| Risiko / Label | Veröffentlichung | |
|---|---|---|
| Risiko ? / 10 | vor 486273 Stunde(n) | |
| Risiko ? / 10 | vor 486273 Stunde(n) | |
| Risiko ? / 10 | vor 486273 Stunde(n) | |
| Risiko ? / 10 | vor 486273 Stunde(n) | |
| Risiko ? / 10 | vor 486273 Stunde(n) | |
| Risiko ? / 10 | vor 486273 Stunde(n) | |
| Risiko ? / 10 | vor 486273 Stunde(n) | |
| Risiko ? / 10 | vor 486273 Stunde(n) | |
| Risiko ? / 10 | vor 486273 Stunde(n) | |
| Risiko ? / 10 | vor 486273 Stunde(n) | |
| Risiko ? / 10 | vor 486273 Stunde(n) | |
| Risiko ? / 10 | vor 486273 Stunde(n) | |
| Risiko ? / 10 | vor 486273 Stunde(n) | |
| Risiko ? / 10 | vor 486273 Stunde(n) | |
| Risiko ? / 10 | vor 486273 Stunde(n) | |
| Risiko ? / 10 | vor 486273 Stunde(n) | |
| Risiko ? / 10 | vor 486273 Stunde(n) | |
| Risiko ? / 10 | vor 486273 Stunde(n) | |
| Risiko ? / 10 | vor 486273 Stunde(n) | |
| Risiko ? / 10 | vor 486273 Stunde(n) | |
| Risiko ? / 10 | vor 486273 Stunde(n) | |
| Risiko ? / 10 | vor 486273 Stunde(n) | |
| Risiko ? / 10 | vor 486273 Stunde(n) | |
| Risiko ? / 10 | vor 486273 Stunde(n) | |
| Risiko ? / 10 | vor 486273 Stunde(n) | |
| Risiko ? / 10 | vor 486273 Stunde(n) | |
| Risiko ? / 10 | vor 486273 Stunde(n) | |
| Risiko ? / 10 | vor 486273 Stunde(n) | |
| Risiko ? / 10 | vor 486273 Stunde(n) | |
| Risiko ? / 10 | vor 486273 Stunde(n) | |
| 24.05.2025 - ColoCrossing | 7.183 Datensätze geleaked | |
| Email addresses, Names, Passwords In May 2025, hosting provider ColoCrossing identified a data breach that impacted customers of their ColoCloud virtual server product. ColoCrossing advised the incident was isolated to their cloud/VPS platform and stemmed from a single sign-on vulnerability. 7k email addresses were exposed in the incident along with names and MD5-Crypt password hashes. |
||
| 23.05.2025 - Operation Endgame 2.0 | 15.436.844 Datensätze geleaked | |
| Email addresses, Passwords In May 2025, a coalition of law enforcement agencies took down the criminal infrastructure behind the malware used to launch ransomware attacks in a new phase of "Operation Endgame". This followed the first Operation Endgame exercise a year earlier, with the latest action resulting in 15.3M victim email addresses being provided to HIBP by law enforcement. A further 43.8M victim passwords were also provided for HIBP's Pwned Passwords service. |
||
| 06.05.2025 - Ualabee | 472.296 Datensätze geleaked | |
| Dates of birth, Email addresses, Names, Phone numbers, Profile photos In May 2025, the South American mobility services platform Ualabee had hundreds of thousands of records scraped from an interface on their platform. The data included 472k unique email addresses along with names, profile photos, dates of birth and phone numbers. |
||
| 30.03.2025 - Samsung Germany Customer Tickets | 216.333 Datensätze geleaked | |
| Email addresses, Names, Physical addresses, Purchases, Salutations, Shipment tracking numbers, Support tickets In March 2025, data from Samsung Germany was compromised in a data breach of their logistics provider, Spectos. Allegedly due to credentials being obtained by malware running on a Spectos employee's machine, the breach included 216k unique email addresses along with names, physical addresses, items purchased from Samsung Germany and related support tickets and shipping tracking numbers. |
||
| 27.03.2025 - German Doner Kebab | 162.373 Datensätze geleaked | |
| Email addresses, Names, Phone numbers, Physical addresses In March 2025, data allegedly sourced from German Doner Kebab was published on a popular hacking forum. The data included 162k unique email addresses alongside names, phone numbers and physical addresses. German Doner Kebab subsequently sent a disclosure notice to impacted individuals. |
||
| 26.03.2025 - TehetségKapu | 54.357 Datensätze geleaked | |
| Email addresses, Names, Usernames In March 2025, almost 55k records were breached from the Hungarian education office website TehetségKapu. The data was subsequently published to a popular hacking forum and included email addresses, names and usernames. |
||
| 25.03.2025 - Troy Hunt's Mailchimp List | 16.627 Datensätze geleaked | |
