There is no base on any forum

There is a dehashed version

Description of the leak

Date added to HIBP

In mid-2017, a spam list of over 105 million people in corporate America was discovered on the Internet. The list, called "B2B USA Businesses," categorized email addresses by employer, providing information about individuals' jobs, as well as their work phone numbers and physical addresses. https://www.troyhunt.com/have-i-been-pwned-and-spam-lists-of-personal-information Learn more about spam lists in HIBP.< /a>

Compromised data: email addresses employers positions names phone numbers physical addresses.

https://haveibeenpwned.com/PwnedWebsites#B2BUSABBusinesses

There is a 2020 version. https://breached.to/Thread-US-Business-Data-2020-20-7MM?highlight=River+City

In mid-2011, the Russian instant messaging service known as QIP (Quiet Internet Pager) https://securityaffairs.co/wordpress/51118/data-breach/qip-data-breach.html suffered a data breach. The attack exposed over 26 million unique accounts, including email addresses and passwords, and eventually made the data public years later.

January 8, 2017

Compromised data: email addresses passwords usernames website activity.

https://haveibeenpwned.com/PwnedWebsites#QIP

In December 2018, the photo-sharing social network https://www.theregister.com/2019/02/11/620_million_hacked_accounts_dark_web/ Fotolog suffered a data breach resulting in 167 million unique email addresses. The data also included usernames and unsalted hashes SHA-256 passwords. The following year, the site was shut down and repurposed as a news website based in Brcko Bosnia and Herzegovina.

June 15, 2021

Compromised data: email addresses passwords usernames.

https://haveibeenpwned.com/PwnedWebsites#Photographer

I have 132k dehash. The full version was searched on BF, so far without success

Around March 2020, the Brazilian recruitment website https://www.binarydefense.com/threat_watch/shinyhunters-serving-up-21-new-compromised-databases/ Catho was compromised. and subsequently appeared along with 20 other hacked websites for sale on the dark web market. The leak included nearly 11 million records with 12 million unique email addresses. Usernames and passwords in plain text were also exposed. The data was provided to HIBP via https://breachbase.pw/ breachbase.pw.

August 18, 2020

Compromised data: email addresses names passwords usernames.

https://haveibeenpwned.com/PwnedWebsites#Kato

Mid 2012 real time strategy game http://thewarinc.com/ War Inc. has been leaked. over 1 million accounts including email address usernames and MD5 salted password hashes.

November 7, 2016

Compromised data: email addresses passwords usernames website activity.

https://haveibeenpwned.com/PwnedWebsites#WarInc

have 874k dehash. The full version is known to be public.

Around January 2017 https://www.heise.de/security/meldung/Little-Monsters-Nutzerdaten-aus-Lady-Gagas-Social-Network-sollen-geleakt-sein-3646447.html Lady Gaga fan site famous how Little Monsters suffered a data breach that affected 1 million accounts. The data contained the usernames of an email address, date of birth, and bcrypt password hashes.

March 7, 2017

Compromised data: birth dates email addresses passwords usernames.

https://haveibeenpwned.com/PwnedWebsites#LittleMonsters

Labeled as Not rated on breaches.net. Posted earlier on the forums, already requested on BF.

In July 2016, a hacker known as Phineas Fisher https://motherboard.vice.com/en_us/article/yp3n55/phineas-fisher-turkish-government-hack hacked into a party (the Justice and Development Party or "AKP") and gained access to 300,000 emails. The full content of the emails was subsequently published by WikiLeaks https://wikileaks.org/akp-emails/ and is searchable. HIBP identified over 917,000 unique email address patterns in the dataset, including message IDs and a number of other non-user addresses.

October 1, 2017

Compromised data: email addresses of the email message

https://haveibeenpwned.com/PwnedWebsites#AKP

Around January 2017, the cosmetics store https://www.zdnet.com/article/sephora-data-breach-hits-southeast-asia-and-anz-customers/ Sephora suffered a data breach. Affected customers in Southeast Asia Australia and New Zealand. The leak included 780,000 unique email addresses as well as names, gender, date of birth, ethnicity, and other personal information. The data was provided to HIBP by a source who asked to be attributed to "JimScott.Sec@protonmail.com".

October 6, 2019

Compromised data: dates of birth, email addresses, nationality, gender, names, physical data.

https://haveibeenpwned.com/PwnedWebsites#Sephora

I have 33k entries. The database has been queried for BF, with no response so far.

In August 2016, the Pocket PC Fan Forum https://web.archive.org/web/20210227221024/https://forum.ppcgeeks.com/site-news-announcements/153465-urgent-ppcgeeks-hacked-database-dumped. html PCCGeeks suffered a data breach that exposed over 490,000 records. The vBulletin forum hack revealed email addresses and IP addresses, usernames, date of birth, and saved passwords. as salted MD5 hashes. The data was provided to HIBP by a source who requested it be assigned to "fall1984@protonmail.com".

Compromised data: dates of birth, email addresses, IP addresses, passwords, usernames.

https://haveibeenpwned.com/PwnedWebsites#PPCGeeks

There are 297k dehash. Uploaded to BF. Nothing is known about the full version.

Carding Mafia (December 2021)

In December 2021, the Carding Mafia forum suffered a data breach that exposed the email addresses of over 300,000 members. The forum breach designed to steal and trade in stolen credit cards also exposed IP address usernames and passwords stored as MD5 hashes with a salt. This breach came just 9 months after another forum breach in March 2021.

December 28, 2021

January 16, 2022

Compromised data: email addresses IP addresses passwords usernames.

https://haveibeenpwned.com/PwnedWebsites#CardingMafiaDec2021

There is a version for March 2021. It is only 7000 lines shorter than this one.

In April 2007, the online gambling website https://www.foxybingo.com/ Foxy Bingo was hacked and hackers got 252,000 accounts. http://www.itpro.co.uk/637279/gambler-busted-flogging-stolen-data-to-gaming-firms were subsequently sold and sold and included personal information data such as plain text passwords of birth date and home addresses.

November 22, 2015

Compromised data: account balances browser user agent date of birth email addresses gender names passwords phone numbers physical addresses usernames website activity.

https://haveibeenpwned.com/PwnedWebsites#FoxyBingo

There are only dehes. Uploaded to BF. The full version is public.

Around the middle of 2015, the music tracking app http://www.soundwave.com/help/ Soundwave suffered a data breach. The leak stemmed from an incident in which "production data was used to populate a test database" and then inadvertently exposed to the MongoDB database. The data contained 130k records and included email addresses, date of birth, gender, and MD5 password hashes without salt.

March 17, 2017

Compromised data: dates of birth email addresses gender geographic location names passwords social connections.

https://haveibeenpwned.com/PwnedWebsites#Soundwave

This is a public database, previously published on the forums, but now it is difficult to find.

