| Risiko / Label | Veröffentlichung | |
|---|---|---|
| Risiko ? / 10 CVE-2022-1270 | vor 9 Stunde(n) | |
| In GraphicsMagick, a heap buffer overflow was found when parsing MIFF. | ||
| Risiko ? / 10 CVE-2022-44256 | vor 10 Stunde(n) | |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter lang in the setLanguageCfg function. | ||
| Risiko ? / 10 CVE-2022-44257 | vor 10 Stunde(n) | |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter pppoeUser in the setOpModeCfg function. | ||
| Risiko ? / 10 CVE-2022-44258 | vor 10 Stunde(n) | |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter command in the setTracerouteCfg function. | ||
| Risiko ? / 10 CVE-2022-44259 | vor 10 Stunde(n) | |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter week, sTime, and eTime in the setParentalRules function. | ||
| Risiko ? / 10 CVE-2022-44260 | vor 10 Stunde(n) | |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter sPort/ePort in the setIpPortFilterRules function. | ||
| Risiko ? / 10 CVE-2022-44253 | vor 10 Stunde(n) | |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter ip in the setDiagnosisCfg function. | ||
| Risiko ? / 10 CVE-2022-44254 | vor 10 Stunde(n) | |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter text in the setSmsCfg function. | ||
| Risiko ? / 10 CVE-2022-44255 | vor 10 Stunde(n) | |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a pre-authentication buffer overflow in the main function via long post data. | ||
| Risiko ? / 10 CVE-2022-44250 | vor 10 Stunde(n) | |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the hostName parameter in the setOpModeCfg function. | ||
| Risiko ? / 10 CVE-2022-44251 | vor 10 Stunde(n) | |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in the setUssd function. | ||
| Risiko ? / 10 CVE-2022-44252 | vor 10 Stunde(n) | |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the setUploadSetting function. | ||
| Risiko ? / 10 CVE-2022-44249 | vor 10 Stunde(n) | |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the UploadFirmwareFile function. | ||
| Risiko ? / 10 CVE-2022-45150 | vor 10 Stunde(n) | |
| A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary HTML and script code in user's browser in context of vulnerable website. This vulnerability may allow an attacker to perform cross-site scripting (XSS) attacks to gain access potentially sensitive information and modification of web pages. | ||
| Risiko ? / 10 CVE-2022-45151 | vor 10 Stunde(n) | |
| The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website. | ||
| Risiko ? / 10 CVE-2022-45149 | vor 10 Stunde(n) | |
| A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website. This flaw allows an attacker to perform cross-site request forgery attacks. | ||
| Risiko ? / 10 CVE-2022-44139 | vor 10 Stunde(n) | |
| Apartment Visitor Management System v1.0 is vulnerable to SQL Injection via /avms/index.php. | ||
| Risiko ? / 10 CVE-2021-46854 | vor 10 Stunde(n) | |
| mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters. | ||
| Risiko ? / 10 CVE-2022-4045 | vor 10 Stunde(n) | |
| A denial-of-service vulnerability in the Mattermost allows an authenticated user to crash the server via multiple requests to one of the API endpoints which could fetch a large amount of data. | ||
| Risiko ? / 10 CVE-2022-45462 | vor 10 Stunde(n) | |
| Alarm instance management has command injection when there is a specific command configured. It is only for logged-in users. We recommend you upgrade to version 2.0.6 or higher | ||
| Risiko ? / 10 CVE-2022-45472 | vor 10 Stunde(n) | |
| CAE LearningSpace Enterprise (with Intuity License) image 267r patch 639 allows DOM XSS, related to ontouchmove and onpointerup. | ||
| Risiko ? / 10 CVE-2022-4019 | vor 10 Stunde(n) | |
| A denial-of-service vulnerability in the Mattermost Playbooks plugin allows an authenticated user to crash the server via multiple large requests to one of the Playbooks API endpoints. | ||
| Risiko ? / 10 CVE-2022-4044 | vor 10 Stunde(n) | |
| A denial-of-service vulnerability in Mattermost allows an authenticated user to crash the server via multiple large autoresponder messages. | ||
| Risiko ? / 10 CVE-2022-41919 | vor 10 Stunde(n) | |
| Fastify is a web framework with minimal overhead and plugin architecture. The attacker can use the incorrect `Content-Type` to bypass the `Pre-Flight` checking of `fetch`. `fetch()` requests with Content-Type’s essence as "application/x-www-form-urlencoded", "multipart/form-data", or "text/plain", could potentially be used to invoke routes that only accepts `application/json` content type, thus bypassing any CORS protection, and therefore they could lead to a Cross-Site Request Forgery attack. This issue has been patched in version 4.10.2 and 3.29.4. As a workaround, implement Cross-Site Request Forgery protection using `@fastify/csrf'. | ||