| Email addresses, Geographic locations, IP addresses In March 2025, a phishing attack successfully gained access to Troy Hunt's Mailchimp account and automatically exported a list of people who had subscribed to the newsletter for his personal blog. The exported list contained 16k email addresses and other data automatically collected by Mailchimp including IP address and a derived latitude, longitude and time zone. |
||
| 24.02.2025 - Orange Romania | 556.557 Datensätze geleaked | |
| Email addresses, Partial credit card data, Phone numbers In February 2025, the Romanian arm of telecommunications company Orange suffered a data breach which was subsequently published to a popular hacking forum. The data included 556k email addresses (of which hundreds of thousands were in the form of [phone number]@as1.romtelecom.net), phone numbers, subscription details, partial credit card data (type, last 4 digits, expiration date and issuing bank). The breach also exposed an extensive number of internal documents. |
||
| 15.02.2025 - ALIEN TXTBASE Stealer Logs | 284.132.969 Datensätze geleaked | |
| Email addresses, Passwords In February 2025, 23 billion rows of stealer logs were obtained from a Telegram channel known as ALIEN TXTBASE. The data contained 284M unique email addresses alongside the websites they were entered into and the passwords used. This data is now searchable in HIBP by both email domain and the domain of the target website. |
||
| 14.02.2025 - Cocospy | 1.798.059 Datensätze geleaked | |
| Email addresses In February 2025, the spyware service Cocospy suffered a data breach along with sibling spyware service, Spyic. The Cocospy breach alone exposed almost 1.8M customer email addresses which were provided to HIBP, and reportedly also enabled unauthorised access to captured messages, photos, call logs, and more. The data was provided to HIBP by a source who requested it be attributed to "zathienaephi@proton.me". |
||
| 14.02.2025 - Spyic | 875.999 Datensätze geleaked | |
| Email addresses In February 2025, the spyware service Spyic suffered a data breach along with sibling spyware service, Cocospy. The Spyic breach alone exposed almost 876k customer email addresses which were provided to HIBP, and reportedly also enabled unauthorised access to captured messages, photos, call logs, and more. The data was provided to HIBP by a source who requested it be attributed to "zathienaephi@proton.me". |
||
| 11.02.2025 - Lexipol | 672.546 Datensätze geleaked | |
| Email addresses, Names, Passwords, Phone numbers, Usernames In February 2025, the public safety policy management systems company Lexipol suffered a data breach. Attributed to the self-proclaimed "Puppygirl Hacker Polycule", the breach exposed an extensive number of documents and user records which were subsequently published publicly. The breach included over 670k unique email addresses in the user records, along with names, phone numbers, system-generated usernames and passwords stored as either MD5 or SHA-256 hashes. |
||
| 30.01.2025 - Thermomix Recipe World Forum | 3.123.439 Datensätze geleaked | |
| Bios, Dates of birth, Email addresses, Names, Phone numbers, Physical addresses, Usernames In January 2025, the Rezeptwelt (German for "recipe world") forum for Thermomix owners suffered a data breach. The incident exposed 3.1M registered users' details including names, email and physical addresses, phone numbers, dates of birth and bios (usually cooking related). The data was provided to HIBP by a source who requested it be attributed to "ayame@xmpp.jp". |
||
| 24.01.2025 - Doxbin Scrape | 435.784 Datensätze geleaked | |
| Email addresses In January 2025, 435k email addresses were scraped from the "doxing" service Doxbin. Posts to the service are usually intended to disclose the personal information of non-consensually third parties. The data was provided to HIBP by a source who requested it be attributed to "oathnet.ru". |
||
| 16.01.2025 - Frame & Optic | 15.678 Datensätze geleaked | |
| Email addresses, Geographic locations, Names, Phone numbers In January 2025, the eyewear seller Frame & Optic suffered a data breach. The incident exposed almost 16k unique email addresses along with names, phone numbers and geolocation data including country, state and postcode. The data was provided to HIBP by a source who requested it be attributed to "oathnet.ru". |
