π
In March 2023, DC Health Link discovered a data breach that was later publicly posted to a popular data breach forum. The impacted data included 48k unique email addresses alongside names, genders, dates of birth, home addresses, phone numbers and social security numbers. The data was provided to HIBP by a source who requested it be attributed to @Aegis and @IntelBroker
Compromised data: Citizenship statuses, Dates of birth, Email addresses, Employers, Ethnicities, Genders, Names, Phone numbers, Physical addresses, Purchases, Social security numbers
πΏ
In March 2023, DC Health Link discovered a data breach that was later publicly posted to a popular data breach forum. The impacted data included 48k unique email addresses alongside names, genders, dates of birth, home addresses, phone numbers and social security numbers. The data was provided to HIBP by a source who requested it be attributed to @Aegis and @IntelBroker
Compromised data: Citizenship statuses, Dates of birth, Email addresses, Employers, Ethnicities, Genders, Names, Phone numbers, Physical addresses, Purchases, Social security numbers
πΏ
π
In December 2018, the photo sharing social network Fotolog suffered a data breach that exposed 16.7 million unique email addresses. The data also included usernames and unsalted SHA-256 password hashes. The site was dissolved the following year and repurposed as a news website based in Brcko, Bosnia and Herzegovina.
Compromised data: Email addresses, Passwords, Usernames
πΏ
In December 2018, the photo sharing social network Fotolog suffered a data breach that exposed 16.7 million unique email addresses. The data also included usernames and unsalted SHA-256 password hashes. The site was dissolved the following year and repurposed as a news website based in Brcko, Bosnia and Herzegovina.
Compromised data: Email addresses, Passwords, Usernames
πΏ
π
In February 2024, 200k Facebook Marketplace records allegedly obtained from a Meta contractor in October 2023 were posted to a popular hacking forum. The data contained 77k unique email addresses alongside names, phone numbers, Facebook profile IDs and geographic locations. The data also contained bcrypt password hashes, although there is no indication these belong to the corresponding Facebook accounts. The data was breached by hacker algoatson and posted by @IntelBroker . You can also find a cleaned version of the leak here - https://breachforums.st/Thread-CLEANED-F...ase-Leaked (Posted by @ygrek)
Compromised data: Email addresses, Geographic locations, Names, Passwords, Phone numbers, Social media profiles
πΏ
In February 2024, 200k Facebook Marketplace records allegedly obtained from a Meta contractor in October 2023 were posted to a popular hacking forum. The data contained 77k unique email addresses alongside names, phone numbers, Facebook profile IDs and geographic locations. The data also contained bcrypt password hashes, although there is no indication these belong to the corresponding Facebook accounts. The data was breached by hacker algoatson and posted by @IntelBroker . You can also find a cleaned version of the leak here - https://breachforums.st/Thread-CLEANED-F...ase-Leaked (Posted by @ygrek)
Compromised data: Email addresses, Geographic locations, Names, Passwords, Phone numbers, Social media profiles
πΏ
π
In April 2024 (The relevance of the files is April 2021), the Tea Too (https://www.t2tea.com/) chain of specialty tea shops with stores in Australia, Singapore, and New Zealand was hacked by doubl and leaked by @emo on BreachForums. The leak includes over 94k users, contains over 85k unique email addresses, dates of birth, genders ( <title> and <gender> fields), names, partial credit card data (partial card numbers like XXXX-XXXX-XXXX-7438 and card type), payment methods, phone numbers, physical addresses and passwords stored as possible scrypt hashes. The leak also contains orders information.
Compromised data: Dates of birth, Email addresses, Genders, Names, Partial credit card data, Payment methods, Passwords, Phone numbers, Physical addresses, Purchases, Website activity
πΏ
In April 2024 (The relevance of the files is April 2021), the Tea Too (https://www.t2tea.com/) chain of specialty tea shops with stores in Australia, Singapore, and New Zealand was hacked by doubl and leaked by @emo on BreachForums. The leak includes over 94k users, contains over 85k unique email addresses, dates of birth, genders ( <title> and <gender> fields), names, partial credit card data (partial card numbers like XXXX-XXXX-XXXX-7438 and card type), payment methods, phone numbers, physical addresses and passwords stored as possible scrypt hashes. The leak also contains orders information.
