Sephora - 780,073 breached accounts
https://haveibeenpwned.com/PwnedWebsites#Sephora
In approximately January 2017, the beauty store Sephora suffered a data breach (https://www.zdnet.com/article/sephora-data-breach-hits-southeast-asia-and-anz-customers/). Impacting customers in South East Asia, Australia and New Zealand, 780k unique email addresses were included in the breach alongside names, genders, dates of birth, ethnicities and other personal information. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".
https://haveibeenpwned.com/PwnedWebsites#Sephora
In approximately January 2017, the beauty store Sephora suffered a data breach (https://www.zdnet.com/article/sephora-data-breach-hits-southeast-asia-and-anz-customers/). Impacting customers in South East Asia, Australia and New Zealand, 780k unique email addresses were included in the breach alongside names, genders, dates of birth, ethnicities and other personal information. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".
Have I Been Pwned
Have I Been Pwned: Who's Been Pwned
Every breached website added to Have I Been Pwned appears here on the Who’s Been Pwned page. As of today, there are 942 breached sites listed.
StreetEasy - 988,230 breached accounts
https://haveibeenpwned.com/PwnedWebsites#StreetEasy
In approximately June 2016, the real estate website StreetEasy suffered a data breach (https://therealdeal.com/2019/02/19/a-million-streeteasy-accounts-hacked/). In total, 988k unique email addresses were included in the breach alongside names, usernames and SHA-1 hashes of passwords, all of which appeared for sale on a dark web marketplace in February 2019. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".
https://haveibeenpwned.com/PwnedWebsites#StreetEasy
In approximately June 2016, the real estate website StreetEasy suffered a data breach (https://therealdeal.com/2019/02/19/a-million-streeteasy-accounts-hacked/). In total, 988k unique email addresses were included in the breach alongside names, usernames and SHA-1 hashes of passwords, all of which appeared for sale on a dark web marketplace in February 2019. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".
Have I Been Pwned
Have I Been Pwned: Who's Been Pwned
Every breached website added to Have I Been Pwned appears here on the Who’s Been Pwned page. As of today, there are 942 breached sites listed.
In mid-2019, the Indian interactive online tutoring platform Vedantu suffered a data breach which exposed the personal data of 687k users. The JSON formatted database dump exposed extensive personal information including email and IP address, names, phone numbers, genders and passwords stored as bcrypt hashes. When contacted about the incident, Vedantu advised that they were aware of the breach and were in the process of informing their customers.
https://haveibeenpwned.com/PwnedWebsites#Vedantu
https://haveibeenpwned.com/PwnedWebsites#Vedantu
Have I Been Pwned
Have I Been Pwned: Who's Been Pwned
Every breached website added to Have I Been Pwned appears here on the Who’s Been Pwned page. As of today, there are 942 breached sites listed.
ToonDoo - 6,002,694 breached accounts
https://haveibeenpwned.com/PwnedWebsites#ToonDoo
In August 2019, the comic strip creation website ToonDoo suffered a data breach (https://www.zataz.com/6-000-000-de-donnees-personnelles-piratees-pour-le-site-toondoo/). The data was subsequently redistributed on a popular hacking forum in November where the personal information of over 6M subscribers was shared. Impacted data included email and IP addresses, usernames, genders, the location of the individual and salted password hashes.
https://haveibeenpwned.com/PwnedWebsites#ToonDoo
In August 2019, the comic strip creation website ToonDoo suffered a data breach (https://www.zataz.com/6-000-000-de-donnees-personnelles-piratees-pour-le-site-toondoo/). The data was subsequently redistributed on a popular hacking forum in November where the personal information of over 6M subscribers was shared. Impacted data included email and IP addresses, usernames, genders, the location of the individual and salted password hashes.
Have I Been Pwned
Have I Been Pwned: Who's Been Pwned
Every breached website added to Have I Been Pwned appears here on the Who’s Been Pwned page. As of today, there are 942 breached sites listed.
Hacker Publishes 2TB of Data from Cayman National Bank
https://twitter.com/DDoSecrets/status/1195899716653010945
https://twitter.com/DDoSecrets/status/1195899716653010945
GPS Underground - 669,584 breached accounts
https://haveibeenpwned.com/PwnedWebsites#GPSUnderground
In early 2017, GPS Underground was amongst a collection of compromised vBulletin websites that were found being sold online (https://www.hackread.com/vbulletin-forums-hacked-accounts-sold-on-dark-web/). The breach dated back to mid-2016 and included 670k records with usernames, email and IP addresses, dates of birth and salted MD5 password hashes.
https://haveibeenpwned.com/PwnedWebsites#GPSUnderground
In early 2017, GPS Underground was amongst a collection of compromised vBulletin websites that were found being sold online (https://www.hackread.com/vbulletin-forums-hacked-accounts-sold-on-dark-web/). The breach dated back to mid-2016 and included 670k records with usernames, email and IP addresses, dates of birth and salted MD5 password hashes.
Have I Been Pwned
Have I Been Pwned: Who's Been Pwned
Every breached website added to Have I Been Pwned appears here on the Who’s Been Pwned page. As of today, there are 942 breached sites listed.
