number of unencrypted passwords and credit card data from 40,000 records containing just over 20,000 unique email addresses and usernames.
Breach date :
2014-02-01
Domain Name :
bell.ca
Compromised accounts :
"20,902"
Compromised data :
Credit cards, Genders, Passwords, Usernames
Bell2017
( Last Updated On ) : May 16, 2017 at 01:49:31 AMIn May 2017, the Bell telecommunications company in Canada suffered a data breach resulting in the exposure of millions of customer records. The data was consequently leaked online with a message from the attacker stating that they were "releasing a significant portion of Bell.ca's data due to the fact that they have failed to cooperate with us" and included a threat to leak more. The impacted data included over 2 million unique email addresses and 153k survey results dating back to 2011 and 2012. There were also 162 Bell employee records with more comprehensive personal data including names, phone numbers and plain text "passcodes". Bell suffered another breach in 2014 which exposed 40k records.
Breach date :
2017-05-15
Domain Name :
bell.ca
Compromised accounts :
"2,231,256"
Compromised data :
Email addresses, Geographic locations, IP addresses, Job titles, Names, Passwords, Phone numbers, Spoken languages, Survey results, Usernames
Benchmark
( Last Updated On ) : January 1, 2023 at 01:52:21 AMIn November 2019, the Serbian technology news website Benchmark suffered a breach of its forum that exposed 93k customer records. The breach exposed IP and email addresses, usernames and passwords stored as salted MD5 hashes. A forum administrator subsequently advised that the breach was due to the forum previously running on an outdated vBulletin instance.
Breach date :
2019-11-01
Domain Name :
benchmark.rs
Compromised accounts :
"93,343"
Compromised data :
Email addresses, IP addresses, Passwords, Usernames
Bestialitysextaboo
( Last Updated On ) : March 29, 2018 at 06:10:06 AMIn March 2018, the animal bestiality website known as Bestialitysextaboo was hacked. A collection of various sites running on the same service were also compromised and details of the hack (including links to the data) were posted on a popular forum. In all, more than 3.2k unique email addresses were included alongside usernames, IP addresses, dates of birth, genders and bcrypt hashes of passwords.
Breach date :
2018-03-19
Domain Name :
bestialitysextaboo.com
Compromised accounts :
"3,204"
Compromised data :
Dates of birth, Email addresses, Genders, Geographic locations, IP addresses, Passwords, Private messages, Usernames
Bhinneka
( Last Updated On ) : October 6, 2022 at 05:11:47 AMIn early 2020, the Indonesian consumer electronics website Bhinneka suffered a data breach that exposed almost 1.3M customer records. The data included email and physical addresses, names, genders, dates of birth, phone numbers and salted password hashes.
Breach date :
2020-01-27
Domain Name :
bhinneka.com
Compromised accounts :
"1,274,340"
Compromised data :
Dates of birth, Email addresses, Genders, Names, Passwords, Phone numbers, Physical addresses
bigbasket
( Last Updated On ) : April 26, 2021 at 06:15:01 AMIn October 2020, the Indian grocery platform bigbasket suffered a data breach that exposed over 20 million customer records. The data was originally sold before being leaked publicly in April the following year and included email, IP and physical addresses, names, phones numbers, dates of birth passwords stored as Django(SHA-1) hashes.
Breach date :
2020-10-14
Domain Name :
bigbasket.com
Compromised accounts :
"24,500,011"
Compromised data :
Dates of birth, Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses
BigMoneyJobs
( Last Updated On ) : April 8, 2014 at 05:44:10 AMIn April 2014, the job site bigmoneyjobs.com was hacked by an attacker known as "ProbablyOnion". The attack resulted in the exposure of over 36,000 user accounts including email addresses, usernames and passwords which were stored in plain text. The attack was allegedly mounted by exploiting a SQL injection vulnerability.
Breach date :
2014-04-03
Domain Name :
bigmoneyjobs.com
Compromised accounts :
"36,789"
Compromised data :
Career levels, Education levels, Email addresses, Names, Passwords, Phone numbers, Physical addresses, Salutations, User website URLs, Website activity
BinWeevils
( Last Updated On ) : August 18, 2017 at 07:10:57 AMIn September 2014, the online game Bin Weevils suffered a data breach. Whilst originally stating that only usernames and passwords had been exposed, a subsequent story on DataBreaches.net indicated that a more extensive set of personal attributes were impacted (comments there also suggest the data may have come from a later breach). Data matching that pattern was later provided to Have I Been Pwned by @akshayindia6 and included almost 1.3m unique email addresses, genders, ages and plain text passwords.