| Risiko ? / 10 CVE-2022-37773 | vor 10 Stunde(n) | |
| An authenticated SQL Injection vulnerability in the statistics page (/statistics/retrieve) of Maarch RM 2.8, via the filter parameter, allows the complete disclosure of all databases. | ||
| Risiko ? / 10 CVE-2022-37774 | vor 10 Stunde(n) | |
| There is a broken access control vulnerability in the Maarch RM 2.8.3 solution. When accessing some specific document (pdf, email) from an archive, a preview is proposed by the application. This preview generates a URL including an md5 hash of the file accessed. The document's URL (https://{url}/tmp/{MD5 hash of the document}) is then accessible without authentication. | ||
| Risiko ? / 10 CVE-2022-40870 | vor 10 Stunde(n) | |
| The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. This vulnerability allows attackers to execute arbitrary commands via a crafted payload injected into the Host header. | ||
| Risiko ? / 10 CVE-2022-4116 | vor 10 Stunde(n) | |
| A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution. | ||
| Risiko ? / 10 CVE-2022-2791 | vor 10 Stunde(n) | |
| Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-434 Unrestricted Upload of File with Dangerous Type, and will upload any file written into the PLC logic folder to the connected PLC. | ||
| Risiko ? / 10 CVE-2022-39199 | vor 10 Stunde(n) | |
| immudb is a database with built-in cryptographic proof and verification. immudb client SDKs use server's UUID to distinguish between different server instance so that the client can connect to different immudb instances and keep the state for multiple servers. SDK does not validate this uuid and can accept any value reported by the server. A malicious server can change the reported UUID tricking the client to treat it as a different server thus accepting a state completely irrelevant to the one previously retrieved from the server. This issue has been patched in version 1.4.1. As a workaround, when initializing an immudb client object a custom state handler can be used to store the state. Providing custom implementation that ignores the server UUID can be used to ensure that even if the server changes the UUID, client will still consider it to be the same server. | ||
| 12.10.2022 - Doomworld | 34.478 Datensätze geleaked | |
| Email addresses, IP addresses, Passwords, Usernames In October 2022, the Doomworld fourm suffered a data breach that exposed 34k member records. The data included email and IP addresses, usernames and bcrypt password hashes. |
||
| 09.09.2022 - Get Revenge On Your Ex | 79.195 Datensätze geleaked | |
In September 2022, the revenge website Get Revenge On Your Ex suffered a data breach that exposed almost 80k unique email addresses. The data spanned both customers and victims including names, IP and physical addresses, phone numbers, purchase histories and plain text passwords. The data was subsequently shared on a public hacking forum, Get Revenge On Your Ex did not reply when contacted. |
||
| 28.08.2022 - Wakanim | 6.706.951 Datensätze geleaked | |
| Browser user agent details, Email addresses, IP addresses, Names, Physical addresses, Usernames In August 2022, the European streaming service Wakanim suffered a data breach which was subsequently advertised and sold on a popular hacking forum. The breach exposed 6.7M customer records including email, IP and physical addresses, names and usernames. |
||
| 25.08.2022 - TAP Air Portugal | 5.067.990 Datensätze geleaked | |
| Dates of birth, Email addresses, Genders, Names, Nationalities, Phone numbers, Physical addresses, Salutations, Spoken languages In August 2022, the Portuguese airline TAP Air Portugal was the target of a ransomware attack perpetrated by the Ragnar Locker gang who later leaked the compromised data via a public dark web site. Over 5M unique email addresses were exposed alongside other personal data including names, genders, DoBs, phone numbers and physical addresses. |
||
| 14.08.2022 - Brand New Tube | 349.627 Datensätze geleaked | |
| Email addresses, Genders, IP addresses, Passwords, Private messages, Usernames In August 2022, the streaming website Brand New Tube suffered a data breach that exposed the personal information of almost 350k subscribers. The impacted data included email and IP addresses, usernames, genders, passwords stored as unsalted SHA-1 hashes and private messages. |
||
| 11.08.2022 - GGCorp | 2.376.330 Datensätze geleaked | |
| Email addresses, IP addresses, Passwords, Usernames In August 2022, the MMORPG website GGCorp suffered a data breach that exposed almost 2.4M unique email addresses. The data also included IP addresses, usernames and MD5 password hashes. |
||
