Profile avatar
haveibeenpwned.com
51 posts 2,729 followers 2 following
Prolific Poster
Posts 49 Comments 1

New breach: OnRPG had 1M email addresses breached in 2016. Data also included IP address, username and salted MD5 password hash. 86% were already in @haveibeenpwned.com. Read more: cybernews.com/security/bil...

submitted 1 hour ago • 1 comment

New breach: Hungarian education office website TehetségKapu had almost 55k records breached in March. Data included email address, name and username. 32% were already in @haveibeenpwned.com. Read more: 444.hu/2025/03/27/5...

submitted 6 days ago • 1 comment

New breach: Samsung Germany had 216k unique email addresses exposed due to a compromise of their logistics provider, Spectos. Data included name, physical address, purchases and shipping tracking numbers. 49% were already in @haveibeenpwned.com. Read more: www.infostealers.com/article/sams...

submitted 25 days ago • 0 comments

New breach: Indonesian restaurant website Qraved had almost 1M email addresses breached in 2021. Data also included name, phone, DoB and MD5 password hash. 83% were already in @haveibeenpwned.com. Read more: cybernews.com/security/bil...

submitted 28 days ago • 0 comments

New breach: French electronics retailer Boulanger had 967k email addresses breached in September. Data also included name, physical address, phone number and lat and long. 65% were already in @haveibeenpwned.com. Read more: therecord.media/france-retai...

submitted 29 days ago • 1 comment

New breach: German Doner Kebab had 162k unique email addresses publicly posted to a hacking forum last week. Data also included name, phone and physical addrress. 74% were already in @haveibeenpwned.com. Read more: x.com/DarkWebInfor...

submitted 38 days ago • 2 comments

New breach: Troy Hunt's Mailchimp account was successfully phished and a subscriber list for his personal blog was exported. Data included 16k email and IP addresses, plus derived lat long and time zone. 75% were already in @haveibeenpwned.com. Read more: www.troyhunt.com/a-sneaky-phi...

submitted 43 days ago • 3 comments

New sensitive breach: Spyware maker SpyX had almost 2M email addresses breached in June. The data also included IP address, country and what appears to be plain text iCloud credentials. 40% were already in @haveibeenpwned.com. Read more: techcrunch.com/2025/03/19/d...

submitted 49 days ago • 0 comments

New sensitive breach: Lexipol had 672k email addresses breached last month by self-proclaimed "Puppygirl Hacker Polycule". Data included name, phone and MD5 or SHA-256 password hashes. 23% were already in @haveibeenpwned.com. Read more: www.them.us/story/puppyg...

submitted 50 days ago • 2 comments

New sensitive breach: Color Dating had 220k unique email addresses breached in 2018. Data also included name, bio, photo and bcrypt password hash. 59% were already in @haveibeenpwned.com. Read more: cybernews.com/security/bil...

submitted 66 days ago • 0 comments

New breach: The flat earth sun, moon & zodiac app by "Flat Earth Dave" had 33k unique email addresses breached in Oct. Data included plain text passwords and users' lat and long (their position on the globe). 73% were already in @haveibeenpwned.com. More: www.youtube.com/watch?v=71FR...

submitted 67 days ago • 3 comments

New sensitive breach: Spyware service Spyzie had almost 519k email addresses breached this month. The exploited vulnerability also granted access to captured messages, photos, call logs, and more. 48% were already in @haveibeenpwned.com. Read more: techcrunch.com/2025/02/27/s...

submitted 69 days ago • 1 comment

New breach: Orange Romania had hundreds of thousands of email addresses breached and published this week. Data included phone number, subscription details and partial credit cards. 17% were already in @haveibeenpwned.com. Read more: www.bleepingcomputer.com/news/securit...

submitted 70 days ago • 0 comments

New stealer logs: 23B rows of "ALIEN TXTBASE" logs with 284M unique email addresses have been added to HIBP. New APIs can now search these by email domain and the domain of the website they were captured on. 69% were already in @haveibeenpwned.com . Read more: www.troyhunt.com/processing-2...

submitted 71 days ago • 4 comments

New sensitive breach: Spyware service Spyic had almost 876k email addresses breached this month. The exploited vulnerability also granted access to captured messages, photos, call logs, and more. 46% were already in @haveibeenpwned.com. Read more: techcrunch.com/2025/02/20/s...

submitted 76 days ago • 0 comments

New sensitive breach: Spyware service Cocospy had almost 1.8M email addresses breached this month. The exploited vulnerability also granted access to captured messages, photos, call logs, and more. 50% were already in @haveibeenpwned.com. Read more: techcrunch.com/2025/02/20/s...

