Latest Breach Information

Below is a list of the last 25 known data breaches and any information we may have about them.


CoinMarketCap

Added Date: 10/22/2021
Breach Date: 10/12/2021
Updated Date: 10/22/2021
Breach Count: 3,117,548
Content: Email addresses
Domain: coinmarketcap.com

Description:

During October 2021, 3.1 million email addresses with accounts on the cryptocurrency market capitalisation website CoinMarketCap were discovered being traded on hacking forums. Whilst the email addresses were found to correlate with CoinMarketCap accounts, it's unclear precisely how they were obtained. CoinMarketCap has provided the following statement on the data: "CoinMarketCap has become aware that batches of data have shown up online purporting to be a list of user accounts. While the data lists we have seen are only email addresses (no passwords), we have found a correlation with our subscriber base. We have not found any evidence of a data leak from our own servers — we are actively investigating this issue and will update our subscribers as soon as we have any new information."

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Thingiverse

Added Date: 10/14/2021
Breach Date: 10/13/2020
Updated Date: 10/14/2021
Breach Count: 228,102
Content: Dates of birth, Email addresses, IP addresses, Names, Passwords, Physical addresses, Usernames
Domain: thingiverse.com

Description:

In October 2021, a database backup taken from the 3D model sharing service Thingiverse began extensively circulating within the hacking community. Dating back to October 2020, the 36GB file contained 228 thousand unique email addresses, mostly alongside comments left on 3D models. The data also included usernames, IP addresses, full names and passwords stored as either unsalted SHA-1 or bcrypt hashes. In some cases, physical addresses was also exposed. Thingiverse's owner, MakerBot, is aware of the incident but at the time of writing, is yet to issue a disclosure statement. The data was provided to HIBP by dehashed.com.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Playbook

Added Date: 10/11/2021
Breach Date: 10/19/2020
Updated Date: 10/11/2021
Breach Count: 50,538
Content: Email addresses, Job titles, Names, Passwords, Phone numbers, Social media profiles
Domain: playbook.vc

Description:

In September 2021, a publicly accessible PostgresSQL database belonging to the Playbook service was identified. Run by VC firm Plug and Play Ventures, the database had been exposed since October 2020 and contained more than 50 thousand unique email addresses along with names, phone numbers, job titles and passwords stored as PBKDF2 hashes. It took more than 2 weeks after being notified of the exposed data to properly secure it. It's unknown whether Plug and Play Ventures notified impacted individuals as they ceased responding to queries from the press.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Fantasy Football Hub

Added Date: 10/7/2021
Breach Date: 10/2/2021
Updated Date: 10/7/2021
Breach Count: 66,479
Content: Email addresses, IP addresses, Names, Passwords, Purchases, Usernames
Domain: fantasyfootballhub.co.uk

Description:

In October 2021, the fantasy premier league (soccer) website Fantasy Football Hub suffered a data breach that exposed 66 thousand unique email addresses. The data included names, usernames, IP addresses, transactions and passwords stored as WordPress MD5 hashes.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Republican Party of Texas

Added Date: 10/6/2021
Breach Date: 9/11/2021
Updated Date: 10/6/2021
Breach Count: 72,596
Content: Browser user agent details, Email addresses, Geographic locations, IP addresses, Names
Domain: texasgop.org

Description:

In September 2021, the Republican Party of Texas was hacked by a group claiming to be "Anonymous" in retaliation for the state's controversial abortion ban. The September defacement was followed by a leak of data and documents which included material from the hosting provider Epik. Impacted data included over 72 thousand unique email addresses across various tables, some also including names, geographic location data, IP addresses and browser user agents.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

LinkedIn Scraped Data

Added Date: 10/2/2021
Breach Date: 4/8/2021
Updated Date: 10/2/2021
Breach Count: 125,698,496
Content: Education levels, Email addresses, Genders, Geographic locations, Job titles, Names, Social media profiles
Domain: linkedin.com

Description:

During the first half of 2021, LinkedIn was targeted by attackers who scraped data from hundreds of millions of public profiles and later sold them online. Whilst the scraping did not constitute a data breach nor did it access any personal data not intended to be publicly accessible, the data was still monetised and later broadly circulated in hacking circles. The scraped data contains approximately 400M records with 125M unique email addresses, as well as names, geographic locations, genders and job titles. LinkedIn specifically addresses the incident in their post on An update on report of scraped data.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Ajarn

