Minehut - 396,533 breached accounts
https://haveibeenpwned.com/PwnedWebsites#Minehut
In May 2019, the Minecraft server website Minehut (https://minehut.com/) suffered a data breach. The company advised a database backup had been obtained after which they subsequently notified all impacted users. 397k email addresses from the incident were provided to HIBP.
https://haveibeenpwned.com/PwnedWebsites#Minehut
In May 2019, the Minecraft server website Minehut (https://minehut.com/) suffered a data breach. The company advised a database backup had been obtained after which they subsequently notified all impacted users. 397k email addresses from the incident were provided to HIBP.
Have I Been Pwned
Have I Been Pwned: Who's Been Pwned
Every breached website added to Have I Been Pwned appears here on the Who’s Been Pwned page. As of today, there are 942 breached sites listed.
KiwiFarms - 4,606 breached accounts
https://haveibeenpwned.com/PwnedWebsites#KiwiFarms
In September 2019, the forum for discussing "lolcows" (people who can be milked for laughs) Kiwi Farms suffered a data breach (https://kiwifarms.net/threads/dealing-with-the-compromise.60767/). The disclosure notice advised that email and IP addresses, dates of birth and content created by members were all exposed in the incident.
https://haveibeenpwned.com/PwnedWebsites#KiwiFarms
In September 2019, the forum for discussing "lolcows" (people who can be milked for laughs) Kiwi Farms suffered a data breach (https://kiwifarms.net/threads/dealing-with-the-compromise.60767/). The disclosure notice advised that email and IP addresses, dates of birth and content created by members were all exposed in the incident.
Have I Been Pwned
Have I Been Pwned: Who's Been Pwned
Every breached website added to Have I Been Pwned appears here on the Who’s Been Pwned page. As of today, there are 942 breached sites listed.
The records cover more than 5 million patients in the U.S. and millions more around the world. In some cases, a snoop could use free software programs — or just a typical web browser — to view the images and private data, an investigation by ProPublica and the German broadcaster Bayerischer Rundfunk found.
https://www.propublica.org/article/millions-of-americans-medical-images-and-data-are-available-on-the-internet
https://www.propublica.org/article/millions-of-americans-medical-images-and-data-are-available-on-the-internet
ProPublica
Millions of Americans’ Medical Images and Data Are Available on the Internet. Anyone Can Take a Peek.
Hundreds of computer servers worldwide that store patient X-rays and MRIs are so insecure that anyone with a web browser or a few lines of computer code can view patient records. One expert warned about it for years.
Lumin PDF - 15,453,048 breached accounts
https://haveibeenpwned.com/PwnedWebsites#LuminPDF
In April 2019, the PDF management service Lumin PDF suffered a data breach (https://www.zdnet.com/article/data-of-24-3-million-lumin-pdf-users-shared-on-hacking-forum/). The breach wasn't publicly disclosed until September when 15.5M records of user data appeared for download on a popular hacking forum. The data had been left publicly exposed in a MongoDB instance after which Lumin PDF was allegedly been "contacted multiple times, but ignored all the queries". The exposed data included names, email. addresses, genders, spoken language and either a bcrypt password hash or Google auth token. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".
https://haveibeenpwned.com/PwnedWebsites#LuminPDF
In April 2019, the PDF management service Lumin PDF suffered a data breach (https://www.zdnet.com/article/data-of-24-3-million-lumin-pdf-users-shared-on-hacking-forum/). The breach wasn't publicly disclosed until September when 15.5M records of user data appeared for download on a popular hacking forum. The data had been left publicly exposed in a MongoDB instance after which Lumin PDF was allegedly been "contacted multiple times, but ignored all the queries". The exposed data included names, email. addresses, genders, spoken language and either a bcrypt password hash or Google auth token. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".
Have I Been Pwned
Have I Been Pwned: Who's Been Pwned
Every breached website added to Have I Been Pwned appears here on the Who’s Been Pwned page. As of today, there are 942 breached sites listed.
DoorDash confirms data breach affected 4.9 million customers, workers and merchants
https://techcrunch.com/2019/09/26/doordash-data-breach/?guccounter=1
https://techcrunch.com/2019/09/26/doordash-data-breach/?guccounter=1
TechCrunch
DoorDash confirms data breach affected 4.9 million customers, workers and merchants
DoorDash has confirmed a data breach.
