πΊ
In October 2023, the Chinese adult forum known as Haijiao.com was hacked and over 4.8 million users were exposed publicly.It was posted by @lxstcxntury and includes over 4.8 milliom unique email addresses, account balances, IP addresses, phone numbers, usernames and bcrypt passwords.
Compromised data: Account balances, Email addresses, IP addresses, Passwords, Phone numbers, Usernames, Website activity
πΊ
In October 2023, the Chinese adult forum known as Haijiao.com was hacked and over 4.8 million users were exposed publicly.It was posted by @lxstcxntury and includes over 4.8 milliom unique email addresses, account balances, IP addresses, phone numbers, usernames and bcrypt passwords.
Compromised data: Account balances, Email addresses, IP addresses, Passwords, Phone numbers, Usernames, Website activity
πΊ
πΊ
Vertafore announced that information of 27.7 million Texas drivers has been accidentally exposed due to a human error in March 2020. The company disclosed this security breach this week, data was stored on an unsecured external storage service and they were accessed by an external party.βThe files, which included driver information for licenses issued before February 2019, contained Texas driver license numbers, as well as names, dates of birth, addresses and vehicle registration histories. They did not contain any Social Security numbers or financial account information. No information misuse has been identified.β
Compromised data: Dates of birth, Driver's licenses, Physical addresses, Vehicle details
πΊ
Vertafore announced that information of 27.7 million Texas drivers has been accidentally exposed due to a human error in March 2020. The company disclosed this security breach this week, data was stored on an unsecured external storage service and they were accessed by an external party.βThe files, which included driver information for licenses issued before February 2019, contained Texas driver license numbers, as well as names, dates of birth, addresses and vehicle registration histories. They did not contain any Social Security numbers or financial account information. No information misuse has been identified.β
Compromised data: Dates of birth, Driver's licenses, Physical addresses, Vehicle details
πΊ
π
In May 2024, the American luxury retailer Neiman Marcus suffered a data breach which was later posted to a popular hacking forum. The data included 31M unique email addresses, names, phone numbers, dates of birth, physical addresses and partial credit card data (note: this is insufficient to make purchases). The breach was traced back to a series of attacks against the Snowflake cloud service which impacted 165 organisations worldwide.
I would like to warn users this leak is over 86.11GB uncompressed and 9.35GB compressed.
Compromised data: Dates of birth, Email addresses, IP addresses, Names, Partial credit card data, Phone numbers, Physical addresses, Purchases
πΏ
In May 2024, the American luxury retailer Neiman Marcus suffered a data breach which was later posted to a popular hacking forum. The data included 31M unique email addresses, names, phone numbers, dates of birth, physical addresses and partial credit card data (note: this is insufficient to make purchases). The breach was traced back to a series of attacks against the Snowflake cloud service which impacted 165 organisations worldwide.
I would like to warn users this leak is over 86.11GB uncompressed and 9.35GB compressed.
Compromised data: Dates of birth, Email addresses, IP addresses, Names, Partial credit card data, Phone numbers, Physical addresses, Purchases
πΏ
π
In April 2024, a substantial volume of data was taken from the Bangladeshi IT services provider Tappware and published to a popular hacking forum. Comprising of 95k unique email addresses, the data also included extensive labour information on local citizens including names, physical addresses, job titles, dates of birth, genders and scans of government issued national identity (NID) cards.
Compromised data: Dates of birth, Email addresses, Genders, Government issued IDs, Job titles, Names, Phone numbers, Physical addresses, Religions
πΏ
In April 2024, a substantial volume of data was taken from the Bangladeshi IT services provider Tappware and published to a popular hacking forum. Comprising of 95k unique email addresses, the data also included extensive labour information on local citizens including names, physical addresses, job titles, dates of birth, genders and scans of government issued national identity (NID) cards.
