| Risiko / Label | Veröffentlichung | |
|---|---|---|
| Risiko ? / 10 CVE-2023-28435 | vor 5 Stunde(n) | |
| Dataease is an open source data visualization and analysis tool. The permissions for the file upload interface is not checked so users who are not logged in can upload directly to the background. The file type also goes unchecked, users could upload any type of file. These vulnerabilities has been fixed in version 1.18.5. | ||
| Risiko ? / 10 CVE-2023-1578 | vor 5 Stunde(n) | |
| SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.19. | ||
| Risiko ? / 10 CVE-2023-25069 | vor 6 Stunde(n) | |
| TXOne StellarOne has an improper access control privilege escalation vulnerability in every version before V2.0.1160 that could allow a malicious, falsely authenticated user to escalate his privileges to administrator level. With these privileges, an attacker could perform actions they are not authorized to. Please note: an attacker must first obtain a low-privileged authenticated user's profile on the target system in order to exploit this vulnerability. | ||
| Risiko ? / 10 CVE-2023-27856 | vor 6 Stunde(n) | |
| In affected versions, path traversal exists when processing a message of type 8 in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker can exploit this vulnerability to download arbitrary files on the disk drive where ThinServer.exe is installed. | ||
| Risiko ? / 10 CVE-2022-4095 | vor 6 Stunde(n) | |
| A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges. | ||
| Risiko ? / 10 CVE-2023-1281 | vor 6 Stunde(n) | |
| Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A local attacker user can use this vulnerability to elevate its privileges to root. This issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2. | ||
| Risiko ? / 10 CVE-2021-43312 | vor 6 Stunde(n) | |
| A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf64::invert_pt_dynamic at p_lx_elf.cpp:5239. | ||
| Risiko ? / 10 CVE-2023-20966 | vor 6 Stunde(n) | |
| In inflate of inflate.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-242299736 | ||
| Risiko ? / 10 CVE-2023-20969 | vor 6 Stunde(n) | |
| In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262236313 | ||
| Risiko ? / 10 CVE-2023-20975 | vor 6 Stunde(n) | |
| In getAvailabilityStatus of EnableContentCapturePreferenceController.java, there is a possible way to bypass DISALLOW_CONTENT_CAPTURE due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-250573776 | ||
| Risiko ? / 10 CVE-2023-20979 | vor 6 Stunde(n) | |
| In BtaAvCo::GetNextSourceDataPacket of bta_av_co.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-259939364 | ||
| Risiko ? / 10 CVE-2023-20997 | vor 6 Stunde(n) | |
| In multiple locations, there is a possible way to trigger a persistent reboot loop due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246749702 | ||
| Risiko ? / 10 CVE-2023-21001 | vor 6 Stunde(n) | |
| In onContextItemSelected of NetworkProviderSettings.java, there is a possible way for users to change the Wi-Fi settings of other users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-237672190 | ||
| Risiko ? / 10 CVE-2023-21008 | vor 6 Stunde(n) | |
| In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-257030100 | ||
| Risiko ? / 10 CVE-2023-21021 | vor 6 Stunde(n) | |
| In isTargetSdkLessThanQOrPrivileged of WifiServiceImpl.java, there is a possible way for the guest user to change admin user network settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-255537598 | ||
| Risiko ? / 10 CVE-2023-21022 | vor 6 Stunde(n) | |
| In BufferBlock of Suballocation.cpp, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-236098131 | ||
| Risiko ? / 10 CVE-2023-21025 | vor 6 Stunde(n) | |
| In ufdt_local_fixup_prop of ufdt_overlay.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-254929746 | ||
| Risiko ? / 10 CVE-2023-21028 | vor 6 Stunde(n) | |
| In parse_printerAttributes of ipphelper.c, there is a possible out of bounds read due to a string without a null-terminator. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-180680572 | ||
| Risiko ? / 10 CVE-2023-21042 | vor 6 Stunde(n) | |
| In (TBD) of (TBD), there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239873326References: N/A | ||
| Risiko ? / 10 CVE-2023-21046 | vor 6 Stunde(n) | |
| In ConvertToHalMetadata of aidl_utils.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-253424924References: N/A | ||
| Risiko ? / 10 CVE-2023-21060 | vor 6 Stunde(n) | |