Added Date: 9/25/2021
Breach Date: 12/13/2018
Updated Date: 9/25/2021
Breach Count: 266,399
Content: Dates of birth, Education levels, Email addresses, Genders, Geographic locations, Job applications, Marital statuses, Names, Nationalities, Passwords, Phone numbers, Profile photos
Domain: ajarn.com

Description:

In September 2021, the Thai-based English language teaching website Ajarn discovered they'd been the victim of a data breach dating back to December 2018. The breach was self-submitted to HIBP and included 266k email addresses, names, genders, phone numbers and other personal information. Hashed passwords were also impacted in the breach.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Epik

Added Date: 9/19/2021
Breach Date: 9/13/2021
Updated Date: 9/19/2021
Breach Count: 15,003,961
Content: Email addresses, Names, Phone numbers, Physical addresses, Purchases
Domain: epik.com

Description:

In September 2021, the domain registrar and web host Epik suffered a significant data breach, allegedly in retaliation for hosting alt-right websites. The breach exposed a huge volume of data not just of Epik customers, but also scraped WHOIS records belonging to individuals and organisations who were not Epik customers. The data included over 15 million unique email addresses (including anonymised versions for domain privacy), names, phone numbers, physical addresses, purchases and passwords stored in various formats.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

IndiaMART

Added Date: 8/27/2021
Breach Date: 5/23/2021
Updated Date: 8/27/2021
Breach Count: 20,154,583
Content: Email addresses, Names, Phone numbers, Physical addresses
Domain: indiamart.com

Description:

In August 2021, 38 million records from Indian e-commerce company IndiaMART were found being traded on a popular hacking forum. Dated several months earlier, the data included over 20 million unique email addresses alongside names, phone numbers and physical addresses. It's unclear whether IndiaMART intentionally exposed the data attributes as part of the intended design of the platform or whether the data was obtained by exploiting a vulnerability in the service.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Imavex

Added Date: 8/26/2021
Breach Date: 8/20/2021
Updated Date: 8/26/2021
Breach Count: 878,209
Content: Email addresses, Genders, Names, Partial credit card data, Passwords, Phone numbers, Physical addresses, Purchases, Usernames
Domain: imavex.com

Description:

In August 2021, the website development company Imavex suffered a data breach that exposed 878 thousand unique email addresses. The data included user records containing names, usernames and password material with some records also containing genders and partial credit card data, including the last 4 digits of the card and expiry date. Hundreds of thousands of form submissions and orders via Imavex customers were also exposed and contained further personal information of submitters and the contents of the form.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

SubaGames

Added Date: 8/25/2021
Breach Date: 11/1/2016
Updated Date: 8/25/2021
Breach Count: 6,137,666
Content: Email addresses, Passwords, Usernames
Domain: subagames.com

Description:

In November 2016, the game developer Suba Games suffered a data breach which led to the exposure of 6.1M unique email addresses. Impacted data also included usernames and passwords, most of which appeared circulating in the breached file in plain text after being cracked from salted MD5 hashes. The data was provided to HIBP by dehashed.com.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Eatigo

Added Date: 8/24/2021
Breach Date: 10/16/2018
Updated Date: 8/24/2021
Breach Count: 2,789,609
Content: Email addresses, Genders, Names, Passwords, Phone numbers, Social media profiles
Domain: eatigo.com

Description:

In October 2018, the restaurant reservation service Eatigo suffered a data breach that exposed 2.8 million accounts. The data included email addresses, names, phone numbers, social media profiles, genders and passwords stored as unsalted MD5 hashes.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

OrderSnapp

Added Date: 8/7/2021
Breach Date: 6/29/2020
Updated Date: 8/7/2021
Breach Count: 1,304,447
Content: Dates of birth, Email addresses, Names, Passwords, Phone numbers
Domain: ordersnapp.com

Description:

In June 2020, the restaurant solutions provider OrderSnapp suffered a data breach which exposed 1.3M unique email addresses. Impacted data also included names, phone numbers, dates of birth and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