Wanelo - 23,165,793 breached accounts
https://haveibeenpwned.com/PwnedWebsites#Wanelo
In approximately December 2018, the digital mall Wanelo suffered a data breach (https://www.zdnet.com/article/a-hacker-has-dumped-nearly-one-billion-user-records-over-the-past-two-months/). The data was later placed up for sale on a dark web marketplace along with a collection of other data breaches in April 2019. A total of 23 million unique email addresses were included in the breach alongside passwords stored as either MD5 of bcrypt hashes. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".
https://haveibeenpwned.com/PwnedWebsites#Wanelo
In approximately December 2018, the digital mall Wanelo suffered a data breach (https://www.zdnet.com/article/a-hacker-has-dumped-nearly-one-billion-user-records-over-the-past-two-months/). The data was later placed up for sale on a dark web marketplace along with a collection of other data breaches in April 2019. A total of 23 million unique email addresses were included in the breach alongside passwords stored as either MD5 of bcrypt hashes. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".
Have I Been Pwned
Have I Been Pwned: Who's Been Pwned
Every breached website added to Have I Been Pwned appears here on the Who’s Been Pwned page. As of today, there are 942 breached sites listed.
Sephora - 780,073 breached accounts
https://haveibeenpwned.com/PwnedWebsites#Sephora
In approximately January 2017, the beauty store Sephora suffered a data breach (https://www.zdnet.com/article/sephora-data-breach-hits-southeast-asia-and-anz-customers/). Impacting customers in South East Asia, Australia and New Zealand, 780k unique email addresses were included in the breach alongside names, genders, dates of birth, ethnicities and other personal information. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".
https://haveibeenpwned.com/PwnedWebsites#Sephora
In approximately January 2017, the beauty store Sephora suffered a data breach (https://www.zdnet.com/article/sephora-data-breach-hits-southeast-asia-and-anz-customers/). Impacting customers in South East Asia, Australia and New Zealand, 780k unique email addresses were included in the breach alongside names, genders, dates of birth, ethnicities and other personal information. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".
Have I Been Pwned
Have I Been Pwned: Who's Been Pwned
Every breached website added to Have I Been Pwned appears here on the Who’s Been Pwned page. As of today, there are 942 breached sites listed.
StreetEasy - 988,230 breached accounts
https://haveibeenpwned.com/PwnedWebsites#StreetEasy
In approximately June 2016, the real estate website StreetEasy suffered a data breach (https://therealdeal.com/2019/02/19/a-million-streeteasy-accounts-hacked/). In total, 988k unique email addresses were included in the breach alongside names, usernames and SHA-1 hashes of passwords, all of which appeared for sale on a dark web marketplace in February 2019. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".
https://haveibeenpwned.com/PwnedWebsites#StreetEasy
In approximately June 2016, the real estate website StreetEasy suffered a data breach (https://therealdeal.com/2019/02/19/a-million-streeteasy-accounts-hacked/). In total, 988k unique email addresses were included in the breach alongside names, usernames and SHA-1 hashes of passwords, all of which appeared for sale on a dark web marketplace in February 2019. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".
Have I Been Pwned
Have I Been Pwned: Who's Been Pwned
Every breached website added to Have I Been Pwned appears here on the Who’s Been Pwned page. As of today, there are 942 breached sites listed.
In mid-2019, the Indian interactive online tutoring platform Vedantu suffered a data breach which exposed the personal data of 687k users. The JSON formatted database dump exposed extensive personal information including email and IP address, names, phone numbers, genders and passwords stored as bcrypt hashes. When contacted about the incident, Vedantu advised that they were aware of the breach and were in the process of informing their customers.
https://haveibeenpwned.com/PwnedWebsites#Vedantu
https://haveibeenpwned.com/PwnedWebsites#Vedantu
Have I Been Pwned
Have I Been Pwned: Who's Been Pwned
Every breached website added to Have I Been Pwned appears here on the Who’s Been Pwned page. As of today, there are 942 breached sites listed.
ToonDoo - 6,002,694 breached accounts
https://haveibeenpwned.com/PwnedWebsites#ToonDoo
In August 2019, the comic strip creation website ToonDoo suffered a data breach (https://www.zataz.com/6-000-000-de-donnees-personnelles-piratees-pour-le-site-toondoo/). The data was subsequently redistributed on a popular hacking forum in November where the personal information of over 6M subscribers was shared. Impacted data included email and IP addresses, usernames, genders, the location of the individual and salted password hashes.
https://haveibeenpwned.com/PwnedWebsites#ToonDoo
In August 2019, the comic strip creation website ToonDoo suffered a data breach (https://www.zataz.com/6-000-000-de-donnees-personnelles-piratees-pour-le-site-toondoo/). The data was subsequently redistributed on a popular hacking forum in November where the personal information of over 6M subscribers was shared. Impacted data included email and IP addresses, usernames, genders, the location of the individual and salted password hashes.
