Risiko / Label | Veröffentlichung | |
---|---|---|
Risiko ? / 10 GHSA-5r34-52qx-f673 | vor 483249 Stunde(n) | |
Risiko ? / 10 GHSA-v793-w449-37r3 | vor 483249 Stunde(n) | |
Risiko ? / 10 GHSA-2q66-6w43-8rm9 | vor 483249 Stunde(n) | |
Risiko ? / 10 CVE-2025-1335 | vor 483249 Stunde(n) | |
Risiko ? / 10 CVE-2024-57971 | vor 483249 Stunde(n) | |
Risiko ? / 10 CVE-2024-57970 | vor 483249 Stunde(n) | |
Risiko ? / 10 | vor 483249 Stunde(n) | |
Risiko ? / 10 | vor 483249 Stunde(n) | |
Risiko ? / 10 GHSA-79x9-vr49-5g54 | vor 483249 Stunde(n) | |
Risiko ? / 10 | vor 483249 Stunde(n) | |
Risiko ? / 10 | vor 483249 Stunde(n) | |
Risiko ? / 10 | vor 483249 Stunde(n) | |
Risiko ? / 10 | vor 483249 Stunde(n) | |
Risiko ? / 10 | vor 483249 Stunde(n) | |
Risiko ? / 10 | vor 483249 Stunde(n) | |
Risiko ? / 10 | vor 483249 Stunde(n) | |
Risiko ? / 10 | vor 483249 Stunde(n) | |
Risiko ? / 10 | vor 483249 Stunde(n) | |
Risiko ? / 10 | vor 483249 Stunde(n) | |
Risiko ? / 10 | vor 483249 Stunde(n) | |
Risiko ? / 10 | vor 483249 Stunde(n) | |
Risiko ? / 10 | vor 483249 Stunde(n) | |
Risiko ? / 10 | vor 483249 Stunde(n) | |
Risiko ? / 10 | vor 483249 Stunde(n) | |
Risiko ? / 10 | vor 483249 Stunde(n) | |
Risiko ? / 10 | vor 483249 Stunde(n) | |
Risiko ? / 10 | vor 483249 Stunde(n) | |
Risiko ? / 10 | vor 483249 Stunde(n) | |
Risiko ? / 10 | vor 483249 Stunde(n) | |
Risiko ? / 10 | vor 483249 Stunde(n) | |
30.01.2025 - Thermomix Recipe World Forum | 3.123.439 Datensätze geleaked | |
Bios, Dates of birth, Email addresses, Names, Phone numbers, Physical addresses, Usernames In January 2025, the Rezeptwelt (German for "recipe world") forum for Thermomix owners suffered a data breach. The incident exposed 3.1M registered users' details including names, email and physical addresses, phone numbers, dates of birth and bios (usually cooking related). The data was provided to HIBP by a source who requested it be attributed to "ayame@xmpp.jp". |
||
24.01.2025 - Doxbin Scrape | 435.784 Datensätze geleaked | |
Email addresses In January 2025, 435k email addresses were scraped from the "doxing" service Doxbin. Posts to the service are usually intended to disclose the personal information of non-consensually third parties. The data was provided to HIBP by a source who requested it be attributed to "oathnet.ru". |
||
16.01.2025 - Frame & Optic | 15.678 Datensätze geleaked | |
Email addresses, Geographic locations, Names, Phone numbers In January 2025, the eyewear seller Frame & Optic suffered a data breach. The incident exposed almost 16k unique email addresses along with names, phone numbers and geolocation data including country, state and postcode. The data was provided to HIBP by a source who requested it be attributed to "oathnet.ru". |
||
13.01.2025 - Stealer Logs, Jan 2025 | 71.039.833 Datensätze geleaked | |
Email addresses, Passwords In January 2025, stealer logs with 71M email addresses were added to HIBP. Consisting of email address, password and the website the credentials were entered against, this breach marks the launch of a new HIBP feature enabling the retrieval of the specific websites the logs were collected against. The incident also resulted in 106M more passwords being added to the Pwned Passwords service. |
||
12.01.2025 - LandAirSea | 337.373 Datensätze geleaked | |
Email addresses, Names, Partial credit card data, Passwords, Physical addresses, Usernames In January 2025, the GPS tracking service LandAirSea suffered a data breach that exposed 337k unique customer email addresses alongside names, usernames and password hashes. The breach also exposed partial credit card data (card type, last 4 digits and expiration), and GPS device identifiers and locations. LandAirSea is aware of the breach and has remediated the underlying vulnerability. The data was provided to HIBP by a source who requested it be attributed to "zathienaephi@proton.me". |
||
08.01.2025 - Scholastic | 4.247.768 Datensätze geleaked | |
Email addresses, Names, Phone numbers, Physical addresses In January 2025, a data breach of the publishing company Scholastic surfaced. The breach contained 4.2M unique email addresses with many of the records also including name, phone number and physical address. |
||
