HuntStand
In March 2024, millions of records scraped from the hunting and land management service HuntStand were publicly posted. The data included 2.8M unique email addresses with many records also containing name, date of birth and country.
Compromised data: Dates of birth, Email addresses, Geographic locations, Names
π«
In March 2024, millions of records scraped from the hunting and land management service HuntStand were publicly posted. The data included 2.8M unique email addresses with many records also containing name, date of birth and country.
Compromised data: Dates of birth, Email addresses, Geographic locations, Names
π«
Lookiero
In August 2024, a data breach from the Lookiero is online shopping service for women was posted. Dating back to March 2024, the data included 5M unique email addresses, with many of the records also including name, phone number and physical address.
Compromised data: Email addresses, Names, Phone numbers, Physical addresses
π©ββοΈ
In August 2024, a data breach from the Lookiero is online shopping service for women was posted. Dating back to March 2024, the data included 5M unique email addresses, with many of the records also including name, phone number and physical address.
Compromised data: Email addresses, Names, Phone numbers, Physical addresses
π©ββοΈ
Minecraft service VimeWorld
In October 2018, the Russian Minecraft service VimeWorld suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 3.1M records of usernames, email and IP addresses and passwords stored as either MD5 or bcrypt hashes.
Compromised data: Email addresses, IP addresses, Passwords, Usernames
In October 2018, the Russian Minecraft service VimeWorld suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 3.1M records of usernames, email and IP addresses and passwords stored as either MD5 or bcrypt hashes.
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Explore Talent
In February 2022, a data breach attributed to Explore Talent was publicly posted to a popular hacking forum. Containing 5.8M rows with 5.5M unique email addresses, the incident has been described by various sources as occurring between early 2022 to 2023 and also contains names, phone numbers and physical addresses.
Note: This version contains more strings than the version added to HIBP, and it also contains additional fields such as username and plaintext password
Compromised data: Email addresses, Names, Phone numbers, Physical addresses, Passwords, Usernames
In February 2022, a data breach attributed to Explore Talent was publicly posted to a popular hacking forum. Containing 5.8M rows with 5.5M unique email addresses, the incident has been described by various sources as occurring between early 2022 to 2023 and also contains names, phone numbers and physical addresses.
Note: This version contains more strings than the version added to HIBP, and it also contains additional fields such as username and plaintext password
Compromised data: Email addresses, Names, Phone numbers, Physical addresses, Passwords, Usernames
MovieBoxPro
In April 2024, over 6M records from the streaming service MovieBoxPro were scraped from a vulnerable API. Of questionable legality, the service provided no contact information to disclose the incident, although reportedly the vulnerability was rectified after being mass enumerated.
Compromised data: Email addresses, Usernames
π
In April 2024, over 6M records from the streaming service MovieBoxPro were scraped from a vulnerable API. Of questionable legality, the service provided no contact information to disclose the incident, although reportedly the vulnerability was rectified after being mass enumerated.
Compromised data: Email addresses, Usernames
π
Trello
In January 2024, data was scraped from Trello and posted. Containing over 15M email addresses, names and usernames, the data was obtained by enumerating a publicly accessible resource using email addresses from previous breach corpuses. Trello advised that no unauthorised access had occurred."Trello had an open API endpoint that allows any unauthenticated user to map an email address to a trello account.
Compromised data: Email addresses, Names
In January 2024, data was scraped from Trello and posted. Containing over 15M email addresses, names and usernames, the data was obtained by enumerating a publicly accessible resource using email addresses from previous breach corpuses. Trello advised that no unauthorised access had occurred."Trello had an open API endpoint that allows any unauthenticated user to map an email address to a trello account.
Compromised data: Email addresses, Names
Naz.API
In September 2023, over 100GB of stealer logs and credential stuffing lists titled "Naz.API" was posted to a popular hacking forum. The incident contained a combination of email address and plain text password pairs alongside the service they were entered into, and standalone credential pairs obtained from unnamed sources. In total, the leak included 71M unique email addresses and 100M unique passwords.
