Stay Updated With The Latest Data Breaches

ApexSMS - 23,246,481 breached accounts

In May 2019, news broke of a massive SMS spam operation known as "ApexSMS" which was discovered after a MongoDB instance of the same name was found exposed without a password. The incident leaked over 80M records with 23M unique email addresses alongside names, phone numbers and carriers, geographic locations (state and country), genders and IP addresses.

Posted on Thu, 21 Sep 2023 14:57:43 Z

dBforums - 363,468 breached accounts

In July 2016, a data breach of the now defunct database forum "dBforums" appeared for sale alongside several others hacked from the parent company, Penton. The breach of the vBulletin based forum contained 363k unique email addresses alongside usernames, IP addresses, dates of birth and salted MD5 password hashes.

Posted on Wed, 20 Sep 2023 07:26:28 Z

MalindoAir - 4,328,232 breached accounts

In early 2019, the Malaysian airline Malindo Air suffered a data breach that exposed tens of millions of customer records. Containing 4.3M unique email addresses, the breach also exposed extensive personal information including names, dates of birth, genders, physical addresses, phone numbers and passport details. The data was later extensively shared on popular hacking forums.

Posted on Thu, 14 Sep 2023 08:52:38 Z

Viva Air - 932,232 breached accounts

In March 2022, the now defunct Columbian airline Viva Air suffered a data breach and subsequent ransomware attack. Among a trove of other ransomed data, the incident exposed a log of 2.6M transactions with 932k unique email addresses, physical and IP addresses, names, phone numbers and partial credit card data (last 4 digits).

Posted on Mon, 11 Sep 2023 07:11:30 Z

Dymocks - 836,120 breached accounts

In September 2023, the Australian book retailer Dymocks announced a data breach. The data dated back to June 2023 and contained 1.2M records with 836k unique email addresses. The breach also exposed names, dates of birth, genders, phone numbers and physical addresses.

Posted on Fri, 08 Sep 2023 07:35:22 Z

Phished Data via CERT Poland - 67,943 breached accounts

In August 2023, CERT Poland observed a phishing campaign that collected credentials from 68k victims. The campaign collected email addresses and passwords via a phishing email masquerading as a purchase order confirmation. CERT Poland identified a further 202 other phishing campaigns operating on the same C2 server, which has now been dismantled.

Posted on Thu, 31 Aug 2023 05:53:44 Z

Pampling - 383,468 breached accounts

In January 2020, the online clothing retailer Pampling suffered a data breach that exposed 383k unique customer email addresses. The data was later shared on a popular hacking forum and also included names, usernames and unsalted MD5 password hashes.

Posted on Thu, 31 Aug 2023 05:09:24 Z

PlayCyberGames - 3,681,753 breached accounts

In August 2023, PlayCyberGames which "allows users to play any games with LAN function or games using IP address" suffered a data breach which exposed 3.7M customer records. The data included email addresses, usernames and MD5 password hashes with a constant value in the "salt" field. PlayCyberGames did not respond to multiple attempts to disclose the breach.

Posted on Thu, 31 Aug 2023 02:22:55 Z

SevenRooms - 1,205,385 breached accounts

In December 2022, over 400GB of data belonging to restaurant customer management platform SevenRooms was posted for sale to a popular hacking forum. The data included 1.2M unique email addresses alongside names and purchases. SevenRooms advised that the breach was due to unauthorised access of "a file transfer interface of a third-party vendor".

Posted on Thu, 24 Aug 2023 21:49:00 Z

Duolingo - 2,676,696 breached accounts

In August 2023, 2.6M records of data scraped from Duolingo were broadly distributed on a popular hacking forum. Obtained by enumerating a vulnerable API, the data had earlier appeared for sale in January 2023 and contained email addresses, names, the languages being learned, XP (experience points), and other data related to learning progress on Duolingo. Whilst some of the data attributes are intentionally public, the ability to map private email addresses to them presents an ongoing risk to user privacy.

Posted on Wed, 23 Aug 2023 04:31:08 Z

Atmeltomo - 580,177 breached accounts

In April 2021, "Japan's largest e-mail friend search site" Atmeltomo suffered a data breach that was later sold on a popular hacking forum. The breach exposed 1.3M records with 580k unique email addresses along with usernames, IP addresses and unsalted MD5 password hashes.

Posted on Tue, 22 Aug 2023 01:29:29 Z

iMenu360 - 3,425,860 breached accounts

In approximately late 2022, 3.4M customer records from iMenu360 ("The world's #1 most trusted online ordering platform") were exposed. The data appeared to be from ordering systems using the platform and contained email and physical addresses, latitudes and longitudes, names and phone numbers. Numerous attempts were made to contact iMenu360 about the incident between April and August 2023, but no response was received.