24.12.2024 - Speedio | 27.501.041 Datensätze geleaked | |
Company names, Email addresses, Phone numbers, Physical addresses In December 2024, data alleged to have been taken from the Brazilian lead generation platform Speedio was posted for sale to a popular hacking forum. The data was allegedly obtained from an unsecured Elasticsearch instance and contained over 62M records of largely public business information including company names, phone numbers and physical addresses, along with 27M unique email addresses, predominantly from public services such as Gmail and Outlook. Speedio did not respond to multiple attempts to disclose the incident, and the origin of the data could not be independently verified. The data was provided to HIBP by a source who requested it be attributed to "ayame@xmpp.jp". |
||
14.12.2024 - BitView | 63.127 Datensätze geleaked | |
Bios, Comments, Dates of birth, Email addresses, Genders, Geographic locations, IP addresses, Passwords, Private messages, Usernames In December 2024, the video sharing Community BitView suffered a data breach that exposed 63k customer records. Attributed to a backup taken by a previous administrator earlier in the year, the breach exposed email and IP addresses, bcrypt password hashes, usernames, bios, private messages, video comments and for some records, gender, date of birth and country of location. |
||
11.12.2024 - Young Living Essential Oils | 1.128.951 Datensätze geleaked | |
Dates of birth, Email addresses, Geographic locations, Names In December 2024, data claimed to be breached from the multi-level marketing company Young Living Essential Oils was posted to a popular hacking forum. The data contained 1.1M unique email addresses alongside names, the country of the account and in many cases, their date of birth. The data was provided to HIBP by a source who requested it be attributed to "Threat Actor 888". Young Living Essential Oils did not respond to multiple attempts to contact them about the data. |
||
23.11.2024 - Senior Dating | 765.517 Datensätze geleaked | |
Bios, Dates of birth, Drinking habits, Education levels, Email addresses, Genders, Geographic locations, Occupations, Profile photos, Relationship statuses, Smoking habits, Social media profiles In 2024, the 40+ dating website Senior Dating suffered a data breach. Attributed to an exposed Firebase database, the breach included extensive personal information on 766k users of the service including email addresses, photos, genders, links to Facebook accounts, dates of birth and precise latitude and longitude, among other personal attributes. The website was shut down after the breach was acknowledged by the site operator in December, along with a breach of the "ladies.com" website run by the same organisation. |
||
21.11.2024 - Yonéma | 35.962 Datensätze geleaked | |
Dates of birth, Device information, Email addresses, IP addresses, Names, Passwords, Phone numbers In November 2024, data from the Senegalese payment platform Yonéma was posted to a popular hacking forum. The data included 36k unique email addresses alongside phone numbers, names and what appears to be encrypted passwords and dates of birth. |
||
18.11.2024 - FlipaClip | 892.854 Datensätze geleaked | |
Dates of birth, Email addresses, Geographic locations, Names In November 2024, the animation app FlipaClip suffered a data breach that exposed almost 900k records due to an exposed Firebase server. The impacted data included name, email address, country and date of birth. FlipaClip advised the issue has since been rectified. |
||
15.11.2024 - The Real World | 324.382 Datensätze geleaked | |
Chat logs, Email addresses, Usernames In November 2024, the online course founded by Andrew Tate known as "The Real World" (previously "Hustler's University" suffered a data breach that exposed almost 325k users of the platform. The impacted data was limited to usernames, email addresses and chat logs. |
||
14.11.2024 - PoinCampus | 89.116 Datensätze geleaked | |
Dates of birth, Email addresses, Names, Phone numbers In November 2024, the South Korean education platform PoinCampus suffered a data breach which was later published to a popular hacking forum. The data included 89k unique email addresses, names and a small number of phone numbers and dates of birth. The data was provided to HIBP by a source who requested it be attributed to "Threat Actor 888". |