In mid-2015, the Dutch Minecraft site https://twitter.com/serverpact/status/772534083788365829 ServerPact was hacked and 73,000 accounts were exposed. the date of the email address and IP address, the site also exposed SHA1 password hashes with the username as the salt.

September 6, 2016

Compromised data: dates of birth, email addresses, IP addresses, passwords, usernames.

https://haveibeenpwned.com/PwnedWebsites#ServerPact

Pompompurin has a 50k partial base. The full version is considered public.

Republican Party of Texas

In September 2021, https://www.dailydot.com/debug/anonymous-texas-gop-epik/ The Texas GOP was hacked by a group claiming to be Anonymous in retaliation for the state's controversial abortion ban. and documents, including material from hosting provider Epik.The affected data included more than 72,000 unique email addresses in various tables, some also including names, geographic location data, IP addresses, and browser user agents.

September 11, 2021

October 6, 2021

Compromised data: browser user agent data email addresses geographic locations IP addresses names.

https://haveibeenpwned.com/PwnedWebsites#RepublicanPartyOfTexas

This is a public database, previously published on the forums, but now it is difficult to find.

In February 2021, the alt-tech social network https://www.troyhunt.com/gab-has-been-breached/ Gab suffered a data breach. The incident exposed nearly 70GB of data including 4 million user accounts, a small number of private chat logs, and a list of public groups and public messages made on the service. Only a small number of accounts contained email addresses and/or passwords stored in bcrypt. hashes from 665 thousand unique e-mail addresses presented in the data corpus.

March 3, 2021

Compromised data: avatars email addresses names passwords private messages usernames.

https://haveibeenpwned.com/PwnedWebsites#Gab

In a December 2013 http://www.cyberwarnews.info/2013/12/04/pixel-federation-hacked-38000-user-credentials-leaked network hack, the Slovak gaming community identified over 38,000 accounts that were promptly placed on networks. The leak included email addresses and unsalted MD5 hashed passwords, many of which were easily converted back to plain text.

December 6, 2013

Compromised data: email addresses passwords

https://haveibeenpwned.com/PwnedWebsites#PixelFederation

In July 2015, the Italian security company http://hackingteam.com/ Hacking Team experienced a serious data breach that resulted in over 400 GB of their data being found http://www.techtimes.com/articles/68204/20150711/hacking-team -hacked-400gb-data-dump-state-surveillance-exposes-dirty.htm posted to the web via torrent. Searchable data in the section "Was I scammed?" is 189 GB of PST mail folders in the dump. The contents of the PST files https://wikileaks.org/hackingteam/emails are searchable on Wikileaks.

Compromised data: email addresses of the email message

https://haveibeenpwned.com/PwnedWebsites#HackingTeam

Sometime in 2015, the Swedish magic website https://www.svenskamagic.com/ SvenskaMagic suffered a data breach that exposed over 30,000 records. Usernames were among the compromised data. email addresses and MD5 password hashes. The data was self-sent to HIBP by SvenskaMagic.

August 30, 2018

Compromised data: email addresses passwords usernames.

https://haveibeenpwned.com/PwnedWebsites#SvenskaMagic

In February 2021, https://www.theregister.com/2021/02/18/nurserycam_security_problems_footfallcam_ltd/ a number of egregious security flaws were discovered in NurseryCam's system designed for parents to remotely monitor their children while attending kindergarten. The flaws resulted in the disclosure of over 10,000 parent records before the service was shut down. Only email addresses were provided by Have I Been Pwned to ensure parents were properly notified of the incident.

February 23, 2021

Compromised data: email addresses

https://haveibeenpwned.com/PwnedWebsites#NurseryCam

Around April 2016, Marketing Automation for Agents and Professional Service Providers https://web.archive.org/web/20171020171534/https://knowncircle.com/ KnownCircle had a large amount of data received by a third party. The data belonging to the now defunct service was in JSON format and contained gigabytes of data related to the real estate and insurance sectors. apparently mainly used for marketing purposes including sent email logs and gift card tracking. A small number of passwords for KnownCircle employees were also present and stored as bcrypt hashes.

November 17, 2018

Compromised data: email addresses email messages gender names passwords phone numbers physical addresses.

https://haveibeenpwned.com/PwnedWebsites#KnownCircle

In July 2017, the Czech e-commerce website https://blog.mall.cz/o-nas/qa-vse-co-jste-chteli-vedet-o-bezpecnosti-na-mall-cz-451.html. MALL.cz suffered a data breach and 735,000 unique accounts including email addresses, phone numbers and passwords were later posted online. Passwords were stored as hashes https://pulse.michalspacek.cz/passwords/storages/site/www.mall.cz over time, a number of different algorithms of varying complexity were used. All passwords included in the public data were in plain text and were probably only those that were successfully cracked (members with strong passwords do not seem to be included). According to MALL.cz, the hack only affected accounts created before 2015.

September 4, 2017

Compromised data: email addresses names passwords phone numbers.

https://haveibeenpwned.com/PwnedWebsites#MallCZ

Marked as semi-public on breaches.net, used to be on the forums. Has already been requested

In October 2020, the Asian food delivery app https://www.reddit.com/r/UIUC/comments/j5fcjp/chowbus_is_hacked_leaks_800000_entries_of/ Chowbus suffered a data breach resulting in 800,000 records being emailed to customers. The email contained a link to a CSV file of customer data including physical addresses, phone numbers, and over 444,000 unique email addresses.

October 6, 2020

Compromised data: email addresses names phone numbers physical addresses.

https://haveibeenpwned.com/PwnedWebsites#Chowbus

Thousands of people had the base, but now it is unrealistic to find it. Even pompompurin doesn't have it.

In June 2019, https://futurezone.at/digital-life/wiener-buechereien-gehackt-daten-von-77000-nutzern-im-netz/400524190, the Vienna Library (Wiener Buchereien) suffered a data breach. The compromised data included 224,000 unique email addresses, physical addresses, phone numbers, and dates of birth. The data leak was subsequently posted on Twitter by the alleged perpetrator of the leak. .

June 28, 2019

Compromised data: dates of birth email addresses names phone numbers physical addresses.

https://haveibeenpwned.com/PwnedWebsites#WienerBuchereien

Shortly before May 2016 https://motherboard.vice.com/read/rosebuttboard-ip-board a forum known as "Rosebutt Board" was hacked and 107k accounts were exposed. The self-proclaimed "best anal fisting board for huge insertion prolapse and pink buttocks fans" contained email addresses and IP usernames and weakly stored MD5 password hashes hacked from the IP.Board forum.

Compromised data: email addresses IP addresses passwords usernames.

https://haveibeenpwned.com/PwnedWebsites#RosebuttBoard

In December 2016, the Ethereum blockchain public distributed computing platform forum https://blog.ethereum.org/2016/12/19/security-alert-12192016-ethereum-org-forums-database-compromised/ Ethereum suffered a data breach. The database contained over 16,000 unique email addresses as well as IP addresses of private forum postings and (mostly) hashed bcrypt passwords. https://www.troyhunt.com/the-ethereum-forum-was-hacked-and-theyve-voluntaries-submitted-the-data-to-have-i-been-pwned Ethereum self-selected-submit data to HIBP by providing service a list of email addresses affected by the incident.