Compromised data: Dates of birth, Email addresses, Genders, Government issued IDs, Job titles, Names, Phone numbers, Physical addresses, Religions
πΏ
π
In March 2023, DC Health Link discovered a data breach that was later publicly posted to a popular data breach forum. The impacted data included 48k unique email addresses alongside names, genders, dates of birth, home addresses, phone numbers and social security numbers. The data was provided to HIBP by a source who requested it be attributed to @Aegis and @IntelBroker
Compromised data: Citizenship statuses, Dates of birth, Email addresses, Employers, Ethnicities, Genders, Names, Phone numbers, Physical addresses, Purchases, Social security numbers
πΏ
In March 2023, DC Health Link discovered a data breach that was later publicly posted to a popular data breach forum. The impacted data included 48k unique email addresses alongside names, genders, dates of birth, home addresses, phone numbers and social security numbers. The data was provided to HIBP by a source who requested it be attributed to @Aegis and @IntelBroker
Compromised data: Citizenship statuses, Dates of birth, Email addresses, Employers, Ethnicities, Genders, Names, Phone numbers, Physical addresses, Purchases, Social security numbers
πΏ
π
In December 2018, the photo sharing social network Fotolog suffered a data breach that exposed 16.7 million unique email addresses. The data also included usernames and unsalted SHA-256 password hashes. The site was dissolved the following year and repurposed as a news website based in Brcko, Bosnia and Herzegovina.
Compromised data: Email addresses, Passwords, Usernames
πΏ
In December 2018, the photo sharing social network Fotolog suffered a data breach that exposed 16.7 million unique email addresses. The data also included usernames and unsalted SHA-256 password hashes. The site was dissolved the following year and repurposed as a news website based in Brcko, Bosnia and Herzegovina.
Compromised data: Email addresses, Passwords, Usernames
πΏ
π
In February 2024, 200k Facebook Marketplace records allegedly obtained from a Meta contractor in October 2023 were posted to a popular hacking forum. The data contained 77k unique email addresses alongside names, phone numbers, Facebook profile IDs and geographic locations. The data also contained bcrypt password hashes, although there is no indication these belong to the corresponding Facebook accounts. The data was breached by hacker algoatson and posted by @IntelBroker . You can also find a cleaned version of the leak here - https://breachforums.st/Thread-CLEANED-F...ase-Leaked (Posted by @ygrek)
Compromised data: Email addresses, Geographic locations, Names, Passwords, Phone numbers, Social media profiles
πΏ
In February 2024, 200k Facebook Marketplace records allegedly obtained from a Meta contractor in October 2023 were posted to a popular hacking forum. The data contained 77k unique email addresses alongside names, phone numbers, Facebook profile IDs and geographic locations. The data also contained bcrypt password hashes, although there is no indication these belong to the corresponding Facebook accounts. The data was breached by hacker algoatson and posted by @IntelBroker . You can also find a cleaned version of the leak here - https://breachforums.st/Thread-CLEANED-F...ase-Leaked (Posted by @ygrek)
Compromised data: Email addresses, Geographic locations, Names, Passwords, Phone numbers, Social media profiles
πΏ
π
In April 2024 (The relevance of the files is April 2021), the Tea Too (https://www.t2tea.com/) chain of specialty tea shops with stores in Australia, Singapore, and New Zealand was hacked by doubl and leaked by @emo on BreachForums. The leak includes over 94k users, contains over 85k unique email addresses, dates of birth, genders ( <title> and <gender> fields), names, partial credit card data (partial card numbers like XXXX-XXXX-XXXX-7438 and card type), payment methods, phone numbers, physical addresses and passwords stored as possible scrypt hashes. The leak also contains orders information.
Compromised data: Dates of birth, Email addresses, Genders, Names, Partial credit card data, Payment methods, Passwords, Phone numbers, Physical addresses, Purchases, Website activity
πΏ
In April 2024 (The relevance of the files is April 2021), the Tea Too (https://www.t2tea.com/) chain of specialty tea shops with stores in Australia, Singapore, and New Zealand was hacked by doubl and leaked by @emo on BreachForums. The leak includes over 94k users, contains over 85k unique email addresses, dates of birth, genders ( <title> and <gender> fields), names, partial credit card data (partial card numbers like XXXX-XXXX-XXXX-7438 and card type), payment methods, phone numbers, physical addresses and passwords stored as possible scrypt hashes. The leak also contains orders information.