||
10.11.2024 - Tibber | 50.002 Datensätze geleaked | |
Email addresses, Geographic locations, Names, Purchases In November 2024, the German electricity provider Tibber suffered a data breach that exposed the personal information of 50k customers. The data included names, email addresses, geographic locations (city and postcode) and total spend on purchases. The data was provided to HIBP by a source who requested it be attributed to "Threat Actor 888". |
||
02.11.2024 - 1win | 96.166.543 Datensätze geleaked | |
Dates of birth, Email addresses, Geographic locations, IP addresses, Passwords, Phone numbers In November 2024, the online betting platform 1win suffered a data breach that exposed 96M users. The exposed data included email and IP addresses, phone numbers, dates of birth, country and SHA-256 password hashes. The data was provided to HIBP by a source who requested it be attributed to "Leidhall". |
||
27.10.2024 - SuperDraft | 300.187 Datensätze geleaked | |
Dates of birth, Email addresses, Geographic locations, Passwords, Purchases, Usernames In October 2024, the fantasy sports platform SuperDraft suffered a data breach that exposed over 300k customer records. The breach contained 24GB of data including email addresses, usernames, purchases, latitudes and longitudes, dates of birth and bcrypt password hashes. |
||
19.10.2024 - Hot Topic | 56.904.909 Datensätze geleaked | |
Dates of birth, Email addresses, Genders, Names, Partial credit card data, Phone numbers, Physical addresses, Purchases, Salutations In October 2024, retailer Hot Topic suffered a data breach that exposed 57 million unique email addresses. The impacted data also included physical addresses, phone numbers, purchases, genders, dates of birth and partial credit data containing card type, expiry and last 4 digits. |
||
16.10.2024 - Earth 2 | 420.961 Datensätze geleaked | |
Email addresses, Usernames In October 2024, 421k unique email addresses from the virtual earth game Earth 2 were derived from embedded Gravatar images. Appearing alongside player usernames, the root cause was related to how Gravatar presents links to avatars as MD5 hashes within consuming services, a feature Earth 2 advised has now been disabled on their platform. This incident did not expose any further personal information, passwords or financial data. |
||
15.10.2024 - Finsure | 296.124 Datensätze geleaked | |
Email addresses, Names, Phone numbers, Physical addresses In October 2024, almost 300k unique email addresses from Australian mortgage broking group Finsure were obtained from the ActivePipe real estate marketing platform. The impacted data also included names, phone numbers and physical addresses. The incident did not directly affect any of Finsure's systems or expose any passwords or financial data. |
||
14.10.2024 - The Club Penguin Experience | 6.342 Datensätze geleaked | |
Age groups, Email addresses, Password hints, Passwords, Usernames In October 2024, The Club Penguin Experience (TCPE) suffered a data breach. The incident exposed over 6k subscribers' email addresses alongside usernames, age groups, passwords stored as bcrypt hashes and in some cases, plain text password hints. TCPE sent prompt disclosure notices to impacted customers following the breach. |
||
01.10.2024 - Switch | 5.397 Datensätze geleaked | |
Email addresses, Job applications, Names, Social media profiles In October 2024, the Hungarian IT headhunting service Switch inadvertently exposed thousands of customer records via a public GitHub repository. The exposed data contained job applications with names, email addresses and in some cases, commentary on the applicant. |
||
29.09.2024 - digiDirect | 304.337 Datensätze geleaked | |
Dates of birth, Email addresses, Names, Phone numbers, Physical addresses In September 2024, a data breach sourced from the Australian retailer digiDirect was published to a popular hacking forum. The breach exposed over 300k rows of data including email and physical address, name, phone number and date of birth. Approximately half the email addresses were on domains from external marketplaces including Amazon, eBay and Westfield. |