||
| 13.01.2025 - Stealer Logs, Jan 2025 | 71.039.833 Datensätze geleaked | |
| Email addresses, Passwords In January 2025, stealer logs with 71M email addresses were added to HIBP. Consisting of email address, password and the website the credentials were entered against, this breach marks the launch of a new HIBP feature enabling the retrieval of the specific websites the logs were collected against. The incident also resulted in 106M more passwords being added to the Pwned Passwords service. |
||
| 12.01.2025 - LandAirSea | 337.373 Datensätze geleaked | |
| Email addresses, Names, Partial credit card data, Passwords, Physical addresses, Usernames In January 2025, the GPS tracking service LandAirSea suffered a data breach that exposed 337k unique customer email addresses alongside names, usernames and password hashes. The breach also exposed partial credit card data (card type, last 4 digits and expiration), and GPS device identifiers and locations. LandAirSea is aware of the breach and has remediated the underlying vulnerability. The data was provided to HIBP by a source who requested it be attributed to "zathienaephi@proton.me". |
||
| 08.01.2025 - Scholastic | 4.247.768 Datensätze geleaked | |
| Email addresses, Names, Phone numbers, Physical addresses In January 2025, a data breach of the publishing company Scholastic surfaced. The breach contained 4.2M unique email addresses with many of the records also including name, phone number and physical address. |
||
| 24.12.2024 - Speedio | 27.501.041 Datensätze geleaked | |
| Company names, Email addresses, Phone numbers, Physical addresses In December 2024, data alleged to have been taken from the Brazilian lead generation platform Speedio was posted for sale to a popular hacking forum. The data was allegedly obtained from an unsecured Elasticsearch instance and contained over 62M records of largely public business information including company names, phone numbers and physical addresses, along with 27M unique email addresses, predominantly from public services such as Gmail and Outlook. Speedio did not respond to multiple attempts to disclose the incident, and the origin of the data could not be independently verified. The data was provided to HIBP by a source who requested it be attributed to "ayame@xmpp.jp". |
||
| 14.12.2024 - BitView | 63.127 Datensätze geleaked | |
| Bios, Comments, Dates of birth, Email addresses, Genders, Geographic locations, IP addresses, Passwords, Private messages, Usernames In December 2024, the video sharing Community BitView suffered a data breach that exposed 63k customer records. Attributed to a backup taken by a previous administrator earlier in the year, the breach exposed email and IP addresses, bcrypt password hashes, usernames, bios, private messages, video comments and for some records, gender, date of birth and country of location. |
||
| 11.12.2024 - Young Living Essential Oils | 1.128.951 Datensätze geleaked | |
| Dates of birth, Email addresses, Geographic locations, Names In December 2024, data claimed to be breached from the multi-level marketing company Young Living Essential Oils was posted to a popular hacking forum. The data contained 1.1M unique email addresses alongside names, the country of the account and in many cases, their date of birth. The data was provided to HIBP by a source who requested it be attributed to "Threat Actor 888". Young Living Essential Oils did not respond to multiple attempts to contact them about the data. |
||
| 23.11.2024 - Senior Dating | 765.517 Datensätze geleaked | |
| Bios, Dates of birth, Drinking habits, Education levels, Email addresses, Genders, Geographic locations, Occupations, Profile photos, Relationship statuses, Smoking habits, Social media profiles In 2024, the 40+ dating website Senior Dating suffered a data breach. Attributed to an exposed Firebase database, the breach included extensive personal information on 766k users of the service including email addresses, photos, genders, links to Facebook accounts, dates of birth and precise latitude and longitude, among other personal attributes. The website was shut down after the breach was acknowledged by the site operator in December, along with a breach of the "ladies.com" website run by the same organisation. |
