online florist BloomsToday
In April 2024, 15M records from the online florist BloomsToday. The most recent data in the breach corpus was from November 2023 and appeared alongside 3.2M unique email addresses, names, phone numbers physical addresses and partial credit card data (card type, 4 digits of the number and expiry date). The breach did not expose sufficient card data to make purchases. Blooms Today did not respond when contacted about the incident.
Compromised data: Email addresses, Names, Partial credit card data, Phone numbers, Physical addresses
π½ βοΈ
In April 2024, 15M records from the online florist BloomsToday. The most recent data in the breach corpus was from November 2023 and appeared alongside 3.2M unique email addresses, names, phone numbers physical addresses and partial credit card data (card type, 4 digits of the number and expiry date). The breach did not expose sufficient card data to make purchases. Blooms Today did not respond when contacted about the incident.
Compromised data: Email addresses, Names, Partial credit card data, Phone numbers, Physical addresses
π½ βοΈ
π΅ Store Dennis Kirk
In October 2024, almost 20GB of data containing 1.3M unique email addresses from motorcycle supplies store Dennis Kirk was circulated. Dating back to September 2021, the data also contained purchases from the online store along with customer names, phone numbers and postcodes.
Compromised data: Email addresses, Geographic locations, Names, Phone numbers, Purchases
π
In October 2024, almost 20GB of data containing 1.3M unique email addresses from motorcycle supplies store Dennis Kirk was circulated. Dating back to September 2021, the data also contained purchases from the online store along with customer names, phone numbers and postcodes.
Compromised data: Email addresses, Geographic locations, Names, Phone numbers, Purchases
π
company Ticketek
In May 2024, the Australian event ticketing company Ticketek reported a data breach linked to a third party cloud-based platform. The following month, the data appeared for sale on a popular hacking forum and was later linked to a series of breaches of the Snowflake cloud storage service. The data contained almost 30M rows with 17.6M unique email addresses alongside names, genders, dates of birth and hashed passwords.
Compromised data: Dates of birth, Email addresses, Genders, Names, Passwords, Salutations
π
In May 2024, the Australian event ticketing company Ticketek reported a data breach linked to a third party cloud-based platform. The following month, the data appeared for sale on a popular hacking forum and was later linked to a series of breaches of the Snowflake cloud storage service. The data contained almost 30M rows with 17.6M unique email addresses alongside names, genders, dates of birth and hashed passwords.
Compromised data: Dates of birth, Email addresses, Genders, Names, Passwords, Salutations
π
HuntStand
In March 2024, millions of records scraped from the hunting and land management service HuntStand were publicly posted. The data included 2.8M unique email addresses with many records also containing name, date of birth and country.
Compromised data: Dates of birth, Email addresses, Geographic locations, Names
π«
In March 2024, millions of records scraped from the hunting and land management service HuntStand were publicly posted. The data included 2.8M unique email addresses with many records also containing name, date of birth and country.
Compromised data: Dates of birth, Email addresses, Geographic locations, Names
π«
Lookiero
In August 2024, a data breach from the Lookiero is online shopping service for women was posted. Dating back to March 2024, the data included 5M unique email addresses, with many of the records also including name, phone number and physical address.
Compromised data: Email addresses, Names, Phone numbers, Physical addresses
π©ββοΈ
In August 2024, a data breach from the Lookiero is online shopping service for women was posted. Dating back to March 2024, the data included 5M unique email addresses, with many of the records also including name, phone number and physical address.
Compromised data: Email addresses, Names, Phone numbers, Physical addresses
π©ββοΈ
Minecraft service VimeWorld
In October 2018, the Russian Minecraft service VimeWorld suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 3.1M records of usernames, email and IP addresses and passwords stored as either MD5 or bcrypt hashes.
Compromised data: Email addresses, IP addresses, Passwords, Usernames
In October 2018, the Russian Minecraft service VimeWorld suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 3.1M records of usernames, email and IP addresses and passwords stored as either MD5 or bcrypt hashes.
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Explore Talent
In February 2022, a data breach attributed to Explore Talent was publicly posted to a popular hacking forum. Containing 5.8M rows with 5.5M unique email addresses, the incident has been described by various sources as occurring between early 2022 to 2023 and also contains names, phone numbers and physical addresses.
Note: This version contains more strings than the version added to HIBP, and it also contains additional fields such as username and plaintext password
Compromised data: Email addresses, Names, Phone numbers, Physical addresses, Passwords, Usernames
In February 2022, a data breach attributed to Explore Talent was publicly posted to a popular hacking forum. Containing 5.8M rows with 5.5M unique email addresses, the incident has been described by various sources as occurring between early 2022 to 2023 and also contains names, phone numbers and physical addresses.
Note: This version contains more strings than the version added to HIBP, and it also contains additional fields such as username and plaintext password
Compromised data: Email addresses, Names, Phone numbers, Physical addresses, Passwords, Usernames
MovieBoxPro
In April 2024, over 6M records from the streaming service MovieBoxPro were scraped from a vulnerable API. Of questionable legality, the service provided no contact information to disclose the incident, although reportedly the vulnerability was rectified after being mass enumerated.