December 16, 2016

December 20, 2016

Compromised data: email addresses IP addresses passwords private messages usernames website activity.

https://haveibeenpwned.com/PwnedWebsites#Ethereum

In March 2020 https://www.troyhunt.com/the-unattributable-lead-hunter-data-breach is a huge treasure trove of personal information called "Lead Hunter". was provided by HIBP after it was found open on a public Elasticsearch server. The data contained 69 million unique email addresses in 110 million data lines accompanied by additional personal information including names, phone numbers, gender and physical addresses. At the time of publication, the violation could not be associated with those responsible for its receipt and disclosure. The data was provided by HIBP https://dehashed.com/dehashed. com.

Compromised data: email addresses field IP addresses names phone numbers physical addresses.

https://haveibeenpwned.com/PwnedWebsites#LeadHunter

There is a fake database containing 9 million lines. https://anonfiles.com/c3OeTc5by4/Leadhunters_8.9M_usa_zip

In October and November 2018 https://blog.hackenproof.com/industry-news/new-report-unknown-data-scraper-breach/ security researcher Bob Dyachenko identified several unsecured instances of MongoDB allegedly hosted by a data aggregator. In total, there are more than 66 million records. The owner of the data cannot be identified but is assumed to have been retrieved from LinkedIn, hence the "You" header. ve Been Scraped". Posts exposed included the job and personal email addresses of the position and links to people's LinkedIn profiles.

December 6, 2018

Compromised data: email addresses employers geographic locations positions names social media profiles.

https://haveibeenpwned.com/PwnedWebsites#YouveBeenScraped

In February 2020, the Israeli marketing company https://www.databreachtoday.com/israeli-marketing-company-exposes-contacts-database-a-13785 Straffic exposed a 140 GB database. personal data. The public Elasticsearch database contained over 300 million rows with 49 million unique email addresses. The disclosed data also included names, phone numbers, physical addresses, and gender. In https://straffic.io/updates.php in his hack disclosure post, Straffic stated that "it is not possible to create a complete immune system and things like this can happen."

February 27, 2020

Compromised data: email addresses gender names phone numbers physical addresses.

https://haveibeenpwned.com/PwnedWebsites#Straffic

Fake database is widespread. There is no real information.

In November 2018 https://blog.hackenproof.com/industry-news/new-data-breach-exposes-57-million-records security researcher Bob Dyachenko discovered an insecure database allegedly hosted by a data aggregator. Upon further investigation, the data was linked to a marketing company https://web.archive.org/web/20180925092401/https://www.datanleads.com/ Data and Lead Data. An open instance of Elasticsearch contained over 44 million unique email addresses, as well as IP address names and physical addresses, phone numbers, and free/busy information. Answer from Data &amp; Leads when Bob contacted them and their site subsequently went down.

November 14, 2018

November 28, 2018

Compromised data: email addresses employers IP addresses job titles phone numbers physical addresses.

https://haveibeenpwned.com/PwnedWebsites#DataAndLeads

In June 2018, the command and control server of a malicious botnet known as "Trik Spam Botnet" https://www.bleepingcomputer.com/news/security/trik-spam-botnet-leaks-43-million-email-addresses. / was misconfigured in such a way that it exposed the email addresses of over 43 million people. The researchers who discovered the open Russian server believe that the address list was used to spread various strains of malware through malicious spam campaigns (emails designed to deliver malware).

June 14, 2018

Compromised data: email addresses

https://haveibeenpwned.com/PwnedWebsites#TrikSpamBotnet

Kayo.moe Credential Stuffing List

In September 2018, a collection of nearly 42 million plain text email and password pairs was uploaded to the anonymous file sharing service https://kayo.moe/kayo.moe</. a>. The service operator contacted HIBP to provide data that, upon further investigation, turned out to be a large list of credentials. For more information, read about https://www.troyhunt.com/the-42m-record-kayo-moe-credential-stuffing-data 42M Record kayo.moe credential stuffing data.

September 11, 2018

September 13, 2018

Compromised data: email addresses passwords

https://haveibeenpwned.com/PwnedWebsites#KayoMoe

December 2016 http://www.csoonline.com/article/3149713/security/data-enrichment-records-for-200-million-people-up-for-sale-on-the-darknet.html on the dark web over 200 million "data enrichment profiles" have been found for sale. The seller claimed that the data was from Experian and although this claim was denied by the company, the data itself was found to be legitimate, suggesting that it could have been obtained from other legitimate locations. In total, there were over 8 million unique email addresses in the data that also contained numerous other personal attributes including credit score home ownership status family structure and other fields described in the story linked above. Only email addresses were provided by HIBP.

December 23, 2016

Compromised Data: Purchasing preferences Charitable donations Credit status information Birth dates Email addresses Family composition Financial investments Homeowner status Income levels Job titles Marital status Names Net worth Phone numbers Physical addresses Political donations

https://haveibeenpwned.com/PwnedWebsites#DataEnrichment

Twitter In January 2022, a vulnerability in the Twitter platform allowed an attacker to create a database of email addresses and phone numbers of millions of users of the social platform. In a disclosure notice published later in August 2022, Twitter stated that the vulnerability was related to a June 2021 bug and that they were directly notifying affected customers. The data affected included either an email address or phone number and other public information including username, display name, biography, location, and profile photo. The data included 67 million unique email addresses in both active and suspended accounts, with the latter appearing in a separate list of 14 million addresses.

August 13, 2022

Compromised data : Biographical data Email addresses Geographic locations Names Phone numbers Profile photos Usernames

https://haveibeenpwned.com/PwnedWebsites#Twitter

Elasticsearch Instance of Sales Leads on AWS

In October 2018 https://blog.hacken.io/how-sensive-is-your-non-sensitive-data security researcher Bob Dyachenko discovered several public databases with hundreds of millions of records. One of these datasets was an Elasticsearch instance on AWS containing lead data and 5.8 million unique email addresses. The data contained information relating to individuals and the companies they worked for, including their email address names and company name. name and contact information. Despite best efforts, the owner of the data could not be identified, so this violation was named "Elasticsearch Sales Types".

November 17, 2018

Compromised data: email addresses employers names physical addresses.

https://haveibeenpwned.com/PwnedWebsites#ElasticsearchSalesLeads

In December 2015, the instant messaging app https://www.trillian.im/help/trillian-blog-and-forums-security-incident/ Trillian suffered a data breach The hack came to light in July 2016 when various personal data attributes including email address names and passwords stored as MD5 hashes with a salt.