Breach date :
2014-09-01
Domain Name :
binweevils.com
Compromised accounts :
"1,287,073"
Compromised data :
Ages, Email addresses, Genders, IP addresses, Passwords, Usernames
BiohackMe
( Last Updated On ) : August 23, 2017 at 08:47:39 PMIn December 2016, the forum for the biohacking website Biohack.me suffered a data breach that exposed 3.4k accounts. The data included usernames, email addresses and hashed passwords along with the private messages of forum members. The data was self-submitted to HIBP by the Biohack.me operators.
Breach date :
2016-12-02
Domain Name :
biohack.me
Compromised accounts :
"3,402"
Compromised data :
Email addresses, Passwords, Private messages, Usernames
BTSec
( Last Updated On ) : September 10, 2014 at 08:30:11 PMIn September 2014, a large dump of nearly 5M usernames and passwords was posted to a Russian Bitcoin forum. Whilst commonly reported as 5M "Gmail passwords", the dump also contained 123k yandex.ru addresses. Whilst the origin of the breach remains unclear, the breached credentials were confirmed by multiple source as correct, albeit a number of years old.
Breach date :
2014-01-09
Domain Name :
forum.btcsec.com
Compromised accounts :
"4,789,599"
Compromised data :
Email addresses, Passwords
BitcoinTalk
( Last Updated On ) : March 27, 2017 at 11:45:41 PMIn May 2015, the Bitcoin forum Bitcoin Talk was hacked and over 500k unique email addresses were exposed. The attack led to the exposure of a raft of personal data including usernames, email and IP addresses, genders, birth dates, security questions and MD5 hashes of their answers plus hashes of the passwords themselves.
Breach date :
2015-05-22
Domain Name :
bitcointalk.org
Compromised accounts :
"501,407"
Compromised data :
Dates of birth, Email addresses, Genders, IP addresses, Passwords, Security questions and answers, Usernames, Website activity
Bitly
( Last Updated On ) : October 6, 2017 at 08:05:10 AMIn May 2014, the link management company Bitly announced they'd suffered a data breach. The breach contained over 9.3 million unique email addresses, usernames and hashed passwords, most using SHA1 with a small number using bcrypt.
Breach date :
2014-05-08
Domain Name :
bitly.com
Compromised accounts :
"9,313,136"
Compromised data :
Email addresses, Passwords, Usernames
BitTorrent
( Last Updated On ) : June 8, 2016 at 10:49:24 AMIn January 2016, the forum for the popular torrent software BitTorrent was hacked. The IP.Board based forum stored passwords as weak SHA1 salted hashes and the breached data also included usernames, email and IP addresses.
Breach date :
2016-01-01
Domain Name :
bittorrent.com
Compromised accounts :
"34,235"
Compromised data :
Email addresses, IP addresses, Passwords, Usernames
BitView
( Last Updated On ) : December 19, 2024 at 07:46:30 AMIn December 2024, the video sharing Community BitView suffered a data breach that exposed 63k customer records. Attributed to a backup taken by a previous administrator earlier in the year, the breach exposed email and IP addresses, bcrypt password hashes, usernames, bios, private messages, video comments and for some records, gender, date of birth and country of location.
Breach date :
2024-12-14
Domain Name :
bitview.net
Compromised accounts :
"63,127"
Compromised data :
Bios, Comments, Dates of birth, Email addresses, Genders, Geographic locations, IP addresses, Passwords, Private messages, Usernames
BlackHatWorld
( Last Updated On ) : November 3, 2015 at 10:20:17 PMIn June 2014, the search engine optimisation forum Black Hat World had three quarters of a million accounts breached from their system. The breach included various personally identifiable attributes which were publicly released in a MySQL database script.
Breach date :
2014-06-23
Domain Name :
blackhatworld.com
Compromised accounts :
"777,387"
Compromised data :
Dates of birth, Email addresses, Instant messenger identities, IP addresses, Passwords, Usernames, Website activity
BlackBerryFans
( Last Updated On ) : May 16, 2022 at 02:16:15 AMIn May 2022, the Chinese BlackBerry enthusiasts website BlackBerry Fans suffered a data breach that exposed 174k member records. The impacted data included usernames, email and IP addresses and passwords stored as salted MD5 hashes.
Breach date :
2022-05-06
Domain Name :
blackberryfans.org
Compromised accounts :
"174,168"
Compromised data :
Email addresses, IP addresses, Passwords, Usernames