| In sms_GetTpPiIe of sms_PduCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-253770924References: N/A | ||
| Risiko ? / 10 CVE-2023-21061 | vor 6 Stunde(n) | |
| Product: AndroidVersions: Android kernelAndroid ID: A-229255400References: N/A | ||
| Risiko ? / 10 CVE-2023-21062 | vor 6 Stunde(n) | |
| In DoSetTempEcc of imsservice.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243376770References: N/A | ||
| Risiko ? / 10 CVE-2023-21063 | vor 6 Stunde(n) | |
| In ParseWithAuthType of simdata.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243129862References: N/A | ||
| Risiko ? / 10 CVE-2023-21064 | vor 6 Stunde(n) | |
| In DoSetPinControl of miscservice.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243130078References: N/A | ||
| Risiko ? / 10 CVE-2023-21065 | vor 6 Stunde(n) | |
| In fdt_next_tag of fdt.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239630493References: N/A | ||
| Risiko ? / 10 CVE-2023-21068 | vor 6 Stunde(n) | |
| In (TBD) of (TBD), there is a possible way to boot with a hidden debug policy due to a missing warning to the user. This could lead to local escalation of privilege after preparing the device, hiding the warning, and passing the phone to a new user, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243433344References: N/A | ||
| Risiko ? / 10 CVE-2023-21072 | vor 6 Stunde(n) | |
| In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-257290781References: N/A | ||
| Risiko ? / 10 CVE-2023-21073 | vor 6 Stunde(n) | |
| In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-257290396References: N/A | ||
| Risiko ? / 10 CVE-2023-21075 | vor 6 Stunde(n) | |
| In get_svc_hash of nan.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-261857862References: N/A | ||
| 26.02.2023 - TheGradCafe | 310.975 Datensätze geleaked | |
| Email addresses, Genders, Geographic locations, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Usernames In February 2023, the grad school admissions search website TheGradCafe suffered a data breach that disclosed the personal records of 310k users. The data included email addresses, names and usernames, genders, geographic locations and passwords stored as bcrypt hashes. Some records also included physical address, phone number and date of birth. TheGradCafe did not respond to multiple attempts to disclose the breach. |
||
| 22.02.2023 - HDB Financial Services | 1.658.750 Datensätze geleaked | |
| Dates of birth, Email addresses, Genders, Geographic locations, Loan information, Names, Phone numbers In March 2023, the Indian non-bank lending unit HDB Financial Services suffered a data breach that disclosed over 70M customer records. Containing 1.6M unique email addresses, the breach also disclosed names, dates of birth, phone numbers, genders, post codes and loan information belonging to the customers. |
||
| 01.02.2023 - Convex | 150.129 Datensätze geleaked | |
| Email addresses, IP addresses, Names, Phone numbers In February 2023, the Russian telecommunications provider Convex was hacked by "Anonymous" who subsequently released 128GB of data publicly, alleging it revealed illegal government surveillance. The leaked data contained 150k unique email, IP and physical addresses, names and phone numbers. |
||
| 25.01.2023 - Eye4Fraud | 16.000.591 Datensätze geleaked | |
| Email addresses, IP addresses, Names, Partial credit card data, Passwords, Phone numbers, Physical addresses In February 2023, data alleged to have been taken from the fraud protection service Eye4Fraud was listed for sale on a popular hacking forum. Spanning tens of millions of rows with 16M unique email addresses, the data was spread across 147 tables totalling 65GB and included both direct users of the service and what appears to be individuals who'd placed orders on other services that implemented Eye4Fraud to protect their sales. The data included names and bcrypt password hashes for users, and names, phone numbers, physical addresses and partial credit card data (card type and last 4 digits) for orders placed using the service. Eye4Fraud did not respond to multiple attempts to report the incident. |
||
| 15.01.2023 - School District 42 | 18.850 Datensätze geleaked | |
| Email addresses, Names In January 2023, Pitt Meadows School District 42 in British Columbia suffered a data breach. The incident exposed the names and email addresses of approximately 19k students and staff which were consequently redistributed on a popular hacking forum. |