Compromised data: Dates of birth, Email addresses, Genders, Names, Partial credit card data, Payment methods, Passwords, Phone numbers, Physical addresses, Purchases, Website activity
πΏ
T2 Tea
T2 Tea: Discover a World of Tea Done Differently
All we do, all we are, revolves around our love for reinventing and reimagining the humble tea leaf. Celebrate your endless love for tea with T2 today.
π
In November 2022, the Indonesian oil and gas company Pertamina suffered a data breach of their MyPertamina service. The incident exposed 44M records with 6M unique email addresses along with names, dates of birth, genders, physical addresses and purchases.
Compromised data: Dates of birth, Email addresses, Genders, Names, Phone numbers, Physical addresses, Purchases
π
In November 2022, the Indonesian oil and gas company Pertamina suffered a data breach of their MyPertamina service. The incident exposed 44M records with 6M unique email addresses along with names, dates of birth, genders, physical addresses and purchases.
Compromised data: Dates of birth, Email addresses, Genders, Names, Phone numbers, Physical addresses, Purchases
π
π
In approximately June 2016, the real estate website StreetEasy suffered a data breach. In total, 988k unique email addresses were included in the breach alongside names, usernames and SHA-1 hashes of passwords, all of which appeared for sale on a dark web marketplace in February 2019.
Compromised data: Email addresses, Names, Passwords, Usernames
π
In approximately June 2016, the real estate website StreetEasy suffered a data breach. In total, 988k unique email addresses were included in the breach alongside names, usernames and SHA-1 hashes of passwords, all of which appeared for sale on a dark web marketplace in February 2019.
Compromised data: Email addresses, Names, Passwords, Usernames
π
π
In April 2024, nearly 6 million records of Salvadoran citizens were published to a popular hacking forum. The data included names, dates of birth, phone numbers, physical addresses and nearly 1M unique email addresses. Further, over 5M corresponding profile photos were also included in the breach.
This leak does not include profile photos, you can find the full version here.
Compromised data: Dates of birth, Email addresses, Government issued IDs, Names, Phone numbers, Physical addresses, Profile photos
πΏ
In April 2024, nearly 6 million records of Salvadoran citizens were published to a popular hacking forum. The data included names, dates of birth, phone numbers, physical addresses and nearly 1M unique email addresses. Further, over 5M corresponding profile photos were also included in the breach.
This leak does not include profile photos, you can find the full version here.
Compromised data: Dates of birth, Email addresses, Government issued IDs, Names, Phone numbers, Physical addresses, Profile photos
πΏ
π
In December 2018, the mapping website Mappery suffered a data breach that exposed over 205k unique email addresses. The incident also exposed usernames, the geographic location of the user and passwords stored as unsalted SHA-1 hashes. No response was received from Mappery when contacted about the incident.
Note: This is not a complete leak, the complete leak contains 205.242 unique email addresses, it also contains geographic locations and usernames in addition to the specified data. If you have this leak and you want to share it with the forum, then please contact @Baphomet or @Addka72424 or post a thread with the leak on the forum.
Compromised data: Email addresses, Geographic locations, Passwords, Usernames
πΏ
In December 2018, the mapping website Mappery suffered a data breach that exposed over 205k unique email addresses. The incident also exposed usernames, the geographic location of the user and passwords stored as unsalted SHA-1 hashes. No response was received from Mappery when contacted about the incident.
Note: This is not a complete leak, the complete leak contains 205.242 unique email addresses, it also contains geographic locations and usernames in addition to the specified data. If you have this leak and you want to share it with the forum, then please contact @Baphomet or @Addka72424 or post a thread with the leak on the forum.
Compromised data: Email addresses, Geographic locations, Passwords, Usernames
πΏ
π
In March 2024, the online games community Mr. Green Gaming suffered a data breach that exposed 27k user records. Acknowledged on their Discord server, the incident exposed email and IP addresses, usernames, geographic locations and dates of birth.
Compromised data: Dates of birth, Email addresses, Geographic locations, IP addresses, Usernames
π
In March 2024, the online games community Mr. Green Gaming suffered a data breach that exposed 27k user records. Acknowledged on their Discord server, the incident exposed email and IP addresses, usernames, geographic locations and dates of birth.