submitted 76 days ago • 0 comments

New breach: Storenvy was breached in 2019. 1.8M rows with cracked password hashes were posted publicly. The source breach included 23M rows with 11M unique email addresses & salted SHA-1 hashes, among other data. 54% were already in @haveibeenpwned.com. More: hackread.com/e-commerce-f...

submitted 80 days ago • 0 comments

New sensitive breach: Yesterday, Doxbin was breached by "TOoDA" and 136k email addresses and associated usernames were publicly leaked. 46% were already in @haveibeenpwned.com. Read more: x.com/vxundergroun...

submitted 84 days ago • 1 comment

New breach: Zacks allegedly had 12M email addresses breached last year in a separate incident to their 2022 breach. Date included name, IP and physical address, phone and unsalted SHA-256 password hash. 93% were already in @haveibeenpwned.com. Read more: darkwebinformer.com/a-threat-act...

submitted 84 days ago • 0 comments

New breach: GPS tracking service LandAirSea had 337k customer records breached last month. Data included name, email, partial credit card data and tracking device information. 75% were already in @haveibeenpwned.com haveibeenpwned.com

submitted 86 days ago • 0 comments

New breach: Adopt Me Trading Values had 86k records breached in 2022. Data included email address, username (and Roblox username), IP address and bcrypt password hash. 27% were already in @haveibeenpwned.com. Read more: cybernews.com/security/bil...

submitted 87 days ago • 0 comments

New breach: Indonesian career platform Youthmanual had 938k email addresses breached in 2019. Data included name, date and place of birth, gender, phone number, physical address and salted SHA-1 password hash. 79% were already in @haveibeenpwned.com. More: thehackernews.com/2019/03/data...

submitted 88 days ago • 1 comment

New breach: The Thermomix "Recipe World" forum had 3.1M records breached in the last week. Data included name, email, physical address, phone number, DoB and (usually cooking-related) bio. 62% were already in @haveibeenpwned.com. Read more: www.presseportal.de/pm/52621/596...

submitted 90 days ago • 0 comments

New breach: Japanese solder business Hakko had almost 10k records breached in 2019. Data included email and physical address, phone, name, gender, DoB and plain text password. 92% were already in @haveibeenpwned.com. Read more: upfsecurity.co.jp/pmark/8395/

submitted 91 days ago • 1 comment

New breach: South Korean education platform PoinCampus had 89k email addresses breached in November. Data also included name and a small number of phone numbers and DoBs. 34% were already in @haveibeenpwned.com. Read more: darkwebinformer.com/888-has-alle...

submitted 93 days ago • 0 comments

New breach: Betting site 1win had 96M records breached in November. Data included email and IP address, phone number, DoB, country and SHA-256 password hash. 17% were already in @haveibeenpwned.com. Read more: cryptoadventure.com/1win-hack-le...

submitted 93 days ago • 0 comments

New breach: The DragonNest MMORGP had over 500k unique email addresses breached in 2013. Data also included username, IP address and plain text password. 81% were already in @haveibeenpwned.com. Read more: cybernews.com/security/bil...

submitted 94 days ago • 0 comments

New breach: Belgian gaming news forum 9Lives (now defunct) had 109k email addresses breached in 2014. Data also included usernames and salted MD5 password hashes. 80% were already in @haveibeenpwned.com. Read more: cybernews.com/security/bil...

submitted 95 days ago • 0 comments

New unverified breach: Data allegedly taken from Brazilian lead gen platform Speedio was posted for sale last week. It included 27M email addresses along with company names, addresses and phone numbers. 51% were already in @haveibeenpwned.com. Read more: darkwebinformer.com/a-threat-act...

submitted 98 days ago • 0 comments

New breach: Now defunct gaming site HeatGames had 650k unique email addresses breached in 2021 and later distributed as part of a larger corpus. Data included IP address, country and salted MD5 password hash. 65% were already in @haveibeenpwned.com. More: cybernews.com/security/bil...

submitted 100 days ago • 0 comments

New sensitive breach: Doxbin had 435k email addresses scraped from the service in the last week. 75% were already in @haveibeenpwned.com. Read more: medium.com/@zuajes/publ...

submitted 100 days ago • 1 comment

New breach: Frame & Optic had almost 16k email addresses breached last week. Data also included name, phone and geolocation info. 67% were already in @haveibeenpwned.com. Read more: dailydarkweb.net/eyewear-whol...