||
| 14.01.2023 - Planet Ice | 240.488 Datensätze geleaked | |
| Dates of birth, Email addresses, Genders, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Purchases In January 2023, the UK-based ice skating rink booking service Planet Ice suffered a data breach. The incident exposed the personal data of 240k people including email and physical addresses, phone numbers, genders, dates of birth and passwords stored as MD5 hashes. The data also included the names, genders and dates of birth of children having parties. |
||
| 08.01.2023 - Zurich | 756.737 Datensätze geleaked | |
| Dates of birth, Email addresses, Genders, Names, Vehicle details In January 2023, the Japanese arm of Zurich insurance suffered a data breach that exposed 2.6M customer records with over 756k unique email addresses. The data was subsequently posted to a popular hacking forum and also included names, genders, dates of birth and details of insured vehicles. The data was provided to HIBP by a source who requested it be attributed to "IntelBroker". |
||
| 06.01.2023 - Autotrader | 20.032 Datensätze geleaked | |
| Email addresses, Phone numbers, Physical addresses, Vehicle details, Vehicle identification numbers (VINs) In January 2023, 1.4M records from the Autotrader online vehicle marketplace appeared on a popular hacking forum. Autotrader stated that the "data in question relates to aged listing data that was generally publicly available on our site at the time and open to automated collection methods". The data contained 20k unique email addresses alongside physical addresses and phone numbers of dealers and vehicle details including VIN numbers. The data was provided to HIBP by a source who requested it be attributed to "IntelBroker". |
||
| 03.01.2023 - iD Tech | 415.121 Datensätze geleaked | |
| Dates of birth, Email addresses, Names, Passwords In February 2023, the tech camps for kids service iD Tech had almost 1M records posted to a popular hacking forum. The data included 415k unique email addresses, names, dates of birth and plain text passwords which appear to have been breached in the previous month. iD Tech did not respond to multiple attempts to report the incident. |
||
| 13.12.2022 - Gemini | 5.274.214 Datensätze geleaked | |
| Email addresses, Partial phone numbers In late 2022, data allegedly taken from the Gemini crypto exchange was posted to a public hacking forum. The data consisted of email addresses and partial phone numbers, which Gemini later attributed to an incident at a third-party vendor (the vendor was not named). The data was provided to HIBP by a source who requested it be attributed to "ZAN @ BF". |
||
| 03.12.2022 - GunAuction.com | 565.470 Datensätze geleaked | |
| Browser user agent details, Email addresses, Genders, IP addresses, Partial credit card data, Partial dates of birth, Passwords, Phone numbers, Physical addresses, Usernames In December 2022, the online firearms auction website GunAuction.com suffered a data breach which was later discovered left unprotected on the hacker's server. The data included over 565k user records with extensive personal data including email, IP and physical addresses, names, phone numbers, genders, years of birth, credit card type and passwords stored in plain text. The leaked identities could subsequently be matched to firearms listed for sale on the website. |
||
| 01.12.2022 - CoinTracker | 1.557.153 Datensätze geleaked | |
| Email addresses, Partial phone numbers In December 2022, the Crypto & NFT taxes service CoinTracker reported a data breach that impacted over 1.5M of their customers. The company later attributed the breach to a compromise SendGrid in an attack that targeted multiple customers of the email provider. The breach exposed email addresses and partially redacted phone numbers, with CoinTracker advising that the later did not originate from their service. |
||
| 15.11.2022 - Abandonia (2022) | 919.790 Datensätze geleaked | |
| Email addresses, IP addresses, Passwords, Usernames In November 2022, the gaming website dedicated to classic DOS games Abandonia suffered a data breach resulting in the exposure of 920k unique user records. This breach was in addition to another one 7 years earlier in 2015. The data contained email and IP addresses, usernames and salted MD5 hashes of passwords. |
||
| 22.10.2022 - RealDudesInc | 101.543 Datensätze geleaked | |