| 08.08.2022 - Shitexpress | 23.817 Datensätze geleaked | |
| Email addresses, IP addresses, Names, Physical addresses, Private messages, Purchases In August 2022, the online faeces delivery service Shitexpress suffered a data breach that exposed 24k unique email addresses. The addresses spanned invoices, gift cards, promotions and PayPal records. The breach also exposed the IP and email addresses of senders, physical addresses of recipients and messages accompanying the shit delivery. |
||
| 04.07.2022 - La Poste Mobile | 533.886 Datensätze geleaked | |
| Bank account numbers, Dates of birth, Email addresses, Genders, Names, Phone numbers, Physical addresses In July 2022, the French telecommunications company La Poste Mobile was the target of an attack by the LockBit ransomware which resulted in company data being published publicly. The impacted data included 533k unique email addresses along with names, physical addresses, phone numbers, dates of births, genders and banking information. 10 days after the attack, the La Poste Mobile website remained offline. |
||
| 21.05.2022 - QuestionPro | 22.229.637 Datensätze geleaked | |
| Browser user agent details, Email addresses, IP addresses, Survey results In May 2022, the survey website QuestionPro was the target of an extortion attempt relating to an alleged data breach. Over 100GB of data containing 22M unique email addresses (some of which appear to be generated by the platform), are alleged to have been extracted from the service along with IP addresses, browser user agents and results relating to surveys. QuestionPro would not confirm whether a breach had occurred (although they did confirm they were the target of an extortion attempt), so the data was initially flagged as "unverified". Subsequent verification by impacted HIBP subscribers later led to the removal of the unverified flag. |
||
| 16.05.2022 - Amart Furniture | 108.940 Datensätze geleaked | |
| Email addresses, Names, Passwords, Phone numbers, Physical addresses In May 2022, the Australian retailer Amart Furniture advised that their warranty claims database hosted on Amazon Web Services had been the target of a cyber attack. Over 100k records containing email and physical address, names, phone numbers and passwords stored as bcrypt hashes were exposed and shared online by the attacker. |
||
| 13.05.2022 - Mangatoon | 23.040.238 Datensätze geleaked | |
| Auth tokens, Avatars, Email addresses, Genders, Names, Passwords, Social media profiles, Usernames In May 2022, the Hong Kong based Manga service Mangatoon suffered a data breach that exposed 23M subscriber records. The breach exposed names, email addresses, genders, social media account identities, auth tokens from social logins and passwords stored as salted MD5 hashes. Mangatoon did not respond to multiple attempts to make contact regarding the breach. |
||
| 06.05.2022 - BlackBerry Fans | 174.168 Datensätze geleaked | |
| Email addresses, IP addresses, Passwords, Usernames In May 2022, the Chinese BlackBerry enthusiasts website BlackBerry Fans suffered a data breach that exposed 174k member records. The impacted data included usernames, email and IP addresses and passwords stored as salted MD5 hashes. |
||
| 30.04.2022 - Fanpass | 112.251 Datensätze geleaked | |
| Email addresses, Genders, Names, Partial dates of birth, Passwords, Phone numbers, Physical addresses, Purchases, Social media profiles In April 2022, the UK based website for buying and selling soccer tickets Fanpass suffered a data breach which exposed 112k customer records. Impacted data includes names, phone numbers, physical addresses, purchase histories and salted password hashes. The data was provided to HIBP by a source who requested it be attributed to "breaches.net". |
||
| 15.04.2022 - E-Pal | 108.887 Datensätze geleaked | |
| Email addresses, Purchases, Usernames In October 2022, the service dedicated to finding friends on Discord known as E-Pal disclosed a data breach. The compromised data included over 100k unique email addresses and usernames spanning approximately 1M orders. The data was subsequently distributed via a popular hacking forum. |
||
| 27.03.2022 - PayHere | 1.580.249 Datensätze geleaked | |
| Email addresses, IP addresses, Names, Partial credit card data, Phone numbers, Physical addresses, Purchases In late March 2022, the Sri Lankan payment gateway PayHere suffered a data breach that exposed more than 65GB of payment records including over 1.5M unique email addresses. The data also included IP and physical addresses, names, phone numbers, purchase histories and partially obfuscated credit card data (card type, first 6 and last 4 digits plus expiry date). A month later, PayHere published a blog on the incident titled Ensuring Integrity on PayHere Cybersecurity Incident. |