Compromised data: Email addresses, Usernames
π
In April 2024, over 6M records from the streaming service MovieBoxPro were scraped from a vulnerable API. Of questionable legality, the service provided no contact information to disclose the incident, although reportedly the vulnerability was rectified after being mass enumerated.
Compromised data: Email addresses, Usernames
π
Trello
In January 2024, data was scraped from Trello and posted. Containing over 15M email addresses, names and usernames, the data was obtained by enumerating a publicly accessible resource using email addresses from previous breach corpuses. Trello advised that no unauthorised access had occurred."Trello had an open API endpoint that allows any unauthenticated user to map an email address to a trello account.
Compromised data: Email addresses, Names
In January 2024, data was scraped from Trello and posted. Containing over 15M email addresses, names and usernames, the data was obtained by enumerating a publicly accessible resource using email addresses from previous breach corpuses. Trello advised that no unauthorised access had occurred."Trello had an open API endpoint that allows any unauthenticated user to map an email address to a trello account.
Compromised data: Email addresses, Names
Naz.API
In September 2023, over 100GB of stealer logs and credential stuffing lists titled "Naz.API" was posted to a popular hacking forum. The incident contained a combination of email address and plain text password pairs alongside the service they were entered into, and standalone credential pairs obtained from unnamed sources. In total, the leak included 71M unique email addresses and 100M unique passwords.
This leak is over 104.35GB uncompressed and 22.4GB compressed.
Compromised data: Email addresses, Passwords
In September 2023, over 100GB of stealer logs and credential stuffing lists titled "Naz.API" was posted to a popular hacking forum. The incident contained a combination of email address and plain text password pairs alongside the service they were entered into, and standalone credential pairs obtained from unnamed sources. In total, the leak included 71M unique email addresses and 100M unique passwords.
This leak is over 104.35GB uncompressed and 22.4GB compressed.
Compromised data: Email addresses, Passwords
[2022] Twitter account data for 2,873,410,842 accounts (103 GB). This is a pretty specific dataset that doesn't contain any sensitive data and would be interesting for analysts or to check for other leaks.
ID,name,screen_name,location,url,device,created date
π°
ID,name,screen_name,location,url,device,created date
magnet:?xt=urn:btih:C963982C4FFA264FE76EC5918F83DD775521201B&dn=twitter_users_csv
π°
Hotel Anker Eggenstein.
Country Hotel - Restaurant
Zum Goldenen Anker , HauptstraΓe 16 β 20
76344 Eggenstein-Leopoldshafen, Telefon: 0721 / 70 60 29
Mail: info@hotel-anker-eggenstein.de.
The leak includes certificates, licenses, receipts, financial statements, office documents, invoices, email archives, customer contact details and addresses.
π©πͺ
Country Hotel - Restaurant
Zum Goldenen Anker , HauptstraΓe 16 β 20
76344 Eggenstein-Leopoldshafen, Telefon: 0721 / 70 60 29
Mail: info@hotel-anker-eggenstein.de.
The leak includes certificates, licenses, receipts, financial statements, office documents, invoices, email archives, customer contact details and addresses.
π©πͺ
in early 2024, a large corpus of data from DemandScience (a company owned by Pure Incubation), appeared for sale on a popular hacking forum. Later attributed to a leak from a decommissioned legacy system, the breach contained extensive data that was largely business contact information aggregated from public sources. Specifically, the data included 122M unique corporate email addresses, physical addresses, phone numbers, employers and job titles. It also included names and for many individuals, a link to their LinkedIn profile.
Compromised data: Email addresses, IP addresses, Job titles, Names, Passwords, Phone numbers, Physical addresses
#
π½ βοΈ
Compromised data: Email addresses, IP addresses, Job titles, Names, Passwords, Phone numbers, Physical addresses
#
PureIncubationπ½ βοΈ
SOCRadar
In August 2024, over 332M rows of email addresses were posted to a popular hacking forum. The post alleged the addresses were scraped from cybersecurity firm SOCRadar, however an investigation on their behalf concluded that "the actor merely utilised functionalities inherent in the platform's standard offerings, designed to gather information from publicly available sources". There is no suggestion the incident compromised SOCRadar's security or posed any risk to their customers. In total, the data set contained 282M unique addresses of valid email address format.
Compromised data: Email addresses
π½ βοΈ
In August 2024, over 332M rows of email addresses were posted to a popular hacking forum. The post alleged the addresses were scraped from cybersecurity firm SOCRadar, however an investigation on their behalf concluded that "the actor merely utilised functionalities inherent in the platform's standard offerings, designed to gather information from publicly available sources". There is no suggestion the incident compromised SOCRadar's security or posed any risk to their customers. In total, the data set contained 282M unique addresses of valid email address format.