December 27, 2015

Compromised data: birth dates email addresses IP addresses names passwords usernames.

https://haveibeenpwned.com/PwnedWebsites#Trillian

In March 2019 https://techcrunch.com/2019/04/02/inside-a-spam-operation/ a spam operation known as "Intelimost" sent millions of emails. seems to come from people the recipients knew. Security researcher https://securitydiscovery.com/massive-spam-operation-uncovered-in-a-database-leak/ Bob Dyachenko discovered over 3 million unique email addresses in the public Elasticsearch database as well as plain text passwords used to access the victim's mailbox and spam settings.

Compromised data: email addresses passwords

https://haveibeenpwned.com/PwnedWebsites#Intelimost

In September 2018, https://www.linkedin.com/pulse/another-e-marketing-database-11-million-records-bob-diachenko/ security researcher Bob Diachenko discovered a large set of personal data exposed in an insecure instance of the database Mongo data. The data was apparently used in marketing campaigns (possibly for spam purposes) but contained little identifying data about them other than the description "Yahoo_090618_ SaverSpy". ". The dataset provided by HIBP contained nearly 2.5 million unique email addresses (all from Yahoo!), along with gender names and physical addresses.

September 18, 2018

September 25, 2018

Compromised data: email addresses field names physical addresses.

https://haveibeenpwned.com/PwnedWebsites#SaverSpy

In March 2017, a backer of the project submitted a 27 GB database backup file called "Master Deeds" to HIBP. After detailed analysis later that year, the file was found to contain the personal details of tens of millions of living and deceased South Africans. The data included extensive personal attributes such as address names, ethnicity, gender, date of birth, state personal identification numbers, and 22 million email addresses. At the time of publication https://www.iafrikan.com/2017/10/18/dracore-data-sciences/ the data was claimed to be from Dracore Data Sciences. (Dracore has not yet publicly confirmed or denied that the data was sourced from their systems.) On October 18, 2017, it was discovered that the file had been posted to a public web server where it was at the root of an IP address with directory listing enabled. The file is dated April 8, 2015.

October 18, 2017

Compromised data: Birth dates Deceased statuses E-mail addresses Employers Nationalities Gender Government IDs Homeowner statuses Job titles Nationality names Phone numbers Physical addresses.

https://haveibeenpwned.com/PwnedWebsites#MasterDeeds

There was a request in the wrong thread, there was no answer

In August 2020 https://www.iafrikan.com/2020/09/01/experian-data-breach-database-public-data-information-south-africa/ Experian South Africa experienced a data breach that resulted in personal information of tens of millions of people is disclosed. Only 13 million records contained email addresses, while most of them contained government-issued identification numbers, occupational address names, and employer information, including information about another person.

September 1, 2020

Compromised data: email addresses, employers, official IDs, occupation names, phone numbers.

https://haveibeenpwned.com/PwnedWebsites#Experian2020

In July 2018, the British e-commerce company https://www.grahamcluley.com/online-fashion-shoppers-exposed-ecommerce-breach/ Fashion Nexus suffered a data breach that exposed 14 million records. Several websites developed by a subsidiary of White Room Solutions were affected by the hack, including sites such as https://jadedldn.com/ Jaded London. and http://axparis.co.uk/ AX Paris. The various sites discovered during the incident included a number of different types of data including names, phone numbers, addresses, and passwords stored as a combination of salted MD5 and SHA-1, as well as unsalted MD5 passwords. When asked by reporter Graham Cluley whether a public statement about the incident was available, the answer consisted of one word: "No." was received.

Compromised data: browser user agent data date of birth email address field IP address names passwords phone numbers physical purchase addresses.

https://haveibeenpwned.com/PwnedWebsites#WhiteRoom

Around June 2016, the real estate website https://therealdeal.com/2019/02/19/a-million-streeteasy-accounts-hacked/ StreetEasy suffered a data breach. A total of 988,000 unique email addresses were included in the leak, along with usernames and SHA-1 hashes of passwords, all of which were listed for sale on the dark web marketplace in February 2019. The data was provided by HIBP. source who asked to be referred to "JimScott.Sec@protonmail.com".

October 6, 2019

Compromised data: email addresses names passwords usernames.

https://haveibeenpwned.com/PwnedWebsites#StreetEasy

Around February 2015, the housing finance website https://web.archive.org/web/20180324231131/http://myfha.net/ MyFHA data breach which exposed nearly 1 million people's personal information. The data included extensive personal information relating to housing finance including personal contact information credit status family income loan amounts and notes on personal circumstances often related to legal issues divorces and several parties contacted HIBP with the data after which MyFHA was alerted in mid July and acknowledged the legality of the breach and then took the site offline .

August 9, 2018

Compromised data: e-mail address creditworthiness information home loan information income levels IP addresses names passwords personal descriptions of physical addresses.

https://haveibeenpwned.com/PwnedWebsites#MyFHA

In February 2020, the online store for consumer electronics wrappers https://www.slickwraps.com/blog/update/ Slickwraps suffered a data breach. in disclosing 858,000 unique email addresses in customer records and newsletter subscribers. Additional affected data included names, physical addresses, phone numbers, and purchase histories.

February 22, 2020

Compromised data: email addresses names phone numbers physical purchase addresses.

https://haveibeenpwned.com/PwnedWebsites#Slickwraps

In August 2016, the open access Swiss scientific publisher known as http://mdpi.com/MDPI obtained 175 GB of data from an unsecured Mongo database instance. The data contained email exchanges between MDPI and their authors and reviewers which included 845,000 unique email addresses. MDPI has confirmed that the system has since been secured and that no sensitive data has been touched. Thus, they concluded that there was no need to notify their subscribers due to the fact that all their authors and reviewers are available online on their website.

March 25, 2018

Compromised data: email addresses email messages IP addresses names

https://haveibeenpwned.com/PwnedWebsites#MDPI

Labeled as Not rated on breaches.net. Has already been requested.

In May 2018, a South African website for viewing traffic fines online known as https://www.iafrikan.com/2018/05/24/south-africas-viewfines-suffered-major-data-leak/ ViewFines has experienced a data breach. More than 934,000 records were exposed containing 778,000 unique email addresses, including names, phone numbers, government-issued identifiers, and passwords stored in plain text.

Compromised data: email addresses official IDs names passwords phone numbers.

https://haveibeenpwned.com/PwnedWebsites#ViewFines

November 2019 https://medium.com/dvuln/why-you-should-choo-choo-choose-to-have-a-vulnerability-disclosure-policy-2m-accounts-exposed-7cd7eaec4da5 Indian website Rail left over 2 million records in an unsecured Firebase database instance. The exposed data included 583,000 unique email addresses as well as usernames and passwords stored in plain text.

January 10, 2020

Compromised data: email addresses passwords usernames.

https://haveibeenpwned.com/PwnedWebsites#IndianRailways

In March 2018, the Florida Virtual School (FLVS) https://www.flvs.net/notices?source=homepage posted a data breach notice on their website. The school identified a data breach that occurred sometime between May 6, 2016 and February 12, 2018, and subsequently an XML file containing 368,000 student records was discovered. Each entry contained the student's name, date of birth, password, class, <em> email address, and parent email, bringing the total number of unique email addresses to 543,000. was marked as "confidential".

