online florist BloomsToday
In April 2024, 15M records from the online florist BloomsToday. The most recent data in the breach corpus was from November 2023 and appeared alongside 3.2M unique email addresses, names, phone numbers physical addresses and partial credit card data (card type, 4 digits of the number and expiry date). The breach did not expose sufficient card data to make purchases. Blooms Today did not respond when contacted about the incident.
Compromised data: Email addresses, Names, Partial credit card data, Phone numbers, Physical addresses
π½ βοΈ
In April 2024, 15M records from the online florist BloomsToday. The most recent data in the breach corpus was from November 2023 and appeared alongside 3.2M unique email addresses, names, phone numbers physical addresses and partial credit card data (card type, 4 digits of the number and expiry date). The breach did not expose sufficient card data to make purchases. Blooms Today did not respond when contacted about the incident.
Compromised data: Email addresses, Names, Partial credit card data, Phone numbers, Physical addresses
π½ βοΈ
π΅ Store Dennis Kirk
In October 2024, almost 20GB of data containing 1.3M unique email addresses from motorcycle supplies store Dennis Kirk was circulated. Dating back to September 2021, the data also contained purchases from the online store along with customer names, phone numbers and postcodes.
Compromised data: Email addresses, Geographic locations, Names, Phone numbers, Purchases
π
In October 2024, almost 20GB of data containing 1.3M unique email addresses from motorcycle supplies store Dennis Kirk was circulated. Dating back to September 2021, the data also contained purchases from the online store along with customer names, phone numbers and postcodes.
Compromised data: Email addresses, Geographic locations, Names, Phone numbers, Purchases
π
company Ticketek
In May 2024, the Australian event ticketing company Ticketek reported a data breach linked to a third party cloud-based platform. The following month, the data appeared for sale on a popular hacking forum and was later linked to a series of breaches of the Snowflake cloud storage service. The data contained almost 30M rows with 17.6M unique email addresses alongside names, genders, dates of birth and hashed passwords.
Compromised data: Dates of birth, Email addresses, Genders, Names, Passwords, Salutations
π
In May 2024, the Australian event ticketing company Ticketek reported a data breach linked to a third party cloud-based platform. The following month, the data appeared for sale on a popular hacking forum and was later linked to a series of breaches of the Snowflake cloud storage service. The data contained almost 30M rows with 17.6M unique email addresses alongside names, genders, dates of birth and hashed passwords.
Compromised data: Dates of birth, Email addresses, Genders, Names, Passwords, Salutations
π
HuntStand
In March 2024, millions of records scraped from the hunting and land management service HuntStand were publicly posted. The data included 2.8M unique email addresses with many records also containing name, date of birth and country.
Compromised data: Dates of birth, Email addresses, Geographic locations, Names
π«
In March 2024, millions of records scraped from the hunting and land management service HuntStand were publicly posted. The data included 2.8M unique email addresses with many records also containing name, date of birth and country.
Compromised data: Dates of birth, Email addresses, Geographic locations, Names
π«
Lookiero
In August 2024, a data breach from the Lookiero is online shopping service for women was posted. Dating back to March 2024, the data included 5M unique email addresses, with many of the records also including name, phone number and physical address.
Compromised data: Email addresses, Names, Phone numbers, Physical addresses
π©ββοΈ
In August 2024, a data breach from the Lookiero is online shopping service for women was posted. Dating back to March 2024, the data included 5M unique email addresses, with many of the records also including name, phone number and physical address.
Compromised data: Email addresses, Names, Phone numbers, Physical addresses
π©ββοΈ
Minecraft service VimeWorld
In October 2018, the Russian Minecraft service VimeWorld suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 3.1M records of usernames, email and IP addresses and passwords stored as either MD5 or bcrypt hashes.
Compromised data: Email addresses, IP addresses, Passwords, Usernames
In October 2018, the Russian Minecraft service VimeWorld suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 3.1M records of usernames, email and IP addresses and passwords stored as either MD5 or bcrypt hashes.
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Explore Talent
In February 2022, a data breach attributed to Explore Talent was publicly posted to a popular hacking forum. Containing 5.8M rows with 5.5M unique email addresses, the incident has been described by various sources as occurring between early 2022 to 2023 and also contains names, phone numbers and physical addresses.
Note: This version contains more strings than the version added to HIBP, and it also contains additional fields such as username and plaintext password
Compromised data: Email addresses, Names, Phone numbers, Physical addresses, Passwords, Usernames
In February 2022, a data breach attributed to Explore Talent was publicly posted to a popular hacking forum. Containing 5.8M rows with 5.5M unique email addresses, the incident has been described by various sources as occurring between early 2022 to 2023 and also contains names, phone numbers and physical addresses.
Note: This version contains more strings than the version added to HIBP, and it also contains additional fields such as username and plaintext password
Compromised data: Email addresses, Names, Phone numbers, Physical addresses, Passwords, Usernames
MovieBoxPro
In April 2024, over 6M records from the streaming service MovieBoxPro were scraped from a vulnerable API. Of questionable legality, the service provided no contact information to disclose the incident, although reportedly the vulnerability was rectified after being mass enumerated.