| Email addresses, Passwords, Usernames In October 2022, the GTA mod menu provider RealDudesInc suffered a data breach that exposed over 100k email addresses (many of which are temporary guest account addresses). The breach also included usernames and bcrypt password hashes. |
||
| 12.10.2022 - Doomworld | 34.478 Datensätze geleaked | |
| Email addresses, IP addresses, Passwords, Usernames In October 2022, the Doomworld fourm suffered a data breach that exposed 34k member records. The data included email and IP addresses, usernames and bcrypt password hashes. |
||
| 09.09.2022 - Get Revenge On Your Ex | 79.195 Datensätze geleaked | |
| Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Purchases In September 2022, the revenge website Get Revenge On Your Ex suffered a data breach that exposed almost 80k unique email addresses. The data spanned both customers and victims including names, IP and physical addresses, phone numbers, purchase histories and plain text passwords. The data was subsequently shared on a public hacking forum, Get Revenge On Your Ex did not reply when contacted. |
||
| 28.08.2022 - Wakanim | 6.706.951 Datensätze geleaked | |
| Browser user agent details, Email addresses, IP addresses, Names, Physical addresses, Usernames In August 2022, the European streaming service Wakanim suffered a data breach which was subsequently advertised and sold on a popular hacking forum. The breach exposed 6.7M customer records including email, IP and physical addresses, names and usernames. |
||
| 25.08.2022 - TAP Air Portugal | 6.083.479 Datensätze geleaked | |
| Dates of birth, Email addresses, Genders, Names, Nationalities, Phone numbers, Physical addresses, Salutations, Spoken languages In August 2022, the Portuguese airline TAP Air Portugal was the target of a ransomware attack perpetrated by the Ragnar Locker gang who later leaked the compromised data via a public dark web site. Over 5M unique email addresses were exposed alongside other personal data including names, genders, DoBs, phone numbers and physical addresses. |
||
| 14.08.2022 - Brand New Tube | 349.627 Datensätze geleaked | |
| Email addresses, Genders, IP addresses, Passwords, Private messages, Usernames In August 2022, the streaming website Brand New Tube suffered a data breach that exposed the personal information of almost 350k subscribers. The impacted data included email and IP addresses, usernames, genders, passwords stored as unsalted SHA-1 hashes and private messages. |
||
| 11.08.2022 - GGCorp | 2.376.330 Datensätze geleaked | |
| Email addresses, IP addresses, Passwords, Usernames In August 2022, the MMORPG website GGCorp suffered a data breach that exposed almost 2.4M unique email addresses. The data also included IP addresses, usernames and MD5 password hashes. |
||
| 08.08.2022 - Shitexpress | 23.817 Datensätze geleaked | |
| Email addresses, IP addresses, Names, Physical addresses, Private messages, Purchases In August 2022, the online faeces delivery service Shitexpress suffered a data breach that exposed 24k unique email addresses. The addresses spanned invoices, gift cards, promotions and PayPal records. The breach also exposed the IP and email addresses of senders, physical addresses of recipients and messages accompanying the shit delivery. |
||
| 02.08.2022 - DoorDash | 367.476 Datensätze geleaked | |
| Email addresses, Geographic locations, Names, Partial credit card data In August 2022, the food ordering and delivery service DoorDash disclosed a data breach that impacted a portion of their customers. DoorDash attributed the breach to an unnamed "third-party vendor" they stated was the victim of a phishing campaign. The incident exposed 367k unique personal email addresses alongside names, post codes and partial card data, namely the brand, expiry data and last four digits of the card. |
||
| 11.07.2022 - Weee | 1.117.405 Datensätze geleaked | |
| Delivery instructions, Email addresses, Names, Phone numbers, Purchases In February 2023, data belonging to the Asian and Hispanic food delivery service Weee appeared on a popular hacking forum. Dating back to mid-2022, the data included 1.1M unique email addresses from 11M rows of orders containing names, phone numbers and delivery instructions. |
||
| 04.07.2022 - La Poste Mobile | 533.886 Datensätze geleaked | |