Compromised data: Dates of birth, Email addresses, Genders, Names, Partial credit card data, Payment methods, Passwords, Phone numbers, Physical addresses, Purchases, Website activity
πΏ
T2 Tea
T2 Tea: Discover a World of Tea Done Differently
All we do, all we are, revolves around our love for reinventing and reimagining the humble tea leaf. Celebrate your endless love for tea with T2 today.
π
In November 2022, the Indonesian oil and gas company Pertamina suffered a data breach of their MyPertamina service. The incident exposed 44M records with 6M unique email addresses along with names, dates of birth, genders, physical addresses and purchases.
Compromised data: Dates of birth, Email addresses, Genders, Names, Phone numbers, Physical addresses, Purchases
π
In November 2022, the Indonesian oil and gas company Pertamina suffered a data breach of their MyPertamina service. The incident exposed 44M records with 6M unique email addresses along with names, dates of birth, genders, physical addresses and purchases.
Compromised data: Dates of birth, Email addresses, Genders, Names, Phone numbers, Physical addresses, Purchases
π
π
In approximately June 2016, the real estate website StreetEasy suffered a data breach. In total, 988k unique email addresses were included in the breach alongside names, usernames and SHA-1 hashes of passwords, all of which appeared for sale on a dark web marketplace in February 2019.
Compromised data: Email addresses, Names, Passwords, Usernames
π
In approximately June 2016, the real estate website StreetEasy suffered a data breach. In total, 988k unique email addresses were included in the breach alongside names, usernames and SHA-1 hashes of passwords, all of which appeared for sale on a dark web marketplace in February 2019.
Compromised data: Email addresses, Names, Passwords, Usernames
π
π
In April 2024, nearly 6 million records of Salvadoran citizens were published to a popular hacking forum. The data included names, dates of birth, phone numbers, physical addresses and nearly 1M unique email addresses. Further, over 5M corresponding profile photos were also included in the breach.
This leak does not include profile photos, you can find the full version here.
Compromised data: Dates of birth, Email addresses, Government issued IDs, Names, Phone numbers, Physical addresses, Profile photos
πΏ
In April 2024, nearly 6 million records of Salvadoran citizens were published to a popular hacking forum. The data included names, dates of birth, phone numbers, physical addresses and nearly 1M unique email addresses. Further, over 5M corresponding profile photos were also included in the breach.
This leak does not include profile photos, you can find the full version here.
Compromised data: Dates of birth, Email addresses, Government issued IDs, Names, Phone numbers, Physical addresses, Profile photos
πΏ
π
In December 2018, the mapping website Mappery suffered a data breach that exposed over 205k unique email addresses. The incident also exposed usernames, the geographic location of the user and passwords stored as unsalted SHA-1 hashes. No response was received from Mappery when contacted about the incident.
Note: This is not a complete leak, the complete leak contains 205.242 unique email addresses, it also contains geographic locations and usernames in addition to the specified data. If you have this leak and you want to share it with the forum, then please contact @Baphomet or @Addka72424 or post a thread with the leak on the forum.
Compromised data: Email addresses, Geographic locations, Passwords, Usernames
πΏ
In December 2018, the mapping website Mappery suffered a data breach that exposed over 205k unique email addresses. The incident also exposed usernames, the geographic location of the user and passwords stored as unsalted SHA-1 hashes. No response was received from Mappery when contacted about the incident.
Note: This is not a complete leak, the complete leak contains 205.242 unique email addresses, it also contains geographic locations and usernames in addition to the specified data. If you have this leak and you want to share it with the forum, then please contact @Baphomet or @Addka72424 or post a thread with the leak on the forum.
Compromised data: Email addresses, Geographic locations, Passwords, Usernames
πΏ
π
In March 2024, the online games community Mr. Green Gaming suffered a data breach that exposed 27k user records. Acknowledged on their Discord server, the incident exposed email and IP addresses, usernames, geographic locations and dates of birth.
Compromised data: Dates of birth, Email addresses, Geographic locations, IP addresses, Usernames
π
In March 2024, the online games community Mr. Green Gaming suffered a data breach that exposed 27k user records. Acknowledged on their Discord server, the incident exposed email and IP addresses, usernames, geographic locations and dates of birth.