Compromised data: Dates of birth, Email addresses, Geographic locations, IP addresses, Usernames
π
πΊ
In March 2024, WoTLabs (World of Tanks Statistics and Resources) suffered a data breach and website defacement attributed to "chromebook breachers". The breach exposed 22k forum members' personal data including email and IP addresses, usernames, dates of birth and time zones.
Compromised data: Dates of birth, Email addresses, IP addresses, Time zones, Usernames
πΊ
In March 2024, WoTLabs (World of Tanks Statistics and Resources) suffered a data breach and website defacement attributed to "chromebook breachers". The breach exposed 22k forum members' personal data including email and IP addresses, usernames, dates of birth and time zones.
Compromised data: Dates of birth, Email addresses, IP addresses, Time zones, Usernames
πΊ
π
In January 2023, 1.4M records from the Autotrader online vehicle marketplace appeared on a popular hacking forum. Autotrader stated that the "data in question relates to aged listing data that was generally publicly available on our site at the time and open to automated collection methods". The data contained 20k unique email addresses alongside physical addresses and phone numbers of dealers and vehicle details including VIN numbers. The data was breached by @IntelBroker
Compromised data: Email addresses, Phone numbers, Physical addresses, Vehicle details, Vehicle identification numbers (VINs)
π
In January 2023, 1.4M records from the Autotrader online vehicle marketplace appeared on a popular hacking forum. Autotrader stated that the "data in question relates to aged listing data that was generally publicly available on our site at the time and open to automated collection methods". The data contained 20k unique email addresses alongside physical addresses and phone numbers of dealers and vehicle details including VIN numbers. The data was breached by @IntelBroker
Compromised data: Email addresses, Phone numbers, Physical addresses, Vehicle details, Vehicle identification numbers (VINs)
π
π
In June 2022, the Taiwan's low-cost airline Tigerair Taiwan suffered a data breach exposed over 585k clients. The data contained over 656k unique email addresses, dates of birth, genders, names, passport numbers and passport expiration date as well as passwords stored as Base64(unhex(SHA-256($plaintext))) hashes.The data also contains almost 3 million credit cards. To verify the authenticity of the data, use - https://membership.tigerairtw.com/zh-TW/forgot-email (For the form, you need to use the user's full name and date of birth, then you will be sent a partial email address, which in most cases will match the address in the leak)
Compromised data: Credit cards, Dates of birth, Email addresses, Genders, Names, Passwords, Passport numbers, Passport expiration date, Website Activity
π
In June 2022, the Taiwan's low-cost airline Tigerair Taiwan suffered a data breach exposed over 585k clients. The data contained over 656k unique email addresses, dates of birth, genders, names, passport numbers and passport expiration date as well as passwords stored as Base64(unhex(SHA-256($plaintext))) hashes.The data also contains almost 3 million credit cards. To verify the authenticity of the data, use - https://membership.tigerairtw.com/zh-TW/forgot-email (For the form, you need to use the user's full name and date of birth, then you will be sent a partial email address, which in most cases will match the address in the leak)
Compromised data: Credit cards, Dates of birth, Email addresses, Genders, Names, Passwords, Passport numbers, Passport expiration date, Website Activity
π
πΊ
In February 2024, the Philippine Digido Finance Corp. (https://digido.ph/), an online lending company registered with the Securities and Exchange Commission, has been hacked, compromising the personal information of an estimated 5.4 million customers. The exposed data includes over 5.2 million unique email addresses, dates of birth, genders, government issued IDs, names, passport numbers, phone numbers, physical addresses. The data was breached by @Petya152r5
Compromised data: Dates of birth, Email addresses, Genders, Government issued IDs, Names, Passport numbers, Phone numbers, Physical addresses, Website activity
πΊ
In February 2024, the Philippine Digido Finance Corp. (https://digido.ph/), an online lending company registered with the Securities and Exchange Commission, has been hacked, compromising the personal information of an estimated 5.4 million customers. The exposed data includes over 5.2 million unique email addresses, dates of birth, genders, government issued IDs, names, passport numbers, phone numbers, physical addresses. The data was breached by @Petya152r5
Compromised data: Dates of birth, Email addresses, Genders, Government issued IDs, Names, Passport numbers, Phone numbers, Physical addresses, Website activity
πΊ
Digido
Fast Loan Online up to 25 000 | Digito Quick Lending App
Loans online with Digido app are fast and reliable. You can apply for a loan 24 hours a day, seven days a week in the Philippines!