| Bank account numbers, Dates of birth, Email addresses, Genders, Names, Phone numbers, Physical addresses In July 2022, the French telecommunications company La Poste Mobile was the target of an attack by the LockBit ransomware which resulted in company data being published publicly. The impacted data included 533k unique email addresses along with names, physical addresses, phone numbers, dates of births, genders and banking information. 10 days after the attack, the La Poste Mobile website remained offline. |
||
| 21.05.2022 - QuestionPro | 22.229.637 Datensätze geleaked | |
| Browser user agent details, Email addresses, IP addresses, Survey results In May 2022, the survey website QuestionPro was the target of an extortion attempt relating to an alleged data breach. Over 100GB of data containing 22M unique email addresses (some of which appear to be generated by the platform), are alleged to have been extracted from the service along with IP addresses, browser user agents and results relating to surveys. QuestionPro would not confirm whether a breach had occurred (although they did confirm they were the target of an extortion attempt), so the data was initially flagged as "unverified". Subsequent verification by impacted HIBP subscribers later led to the removal of the unverified flag. |
||
| 16.05.2022 - Amart Furniture | 108.940 Datensätze geleaked | |
| Email addresses, Names, Passwords, Phone numbers, Physical addresses In May 2022, the Australian retailer Amart Furniture advised that their warranty claims database hosted on Amazon Web Services had been the target of a cyber attack. Over 100k records containing email and physical address, names, phone numbers and passwords stored as bcrypt hashes were exposed and shared online by the attacker. |
||
| 13.05.2022 - Mangatoon | 23.040.238 Datensätze geleaked | |
| Auth tokens, Avatars, Email addresses, Genders, Names, Passwords, Social media profiles, Usernames In May 2022, the Hong Kong based Manga service Mangatoon suffered a data breach that exposed 23M subscriber records. The breach exposed names, email addresses, genders, social media account identities, auth tokens from social logins and passwords stored as salted MD5 hashes. Mangatoon did not respond to multiple attempts to make contact regarding the breach. |
||
| 06.05.2022 - BlackBerry Fans | 174.168 Datensätze geleaked | |
| Email addresses, IP addresses, Passwords, Usernames In May 2022, the Chinese BlackBerry enthusiasts website BlackBerry Fans suffered a data breach that exposed 174k member records. The impacted data included usernames, email and IP addresses and passwords stored as salted MD5 hashes. |
||
| 30.04.2022 - Fanpass | 112.251 Datensätze geleaked | |
| Email addresses, Genders, Names, Partial dates of birth, Passwords, Phone numbers, Physical addresses, Purchases, Social media profiles In April 2022, the UK based website for buying and selling soccer tickets Fanpass suffered a data breach which exposed 112k customer records. Impacted data includes names, phone numbers, physical addresses, purchase histories and salted password hashes. The data was provided to HIBP by a source who requested it be attributed to "breaches.net". |
||
| 15.04.2022 - E-Pal | 108.887 Datensätze geleaked | |
| Email addresses, Purchases, Usernames In October 2022, the service dedicated to finding friends on Discord known as E-Pal disclosed a data breach. The compromised data included over 100k unique email addresses and usernames spanning approximately 1M orders. The data was subsequently distributed via a popular hacking forum. |
||
| 27.03.2022 - PayHere | 1.580.249 Datensätze geleaked | |
| Email addresses, IP addresses, Names, Partial credit card data, Phone numbers, Physical addresses, Purchases In late March 2022, the Sri Lankan payment gateway PayHere suffered a data breach that exposed more than 65GB of payment records including over 1.5M unique email addresses. The data also included IP and physical addresses, names, phone numbers, purchase histories and partially obfuscated credit card data (card type, first 6 and last 4 digits plus expiry date). A month later, PayHere published a blog on the incident titled Ensuring Integrity on PayHere Cybersecurity Incident. |
||
| 09.03.2022 - CDEK | 19.218.203 Datensätze geleaked | |
