Overview of Breaches

The following is a summary of "breached" data that we have collected and sanitized for reactive notification purposes.

  • adobe.com
  • In October 2013, 153 million Adobe accounts were breached with each containing an internal ID, username, email, password and a password hint in plain text.
  • Breached: October 4, 2013
  • dropbox.com
  • In mid-2012, Dropbox suffered a data breach which exposed the stored credentials of tens of millions of their customers.
  • Breached: July 1, 2012
  • myspace.com
  • In approximately 2008, MySpace suffered a data breach that exposed almost 360 million accounts.
  • Breached: June 1, 2008
  • tumblr.com
  • In early 2013, tumblr suffered a data breach which resulted in the exposure of over 65 million accounts. The data was later put up for sale on a dark market website and included email addresses and passwords stored as salted SHA1 hashes.
  • Breached: February 28, 2013
  • linkedin.com
  • LinkedIn had 164 million email addresses and passwords exposed in May 2016. Originally hacked in 2012, the data remained out of sight until being offered for sale on a dark market site 4 years later. The passwords in the breach were stored as SHA1 hashes without salt, the vast majority of which were quickly cracked in the days following the release of the data.
  • Breached: May 5, 2012
  • ashleymadison.com
  • In July 2015, a group calling itself "The Impact Team" stole the user data of Ashley Madison, a commercial website billed as enabling extramarital affairs. The group copied personal information about the site's user base and threatened to release users' names and personally identifying information if Ashley Madison was not immediately shut down. On 18 and 20 August, the group leaked more than 25 gigabytes of company data, including user details.
  • Breached: July 1, 2015
  • vk.com
  • In approximately 2012, the Russian social media site known as VK was hacked and almost 100 million accounts were exposed.
  • Breached: January 1, 2012
  • neopets.com
  • In May 2013, tens of millions of user accounts from virtual pets community Neopets have allegedly been hacked and traded on the criminal underground.
  • Breached: May 6, 2013
  • badoo.com
  • User accounts for dating site Badoo are being traded in the digital underground, including email address, cracked passwords, names, and dates of birth. Badoo denied being the source of the stolen accounts.
  • Breached: January 1, 2016
  • imesh.com
  • iMesh, the media and file sharing client, was hacked and approximately 50M accounts were exposed. The data was put up for sale on the dark web in mid-2016.
  • Breached: September 22, 2013
  • muslimmatch.com
  • Specialty dating site Muslim Match has been hacked in June 2016, with approximately 150,000 dating profiles and 500,000 private messages posted online.
  • Breached: June 1, 2016
  • 000webhost.com
  • Web hosting provider 000webhost suffered a breach that exposed over 13 million customer records in March 2015.
  • Breached: March 1, 2015
  • avast.com
  • The Avast anti-virus forum was hacked in May 2015 and 423k member records were exposed.
  • Breached: May 26, 2014
  • mate1.com
  • In February 2016, a hacker on the dark web forum "Hell" claims to have sold the email addresses and plaintext passwords of over 27 million users of dating site Mate1.com.
  • Breached: February 21, 2016
  • r2games.com
  • In late 2015 the gaming company, R2Games, known for creating the Wartune game, was hacked and leaked a number of people‚Äôs e-mail addresses, IP addresses, usernames, and passwords.
  • Breached: November 1, 2015
  • experian.com
  • The US based credit bureau and consumer data broker Experian suffered a data breach in late September 2015. The breach impacted 15 million customers who had applied for financing from T-Mobile. An alleged data breach was subsequently circulated containing personal information including names, physical and email addresses, birth dates and various other personal attributes. Multiple Have I been pwned subscribers verified portions of the data as being accurate, but the actual source of it was inconclusive.
  • Breached: July 4, 2016
  • last.fm
  • In March 2012, the music website Last.fm was hacked and 43 million user accounts were exposed.
  • Breached: March 22, 2012
  • mail.ru
  • Several large dumps of Mail.ru user accounts appeard on a Russian Bitcoin Security Forum in September 2014.
  • Breached: September 10, 2014
  • exploit.in
  • Exploit.in is a compilation that originated from Exploit.in but the Exploit.in Database Compilation is NOT Exploit.in's user database.
  • Breached: June 1, 2016
  • adultfriendfinder.com
  • The hookup site Adult Friend Finder was hacked in May 2015. Nearly 4 million records dumped dumpilicly, containing sensitive personal information about individuals.
  • Breached: May 22, 2015
  • hackforums.net
  • In June 2011, the hacktivist group known as "LulzSec" leaked data from sources such as AT&T, Battlefield Heroes and the hackforums.net website.
  • Breached: June 25, 2011
  • 17app.co
  • Customer data obtained from the streaming app known as "17" appeared for sale on Tor hidden marketplace in April 2016. Over 4 millon unique email addresses, IP Addresses, usernames and passswored stored unsalted as MD5 hashes.
  • Breached: April 19, 2016
  • yahoo.com
  • A large dump of at least 5 Million Yahoo email addresses and passwords in clear-text appeared on the darknet in the summer of 2016.
  • Breached: July 1, 2012
  • ib.qnb.com
  • In July 2015, Documents purporting to be from the Qatar National Bank have been leaked on a file-sharing site.
  • Breached: July 1, 2015
  • gre.ac.uk
  • In February 2016, personal details about thousands of London-based research students at the University of Greenwich were posted online in an apparent breach of data privacy laws. Students' names, addresses, dates of birth, mobile phone numbers and signatures were all uploaded to the university's website.
  • Breached: February 1, 2016
  • modernbusinesssolutions.net
  • A large Mongo DB file containing tens of millions of accounts was shared publicly on Twitter in October 2016. The data was attributed to "Modern Business Solutions", a company that provides data storage and database hosting solutions but they've yet to acknowledge the incident or explain the data.
  • Breached: October 1, 2016
  • cannabis.com
  • The forum (vBulletin) for the Marijuna site cannabis.com was breached in Feburary 2014. Nearly 227k accounts and ~10k private messages where leaked with no public attribution of the breach.
  • Breached: February 5, 2014
  • youporn.com
  • The adult website YouPorn had over 1.3M user accounts in a data breach in February 2012. The data was publicly released and included both email addresses and plain text passwords.
  • Breached: February 1, 2012
  • torrent-invites.com
  • The Torrent Invites torrent site was hacked in December 2013, and over 352k accounts were exposed
  • Breached: December 12, 2013