||
| 09.03.2022 - CDEK | 19.218.203 Datensätze geleaked | |
| Email addresses, Names, Phone numbers In early 2022, a collective known as IT Army whose stated goal is to "completely de-anonymise most Russian users by leaking hundreds of gigabytes of databases" published over 30GB of data allegedly sourced from Russian courier service CDEK. The data contained over 19M unique email addresses along with names and phone numbers. The authenticity of the breach could not be independently established and has been flagged as "unverfieid". |
||
| 23.02.2022 - NVIDIA | 71.335 Datensätze geleaked | |
| Email addresses, Passwords In February 2022, microchip company NVIDIA suffered a data breach that exposed employee credentials and proprietary code. Impacted data included over 70k employee email addresses and NTLM password hashes, many of which were subsequently cracked and circulated within the hacking community. |
||
| 07.02.2022 - GiveSendGo | 89.966 Datensätze geleaked | |
| Email addresses, Geographic locations, Names, Purchases In February 2022, the Christian fundraising service GiveSendGo suffered a data breach which exposed the personal data of 90k donors to the Canadian "Freedom Convoy" protest against vaccine mandates. The breach exposed names, email addresses, post codes, donation amount and comments left at the time of donation. |
||
| 29.01.2022 - MacGeneration | 101.004 Datensätze geleaked | |
| Email addresses, Passwords, Usernames In January 2022, the French Apple news website MacGeneration suffered a data breach. The incident exposed over 100k usernames, email addresses and passwords stored as salted SHA-512 hashes. After discovering the incident, MacGeneration self-submitted data to HIBP. |
||
| 05.01.2022 - Doxbin | 370.794 Datensätze geleaked | |
| Browser user agent details, Email addresses, Passwords, Usernames In January 2022, the "doxing" website designed to disclose the personal information of targeted individuals ("doxes") Doxbin suffered a data breach. The breach was subsequently leaked online and included over 370k unique email addresses across user accounts and doxes. User accounts also included usernames, password hashes and browser user agents. The personal information disclosed in the doxes was often extensive including names, physical addresses, phone numbers and more. |
||
| 01.01.2022 - Twitter | 6.682.453 Datensätze geleaked | |
| Bios, Email addresses, Geographic locations, Names, Phone numbers, Profile photos, Usernames In January 2022, a vulnerability in Twitter's platform allowed an attacker to build a database of the email addresses and phone numbers of millions of users of the social platform. In a disclosure notice later shared in August 2022, Twitter advised that the vulnerability was related to a bug introduced in June 2021 and that they are directly notifying impacted customers. The impacted data included either email address or phone number alongside other public information including the username, display name, bio, location and profile photo. The data included 6.7M unique email addresses across both active and suspended accounts, the latter appearing in a separate list of 1.4M addresses. |
||
| 28.12.2021 - Carding Mafia (December 2021) | 303.877 Datensätze geleaked | |
| Email addresses, IP addresses, Passwords, Usernames In December 2021, the Carding Mafia forum suffered a data breach that exposed over 300k members' email addresses. Dedicated to the theft and trading of stolen credit cards, the forum breach also exposed usernames, IP addresses and passwords stored as salted MD5 hashes. This breach came only 9 months after another breach of the forum in March 2021. |
||
| 23.12.2021 - FlexBooker | 3.756.794 Datensätze geleaked | |
| Email addresses, Names, Partial credit card data, Passwords, Phone numbers In December 2021, the online booking service FlexBooker suffered a data breach that exposed 3.7 million accounts. The data included email addresses, names, phone numbers and for a small number of accounts, password hashes and partial credit card data. FlexBooker has identified the breach as originating from a compromised account within their AWS infrastructure. The data was found being actively traded on a popular hacking forum and was provided to HIBP by a source who requested it be attributed to "white_peacock@riseup.net". |
||
| 05.12.2021 - RedLine Stealer | 441.657 Datensätze geleaked | |
| Email addresses, Passwords, Usernames In December 2021, logs from the RedLine Stealer malware were left publicly exposed and were then obtained by security researcher Bob Diachenko. The data included 441 thousand unique email addresses, usernames and plain text passwords. |
||
| 01.12.2021 - Aditya Birla Fashion and Retail | 5.470.063 Datensätze geleaked | |