Compromised data: Dates of birth, Email addresses, Geographic locations, IP addresses, Usernames
π
πΊ
In March 2024, WoTLabs (World of Tanks Statistics and Resources) suffered a data breach and website defacement attributed to "chromebook breachers". The breach exposed 22k forum members' personal data including email and IP addresses, usernames, dates of birth and time zones.
Compromised data: Dates of birth, Email addresses, IP addresses, Time zones, Usernames
πΊ
In March 2024, WoTLabs (World of Tanks Statistics and Resources) suffered a data breach and website defacement attributed to "chromebook breachers". The breach exposed 22k forum members' personal data including email and IP addresses, usernames, dates of birth and time zones.
Compromised data: Dates of birth, Email addresses, IP addresses, Time zones, Usernames
πΊ
π
In January 2023, 1.4M records from the Autotrader online vehicle marketplace appeared on a popular hacking forum. Autotrader stated that the "data in question relates to aged listing data that was generally publicly available on our site at the time and open to automated collection methods". The data contained 20k unique email addresses alongside physical addresses and phone numbers of dealers and vehicle details including VIN numbers. The data was breached by @IntelBroker
Compromised data: Email addresses, Phone numbers, Physical addresses, Vehicle details, Vehicle identification numbers (VINs)
π
In January 2023, 1.4M records from the Autotrader online vehicle marketplace appeared on a popular hacking forum. Autotrader stated that the "data in question relates to aged listing data that was generally publicly available on our site at the time and open to automated collection methods". The data contained 20k unique email addresses alongside physical addresses and phone numbers of dealers and vehicle details including VIN numbers. The data was breached by @IntelBroker
Compromised data: Email addresses, Phone numbers, Physical addresses, Vehicle details, Vehicle identification numbers (VINs)
π
π
In June 2022, the Taiwan's low-cost airline Tigerair Taiwan suffered a data breach exposed over 585k clients. The data contained over 656k unique email addresses, dates of birth, genders, names, passport numbers and passport expiration date as well as passwords stored as Base64(unhex(SHA-256($plaintext))) hashes.The data also contains almost 3 million credit cards. To verify the authenticity of the data, use - https://membership.tigerairtw.com/zh-TW/forgot-email (For the form, you need to use the user's full name and date of birth, then you will be sent a partial email address, which in most cases will match the address in the leak)
Compromised data: Credit cards, Dates of birth, Email addresses, Genders, Names, Passwords, Passport numbers, Passport expiration date, Website Activity
π
In June 2022, the Taiwan's low-cost airline Tigerair Taiwan suffered a data breach exposed over 585k clients. The data contained over 656k unique email addresses, dates of birth, genders, names, passport numbers and passport expiration date as well as passwords stored as Base64(unhex(SHA-256($plaintext))) hashes.The data also contains almost 3 million credit cards. To verify the authenticity of the data, use - https://membership.tigerairtw.com/zh-TW/forgot-email (For the form, you need to use the user's full name and date of birth, then you will be sent a partial email address, which in most cases will match the address in the leak)
Compromised data: Credit cards, Dates of birth, Email addresses, Genders, Names, Passwords, Passport numbers, Passport expiration date, Website Activity
π
πΊ
In February 2024, the Philippine Digido Finance Corp. (https://digido.ph/), an online lending company registered with the Securities and Exchange Commission, has been hacked, compromising the personal information of an estimated 5.4 million customers. The exposed data includes over 5.2 million unique email addresses, dates of birth, genders, government issued IDs, names, passport numbers, phone numbers, physical addresses. The data was breached by @Petya152r5
Compromised data: Dates of birth, Email addresses, Genders, Government issued IDs, Names, Passport numbers, Phone numbers, Physical addresses, Website activity
πΊ
In February 2024, the Philippine Digido Finance Corp. (https://digido.ph/), an online lending company registered with the Securities and Exchange Commission, has been hacked, compromising the personal information of an estimated 5.4 million customers. The exposed data includes over 5.2 million unique email addresses, dates of birth, genders, government issued IDs, names, passport numbers, phone numbers, physical addresses. The data was breached by @Petya152r5
Compromised data: Dates of birth, Email addresses, Genders, Government issued IDs, Names, Passport numbers, Phone numbers, Physical addresses, Website activity
πΊ
Digido
Fast Loan Online up to 25 000 | Digito Quick Lending App
Loans online with Digido app are fast and reliable. You can apply for a loan 24 hours a day, seven days a week in the Philippines!