||
| 21.11.2024 - Yonéma | 35.962 Datensätze geleaked | |
| Dates of birth, Device information, Email addresses, IP addresses, Names, Passwords, Phone numbers In November 2024, data from the Senegalese payment platform Yonéma was posted to a popular hacking forum. The data included 36k unique email addresses alongside phone numbers, names and what appears to be encrypted passwords and dates of birth. |
||
| 18.11.2024 - FlipaClip | 892.854 Datensätze geleaked | |
| Dates of birth, Email addresses, Geographic locations, Names In November 2024, the animation app FlipaClip suffered a data breach that exposed almost 900k records due to an exposed Firebase server. The impacted data included name, email address, country and date of birth. FlipaClip advised the issue has since been rectified. |
||
| 15.11.2024 - The Real World | 324.382 Datensätze geleaked | |
| Chat logs, Email addresses, Usernames In November 2024, the online course founded by Andrew Tate known as "The Real World" (previously "Hustler's University" suffered a data breach that exposed almost 325k users of the platform. The impacted data was limited to usernames, email addresses and chat logs. |
||
| 14.11.2024 - PoinCampus | 89.116 Datensätze geleaked | |
| Dates of birth, Email addresses, Names, Phone numbers In November 2024, the South Korean education platform PoinCampus suffered a data breach which was later published to a popular hacking forum. The data included 89k unique email addresses, names and a small number of phone numbers and dates of birth. The data was provided to HIBP by a source who requested it be attributed to "Threat Actor 888". |
||
| 10.11.2024 - Tibber | 50.002 Datensätze geleaked | |
| Email addresses, Geographic locations, Names, Purchases In November 2024, the German electricity provider Tibber suffered a data breach that exposed the personal information of 50k customers. The data included names, email addresses, geographic locations (city and postcode) and total spend on purchases. The data was provided to HIBP by a source who requested it be attributed to "Threat Actor 888". |
||
| 02.11.2024 - 1win | 96.166.543 Datensätze geleaked | |
| Dates of birth, Email addresses, Geographic locations, IP addresses, Passwords, Phone numbers In November 2024, the online betting platform 1win suffered a data breach that exposed 96M users. The exposed data included email and IP addresses, phone numbers, dates of birth, country and SHA-256 password hashes. The data was provided to HIBP by a source who requested it be attributed to "Leidhall". |
||
| 27.10.2024 - SuperDraft | 300.187 Datensätze geleaked | |
| Dates of birth, Email addresses, Geographic locations, Passwords, Purchases, Usernames In October 2024, the fantasy sports platform SuperDraft suffered a data breach that exposed over 300k customer records. The breach contained 24GB of data including email addresses, usernames, purchases, latitudes and longitudes, dates of birth and bcrypt password hashes. |
||
| 19.10.2024 - Hot Topic | 56.904.909 Datensätze geleaked | |
| Dates of birth, Email addresses, Genders, Names, Partial credit card data, Phone numbers, Physical addresses, Purchases, Salutations In October 2024, retailer Hot Topic suffered a data breach that exposed 57 million unique email addresses. The impacted data also included physical addresses, phone numbers, purchases, genders, dates of birth and partial credit data containing card type, expiry and last 4 digits. |
||
| 17.10.2024 - Free | 13.926.173 Datensätze geleaked | |
| Bank account numbers, Dates of birth, Genders, Names, Phone numbers, Physical addresses In October 2024, French ISP "Free" suffered a data breach which was subsequently posted for sale and later, leaked publicly. The data included 14M unique email addresses along with names, physical addresses, phone numbers, genders, dates of birth and for many records, IBAN bank account numbers. Free advised that the numbers were "not enough to make a direct debit from a bank". |
||