March 18, 2018

Compromised data: birth dates email addresses names passwords school grades (grade levels) usernames.

https://haveibeenpwned.com/PwnedWebsites#FLVS

Labeled as Not rated on breaches.net. Has already been requested.

In December 2017, a website for buying Counter-Strike skins known as http://opencsgo.com/ Open CS:GO (Counter-Strike: Global Offensive) suffered a data breach (the address after being redirected to dropgun.com). The 10 GB file contained a vast amount of personal information, including email addresses and IP addresses, phone numbers, physical addresses, and purchase histories. https://www.troyhunt.com/streamlining -data-breach-disclosures-a-step-by-step-process Many attempts have been made to contact Open CS:GO regarding the incident however no response has been received.

November 28, 2017

January 15, 2018

Compromised data: email address avatars IP addresses phone numbers physical purchase addresses social media profiles usernames.

https://haveibeenpwned.com/PwnedWebsites#OpenCSGO

In December 2017, a Brazilian online store known as https://www.databreaches.net/netshoes-customer-data-possily-hacked-500k-customers-order-info-dumped/ Netshoes posted half a million entries allegedly hacked from their systems. The company was contacted by local Brazilian media Tecmundo and subsequently reported that https://www.tecmundo.com.br/seguranca/125038-netshoes-invadida-meio-milhao-dados-clientes-vazam-internet.htm showed no signs of intrusion into the company's systems was not found. However, Netshoes' own systems successfully validate the presence of matching IDs and email addresses in the dataset, indicating a high probability that the data originated from them.

December 10, 2017

Compromised data: dates of birth, email addresses, purchase names.

https://haveibeenpwned.com/PwnedWebsites#Netshoes

In December 2021, https://twitter.com/MayhemDayOne/status/1474749233475596292 RedLine Stealer malware logs were left in the public domain and then obtained by security researcher Bob Dyachenko. The data included 441k unique email addresses of usernames and passwords as a simple text.

December 30, 2021

Compromised data: email addresses passwords usernames.

https://haveibeenpwned.com/PwnedWebsites#RedLineStealer

50k dehash. Fake. https://letsupload.cc/4dX4E669y4/50000_databases_collected_from_

In June 2017, https://www.bleepingcomputer.com/news/security/car-thieves-everywhere-rejoice-as-unsecured-database-exposes-10-million-car-vins/, researchers discovered an unsecured database with over than 10 million VINs (Vehicle Identification Numbers). It is assumed that the data came from US car dealerships. unique email addresses.

Compromised data: Birth dates Email addresses Family composition Gender Names Phone numbers Physical addresses Vehicle information.

https://haveibeenpwned.com/PwnedWebsites#VIN

In March 2017, Health Now Networks, a telemarketing service https://www.databreaches.net/leak-of-diabetic-patients-data-highlights-risks-of-giving-info-to-telemarketers, left a database containing hundreds of thousands of medical records . In total, there were over 900,000 records containing significant amounts of personal information including names, dates of birth, various medical conditions, and operator notes about people. ' Health Data included more than 320,000 unique email addresses.

Compromised data: birth dates email addresses gender health insurance information IP addresses names personal health information phone numbers physical addresses security questions and answers social connections.

https://haveibeenpwned.com/PwnedWebsites#HealthNowNetworks

In September 2016, the real estate investment site https://realestatemogul.com/ Real Estate Mogul compromised a Mongo database instance and 5 GB of data uploaded by an unauthorized user. The data contained listings of properties including addresses and names of phone numbers and 308,000 unique seller email addresses. Real Estate Mogul was informed of the incident in September 2018 and stated that they "did not find instances of user credentials such as usernames. and passwords or billing information in this file."

September 6, 2016

September 24, 2018

Compromised data: email addresses names phone numbers physical addresses.

https://haveibeenpwned.com/PwnedWebsites#RealEstateMogul

In July 2015, the Seedpeer torrent site was hacked and the records of 282,000 members were exposed. The data included email address usernames and passwords stored as weak MD5 hashes.

March 9, 2016

Compromised data: email addresses passwords usernames.

https://haveibeenpwned.com/PwnedWebsites#Seedpeer

In September 2015, the non-consensual voyeur site "The Candid Board" was leaked. The vBulletin forum hack resulted in the exposure of over 178,000 accounts, as well as email addresses and IP addresses of birth dates and MD5 hashed passwords.

September 3, 2015

January 22, 2017

Compromised data: birth dates email addresses geographic locations IP addresses passwords usernames website activity.

https://haveibeenpwned.com/PwnedWebsites#TheCandidBoard

In January 2017, automated telephony services company https://www.zdnet.com/article/republican-polling-firm-hacked-exposing-donor-records/ Victory Phones left the public Mongo DB database without a password. Subsequently, 213 GB of data was downloaded by an unauthorized party, including names, addresses, phone numbers, and more than 166,000 unique email addresses.

October 11, 2017

Compromised data: dates of birth email addresses IP addresses names phone numbers physical addresses.

https://haveibeenpwned.com/PwnedWebsites#VictoryPhones

In February 2015, the Moldovan internet provider Starnet http://www.moldova.org/the-database-of-an-internet-provider-from-moldova-was-stolen-and-published/ The database was published in the Internet. The dump contained about 140,000 email addresses, many of which contained personal data including ISP usage pattern contact information and even passport numbers.

Compromised data: customer interactions date of birth email addresses IP address field MAC addresses names passport numbers passwords phone numbers.

https://haveibeenpwned.com/PwnedWebsites#StarNet

In July 2016, the Indian food delivery service https://www.freshmenu.com/ FreshMenu suffered a data breach. The incident exposed the personal details of over 110,000 customers and included their names, email addresses, phone numbers, home addresses, and order history. When the incident was reported, FreshMenu admitted to being aware of the hack but stated that it had decided not to notify affected customers.

September 10, 2018

Compromised data: device information email addresses phone numbers physical purchase addresses.

https://haveibeenpwned.com/PwnedWebsites#FreshMenu

Telecom Regulatory Authority of India

In April 2015, the Telecommunications Regulatory Authority of India (TRAI) http://www.dnaindia.com/scitech/report-email-savetheinternet-net-neutrality-campaign-public-privacy-spam-phishing-2081037 published tens of thousands of emails sent citizens of India in support of net neutrality as part of the SaveTheInternet campaign. The published data included lists of emails including the sender's name and email address, as well as email content often with signatures including other personal details.

April 27, 2015

Compromised data: email addresses of the email message

https://haveibeenpwned.com/PwnedWebsites#TRAI

In January 2022, French Apple news site https://www.macg.co/macgeneration/2022/02/macgeneration-victime-dune-attaque-informatique-127149 MacGeneration suffered a data breach. The incident exposed more than 100,000 usernames, email addresses and passwords stored as SHA-512 hashes with a salt. Upon discovering the incident, MacGeneration submitted the data to HIBP on its own.