submitted 105 days ago • 1 comment

New breach: Welhof had over 100k email addresses breached last year. Data also included name, physical address and value of purchases. 70% were already in @haveibeenpwned.com. Read more: www.welhof.com/nl_nl/klante...

submitted 105 days ago • 0 comments

New breach: Otelier had 437k unique email addresses exposed for customers of hotel brands including Marriott. Data also included name, physical address, phone, purchases and some partial credit card numbers. 80% were already in @haveibeenpwned.com. Read more: www.bleepingcomputer.com/news/securit...

submitted 110 days ago • 0 comments

New breach: MSI inadvertently left 250k unique email addresses publicly exposed with RMA warranty claims last year. Data also included name, phone and physical address. 84% were already in @haveibeenpwned.com. Read more: www.youtube.com/watch?v=DeE_...

submitted 111 days ago • 2 comments

New breach: Last week 80k email addresses breached from the Columbian website of Le Coq Sportif were published online. Data included physical and IP address, name, purchases, gender, DoB and bcrypt password hash. 68% were already in @haveibeenpwned.com. More: dailydarkweb.net/colombia-dat...

submitted 112 days ago • 0 comments

New breach: Stealer logs with 71M unique addresses have been added with a new feature to return the websites the logs were collected against. 106M new passwords were also added to Pwned Passwords. 72% of addresses were already in @haveibeenpwned.com. More: troyhunt.com/experimentin...

submitted 114 days ago • 1 comment

New breach: Scholastic had a breach with 4.2M unique email addresses appearing last week. Many records also included name, phone number and physical address. 70% were already in @haveibeenpwned.com. Read more: www.dailydot.com/debug/furry-...

submitted 115 days ago • 1 comment

New breach: SuperDraft had 300k records breached in October. Data included email address, username, transactions, lat and long, DoB and bcrypt password hashes. 62% were already in @haveibeenpwned.com. Read more: x.com/troyhunt/sta...

submitted 116 days ago • 1 comment

New breach: Jewellery store GLAMIRA had 875k email addresses breached in late 2023. Data also included name, phone number and purchases. 68% were already in @haveibeenpwned.com. Read more: www.reddit.com/r/Engagement...

submitted 125 days ago • 0 comments

New breach: More than 90M rows of French citizen data with 28M unique email addresses was found publicly facing in Sep. Data included name, IP, physical address and partial card data. 70% were already in @haveibeenpwned. Read more: cybernews.com/security/fre...

submitted 138 days ago • 4 comments

New breach: Young Living Essential Oils had 1.1M unique email addresses breached and advertised on a hacking forum this month. Data included name, country and DoB. 78% were already in @haveibeenpwned.com. Read more: x.com/H4ckManac/st...

submitted 139 days ago • 1 comment

New breach: German gift store schenkYOU had 237k records breached earlier this year including email address, name, DoB and salted SHA-256 password hash. 54% were already in @haveibeenpwned. Read more: dailydarkweb.net/alleged-data...

submitted 139 days ago • 0 comments

New breach: BitView had 63k unique email addresses breached last week. Data also included IP, username, bcrypt password hash, private messages and video comments. 27% were already in @haveibeenpwned.com. Read more: www.bitview.net/blog#157

submitted 140 days ago • 0 comments

New breach: Hopamedia had 24M unique email addresses exposed in a breach dating back to 2020. Data also includes name, country, phone number and the number's telecommunications carrier. 66% were already in @haveibeenpwned.com. Read more: x.com/troyhunt/sta...

submitted 142 days ago • 5 comments

New breach: MC2 Data had 2.1M customer records exposed via an unprotected database in August. Marketed under different brands, the data included email address, name and salted SHA-25 password. 60% were already in @haveibeenpwned.com . Read more: cybernews.com/security/us-...

submitted 143 days ago • 0 comments

New breach: Senegalese payment platform Yonéma had 36k unique email addresses breached and posted publicly last month. Data included name, phone and encrypted password and DoB. 52% were already in @haveibeenpwned.com. Read more: x.com/cyberfeeddig...

submitted 145 days ago • 0 comments

New breach: German electricity provider Tibber had 50k records breached last month. Data included name, email, geolocation and total purchases value. 56% were already in @haveibeenpwned.com. Read more: www.heise.de/en/news/Elec...

submitted 145 days ago • 0 comments

New breach: Now defunct 40+ dating service Senior Dating had 766k records breached earlier this year. The breach contained extensive personal info including email, Facebook profiles and precise lat and long. 17% were already in @haveibeenpwned. Read more: x.com/RhinozzCode/...

submitted 149 days ago • 0 comments