| Email addresses, Genders, Income levels, Job titles, Marital statuses, Names, Passwords, Phone numbers, Physical addresses, Purchases, Religions, Salutations In December 2021, Indian retailer Aditya Birla Fashion and Retail Ltd was breached and ransomed. The ransom demand was allegedly rejected and data containing 5.4M unique email addresses was subsequently dumped publicly on a popular hacking forum the next month. The data contained extensive personal customer information including names, phone numbers, physical addresses, DoBs, order histories and passwords stored as MD5 hashes. Employee data was also dumped publicly and included salary grades, marital statuses and religions. The data was provided to HIBP by a source who requested it be attributed to "white_peacock@riseup.net". |
||
| 23.11.2021 - Travelio | 471.376 Datensätze geleaked | |
| Auth tokens, Dates of birth, Email addresses, Names, Passwords, Phone numbers, Physical addresses In November 2021, the Indonesian real estate website Travelio suffered a data breach that exposed over 470k customer accounts. The data included email addresses, names, password hashes, phone numbers and for some accounts, dates of birth, physical address and Facebook auth tokens. The data was provided to HIBP by a source who requested it be attributed to "white_peacock@riseup.net". |
||
| 22.11.2021 - ZAP-Hosting | 746.682 Datensätze geleaked | |
| Browser user agent details, Chat logs, Email addresses, IP addresses, Names, Phone numbers, Physical addresses, Purchases In November 2021, web host ZAP-Hosting suffered a data breach that exposed over 60GB of data containing 746k unique email addresses. The breach also contained support chat logs, IP addresses, names, purchases, physical addresses and phone numbers. |
||
| 05.11.2021 - Stripchat | 10.001.355 Datensätze geleaked | |
| Email addresses, IP addresses, Usernames In November 2021, the live sex cams and adult chat website Stripchat left several databases exposed and unsecured. In June the following year, over 10M Stripchat records appeared on a popular hacking forum. The exposed data included usernames, email addresses and IP addresses. |
||
| 03.11.2021 - Robinhood | 5.003.937 Datensätze geleaked | |
| Email addresses In November 2021, the online trading platform Robinhood suffered a data breach after a customer service representative was socially engineered. The incident exposed over 5M customer email addresses and 2M customer names. The data was provided to HIBP by a source who requested it be attributed to "Jarand Moen Romtviet". |
||
| 02.11.2021 - BTC-Alpha | 362.426 Datensätze geleaked | |
| Email addresses, IP addresses, Passwords, Usernames In November 2021, the crypto exchange platform BTC-Alpha suffered a ransomware attack data breach after which customer data was publicly dumped. The impacted data included 362k email and IP addresses, usernames and passwords stored as PBKDF2 hashes. The data was provided to HIBP by a source who requested it be attributed to "white_peacock@riseup.net". |
||
| 29.10.2021 - CyberServe | 1.107.034 Datensätze geleaked | |
| Dates of birth, Drinking habits, Email addresses, Family structure, Genders, Geographic locations, HIV statuses, IP addresses, Names, Passwords, Personal health data, Phone numbers, Physical attributes, Private messages, Profile photos, Religions, Sexual orientations, Smoking habits, Usernames In October 2021, the Israeli hosting provider CyberServe was breached and ransomed before having a substantial amount of their customer data leaked publicly by a group known as "Black Shadow". Amongst the data was the LGBTQ dating site Atraf and the Machon Mor medical institute. Due to multiple different sites being compromised, the impacted data is broad and ranges from relationship information to medical data to email addresses and passwords stored in plain text. The data was made available to HIBP with support from May Brooks-Kempler, founder of the Think Safe Cyber community in Israel. |
||
| 28.10.2021 - JukinMedia | 314.290 Datensätze geleaked | |
| Email addresses, Employers, IP addresses, Names, Occupations, Passwords, Phone numbers In October 2021, the "global leader in user-generated entertainment" Jukin Media suffered a data breach. The breach exposed 13GB of code, configuration and data consisting of 314k unique email addresses along with names, phone numbers, IP addresses and bcrypt password hashes. |
||
| 12.10.2021 - CoinMarketCap | 3.117.548 Datensätze geleaked | |