March 3, 2022

Compromised data: email addresses passwords usernames.

https://haveibeenpwned.com/PwnedWebsites#MacGeneration

Labeled as Not rated on breaches.net. Has already been requested.

In May 2015, almost 100,000 user records were extracted from a Hungarian torrent site known as Teracod. It was later discovered that this data was downloaded via torrent and included email addresses, passwords, private messages between members, and peering history of IP addresses using the service.

August 22, 2016

Compromised data: email avatars IP addresses passwords payment history private messages usernames website activity.

https://haveibeenpwned.com/PwnedWebsites#Teracod

Labeled as Not rated on breaches.net. Was requested twice.

In December 2017, the stock market news website http://theflyonthewall.com/ The Fly on the Wall suffered a data breach. The data breach included 84,000 unique email addresses as well as purchase histories and credit card details. Numerous attempts were made to contact The Fly on the Wall regarding the incident, but no replies were received.

December 31, 2017

January 15, 2018

Compromised data: Age groups Credit cards Email addresses Gender Names Passwords Phone numbers Physical addresses Purchases Usernames.

https://haveibeenpwned.com/PwnedWebsites#TheFlyOnTheWall

In February 2016, the online trucking simulator mod https://truckersmp.com/en_US/blog/8 TruckersMP suffered a data breach that exposed 84,000 user accounts. first for "Have I Been Pwned" https://www.troyhunt.com/100-data-breaches-later-have-i-been-pwned-gets-its-first-self-submission/ the stolen data was submitted by the organization itself who hacked herself.

April 24, 2016

Compromised data: email addresses passwords usernames.

https://haveibeenpwned.com/PwnedWebsites#TruckersMP

In September 2016, http://eservices.durban.gov.za/ a new website eThekwini eServices in South Africa was launched with a number of security holes due to which on http://mybroadband.co.za/news/ security/179064-ethekwini-municipality-leaking-private-details-of-over-300000-residents.html leaked the personal information and utility bills of more than 98,000 residents through 82,000 unique email addresses. Before launch, emails were sent containing passwords in plain text and the site allowed anyone to upload utility bills without sufficient authentication. Various ways of collecting customer data were possible, and phishing attacks began to appear the very next day after launch.

September 7, 2016

September 15, 2016

Compromised data: dates of birth date of death email addresses gender official IDs names passport numbers passwords phone numbers physical addresses utility bills.

https://haveibeenpwned.com/PwnedWebsites#eThekwiniMunicipality

In May 2013, the non-consensual voyeur site "Non Nude Girls" suffered a data breach. A vBulletin forum hack resulted in over 75,000 accounts being exposed, along with email addresses and IP addresses, plain text names and passwords.

January 25, 2017

Compromised data: email addresses IP addresses names passwords usernames website activity.

https://haveibeenpwned.com/PwnedWebsites#NonNudeGirls

In February 2017, mobile device monitoring software developer Retina-X was hacked and customer data was downloaded before being wiped from their servers. The incident was described in a Motherboard article titled https://motherboard.vice.com/en_us/article/inside-stalkerware-surveillance-market-flexispy-retina-x Inside the "Stalkerware" surveillance market where regular people tap each other's phones. The service used to monitor mobile devices has 71k email addresses and MD5 hashes without salt disclosure. Retina-X http://www.phonesheriff. com/blog/retina-x-studios-server-breached-by-hackers/ disclosed the incident in a blog post dated April 27, 2017.

April 30, 2017

Compromised data: email addresses passwords

https://haveibeenpwned.com/PwnedWebsites#RetinaX

In December 2017 the Swiss online DVD shop known as https://www.melani.admin.ch/melani/de/home/dokumentation/newsletter/passwoerter-von-70000-e-mail-konten-im-umlauf.html dvd-shop.ch has been leaked. The incident resulted in the disclosure of 68,000 email addresses and unencrypted passwords. The site has since been updated to indicate that it is currently closed.

December 10, 2017

Compromised data: email addresses passwords

https://haveibeenpwned.com/PwnedWebsites#DVDShopCH

Labeled as Not rated on breaches.net. It was requested, but not even pompompurin saw it.

In October 2021, the fantasy premier league (football) website https://fantasyfootballhub.co.uk/we-have-suffered-a-cyber-attack/ Fantasy Football Hub suffered a data breach that exposed 66,000 unique email addresses. The data included usernames, transaction IP addresses, and passwords stored as WordPress MD5 hashes.

October 7, 2021

Compromised data: email addresses IP addresses names passwords purchases usernames.

https://haveibeenpwned.com/PwnedWebsites#FantasyFootballHub

In early 2021, the Polish torrent site Devil-Torrents.pl suffered a data breach. A subset of the data, including 63,000 unique email addresses and cracked passwords, was later released to the popular data breach exchange.

Compromised data: email addresses passwords

https://haveibeenpwned.com/PwnedWebsites#DevilTorrents

In February 2014, Connecticut-based Spirol Fastening Solutions http://news.softpedia.com/news/Details-of-70-000-Users-Leaked-by-Hackers-From-Systems-of-SPIROL-International- 428669.shtml. suffered a data breach that exposed over 70,000 customer records. The attack was allegedly orchestrated using a SQL injection vulnerability, which resulted in data being obtained from the Spirol CRM system, starting with the company's customer names, contact information, and more than 55,000 unique email addresses.

February 22, 2014

Compromised data: email addresses employers positions names phone numbers physical addresses.

https://haveibeenpwned.com/PwnedWebsites#Spirol

In September 2021, https://www.bankinfosecurity.com/articles.php?art_id=17696, a public PostgresSQL database owned by the Playbook service was discovered. The database, operated by venture capital firm Plug and Play Ventures, has been open since October 2020 and contained over 50,000 unique email addresses, job titles, and passwords stored as PBKDF2 hashes. notified of the disclosed data in order to properly protect them. It is unknown if Plug and Play Ventures notified affected individuals when they stopped responding to press inquiries.

October 11, 2021

Compromised data: email addresses, job titles, passwords, phone numbers, social media profiles.

https://haveibeenpwned.com/PwnedWebsites#Playbook

In July 2018, employees of the Lanwar gaming site https://lanwar.com/ discovered a data breach that they believe occurred over the past few months. The data contained 45,000 email addresses, usernames, and plain text passwords. A Lanwar employee self-reported the breach to HIBP and also contacted the relevant authorities about the incident after discovering a phishing attempt to extort bitcoins from the user.

August 8, 2018

Compromised data: email addresses names passwords physical addresses usernames.

https://haveibeenpwned.com/PwnedWebsites#Lanwar

SpyFone left terabytes of data publicly available in August 2018 https://motherboard.vice.com/en_us/article/9kmj4v/spyware-company-spyfone-terabytes-data-exposed-online-leak. The data collected secretly while the victims were using their devices included photographs of audio recordings of text messages and browsing history which were then exposed due to a series of misconfigurations in SpyFone's systems. belonged to thousands of SpyFone customers and included 44,000 unique email addresses, many of which likely belonged to the people the targeted phones had contacted.