πΊ
Approximately between 2022-2023, the U.S. Environmental Protection Agency suffered a data breach impacting over 8.5 million users and exposing personal and sensitive information of its customers and contractors. A hacker operating under the pseudonym @USDoD claimed responsibility and released the EPA's global contact database on a dark web forum. The leaked database contained three zipped files with approximately 500MB of data in CSV formats, holding common fields such as "Zipcodes," "Full names," "Phone numbers," "Email addresses," and "County, City, States," as well as additional fields in each file. Please note that most of the emails are corporate emails.
Compromised data: Email addresses, Job titles, Names, Phone numbers, Physical addresses
πΊ
Approximately between 2022-2023, the U.S. Environmental Protection Agency suffered a data breach impacting over 8.5 million users and exposing personal and sensitive information of its customers and contractors. A hacker operating under the pseudonym @USDoD claimed responsibility and released the EPA's global contact database on a dark web forum. The leaked database contained three zipped files with approximately 500MB of data in CSV formats, holding common fields such as "Zipcodes," "Full names," "Phone numbers," "Email addresses," and "County, City, States," as well as additional fields in each file. Please note that most of the emails are corporate emails.
Compromised data: Email addresses, Job titles, Names, Phone numbers, Physical addresses
πΊ
πΊ
In April 2024, the Australian delivery company BHF Couriers suffered a data breach that exposed over 327k clients and over 22k users records. The data included email and physical addresses, names, partial credit cards data, phone numbers, unsalted MD5 password hashes and orders info.
Compromised data: Email addresses, Names, Partial credit card data, Passwords, Phone numbers, Physical addresses, Purchases, Website activity
πΊ
In April 2024, the Australian delivery company BHF Couriers suffered a data breach that exposed over 327k clients and over 22k users records. The data included email and physical addresses, names, partial credit cards data, phone numbers, unsalted MD5 password hashes and orders info.
Compromised data: Email addresses, Names, Partial credit card data, Passwords, Phone numbers, Physical addresses, Purchases, Website activity
πΊ
π
In April 2023, the video gaming website Gameplanet suffered a data breach which impacted over 1.7 million website users.The compromised data included over 1.7 million unique email addresses, dates of birth, names, phone numbers and Vbulletin stored passwords.
Compromised data: Dates of birth, Email addresses, Names, Passwords, Phone numbers, Website activity
π
In April 2023, the video gaming website Gameplanet suffered a data breach which impacted over 1.7 million website users.The compromised data included over 1.7 million unique email addresses, dates of birth, names, phone numbers and Vbulletin stored passwords.
Compromised data: Dates of birth, Email addresses, Names, Passwords, Phone numbers, Website activity
π
πΊ
In October 2023, the Telecommunications Services of Trinidad and Tobago (TSTT) fell victim to a cyberattack by the international hacker group, Ransomexx. Contrary to TSTT's initial claims, the hackers released over six gigabytes of sensitive data on the dark web, affecting approximately 801,000 customers. The leaked data included over 73,000 unique email addresses, government-issued IDs (CIS and IDS numbers), names, phone numbers, physical addresses, and other sensitive information. The leaked information also includes scanned documents such as letters of transfer of authority or ownership, and photos of identification cards.
Compromised data: Email addresses, Government issued IDs, Names, Phone numbers, Physical addresses
πΊ
In October 2023, the Telecommunications Services of Trinidad and Tobago (TSTT) fell victim to a cyberattack by the international hacker group, Ransomexx. Contrary to TSTT's initial claims, the hackers released over six gigabytes of sensitive data on the dark web, affecting approximately 801,000 customers. The leaked data included over 73,000 unique email addresses, government-issued IDs (CIS and IDS numbers), names, phone numbers, physical addresses, and other sensitive information. The leaked information also includes scanned documents such as letters of transfer of authority or ownership, and photos of identification cards.
Compromised data: Email addresses, Government issued IDs, Names, Phone numbers, Physical addresses
πΊ
π
In April 2023, the Indian rental service RentoMojo suffered a data breach. The breach exposed over 2M unique email addresses along with names, phone, passport and Aadhaar numbers, genders, dates of birth, purchases and bcrypt password hashes.