MMG Fusion

Added Date: 8/7/2021
Breach Date: 12/20/2020
Updated Date: 8/7/2021
Breach Count: 2,660,295
Content: Appointments, Dates of birth, Email addresses, Genders, Marital statuses, Names, Passwords, Phone numbers, Physical addresses
Domain: mmgfusion.com

Description:

In December 2020, the dental practice management service MMG Fusion was the victim of a data breach which exposed 2.6M unique email addresses. The data also included patient appointments, names, phone numbers, dates of birth, genders and physical addresses. A small number of records also included passwords stored as bcrypt hashes.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Audi

Added Date: 7/23/2021
Breach Date: 8/14/2019
Updated Date: 7/23/2021
Breach Count: 2,743,539
Content: Dates of birth, Driver's licenses, Email addresses, Names, Phone numbers, Physical addresses, Social security numbers, Vehicle details
Domain: audiusa.com

Description:

In August 2019, Audi USA suffered a data breach after a vendor left data unsecured and exposed on the internet. The data contained 2.7M unique email addresses along with names, phone numbers, physical addresses and vehicle information including VIN. In a disclosure statement from Audi, they also advised some customers had driver's licenses, dates of birth, social security numbers and other personal information exposed.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Guntrader

Added Date: 7/21/2021
Breach Date: 7/17/2021
Updated Date: 7/21/2021
Breach Count: 112,031
Content: Browser user agent details, Email addresses, Geographic locations, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Salutations
Domain: guntrader.uk

Description:

In July 2021, the United Kingdom based website Guntrader suffered a data breach that exposed 112k unique email addresses. Extensive personal information was also exposed including names, phone numbers, geolocation data, IP addresses and various physical address attributes (cities for all users, complete addresses for some). Passwords stored as bcrypt hashes were also exposed.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Short Édition

Added Date: 7/18/2021
Breach Date: 6/26/2021
Updated Date: 7/18/2021
Breach Count: 505,466
Content: Dates of birth, Email addresses, Genders, Names, Passwords, Phone numbers, Physical addresses, Social media profiles, Usernames
Domain: short-edition.com

Description:

In June 2021, the French publishing house of short literature Short Édition suffered a data breach that exposed 505k records. Impacted data included email and physical addresses, names, usernames, phone numbers, dates of birth, genders and passwords stored as either salted SHA-1 or salted SHA-512 hashes. Short Édition self-submitted the impacted data to HIBP.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Vastaamo

Added Date: 7/16/2021
Breach Date: 3/31/2019
Updated Date: 8/27/2021
Breach Count: 30,433
Content: Email addresses, Names, Personal health data, Social security numbers
Domain: vastaamo.fi

Description:

In October 2020, the Finnish psychotherapy service Vastaamo was the subject of a ransomware attack targeting first the company itself, followed by their patients directly. The original security incident dates back to a period between late 2018 and early 2019 and exposed data including 30k unique email addresses, names, social security numbers and notes on individuals' psychotherapy sessions. This breach has been flagged as "sensitive" and is only searchable by owners of the email addresses and domains exposed in the incident.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Raychat

Added Date: 7/3/2021
Breach Date: 1/31/2021
Updated Date: 7/3/2021
Breach Count: 938,981
Content: Browser user agent details, Email addresses, IP addresses, Names, Passwords
Domain: raychat.ir

Description:

In January 2021, the now defunct Iranian social media platform Raychat suffered a data breach that exposed 939 thousand unique email addresses. The data included names, IP addresses, browser user agent strings and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

Teespring

Added Date: 6/25/2021
Breach Date: 4/1/2020
Updated Date: 6/25/2021
Breach Count: 8,234,193
Content: Email addresses, Geographic locations, Names, Social media profiles
Domain: teespring.com

Description:

In April 2020, the custom printed apparel website Teespring suffered a data breach that exposed 8.2 million customer records. The data included email addresses, names, geographic locations and social media IDs.

Verified: , Fabricated: , Sensitive: , Active: , Retired: , Is Spam List:

























Account Search

This site simply searches online databases of compromised account information in an attempt to help you keep your accounts safe and secure. We do not actually have or store any information -- including the usernames and email addresses you enter above.

Share This!


Make a Donation To Keep Us Running