| 16.10.2024 - Earth 2 | 420.961 Datensätze geleaked | |
| Email addresses, Usernames In October 2024, 421k unique email addresses from the virtual earth game Earth 2 were derived from embedded Gravatar images. Appearing alongside player usernames, the root cause was related to how Gravatar presents links to avatars as MD5 hashes within consuming services, a feature Earth 2 advised has now been disabled on their platform. This incident did not expose any further personal information, passwords or financial data. |
||
| 15.10.2024 - Finsure | 296.124 Datensätze geleaked | |
| Email addresses, Names, Phone numbers, Physical addresses In October 2024, almost 300k unique email addresses from Australian mortgage broking group Finsure were obtained from the ActivePipe real estate marketing platform. The impacted data also included names, phone numbers and physical addresses. The incident did not directly affect any of Finsure's systems or expose any passwords or financial data. |
||
| 15.10.2024 - Flat Earth Sun, Moon and Zodiac App | 33.294 Datensätze geleaked | |
| Dates of birth, Email addresses, Genders, Geographic locations, Names, Passwords, Usernames In October 2024, the flat earth sun, moon and zodiac app created by Flat Earth Dave was found to be leaking extensive personal information of its users. The data included 33k unique email addresses along with usernames, latitudes and longitudes (their position on the globe) and passwords stored in plain text. A small number of profiles also contained names, dates of birth and genders. |
||
| 14.10.2024 - The Club Penguin Experience | 6.342 Datensätze geleaked | |
| Age groups, Email addresses, Password hints, Passwords, Usernames In October 2024, The Club Penguin Experience (TCPE) suffered a data breach. The incident exposed over 6k subscribers' email addresses alongside usernames, age groups, passwords stored as bcrypt hashes and in some cases, plain text password hints. TCPE sent prompt disclosure notices to impacted customers following the breach. |
||
| 01.10.2024 - Switch | 5.397 Datensätze geleaked | |
| Email addresses, Job applications, Names, Social media profiles In October 2024, the Hungarian IT headhunting service Switch inadvertently exposed thousands of customer records via a public GitHub repository. The exposed data contained job applications with names, email addresses and in some cases, commentary on the applicant. |
||
| 29.09.2024 - digiDirect | 304.337 Datensätze geleaked | |
| Dates of birth, Email addresses, Names, Phone numbers, Physical addresses In September 2024, a data breach sourced from the Australian retailer digiDirect was published to a popular hacking forum. The breach exposed over 300k rows of data including email and physical address, name, phone number and date of birth. Approximately half the email addresses were on domains from external marketplaces including Amazon, eBay and Westfield. |
||
| 28.09.2024 - Internet Archive | 31.081.179 Datensätze geleaked | |
| Email addresses, Passwords, Usernames In September 2024, the digital library of internet sites Internet Archive suffered a data breach that exposed 31M records. The breach exposed user records including email addresses, screen names and bcrypt password hashes. |
||
| 25.09.2024 - French Citizens | 28.445.106 Datensätze geleaked | |
| Device information, Email addresses, IP addresses, Names, Partial credit card data, Phone numbers, Physical addresses In September 2024, over 90M rows of data on French Citizens was found left exposed in a publicly facing database. Compiled from various data breaches, the corpus contained 28M unique email addresses with the various source breaches each exposing different fields including name, physical and IP address, phone number and partial credit card data including payment type and last 4 digits. |
||
| 17.09.2024 - Muah.AI | 1.910.261 Datensätze geleaked | |
| Email addresses, Sexual fetishes In September 2024, the "AI girlfriend" website Muah.AI suffered a data breach. The breach exposed 1.9M email addresses alongside prompts to generate AI-based images. Many of the prompts were highly sexual in nature, with many also describing child exploitation scenarios. |
||