Posted on Thu, 17 Aug 2023 20:55:07 Z

Manipulated Caiman - 39,901,389 breached accounts

In July 2023, Perception Point reported on a phishing operation dubbed "Manipulated Caiman". Targeting primarily the citizens of Mexico, the campaign attempted to gain access to victims' bank accounts via spear phishing attacks using malicious attachments. Researchers obtained almost 40M email addresses targeted in the campaign and provided the data to HIBP to alert potential victims.

Posted on Tue, 15 Aug 2023 07:06:49 Z

Jobzone - 29,708 breached accounts

In April 2023, data from the Israeli jobs website Jobzone was posted online. The data included 30k records of email addresses, names, social security numbers, genders, dates of birth, fathers' names and physical addresses.

Posted on Tue, 15 Aug 2023 02:43:10 Z

Rightbiz - 65,376 breached accounts

In June 2023, data belonging to the "UK's No.1 Business Marketplace" Rightbiz appeared on a popular hacking forum. Comprising of more than 18M rows of data, the breach included 65k unique email addresses along with names, phone numbers and physical address. Rightbiz didn't respond to mulitple attempts to disclose the incident. The data was provided to HIBP by a source who requested it be attributed to "https://discord.gg/gN9C9em".

Posted on Thu, 10 Aug 2023 22:11:35 Z

CraftRise - 2,532,527 breached accounts

In May 2023, news broke of a data breach of the Turkish Minecraft server known as CraftRise. The data of over 2.5M users was subsequently shared on a popular hacking forum and included email addresses, usernames, geographic locations and plain text passwords. The newest records indicate the data was obtained in March 2022.

Posted on Tue, 08 Aug 2023 07:57:30 Z

MagicDuel - 138,443 breached accounts

In August 2023, the MagicDuel Adventure website suffered a data breach that exposed 138k user records. The data included player names, email and IP addresses and bcrypt password hashes.

Posted on Wed, 02 Aug 2023 23:22:58 Z

BreachForums - 212,156 breached accounts

In November 2022, the well-known hacking forum "BreachForums" was itself, breached. Later the following year, the operator of the website was arrested and the site seized by law enforcement agencies. The breach exposed 212k records including usernames, IP and email addresses, private messages between site members and passwords stored as argon2 hashes. The data was provided to HIBP by a source who requested it be attributed to "breached_db_person".

Posted on Wed, 26 Jul 2023 21:08:55 Z

BookCrossing - 1,582,323 breached accounts

In August 2022, the book social networking site BookCrossing disclosed a data breach that dated back to a database backup from November 2012. The incident exposed almost 1.6M records including names, usernames, email and IP addresses, dates of birth and plain text passwords.

Posted on Tue, 25 Jul 2023 02:24:52 Z

Tigo - 700,394 breached accounts

In Mid-2023, 300GB of data containing over 100M records from the Chinese video chat platform "Tigo" dating back to March that year was discovered. The data contained over 700k unique names, usernames, email and IP addresses, genders, profile photos and private messages. Tigo did not respond to multiple attempts to disclose the incident.

Posted on Mon, 24 Jul 2023 23:25:32 Z

Stay Updated With The Latest Data Breaches

Recently Added Breaches

ApexSMS - 23,246,481 breached accounts

dBforums - 363,468 breached accounts

MalindoAir - 4,328,232 breached accounts

Viva Air - 932,232 breached accounts

Dymocks - 836,120 breached accounts

Phished Data via CERT Poland - 67,943 breached accounts

Pampling - 383,468 breached accounts

PlayCyberGames - 3,681,753 breached accounts

SevenRooms - 1,205,385 breached accounts

Duolingo - 2,676,696 breached accounts

Atmeltomo - 580,177 breached accounts

iMenu360 - 3,425,860 breached accounts

Manipulated Caiman - 39,901,389 breached accounts

Jobzone - 29,708 breached accounts

Rightbiz - 65,376 breached accounts

CraftRise - 2,532,527 breached accounts

MagicDuel - 138,443 breached accounts

BreachForums - 212,156 breached accounts

BookCrossing - 1,582,323 breached accounts

Tigo - 700,394 breached accounts

Proactive Email Security: Tools and Best Practices for Businesses

Related Posts

Categories

Our Services

Managed Cloud Services

Managed Cybersecurity

Experience Managed IT

Stay Updated With The Latest Data Breaches

Recently Added Breaches

Proactive Email Security: Tools and Best Practices for Businesses

Share This Post

Related Posts

Categories

Our Services

Share This Post

Related Posts

Categories

Our Services

Industries We Serve

Our Locations