I would like to warn users this leak is over 295.6GB uncompressed and 17.02GB compressed.
Compromised data: Dates of birth, Email addresses, Genders, Government issued IDs, Names, Passport numbers, Passwords, Phone numbers, Purchases, Social media profiles
π
In April 2023, the Indian rental service RentoMojo suffered a data breach. The breach exposed over 2M unique email addresses along with names, phone, passport and Aadhaar numbers, genders, dates of birth, purchases and bcrypt password hashes.
I would like to warn users this leak is over 295.6GB uncompressed and 17.02GB compressed.
Compromised data: Dates of birth, Email addresses, Genders, Government issued IDs, Names, Passport numbers, Passwords, Phone numbers, Purchases, Social media profiles
π
π
In April 2024, the Indian digital learning platform Quest App (https://questapp.in/) was hacked by @DevEye, which then published this data on BreachForums. The leak includes over 694k users, contains 522k unique email addresses, dates of birth, genders, marital statuses, names, phone numbers and passwords stored as MD5 and bcrypt hashes.
Compromised data: Dates of birth, Email addresses, Genders, Marital statuses, Names, Passwords, Phone numbers, Website activity
π
In April 2024, the Indian digital learning platform Quest App (https://questapp.in/) was hacked by @DevEye, which then published this data on BreachForums. The leak includes over 694k users, contains 522k unique email addresses, dates of birth, genders, marital statuses, names, phone numbers and passwords stored as MD5 and bcrypt hashes.
Compromised data: Dates of birth, Email addresses, Genders, Marital statuses, Names, Passwords, Phone numbers, Website activity
π
π
In February 2024, a huge array consisting of more than 3 million data was published on the Popular hacker forum.This data was a mix of various Ecuador leaks (the list of sources is listed below).Most of the data relates to 2021-2023 and includes over unique email addresses, dates of birth, government issued IDs (DNI & CLI numbers), genders, names, nationalities, phone numbers, personal health data and physical addresses .The data was breached and leaked by @PieWithNothing. Also, special thanks to @ctf for the help with verifying the authenticity of the leak.
Sources: Ecuador - Grupo CΓ©ntrico (evaluar.com) (~ 2.7 million records) (2021), Ecuador - COVID-19 (~ 0.3 million records) (2023), Ecuador - MrJoy (~ 0.6 million records) (2023)
Compromised data: Dates of birth, Email addresses, Genders, Government issued IDs (DNI & CLI numbers), Names, Nationalities, Phone numbers, Personal health data, Physical addresses
πΏ
In February 2024, a huge array consisting of more than 3 million data was published on the Popular hacker forum.This data was a mix of various Ecuador leaks (the list of sources is listed below).Most of the data relates to 2021-2023 and includes over unique email addresses, dates of birth, government issued IDs (DNI & CLI numbers), genders, names, nationalities, phone numbers, personal health data and physical addresses .The data was breached and leaked by @PieWithNothing. Also, special thanks to @ctf for the help with verifying the authenticity of the leak.
Sources: Ecuador - Grupo CΓ©ntrico (evaluar.com) (~ 2.7 million records) (2021), Ecuador - COVID-19 (~ 0.3 million records) (2023), Ecuador - MrJoy (~ 0.6 million records) (2023)
Compromised data: Dates of birth, Email addresses, Genders, Government issued IDs (DNI & CLI numbers), Names, Nationalities, Phone numbers, Personal health data, Physical addresses
πΏ
πΏ
In February 2024, the AI-powered visual design platform Cutout.Pro suffered a data breach that exposed 20M records. The data included email and IP addresses, names and salted MD5 password hashes which were subsequently broadly distributed on a popular hacking forum and Telegram channels. The data was breached by @KryptonZambie
Compromised data: Email addresses, IP addresses, Names, Passwords
π
In February 2024, the AI-powered visual design platform Cutout.Pro suffered a data breach that exposed 20M records. The data included email and IP addresses, names and salted MD5 password hashes which were subsequently broadly distributed on a popular hacking forum and Telegram channels. The data was breached by @KryptonZambie
Compromised data: Email addresses, IP addresses, Names, Passwords
π