| Email addresses, Names, Phone numbers In early 2022, a collective known as IT Army whose stated goal is to "completely de-anonymise most Russian users by leaking hundreds of gigabytes of databases" published over 30GB of data allegedly sourced from Russian courier service CDEK. The data contained over 19M unique email addresses along with names and phone numbers. The authenticity of the breach could not be independently established and has been flagged as "unverfieid". |
||
| 23.02.2022 - NVIDIA | 71.335 Datensätze geleaked | |
| Email addresses, Passwords In February 2022, microchip company NVIDIA suffered a data breach that exposed employee credentials and proprietary code. Impacted data included over 70k employee email addresses and NTLM password hashes, many of which were subsequently cracked and circulated within the hacking community. |
||
| 07.02.2022 - GiveSendGo | 89.966 Datensätze geleaked | |
| Email addresses, Geographic locations, Names, Purchases In February 2022, the Christian fundraising service GiveSendGo suffered a data breach which exposed the personal data of 90k donors to the Canadian "Freedom Convoy" protest against vaccine mandates. The breach exposed names, email addresses, post codes, donation amount and comments left at the time of donation. |
||
| 29.01.2022 - MacGeneration | 101.004 Datensätze geleaked | |
| Email addresses, Passwords, Usernames In January 2022, the French Apple news website MacGeneration suffered a data breach. The incident exposed over 100k usernames, email addresses and passwords stored as salted SHA-512 hashes. After discovering the incident, MacGeneration self-submitted data to HIBP. |
||
| 05.01.2022 - Doxbin | 370.794 Datensätze geleaked | |
| Browser user agent details, Email addresses, Passwords, Usernames In January 2022, the "doxing" website designed to disclose the personal information of targeted individuals ("doxes") Doxbin suffered a data breach. The breach was subsequently leaked online and included over 370k unique email addresses across user accounts and doxes. User accounts also included usernames, password hashes and browser user agents. The personal information disclosed in the doxes was often extensive including names, physical addresses, phone numbers and more. |
||
| 01.01.2022 - Twitter | 6.682.453 Datensätze geleaked | |
| Bios, Email addresses, Geographic locations, Names, Phone numbers, Profile photos, Usernames In January 2022, a vulnerability in Twitter's platform allowed an attacker to build a database of the email addresses and phone numbers of millions of users of the social platform. In a disclosure notice later shared in August 2022, Twitter advised that the vulnerability was related to a bug introduced in June 2021 and that they are directly notifying impacted customers. The impacted data included either email address or phone number alongside other public information including the username, display name, bio, location and profile photo. The data included 6.7M unique email addresses across both active and suspended accounts, the latter appearing in a separate list of 1.4M addresses. |
||
| 28.12.2021 - Carding Mafia (December 2021) | 303.877 Datensätze geleaked | |
| Email addresses, IP addresses, Passwords, Usernames In December 2021, the Carding Mafia forum suffered a data breach that exposed over 300k members' email addresses. Dedicated to the theft and trading of stolen credit cards, the forum breach also exposed usernames, IP addresses and passwords stored as salted MD5 hashes. This breach came only 9 months after another breach of the forum in March 2021. |
||
| 23.12.2021 - FlexBooker | 3.756.794 Datensätze geleaked | |
| Email addresses, Names, Partial credit card data, Passwords, Phone numbers In December 2021, the online booking service FlexBooker suffered a data breach that exposed 3.7 million accounts. The data included email addresses, names, phone numbers and for a small number of accounts, password hashes and partial credit card data. FlexBooker has identified the breach as originating from a compromised account within their AWS infrastructure. The data was found being actively traded on a popular hacking forum and was provided to HIBP by a source who requested it be attributed to "white_peacock@riseup.net". |
||
| 05.12.2021 - RedLine Stealer | 441.657 Datensätze geleaked | |
| Email addresses, Passwords, Usernames In December 2021, logs from the RedLine Stealer malware were left publicly exposed and were then obtained by security researcher Bob Diachenko. The data included 441 thousand unique email addresses, usernames and plain text passwords. |
||