This leak is over 104.35GB uncompressed and 22.4GB compressed.
Compromised data: Email addresses, Passwords
In September 2023, over 100GB of stealer logs and credential stuffing lists titled "Naz.API" was posted to a popular hacking forum. The incident contained a combination of email address and plain text password pairs alongside the service they were entered into, and standalone credential pairs obtained from unnamed sources. In total, the leak included 71M unique email addresses and 100M unique passwords.
This leak is over 104.35GB uncompressed and 22.4GB compressed.
Compromised data: Email addresses, Passwords
[2022] Twitter account data for 2,873,410,842 accounts (103 GB). This is a pretty specific dataset that doesn't contain any sensitive data and would be interesting for analysts or to check for other leaks.
ID,name,screen_name,location,url,device,created date
π°
ID,name,screen_name,location,url,device,created date
magnet:?xt=urn:btih:C963982C4FFA264FE76EC5918F83DD775521201B&dn=twitter_users_csv
π°
Hotel Anker Eggenstein.
Country Hotel - Restaurant
Zum Goldenen Anker , HauptstraΓe 16 β 20
76344 Eggenstein-Leopoldshafen, Telefon: 0721 / 70 60 29
Mail: info@hotel-anker-eggenstein.de.
The leak includes certificates, licenses, receipts, financial statements, office documents, invoices, email archives, customer contact details and addresses.
π©πͺ
Country Hotel - Restaurant
Zum Goldenen Anker , HauptstraΓe 16 β 20
76344 Eggenstein-Leopoldshafen, Telefon: 0721 / 70 60 29
Mail: info@hotel-anker-eggenstein.de.
The leak includes certificates, licenses, receipts, financial statements, office documents, invoices, email archives, customer contact details and addresses.
π©πͺ
in early 2024, a large corpus of data from DemandScience (a company owned by Pure Incubation), appeared for sale on a popular hacking forum. Later attributed to a leak from a decommissioned legacy system, the breach contained extensive data that was largely business contact information aggregated from public sources. Specifically, the data included 122M unique corporate email addresses, physical addresses, phone numbers, employers and job titles. It also included names and for many individuals, a link to their LinkedIn profile.
Compromised data: Email addresses, IP addresses, Job titles, Names, Passwords, Phone numbers, Physical addresses
#
π½ βοΈ
Compromised data: Email addresses, IP addresses, Job titles, Names, Passwords, Phone numbers, Physical addresses
#
PureIncubationπ½ βοΈ
SOCRadar
In August 2024, over 332M rows of email addresses were posted to a popular hacking forum. The post alleged the addresses were scraped from cybersecurity firm SOCRadar, however an investigation on their behalf concluded that "the actor merely utilised functionalities inherent in the platform's standard offerings, designed to gather information from publicly available sources". There is no suggestion the incident compromised SOCRadar's security or posed any risk to their customers. In total, the data set contained 282M unique addresses of valid email address format.
Compromised data: Email addresses
π½ βοΈ
In August 2024, over 332M rows of email addresses were posted to a popular hacking forum. The post alleged the addresses were scraped from cybersecurity firm SOCRadar, however an investigation on their behalf concluded that "the actor merely utilised functionalities inherent in the platform's standard offerings, designed to gather information from publicly available sources". There is no suggestion the incident compromised SOCRadar's security or posed any risk to their customers. In total, the data set contained 282M unique addresses of valid email address format.
Compromised data: Email addresses
π½ βοΈ
monespaceprime.engie.fr
In April 2023, the one of the subdomains (monespaceprime.engie.fr ) of engie.fr - French multinational utility company which operates in the fields of electricity generation and distribution, natural gas, nuclear, renewable energy and petroleum was breached and exposed over 157k website clients. The breach included over 109k unique email addresses, genders, geographic locations, names, phone numbers and purchases.