Compromised data: Email addresses
π½ βοΈ
monespaceprime.engie.fr
In April 2023, the one of the subdomains (monespaceprime.engie.fr ) of engie.fr - French multinational utility company which operates in the fields of electricity generation and distribution, natural gas, nuclear, renewable energy and petroleum was breached and exposed over 157k website clients. The breach included over 109k unique email addresses, genders, geographic locations, names, phone numbers and purchases.
Compromised data: Email addresses, Genders, Geographic locations, Names, Phone numbers, Purchases, Website activity
βοΈ
In April 2023, the one of the subdomains (monespaceprime.engie.fr ) of engie.fr - French multinational utility company which operates in the fields of electricity generation and distribution, natural gas, nuclear, renewable energy and petroleum was breached and exposed over 157k website clients. The breach included over 109k unique email addresses, genders, geographic locations, names, phone numbers and purchases.
Compromised data: Email addresses, Genders, Geographic locations, Names, Phone numbers, Purchases, Website activity
βοΈ
In 2024, the The Singapore Eye & Vision Clinic has allegedly become the latest victim of a data breach. The exposed data contains over 813k patients and includes over 26k unique email addresses, patients age and dates of birth, genders, geographic locations, races, names, nationalities and phone numbers.
Compromised data: Ages, Dates of birth, Email addresses, Genders, Geographic locations, Names, Nationalities, Passwords, Phone numbers, Races
π
Compromised data: Ages, Dates of birth, Email addresses, Genders, Geographic locations, Names, Nationalities, Passwords, Phone numbers, Races
π
In May 2024, the spyware service pcTattletale suffered a data breach that defaced the website and posted tens of gigabytes of data to the homepage, allegedly due to pcTattletale not responding to a previous security vulnerability report. The breach exposed data including membership records, infected PC names, captured messages and extensive logs of IP addresses and device information.Note:Since we don't have a complete leak, we've moved the @Blastoise version to the official Processed CSV section. If you have a complete leak and want to provide it, please contact @Addka72424 via pm or create thread with it.
Compromised data: Device information, Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses, SMS messages, Usernames
β οΈ
Compromised data: Device information, Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses, SMS messages, Usernames
β οΈ
On May 4, the Tamil Nadu Police Facial Recognition Portal, which allows the search of criminals, missing persons and others was breached.
The perpetrators found a database holding 6 millions records of such individuals; including picture, full name, FIR numbers and similar information. It was not possible to extract the pictures, although, the so-called threat actors managed to export more than 1.2 million rows of useful data anyways.
β Credentials and data were then posted in BF to be sold. As no interest was shown, it was decided to be shared publicly.
π°
The perpetrators found a database holding 6 millions records of such individuals; including picture, full name, FIR numbers and similar information. It was not possible to extract the pictures, although, the so-called threat actors managed to export more than 1.2 million rows of useful data anyways.
β Credentials and data were then posted in BF to be sold. As no interest was shown, it was decided to be shared publicly.
π°
In November 2016, the website lupaworld.com which is a chinese open source community website about technology was breached and 523k user accounts
Compromised data: Email addresses, IP addresses, Passwords, Usernames
π€
Compromised data: Email addresses, IP addresses, Passwords, Usernames
π€
π
In November 2016, the website lupaworld.com which is a chinese open source community website about technology was breached and 523k user accounts were breached.In 2024 this leak was reposted by @dodococks on BreachForums.
Compromised data: Email addresses, IP addresses, Passwords, Usernames
πΎ
In November 2016, the website lupaworld.com which is a chinese open source community website about technology was breached and 523k user accounts were breached.In 2024 this leak was reposted by @dodococks on BreachForums.
Compromised data: Email addresses, IP addresses, Passwords, Usernames
πΎ
π
On August 30 of 2023, Freecycle, a nonprofit organization operating in the United States and the United Kingdom, detected the data breach and promptly alerted affected users. In the notification, Freecycle confirmed that the exposed data included email addresses, md5 hashed passwords, usernames, and User IDs. However, they reassured users that no further personal information had been compromised and data breach has affected more than 7 million subscribers globally.In 2024, part of the data, which included 2.5 million users, was published on BreachForums by user @Moonshine. Please note that this is partial data, if you have complete data and you want to post it on the forum, then create a thread or contact @Addka72424 via pm.
Compromised data: Email addresses, Passwords, Usernames
πΏ
On August 30 of 2023, Freecycle, a nonprofit organization operating in the United States and the United Kingdom, detected the data breach and promptly alerted affected users. In the notification, Freecycle confirmed that the exposed data included email addresses, md5 hashed passwords, usernames, and User IDs. However, they reassured users that no further personal information had been compromised and data breach has affected more than 7 million subscribers globally.In 2024, part of the data, which included 2.5 million users, was published on BreachForums by user @Moonshine. Please note that this is partial data, if you have complete data and you want to post it on the forum, then create a thread or contact @Addka72424 via pm.
Compromised data: Email addresses, Passwords, Usernames
πΏ