||
28.09.2024 - Internet Archive | 31.081.179 Datensätze geleaked | |
Email addresses, Passwords, Usernames In September 2024, the digital library of internet sites Internet Archive suffered a data breach that exposed 31M records. The breach exposed user records including email addresses, screen names and bcrypt password hashes. |
||
25.09.2024 - French Citizens | 28.445.106 Datensätze geleaked | |
Device information, Email addresses, IP addresses, Names, Partial credit card data, Phone numbers, Physical addresses In September 2024, over 90M rows of data on French Citizens was found left exposed in a publicly facing database. Compiled from various data breaches, the corpus contained 28M unique email addresses with the various source breaches each exposing different fields including name, physical and IP address, phone number and partial credit card data including payment type and last 4 digits. |
||
17.09.2024 - Muah.AI | 1.910.261 Datensätze geleaked | |
Email addresses, Sexual fetishes In September 2024, the "AI girlfriend" website Muah.AI suffered a data breach. The breach exposed 1.9M email addresses alongside prompts to generate AI-based images. Many of the prompts were highly sexual in nature, with many also describing child exploitation scenarios. |
||
12.09.2024 - Instituto Nacional de Deportes de Chile | 319.613 Datensätze geleaked | |
Dates of birth, Email addresses, Genders, Names, Passwords, Usernames In September 2024, the Instituto Nacional de Deportes de Chile (Chile's National Sports Institute) suffered a data breach. The incident exposed 1.7M rows of data with 320k unique email addresses alongside names, dates of birth, genders and bcrypt password hashes. The newest records in the data date back to August 2022, suggesting the breach may be of an older data set. |
||
18.08.2024 - MC2 Data | 2.122.280 Datensätze geleaked | |
Email addresses, Names, Passwords In August 2024, data aggregator MC2 Data left a database publicly accessible without a password which was subsequently discovered by a security researcher. The breach exposed the personal information of 2.1M subscribers to the service which was marketed under a series of different brand names. The data included email addresses, names and salted SHA-256 password hashes. |
||
15.08.2024 - Explore Talent (August 2024) | 8.929.384 Datensätze geleaked | |
Email addresses In August 2024, a slew of security vulnerabilities were identified with a conglomerate of online services which included the talent network Explore Talent. A vulnerable API exposed the personal records of 11.4M users of the service of which 8.9M unique email addresses were provided to HIBP. This incident is separate to the Explore Talent breach which occurred in 2022 and was loaded into HIBP in July 2024. |
||
15.08.2024 - schenkYOU | 237.349 Datensätze geleaked | |
Dates of birth, Email addresses, Names, Passwords In September 2024, data from the online German gift store schenkYOU was put up for sale on a popular hacking forum. Obtained the month before, the data included 237k unique email addresses alongside names, dates of birth and salted SHA-256 password hashes. The standalone store was subsequently shut down with all traffic redirected to their Amazon store. |
||
15.08.2024 - Tracki | 372.557 Datensätze geleaked | |
Email addresses, Names In August 2024, a slew of security vulnerabilities were identified with a conglomerate of online services which included the GPS tracking service Tracki. Multiple vulnerabilities exposed the personal records of 372k users of the service including names and email addresses. |
||
10.08.2024 - Chris Leong | 27.096 Datensätze geleaked | |
Dates of birth, Email addresses, Genders, Names, Nationalities, Phone numbers, Physical addresses, Purchases, Social media profiles In August 2024, the website of Master Chris Leong "a leading Tit Tar practitioner in Malaysia" suffered a data breach. The incident exposed 27k unique email addresses along with names, physical addresses, dates of birth, genders, nationalities and in many cases, links to Facebook profiles. The company did not respond when contacted about the breach. |
||
03.08.2024 - Not SOCRadar | 282.478.425 Datensätze geleaked | |