August 24, 2018

Compromised data: audio recordings browsing history device information email addresses geographic location IMEI numbers IP addresses names passwords photos SMS messages.

https://haveibeenpwned.com/PwnedWebsites#SpyFone

In February 2014, the British directory of services and businesses known as the Muslim Directory was attacked by a hacker known as @th3inf1d3l. As a result, the data was released and included the web accounts of tens of thousands of users who contained data including their names, home address, age, group, email, website activity, and plain text password.

February 23, 2014

Compromised data: age groups email addresses employers names passwords phone numbers physical addresses website activity.

https://haveibeenpwned.com/PwnedWebsites#MuslimDirectory

In May 2014, over 25,000 user accounts were hacked from an Asian gay bisexual and transgender lesbian website known as "Fridae". The attack that https://twitter.com/Survela/status/463327706361659392 announced on Twitter appears to have been https://pastebin.com/ipFKjv6z initiated by Deletesec who claim that "digital weapons will destroy all secrets in governments and corporations". The exposed data included a password stored in plain text.

Compromised data: email addresses passwords usernames website activity.

https://haveibeenpwned.com/PwnedWebsites#Fridae

In January 2018, the Joomla template website https://www.joomlart.com/ JoomlArt inadvertently found over 22,000 unique customer records in a Jira ticket. data is taken from iJoomla and JomSocial services that https://www.joomlart.com/blog/joomlart-acquires-ijoomla-and-jomsocial JoomlArt purchased last year. The data included purchase email address usernames and passwords stored as MD5 hashes. When contacted, JoomlArt was informed that they were aware of the incident and had previously notified affected parties.

November 1, 2018

Compromised data: email addresses names passwords payment history usernames.

https://haveibeenpwned.com/PwnedWebsites#JoomlArt

Labeled as Not rated on breaches.net. Has already been requested.

In August 2015, the video sharing and bookmarking site https://www.reddit.com/r/pwned/comments/3h4tud/myvidstercom_hacked_1_million_member_database/ MyVidster was hacked. and nearly 20,000 accounts have been deleted online, including email address usernames and hashed passwords.

October 10, 2015

Compromised data: email addresses passwords usernames.

https://haveibeenpwned.com/PwnedWebsites#MyVidster

Labeled as Not rated on breaches.net. Has already been requested.

Societa Italiana degli Authorized Editori

In November 2018, the Societa Italiana degli Autori ed Editori (Italian Society of Authors and Publishers or SIAE) https://www.repubblica.it/tecnologia/sicurezza/2018/11/03/news/tecnologia_altro_attacco_di_anonplus_bucato_il_sito_della_siae_e_rubati_4_giga_4/5ref-dati =search was hacked defaced and almost 4 GB of data was published via Twitter. This data included the email address names and passwords of over 14,000 registered users.

November 7, 2018

Compromised data: email addresses IP addresses names passwords phone numbers.

https://haveibeenpwned.com/PwnedWebsites#SIAE

In September 2019, the Halloween costume store https://www.thehalloweenspot.com/ The Halloween Spot suffered a data breach. Initially misattributed to the costume store https://www.smiffys.com/ The Smiffys leak contained 13 GB of data with over 10,000 unique email addresses as well as physical and IP addresses, phone numbers and history order. The Halloween Spot told customers that the breach was traced back to "an old shipping database."

September 27, 2019

March 16, 2020

Compromised data: email addresses IP addresses names phone numbers physical purchase addresses.

https://haveibeenpwned.com/PwnedWebsites#HalloweenSpot

UN Internet Governance Forum

In February 2014, the Internet Governance Forum (established by the United Nations for policy dialogue on Internet governance issues) hacked-3215-accounts-leaked/ was attacked by a hacker collective known as Deletesec. Despite being tasked with "ensuring the security and stability of the Internet," the IGF website was still hacked and 3,200 email addresses, usernames, and cryptographically stored passwords were leaked.

February 23, 2014

Compromised data: email addresses names passwords usernames.

https://haveibeenpwned.com/PwnedWebsites#IGF

In November 2018, a WordPress sandbox service that allows people to create temporary websites https://wpsandbox.io/ WP Sandbox discovered that their service was being used to host a phishing site trying to collect Microsoft OneDrive accounts. After identifying the malicious site, WP Sandbox took it down, contacted 858 people who provided it with information and then self-submitted their addresses to HIBP. The phishing page requested both email addresses and passwords.

November 4, 2018

November 6, 2018

Compromised data: email addresses passwords

https://haveibeenpwned.com/PwnedWebsites#WPSandbox

River City Media Spam List

January 2017 https://web.archive.org/web/20170426084052/https://mackeeper.com/blog/post/339-spammergate-the-fall-of-an-empire River City Media Huge Dataset was found on the web. The data was found to contain nearly 14 billion records including email addresses and IP addresses, names and physical addresses that were used as part of a massive anti-spam operation. After deduplication, the exposed data contained 393 million unique email addresses.

March 8, 2017

Compromised data: email addresses IP addresses names of physical addresses.

https://haveibeenpwned.com/PwnedWebsites#RiverCityMedia

At the moment, it does not exist in the public domain. There is a password-protected archive without a password, possibly a fake.

In May 2022, Hong Kong-based Manga https://mangatoon.mobi/ Mangatoon suffered a data breach that exposed the records of 23 million subscribers. The hack exposed email address names, social media account IDs, authentication tokens from social logins, and passwords stored as MD5 hashes with a salt. Mangatoon did not respond to multiple attempts to contact the breach.

Compromised data: authentication tokens avatars email addresses gender names passwords social media profiles usernames.

https://haveibeenpwned.com/PwnedWebsites#Mangatoon

This database was hacked by pompompurin. 07/07/2022 promised to post in a couple of weeks

In February 2020, https://www.troyhunt.com/the-unattributable-db8151dd-data-breach, a huge treasure trove of personal information called "db8151dd" was made available to HIBP after it was found open on a public Elasticsearch server. It was later determined that the disclosed data emanating from the Covve contacts app included extensive personal information and interactions between Covve users and their contacts. The data was provided to HIBP by https://dehashed.com/dehashed.com.

Compromised data: email addresses, job titles, phone numbers, physical addresses, social media profiles.

https://haveibeenpwned.com/PwnedWebsites#db8151dd

Only 5 people own it, private, currently on sale for $4,000

April 2021 https://www.bleepingcomputer.com/news/security/dominos-india-discloses-data-breach-after-hackers-sell-data-online/ 13TB of compromised Domino's India is up for sale on a hacker forum after which the company admitted a serious data leak dated March. The compromised data included 225 million unique email addresses, phone numbers, order history, and physical data. addresses.