Have I Been Pwned
Have I Been Pwned: Who's Been Pwned
Every breached website added to Have I Been Pwned appears here on the Who’s Been Pwned page. As of today, there are 942 breached sites listed.
Hacker Publishes 2TB of Data from Cayman National Bank
https://twitter.com/DDoSecrets/status/1195899716653010945
https://twitter.com/DDoSecrets/status/1195899716653010945
GPS Underground - 669,584 breached accounts
https://haveibeenpwned.com/PwnedWebsites#GPSUnderground
In early 2017, GPS Underground was amongst a collection of compromised vBulletin websites that were found being sold online (https://www.hackread.com/vbulletin-forums-hacked-accounts-sold-on-dark-web/). The breach dated back to mid-2016 and included 670k records with usernames, email and IP addresses, dates of birth and salted MD5 password hashes.
https://haveibeenpwned.com/PwnedWebsites#GPSUnderground
In early 2017, GPS Underground was amongst a collection of compromised vBulletin websites that were found being sold online (https://www.hackread.com/vbulletin-forums-hacked-accounts-sold-on-dark-web/). The breach dated back to mid-2016 and included 670k records with usernames, email and IP addresses, dates of birth and salted MD5 password hashes.
Have I Been Pwned
Have I Been Pwned: Who's Been Pwned
Every breached website added to Have I Been Pwned appears here on the Who’s Been Pwned page. As of today, there are 942 breached sites listed.
EpicBot - 816,662 breached accounts
https://haveibeenpwned.com/PwnedWebsites#EpicBot
In September 2019, the RuneScape bot provider EpicBot suffered a data breach that impacted 817k subscribers (https://arstechnica.com/information-technology/2019/11/password-data-dumped-online-for-2-2-million-users-of-currency-and-gaming-sites/). Data from the breach was subsequently shared on a popular hacking forum and included usernames, email and IP addresses and passwords stored as either salted MD5 or bcrypt hashes. EpicBot did not respond when contacted about the incident.
https://haveibeenpwned.com/PwnedWebsites#EpicBot
In September 2019, the RuneScape bot provider EpicBot suffered a data breach that impacted 817k subscribers (https://arstechnica.com/information-technology/2019/11/password-data-dumped-online-for-2-2-million-users-of-currency-and-gaming-sites/). Data from the breach was subsequently shared on a popular hacking forum and included usernames, email and IP addresses and passwords stored as either salted MD5 or bcrypt hashes. EpicBot did not respond when contacted about the incident.
Have I Been Pwned
Have I Been Pwned: Who's Been Pwned
Every breached website added to Have I Been Pwned appears here on the Who’s Been Pwned page. As of today, there are 942 breached sites listed.
GateHub - 1,408,078 breached accounts
https://haveibeenpwned.com/PwnedWebsites#GateHub
In October 2019, 1.4M accounts from the cryptocurrency wallet service GateHub were posted to a popular hacking forum (https://arstechnica.com/information-technology/2019/11/password-data-dumped-online-for-2-2-million-users-of-currency-and-gaming-sites/). GateHub had previously acknowledged a data breach in June (https://gatehub.net/blog/gatehub-update-investigation-continues/), albeit with a smaller number of impacted accounts. Data from the breach included email addresses, mnemonic phrases, wallet hashes and passwords stored as bcrypt hashes.
https://haveibeenpwned.com/PwnedWebsites#GateHub
In October 2019, 1.4M accounts from the cryptocurrency wallet service GateHub were posted to a popular hacking forum (https://arstechnica.com/information-technology/2019/11/password-data-dumped-online-for-2-2-million-users-of-currency-and-gaming-sites/). GateHub had previously acknowledged a data breach in June (https://gatehub.net/blog/gatehub-update-investigation-continues/), albeit with a smaller number of impacted accounts. Data from the breach included email addresses, mnemonic phrases, wallet hashes and passwords stored as bcrypt hashes.
Have I Been Pwned
Have I Been Pwned: Who's Been Pwned
Every breached website added to Have I Been Pwned appears here on the Who’s Been Pwned page. As of today, there are 942 breached sites listed.