| Email addresses During October 2021, 3.1 million email addresses with accounts on the cryptocurrency market capitalisation website CoinMarketCap were discovered being traded on hacking forums. Whilst the email addresses were found to correlate with CoinMarketCap accounts, it's unclear precisely how they were obtained. CoinMarketCap has provided the following statement on the data: "CoinMarketCap has become aware that batches of data have shown up online purporting to be a list of user accounts. While the data lists we have seen are only email addresses (no passwords), we have found a correlation with our subscriber base. We have not found any evidence of a data leak from our own servers — we are actively investigating this issue and will update our subscribers as soon as we have any new information." |
||
| 08.10.2021 - ActMobile | 1.583.193 Datensätze geleaked | |
| Email addresses, IP addresses In October 2021, security researcher Bob Diachenko discovered an exposed database he attributed to ActMobile, the operators of Dash VPN and FreeVPN. The exposed data included 1.6 million unique email addresses along with IP addresses and password hashes, all of which were subsequently leaked on a popular hacking forum. Although usage of the service was verified by HIBP subscribers, ActMobile denied the data was sourced from them and the breach has subsequently been flagged as "unverified". |
||
| 04.10.2021 - Protemps | 49.591 Datensätze geleaked | |
| Email addresses, Genders, Job applications, Marital statuses, Names, Nationalities, Passport numbers, Passwords, Phone numbers, Physical addresses, Religions, Salutations In October 2021, the Singaporean recruitment website Protemps suffered a data breach that exposed almost 50,000 unique email addresses. The impacted data includes names, email and physical addresses, phone numbers, passport numbers and passwords stored as unsalted MD5 hashes, among troves of other jobseeker data. The data was provided to HIBP by a source who requested it be attributed to "white_peacock@riseup.net". |
||
| 02.10.2021 - Fantasy Football Hub | 66.479 Datensätze geleaked | |
| Email addresses, IP addresses, Names, Passwords, Purchases, Usernames In October 2021, the fantasy premier league (soccer) website Fantasy Football Hub suffered a data breach that exposed 66 thousand unique email addresses. The data included names, usernames, IP addresses, transactions and passwords stored as WordPress MD5 hashes. |
||
| 13.09.2021 - Epik | 15.003.961 Datensätze geleaked | |
| Email addresses, Names, Phone numbers, Physical addresses, Purchases In September 2021, the domain registrar and web host Epik suffered a significant data breach, allegedly in retaliation for hosting alt-right websites. The breach exposed a huge volume of data not just of Epik customers, but also scraped WHOIS records belonging to individuals and organisations who were not Epik customers. The data included over 15 million unique email addresses (including anonymised versions for domain privacy), names, phone numbers, physical addresses, purchases and passwords stored in various formats. |
||
| 11.09.2021 - Republican Party of Texas | 72.596 Datensätze geleaked | |
| Browser user agent details, Email addresses, Geographic locations, IP addresses, Names In September 2021, the Republican Party of Texas was hacked by a group claiming to be "Anonymous" in retaliation for the state's controversial abortion ban. The September defacement was followed by a leak of data and documents which included material from the hosting provider Epik. Impacted data included over 72 thousand unique email addresses across various tables, some also including names, geographic location data, IP addresses and browser user agents. |
||
| 25.08.2021 - DatPiff | 7.476.940 Datensätze geleaked | |
| Email addresses, Passwords, Security questions and answers, Usernames In late 2021, email address and plain text password pairs from the rap mixtape website DatPiff appeared for sale on a popular hacking forum. The data allegedly dated back to an earlier breach and in total, contained almost 7.5M email addresses and cracked password pairs. The original data source allegedly contained usernames, security questions and answers and passwords stored as MD5 hashes with a static salt. |
||
| 20.08.2021 - Imavex | 878.209 Datensätze geleaked | |
| Email addresses, Genders, Names, Partial credit card data, Passwords, Phone numbers, Physical addresses, Purchases, Usernames In August 2021, the website development company Imavex suffered a data breach that exposed 878 thousand unique email addresses. The data included user records containing names, usernames and password material with some records also containing genders and partial credit card data, including the last 4 digits of the card and expiry date. Hundreds of thousands of form submissions and orders via Imavex customers were also exposed and contained further personal information of submitters and the contents of the form. |
||