Compromised data: Email addresses, Genders, Geographic locations, Names, Phone numbers, Purchases, Website activity
βοΈ
In April 2023, the one of the subdomains (monespaceprime.engie.fr ) of engie.fr - French multinational utility company which operates in the fields of electricity generation and distribution, natural gas, nuclear, renewable energy and petroleum was breached and exposed over 157k website clients. The breach included over 109k unique email addresses, genders, geographic locations, names, phone numbers and purchases.
Compromised data: Email addresses, Genders, Geographic locations, Names, Phone numbers, Purchases, Website activity
βοΈ
In 2024, the The Singapore Eye & Vision Clinic has allegedly become the latest victim of a data breach. The exposed data contains over 813k patients and includes over 26k unique email addresses, patients age and dates of birth, genders, geographic locations, races, names, nationalities and phone numbers.
Compromised data: Ages, Dates of birth, Email addresses, Genders, Geographic locations, Names, Nationalities, Passwords, Phone numbers, Races
π
Compromised data: Ages, Dates of birth, Email addresses, Genders, Geographic locations, Names, Nationalities, Passwords, Phone numbers, Races
π
In May 2024, the spyware service pcTattletale suffered a data breach that defaced the website and posted tens of gigabytes of data to the homepage, allegedly due to pcTattletale not responding to a previous security vulnerability report. The breach exposed data including membership records, infected PC names, captured messages and extensive logs of IP addresses and device information.Note:Since we don't have a complete leak, we've moved the @Blastoise version to the official Processed CSV section. If you have a complete leak and want to provide it, please contact @Addka72424 via pm or create thread with it.
Compromised data: Device information, Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses, SMS messages, Usernames
β οΈ
Compromised data: Device information, Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses, SMS messages, Usernames
β οΈ
On May 4, the Tamil Nadu Police Facial Recognition Portal, which allows the search of criminals, missing persons and others was breached.
The perpetrators found a database holding 6 millions records of such individuals; including picture, full name, FIR numbers and similar information. It was not possible to extract the pictures, although, the so-called threat actors managed to export more than 1.2 million rows of useful data anyways.
β Credentials and data were then posted in BF to be sold. As no interest was shown, it was decided to be shared publicly.
π°
The perpetrators found a database holding 6 millions records of such individuals; including picture, full name, FIR numbers and similar information. It was not possible to extract the pictures, although, the so-called threat actors managed to export more than 1.2 million rows of useful data anyways.
β Credentials and data were then posted in BF to be sold. As no interest was shown, it was decided to be shared publicly.
π°
In November 2016, the website lupaworld.com which is a chinese open source community website about technology was breached and 523k user accounts
Compromised data: Email addresses, IP addresses, Passwords, Usernames
π€
Compromised data: Email addresses, IP addresses, Passwords, Usernames
π€
π
In November 2016, the website lupaworld.com which is a chinese open source community website about technology was breached and 523k user accounts were breached.In 2024 this leak was reposted by @dodococks on BreachForums.
Compromised data: Email addresses, IP addresses, Passwords, Usernames
πΎ
In November 2016, the website lupaworld.com which is a chinese open source community website about technology was breached and 523k user accounts were breached.In 2024 this leak was reposted by @dodococks on BreachForums.
Compromised data: Email addresses, IP addresses, Passwords, Usernames
πΎ
π
On August 30 of 2023, Freecycle, a nonprofit organization operating in the United States and the United Kingdom, detected the data breach and promptly alerted affected users. In the notification, Freecycle confirmed that the exposed data included email addresses, md5 hashed passwords, usernames, and User IDs. However, they reassured users that no further personal information had been compromised and data breach has affected more than 7 million subscribers globally.In 2024, part of the data, which included 2.5 million users, was published on BreachForums by user @Moonshine. Please note that this is partial data, if you have complete data and you want to post it on the forum, then create a thread or contact @Addka72424 via pm.