Email addresses In August 2024, over 332M rows of email addresses were posted to a popular hacking forum. The post alleged the addresses were scraped from cybersecurity firm SOCRadar, however an investigation on their behalf concluded that "the actor merely utilised functionalities inherent in the platform's standard offerings, designed to gather information from publicly available sources". There is no suggestion the incident compromised SOCRadar's security or posed any risk to their customers. In total, the data set contained 282M unique addresses of valid email address format. |
||
28.07.2024 - Ubook | 699.908 Datensätze geleaked | |
Dates of birth, Email addresses, Genders, Names, Profile photos In July 2024, 700k unique email addresses from the audiobook platform Ubook were posted to a popular hacking forum. Allegedly scraped from the service, the data appears to be sourced from the Ubook Exchange (UBX) and also includes names, genders, dates of birth and links to profile photos. |
||
18.07.2024 - Stealer Logs Posted to Telegram | 26.105.473 Datensätze geleaked | |
Email addresses, Passwords In July 2024, info stealer logs with 26M unique email addresses were collated from malicious Telegram channels. The data contained 22GB of logs consisting of email addresses, passwords and the websites they were used on, all obtained by malware running on infected machines. |
||
09.07.2024 - The Heritage Foundation | 72.004 Datensätze geleaked | |
Email addresses, IP addresses, Names, Passwords, Usernames In July 2024, hacktivists published almost 2GB of data taken from The Heritage Foundation and their media arm, The Daily Signal. The data contained 72k unique email addresses, primarily used for commenting on articles (along with names, IP addresses and the comments left) and by content contributors (along with usernames and passwords stored as either MD5 or phpass hashes). |
||
07.07.2024 - MSI | 249.990 Datensätze geleaked | |
Email addresses, Names, Phone numbers, Physical addresses, Warranty claims In July 2024, MSI inadvertently exposed hundreds of thousands of customer records related to RMA claims that were subsequently found to be publicly accessible. The data included 250k unique email addresses alongside names, phone numbers, physical addresses and warranty claims. When contacted about the incident, MSI advised that "there is no evidence the information was ever accessed" and that "the security incident we had did not trigger state data breach notification obligations" due to the absence of "(social security number, driver's license number….etc)". |
||
06.07.2024 - LuLu | 2.796.835 Datensätze geleaked | |
Email addresses, Names, Passwords, Phone numbers, Physical addresses, Purchases In July 2024, the Emirati-based LuLu retail store suffered a data breach. The impacted data included 190k email addresses and associated phone numbers which were subsequently shared on a popular hacking forum. The data was provided to HIBP by a source who requested it be attributed to "IntelBroker". The following month, the threat of leaking the full database was carried out and a backup from October 2022 with a further 2.6M unique email addresses appeared. This data also included names, physical addresses, orders and PBKDF2 password hashes. |
||
04.07.2024 - AnimeLeague | 192.134 Datensätze geleaked | |
Dates of birth, Email addresses, IP addresses, Passwords, Phone numbers, Private messages, Purchases, Usernames In July 2024, AnimeLeague disclosed a data breach of their services. The data was posted for sale on a popular hacking forum and included 2 databases covering both event registration records and a dump of the phpBB bulletin board. The impacted data included passwords in various hashed formats including SHA-1, salted md5 and bcrypt, as well as usernames, private messages, dates of birth, purchases and 192k unique email addresses. |
||
04.07.2024 - FNTECH | 10.386 Datensätze geleaked | |
Email addresses, IP addresses, Names In July 2024, the events management platform FNTECH suffered a data breach that exposed 10k unique email addresses. The data contained registrants from various events, including participants of the Roblox Developer Conference registration list. The data also included names and IP addresses. |