EpicBot - 816,662 breached accounts
https://haveibeenpwned.com/PwnedWebsites#EpicBot
In September 2019, the RuneScape bot provider EpicBot suffered a data breach that impacted 817k subscribers (https://arstechnica.com/information-technology/2019/11/password-data-dumped-online-for-2-2-million-users-of-currency-and-gaming-sites/). Data from the breach was subsequently shared on a popular hacking forum and included usernames, email and IP addresses and passwords stored as either salted MD5 or bcrypt hashes. EpicBot did not respond when contacted about the incident.
https://haveibeenpwned.com/PwnedWebsites#EpicBot
In September 2019, the RuneScape bot provider EpicBot suffered a data breach that impacted 817k subscribers (https://arstechnica.com/information-technology/2019/11/password-data-dumped-online-for-2-2-million-users-of-currency-and-gaming-sites/). Data from the breach was subsequently shared on a popular hacking forum and included usernames, email and IP addresses and passwords stored as either salted MD5 or bcrypt hashes. EpicBot did not respond when contacted about the incident.
Have I Been Pwned
Have I Been Pwned: Who's Been Pwned
Every breached website added to Have I Been Pwned appears here on the Who’s Been Pwned page. As of today, there are 942 breached sites listed.
GateHub - 1,408,078 breached accounts
https://haveibeenpwned.com/PwnedWebsites#GateHub
In October 2019, 1.4M accounts from the cryptocurrency wallet service GateHub were posted to a popular hacking forum (https://arstechnica.com/information-technology/2019/11/password-data-dumped-online-for-2-2-million-users-of-currency-and-gaming-sites/). GateHub had previously acknowledged a data breach in June (https://gatehub.net/blog/gatehub-update-investigation-continues/), albeit with a smaller number of impacted accounts. Data from the breach included email addresses, mnemonic phrases, wallet hashes and passwords stored as bcrypt hashes.
https://haveibeenpwned.com/PwnedWebsites#GateHub
In October 2019, 1.4M accounts from the cryptocurrency wallet service GateHub were posted to a popular hacking forum (https://arstechnica.com/information-technology/2019/11/password-data-dumped-online-for-2-2-million-users-of-currency-and-gaming-sites/). GateHub had previously acknowledged a data breach in June (https://gatehub.net/blog/gatehub-update-investigation-continues/), albeit with a smaller number of impacted accounts. Data from the breach included email addresses, mnemonic phrases, wallet hashes and passwords stored as bcrypt hashes.
Have I Been Pwned
Have I Been Pwned: Who's Been Pwned
Every breached website added to Have I Been Pwned appears here on the Who’s Been Pwned page. As of today, there are 942 breached sites listed.
Data Enrichment Exposure From PDL Customer - 622,161,052 breached accounts
https://haveibeenpwned.com/PwnedWebsites#PDL
In October 2019, security researchers Vinny Troia and Bob Diachenko identified an unprotected Elasticsearch server holding 1.2 billion records of personal data (https://www.troyhunt.com/data-enrichment-people-data-labs-and-another-622m-email-addresses). The exposed data included an index indicating it was sourced from data enrichment company People Data Labs (PDL) and contained 622 million unique email addresses. The server was not owned by PDL and it's believed a customer failed to properly secure the database. Exposed information included email addresses, phone numbers, social media profiles and job history data.
https://haveibeenpwned.com/PwnedWebsites#PDL
In October 2019, security researchers Vinny Troia and Bob Diachenko identified an unprotected Elasticsearch server holding 1.2 billion records of personal data (https://www.troyhunt.com/data-enrichment-people-data-labs-and-another-622m-email-addresses). The exposed data included an index indicating it was sourced from data enrichment company People Data Labs (PDL) and contained 622 million unique email addresses. The server was not owned by PDL and it's believed a customer failed to properly secure the database. Exposed information included email addresses, phone numbers, social media profiles and job history data.
Have I Been Pwned
Have I Been Pwned: Who's Been Pwned
Every breached website added to Have I Been Pwned appears here on the Who’s Been Pwned page. As of today, there are 942 breached sites listed.
Some of OnePlus users' order information was accessed by an unauthorized party. They state that all payment information, passwords and accounts are safe, but certain users' name, contact number, email and shipping address may have been exposed.
https://forums.oneplus.com/threads/security-notification.1144088/
https://forums.oneplus.com/threads/security-notification.1144088/
OnePlus Community
Security Notification
This is Ziv, from the Security team. We want to update you that we have discovered that some of our users' order information was accessed by an unauthorized par
Disclaimer: That is more of a collection, rather than a leak.
Still worth mentioning.
https://www.dataviper.io/blog/2019/pdl-data-exposure-billion-people/
Still worth mentioning.
https://www.dataviper.io/blog/2019/pdl-data-exposure-billion-people/
Night Lion Security
Ransomware Negotiation & Dark Web Investigation Services | Night Lion
Leaders in dark web threat intelligence research, ransomware and extortion negotiation, digital investigations, security assessments