πΊ
Approximately between 2022-2023, the U.S. Environmental Protection Agency suffered a data breach impacting over 8.5 million users and exposing personal and sensitive information of its customers and contractors. A hacker operating under the pseudonym @USDoD claimed responsibility and released the EPA's global contact database on a dark web forum. The leaked database contained three zipped files with approximately 500MB of data in CSV formats, holding common fields such as "Zipcodes," "Full names," "Phone numbers," "Email addresses," and "County, City, States," as well as additional fields in each file. Please note that most of the emails are corporate emails.
Compromised data: Email addresses, Job titles, Names, Phone numbers, Physical addresses
πΊ
Approximately between 2022-2023, the U.S. Environmental Protection Agency suffered a data breach impacting over 8.5 million users and exposing personal and sensitive information of its customers and contractors. A hacker operating under the pseudonym @USDoD claimed responsibility and released the EPA's global contact database on a dark web forum. The leaked database contained three zipped files with approximately 500MB of data in CSV formats, holding common fields such as "Zipcodes," "Full names," "Phone numbers," "Email addresses," and "County, City, States," as well as additional fields in each file. Please note that most of the emails are corporate emails.
Compromised data: Email addresses, Job titles, Names, Phone numbers, Physical addresses
πΊ
πΊ
In April 2024, the Australian delivery company BHF Couriers suffered a data breach that exposed over 327k clients and over 22k users records. The data included email and physical addresses, names, partial credit cards data, phone numbers, unsalted MD5 password hashes and orders info.
Compromised data: Email addresses, Names, Partial credit card data, Passwords, Phone numbers, Physical addresses, Purchases, Website activity
πΊ
In April 2024, the Australian delivery company BHF Couriers suffered a data breach that exposed over 327k clients and over 22k users records. The data included email and physical addresses, names, partial credit cards data, phone numbers, unsalted MD5 password hashes and orders info.
Compromised data: Email addresses, Names, Partial credit card data, Passwords, Phone numbers, Physical addresses, Purchases, Website activity
πΊ
π
In April 2023, the video gaming website Gameplanet suffered a data breach which impacted over 1.7 million website users.The compromised data included over 1.7 million unique email addresses, dates of birth, names, phone numbers and Vbulletin stored passwords.
Compromised data: Dates of birth, Email addresses, Names, Passwords, Phone numbers, Website activity
π
In April 2023, the video gaming website Gameplanet suffered a data breach which impacted over 1.7 million website users.The compromised data included over 1.7 million unique email addresses, dates of birth, names, phone numbers and Vbulletin stored passwords.
Compromised data: Dates of birth, Email addresses, Names, Passwords, Phone numbers, Website activity
π
πΊ
In October 2023, the Telecommunications Services of Trinidad and Tobago (TSTT) fell victim to a cyberattack by the international hacker group, Ransomexx. Contrary to TSTT's initial claims, the hackers released over six gigabytes of sensitive data on the dark web, affecting approximately 801,000 customers. The leaked data included over 73,000 unique email addresses, government-issued IDs (CIS and IDS numbers), names, phone numbers, physical addresses, and other sensitive information. The leaked information also includes scanned documents such as letters of transfer of authority or ownership, and photos of identification cards.
Compromised data: Email addresses, Government issued IDs, Names, Phone numbers, Physical addresses
πΊ
In October 2023, the Telecommunications Services of Trinidad and Tobago (TSTT) fell victim to a cyberattack by the international hacker group, Ransomexx. Contrary to TSTT's initial claims, the hackers released over six gigabytes of sensitive data on the dark web, affecting approximately 801,000 customers. The leaked data included over 73,000 unique email addresses, government-issued IDs (CIS and IDS numbers), names, phone numbers, physical addresses, and other sensitive information. The leaked information also includes scanned documents such as letters of transfer of authority or ownership, and photos of identification cards.
Compromised data: Email addresses, Government issued IDs, Names, Phone numbers, Physical addresses
πΊ