Compromised data: email addresses names phone numbers physical purchase addresses.

https://haveibeenpwned.com/PwnedWebsites#DominosIndia

Only 100k is available for credits. The rest was for sale.

In May 2022, the QuestionPro survey website became the target of an extortion attempt due to alleged data breach. It is claimed that over 100 GB of data containing 22 million unique email addresses (some of which appear to be generated by the platform) were extracted from the service, along with IP addresses by browser user agents and survey-related results. QuestionPro would not confirm if a breach occurred (although they did confirm that they were the target of an extortion attempt), so the data was initially marked as "untested". https://twitter.com/troyhunt/status/1555696116351377410 Subsequent verification by affected HIBP subscribers later resulted in the unverified flag being removed.

August 5, 2022

Compromised data: browser user agent data email addresses IP addresses polling results.

https://haveibeenpwned.com/PwnedWebsites#QuestionPro

Only pompompurin has it. Maybe put it on 100k BF participants

In January 2021, Night Lion Security detected over 11 million unique email addresses as well as a large amount of personal information, including physical names and IP addresses, phone numbers and dates of birth. Some records also contained social security numbers, driver's licenses, personal financial information, and health-related data, depending on where the information came from. Initially attributed to Astoria https://astoriacompany.com/cyber-update/ they subsequently investigated the incident and confirmed that the data was not received from their services.

March 24, 2021

Compromised data: bank account numbers credit status information birth dates email addresses employers health insurance information income levels IP addresses names personal health data telephone numbers physical addresses smoking habits social security numbers.

https://haveibeenpwned.com/PwnedWebsites#Astoria

There are 300,000 lines on a BF called "Astoria". Only three people have a complete leak

Around November 2016, search engine optimization company RankWatch publicly released the passwordless Mongo database, after which their data was removed and posted on an online forum. The data contained 74 million unique email addresses as well as employer names, phone numbers and job titles in a table called "us_emails". When RankWatch was contacted and reported the incident, it did not disclose the purpose of the data, where it was obtained from, or whether the owners of the data had consented to the collection. The forum where the data was originally posted explained that it was "in the same vein as the modbsolutions leak" - a large list of corporate data allegedly used for spam.

November 19, 2016

November 3, 2017

Compromised data: email addresses employers positions names phone numbers.

https://haveibeenpwned.com/PwnedWebsites#Rankwatch

This is a semi-private database that is not publicly available.

In August 2021, the subtitle site https://forum.opensubtitles.org/viewtopic.php?f=1&amp;p=46835 Open Subtitles suffered a data breach and subsequent ransom demand. The hack exposed the personal data of nearly 7 million subscribers including email addresses and IP addresses, usernames, user country, and passwords stored as unsalted MD5 hashes.

January 19, 2022

Compromised data: email addresses geographic locations IP addresses passwords usernames.

https://haveibeenpwned.com/PwnedWebsites#OpenSubtitles

Around the end of 2015, http://quinstreet.com/ QuinStreet, a maker of effective marketing products, compromised a number of its online assets. The attack affected 28 separate sites, predominantly technology forums, such as http://quinstreet.com/flashkit.com http://quinstreet.com/" codeguru.com and http://quinstreet.com/ webdeveloper.com (https:// pastebin.com /raw/6p50GgCV (see full list of sites) QuinStreet reports that affected users have been notified and passwords have been reset.The data contained details of more than 4.9 million people and included date of birth email addresses and salted MD5 hashes.

December 14, 2015

December 17, 2016

Compromised data: dates of birth email addresses IP addresses passwords usernames website activity.

https://haveibeenpwned.com/PwnedWebsites#QuinStreet

In November 2015 https://www.troyhunt.com/2015/11/when-children-are-breached-inside.html hackers extracted over 4.8 million parent and 227,000 child accounts from the company's Learning Lodge website Vtech. The Hong Kong-based company produces educational products for children, including software sold through a hacked website. The data breach exposed extensive personal data including home addresses, security questions and answers, and passwords stored as weak MD5 hashes. In addition, data about the children were disclosed, including names, age, gender, and associations with their parents' records.

November 13, 2015

November 25, 2015

Compromised data: birth dates email addresses family names gender IP addresses names passwords physical addresses security questions and answers usernames website activity.

https://haveibeenpwned.com/PwnedWebsites#VTech

January 2021 https://www.troyhunt.com/data-from-the-emotet-malware-is-now-searchable-in-have-i-been-pwned-courtesy-of-the-fbi-and - nhtcu The FBI partnered with the Dutch NHTCU, the German BKA and other international law enforcement agencies to destroy the world's most dangerous malware: Emotet. The agencies received the data collected by the malware and submitted the affected email addresses to HIBP so that affected individuals and registrants can assess their impact. -i-been-pwned-courtesy-of-the-fbi-and-nhtcu Learn more about removal and recommended actions.

April 26, 2021

Compromised data: email addresses passwords

https://haveibeenpwned.com/PwnedWebsites#Emotet

The database has never been published in the public domain

Club Penguin Rewritten (July 2019)

In July 2019, the children's gaming site https://community.cprewrite.net/ Club Penguin Rewriting (CPRewrite) suffered a data breach (note: CPRewrite is an independent recreation of Disney's Club Penguin game). In addition to the earlier data breach that affected 17 million accounts, the subsequent breach revealed 4 million unique email addresses and IP addresses, usernames and passwords stored as bcrypt hashes.

Compromised data: email addresses IP addresses passwords usernames.

https://haveibeenpwned.com/PwnedWebsites#ClubPenguinRewriteJul2019

In September 2016, almost 21 GB of data from a French website was used for "a standardized and decentralized exchange for publishing articles in newsgroups" http://www.nemoweb.net/ NemoWeb was leaked from an insecure Mongo database. The data consisted of a large volume of emails sent to the service and included nearly 35 million unique addresses, although many of these were generated automatically. Several attempts were made to contact the NemoWeb operators but there was no response.

September 4, 2016

September 19, 2018

Compromised data: email addresses names

https://haveibeenpwned.com/PwnedWebsites#NemoWeb

This is a semi-private base, it was sold on various forums.

In March 2021, manga fansite https://portswigger.net/daily-swig/mangadex-website-taken-offline-following-cyber-attack-data-breach MangaDex suffered a data breach that exposed nearly 3 million subscribers . The data included email addresses and IP addresses, usernames and passwords stored as bcrypt hashes. Subsequently, the data was distributed among hacker groups.

April 25, 2021

Compromised data: email addresses IP addresses passwords usernames.

https://haveibeenpwned.com/PwnedWebsites#MangaDex

allegedly found this database: https://ddownload.com/iumcc8au9r93/MangaDex.org_database_leaked_March_2021.rar It turned out to be Xsplit 2013. Then another one - https://anonfiles.com/D559i2taud/MDex.org_March_2021_rar. The original base is private, according to breaches.net