Compromised data: Email addresses, Usernames
π
In April 2024, over 6M records from the streaming service MovieBoxPro were scraped from a vulnerable API. Of questionable legality, the service provided no contact information to disclose the incident, although reportedly the vulnerability was rectified after being mass enumerated.
Compromised data: Email addresses, Usernames
π
Trello
In January 2024, data was scraped from Trello and posted. Containing over 15M email addresses, names and usernames, the data was obtained by enumerating a publicly accessible resource using email addresses from previous breach corpuses. Trello advised that no unauthorised access had occurred."Trello had an open API endpoint that allows any unauthenticated user to map an email address to a trello account.
Compromised data: Email addresses, Names
In January 2024, data was scraped from Trello and posted. Containing over 15M email addresses, names and usernames, the data was obtained by enumerating a publicly accessible resource using email addresses from previous breach corpuses. Trello advised that no unauthorised access had occurred."Trello had an open API endpoint that allows any unauthenticated user to map an email address to a trello account.
Compromised data: Email addresses, Names
Naz.API
In September 2023, over 100GB of stealer logs and credential stuffing lists titled "Naz.API" was posted to a popular hacking forum. The incident contained a combination of email address and plain text password pairs alongside the service they were entered into, and standalone credential pairs obtained from unnamed sources. In total, the leak included 71M unique email addresses and 100M unique passwords.
This leak is over 104.35GB uncompressed and 22.4GB compressed.
Compromised data: Email addresses, Passwords
In September 2023, over 100GB of stealer logs and credential stuffing lists titled "Naz.API" was posted to a popular hacking forum. The incident contained a combination of email address and plain text password pairs alongside the service they were entered into, and standalone credential pairs obtained from unnamed sources. In total, the leak included 71M unique email addresses and 100M unique passwords.
This leak is over 104.35GB uncompressed and 22.4GB compressed.
Compromised data: Email addresses, Passwords
[2022] Twitter account data for 2,873,410,842 accounts (103 GB). This is a pretty specific dataset that doesn't contain any sensitive data and would be interesting for analysts or to check for other leaks.
ID,name,screen_name,location,url,device,created date
π°
ID,name,screen_name,location,url,device,created date
magnet:?xt=urn:btih:C963982C4FFA264FE76EC5918F83DD775521201B&dn=twitter_users_csv
π°
Hotel Anker Eggenstein.
Country Hotel - Restaurant
Zum Goldenen Anker , HauptstraΓe 16 β 20
76344 Eggenstein-Leopoldshafen, Telefon: 0721 / 70 60 29
Mail: info@hotel-anker-eggenstein.de.
The leak includes certificates, licenses, receipts, financial statements, office documents, invoices, email archives, customer contact details and addresses.
π©πͺ
Country Hotel - Restaurant
Zum Goldenen Anker , HauptstraΓe 16 β 20
76344 Eggenstein-Leopoldshafen, Telefon: 0721 / 70 60 29
Mail: info@hotel-anker-eggenstein.de.
The leak includes certificates, licenses, receipts, financial statements, office documents, invoices, email archives, customer contact details and addresses.
π©πͺ
in early 2024, a large corpus of data from DemandScience (a company owned by Pure Incubation), appeared for sale on a popular hacking forum. Later attributed to a leak from a decommissioned legacy system, the breach contained extensive data that was largely business contact information aggregated from public sources. Specifically, the data included 122M unique corporate email addresses, physical addresses, phone numbers, employers and job titles. It also included names and for many individuals, a link to their LinkedIn profile.
Compromised data: Email addresses, IP addresses, Job titles, Names, Passwords, Phone numbers, Physical addresses
#
π½ βοΈ
Compromised data: Email addresses, IP addresses, Job titles, Names, Passwords, Phone numbers, Physical addresses
#
PureIncubationπ½ βοΈ
SOCRadar
In August 2024, over 332M rows of email addresses were posted to a popular hacking forum. The post alleged the addresses were scraped from cybersecurity firm SOCRadar, however an investigation on their behalf concluded that "the actor merely utilised functionalities inherent in the platform's standard offerings, designed to gather information from publicly available sources". There is no suggestion the incident compromised SOCRadar's security or posed any risk to their customers. In total, the data set contained 282M unique addresses of valid email address format.
Compromised data: Email addresses
π½ βοΈ
In August 2024, over 332M rows of email addresses were posted to a popular hacking forum. The post alleged the addresses were scraped from cybersecurity firm SOCRadar, however an investigation on their behalf concluded that "the actor merely utilised functionalities inherent in the platform's standard offerings, designed to gather information from publicly available sources". There is no suggestion the incident compromised SOCRadar's security or posed any risk to their customers. In total, the data set contained 282M unique addresses of valid email address format.
Compromised data: Email addresses
π½ βοΈ