Compromised data: Email addresses, Passwords, Usernames
πΏ
On August 30 of 2023, Freecycle, a nonprofit organization operating in the United States and the United Kingdom, detected the data breach and promptly alerted affected users. In the notification, Freecycle confirmed that the exposed data included email addresses, md5 hashed passwords, usernames, and User IDs. However, they reassured users that no further personal information had been compromised and data breach has affected more than 7 million subscribers globally.In 2024, part of the data, which included 2.5 million users, was published on BreachForums by user @Moonshine. Please note that this is partial data, if you have complete data and you want to post it on the forum, then create a thread or contact @Addka72424 via pm.
Compromised data: Email addresses, Passwords, Usernames
πΏ
π
In April 2024, a threat actor named 'Perell', previously linked to an alleged 2023 data breach at Bharat Sanchar Nigam Limited (BSNL), released a database purportedly containing 2.9 million BSNL records on the dark web. This data was originally part of an extortion scheme announced by Perell in December 2023 on BreachForums, despite BSNL not confirming a breach at the time.
Compromised data: Email addresses, Names, Phone numbers, Physical addresses, Purchases
πΏ
In April 2024, a threat actor named 'Perell', previously linked to an alleged 2023 data breach at Bharat Sanchar Nigam Limited (BSNL), released a database purportedly containing 2.9 million BSNL records on the dark web. This data was originally part of an extortion scheme announced by Perell in December 2023 on BreachForums, despite BSNL not confirming a breach at the time.
Compromised data: Email addresses, Names, Phone numbers, Physical addresses, Purchases
πΏ
π
n 2024, over 5.360.157 records from Ecuador citizen database was scrapped by @ctf and posted on BreachForums. The leak contains persons dates of birth, family members' names, genders, government issued IDs (NUI numbers), marital statuses, names, nationalities, physical addresses and spouses names.Note:This is a partial leak, if you have a more complete version and you want to provide it, then contact @Addka72424 via pm or create a thread with a leak.
Compromised data: Dates of birth, Family members' names, Genders, Government issued IDs, Marital statuses, Names, Nationalities, Physical addresses, Spouses names
π
n 2024, over 5.360.157 records from Ecuador citizen database was scrapped by @ctf and posted on BreachForums. The leak contains persons dates of birth, family members' names, genders, government issued IDs (NUI numbers), marital statuses, names, nationalities, physical addresses and spouses names.Note:This is a partial leak, if you have a more complete version and you want to provide it, then contact @Addka72424 via pm or create a thread with a leak.
Compromised data: Dates of birth, Family members' names, Genders, Government issued IDs, Marital statuses, Names, Nationalities, Physical addresses, Spouses names
π
π
Account balances, Dates of birth, Email addresses, Job titles, Names, Partial credit card data, Phone numbers
Compromised data: In October 2023, the Truist Bank, a leading U.S. commercial bank were breached in an cyberattack and in June 2024, the data was published on BreachForums by @ShinyHunters .The exposed data included over 79k employees unique emails (Work emails) and account balances, dates of birth, job titles, names, partial credit card data and phone numbers.The @ShinyHunters themselves commented about this leak - "There is nothing less true than the promises of CrowdShart and in the case of truist the truest words to be said on this subject are when #l0ckb1tch3z! troops taking point on zscaler its #G4M30V3R for them."
πΏ
Account balances, Dates of birth, Email addresses, Job titles, Names, Partial credit card data, Phone numbers
Compromised data: In October 2023, the Truist Bank, a leading U.S. commercial bank were breached in an cyberattack and in June 2024, the data was published on BreachForums by @ShinyHunters .The exposed data included over 79k employees unique emails (Work emails) and account balances, dates of birth, job titles, names, partial credit card data and phone numbers.The @ShinyHunters themselves commented about this leak - "There is nothing less true than the promises of CrowdShart and in the case of truist the truest words to be said on this subject are when #l0ckb1tch3z! troops taking point on zscaler its #G4M30V3R for them."
πΏ