Contents
The breach was subsequently sold on a rival hacking forum and contained usernames, email and IP addresses and passwords stored as either salted MD5 or argon2 hashes. The incident exposed 1.4 million unique email addresses alongside names, usernames, physical and IP addresses, phone numbers, dates of birth and passwords stored as salted SHA-1 hashes. In February 2018, the diet and exercise service MyFitnessPal suffered a data breach. The incident exposed 144 million unique email addresses alongside usernames, IP addresses and passwords stored as SHA-1 and bcrypt hashes .
The data included over 11 million unique email addresses alongside names and passwords stored as either a SHA-1 or bcrypt hash. In November 2014, the online game Warframe was hacked and 819k unique email addresses were exposed. Allegedly due to a SQL injection flaw in Drupal, the attack exposed usernames, email addresses and data in a “pass” column which adheres to the salted SHA12 password hashing pattern used by Drupal 7.
Mac Forums
A file containing 570k email addresses and cracked passwords was subsequently distributed online. In April 2021, hackers posted data for sale originating from the online Indian financial platform, Moneycontrol. The data included 763 thousand unique email addresses , alongside geographic locations, phone numbers, genders, dates of birth and download historical eur to gbp rates plain text passwords. The date of the original breach is unclear, although the breached data indicates the file was created in September 2017 and Moneycontrol has stated that the breach is “an old data set”. In May 2022, a superset of the data totalling almost 25M unique email addresses across 142M rows was extensively shared on Telegram.
- This breach has been flagged as “sensitive” and is only searchable by owners of the email addresses and domains exposed in the incident.
- In June 2018, the World of Warcraft service Light’s Hope suffered a data breach which they subsequently self-submitted to HIBP.
- The attack on the ISP led to the exposure of 177k customer records including 94k unique email addresses.
- In February 2014, over 2,000 Tesco accounts with usernames, passwords and loyalty card balances appeared on Pastebin.
In January 2020, the Barcelona-based dating app MobiFriends suffered a data breach that exposed 3.5 million unique email addresses. The data also included usernames, genders, dates of birth and MD5 password hashes. In August 2021, the website development company Imavex suffered a data breach that exposed 878 thousand unique email addresses. Hundreds of thousands of form submissions and orders via Imavex customers were also exposed and contained further personal information of submitters and the contents of the form. In mid-2021, Risk Based Security reported on a database sourced from Ducks Unlimited being traded online. The data dated back to January 2021 and contained 1.3M unique email addresses across both a membership list and a list of website users.
Army Force Online
In June 2019, the “Art of Human Hacking” site Social Engineered suffered a data breach. The breach of the MyBB forum was published on a rival hacking forum and included 89k unique email addresses spread across 55k forum users and other tables in the database. The exposed data also included usernames, IP addresses, private messages and passwords stored as salted MD5 hashes. In April 2020, the account hijacking and SIM swapping forum OGUsers suffered their second data breach in less than a year. As with the previous breach, the exposed data included email and IP addresses, usernames, private messages and passwords stored as salted MD5 hashes.
In January 2018, the Joomla template website JoomlArt inadvertently exposed more than 22k unique customer records in a Jira ticket. The exposed data was from iJoomla and JomSocial, both services that JoomlArt acquired the previous year. The data included usernames, email addresses, purchases and passwords stored as MD5 hashes. When contacted, JoomlArt advised they were aware of the incident and had previously notified impacted parties. In June 2020, 14 previously undisclosed data breaches appeared for sale including the Brazilian delivery service, “James”. The breach occurred in March 2020 and exposed 1.5M unique email addresses, customer locations expressed in longitude and latitude and passwords stored as bcrypt hashes.
CrimeAgency vBulletin Hacks
In 2019, the data appeared listed for sale on a dark web marketplace and subsequently began circulating more broadly. In early 2020, the online dating service MeetMindful suffered a data breach that exposed 1.4 million unique customer email addresses. Additional personal information such as names, geographical locations and IP addresses were also exposed, along with passwords stored as bcrypt hashes. In February 2021, the alt-tech social network service Gab suffered a data breach. The incident exposed almost 70GB of data including 4M user accounts, a small number of private chat logs and a list of public groups and public posts made to the service.
Along with email and IP addresses, the vBulletin forum also exposed salted MD5 password hashes. In late 2016, the fashion gaming website Fashion Fantasy Game suffered a data breach. The incident exposed 2.3 million unique user accounts and corresponding MD5 password hashes with no salt. In February 2020, a massive trove of personal information referred to as “db8151dd” using trailing stop loss orders for maximum profits was provided to HIBP after being found left exposed on a publicly facing Elasticsearch server. Later identified as originating from the Covve contacts app, the exposed data included extensive personal information and interactions between Covve users and their contacts. In December 2018, the Town of Salem website produced by BlankMediaGames suffered a data breach.
Our Company
A total of 263k email addresses across user accounts and other tables were posted to a rival hacking forum. In May 2019, the account hijacking and SIM swapping forum OGusers suffered a data breach. The breach exposed a database backup from December 2018 which was published on a rival hacking forum.
- They’ve yet to acknowledge the incident or explain how they came to be in possession of the data.
- The incident exposed 22 million records containing almost 15 million unique email addresses alongside IP addresses, genders, names and salted SHA-256 password hashes.
- In approximately October 2015, the manga website Go Games suffered a data breach.
- In October 2019, the Dutch prostitution forum Hookers.nl suffered a data breach which exposed the personal information of sex workers and their customers.
- The data included usernames, dates of birth, genders and passwords stored as unsalted MD5 hashes.
The impacted data included email and physical addresses, names, motorcycle information, social media profiles, passwords, and other personal information. In May 2019, the Chinese literature website Read Novel allegedly suffered a data breach that exposed 22M unique email addresses. Data also included usernames, genders, phone numbers and passwords stored as salted MD5 hashes.
In January 2021, Oxfam Australia was the victim of a data breach which exposed 1.8M unique email addresses of supporters of the charity. The data was put up for sale on a popular hacking forum and also included names, phone numbers, addresses, genders and of america corporation dates of birth. A small number of people also had partial credit card data exposed and in some cases the bank name, account number and BSB were also exposed. The data was subsequently made freely available on the hacking forum later the following month.
Impacted data includes names, phone numbers, physical addresses, purchase histories and salted password hashes. The data was provided to HIBP by a source who requested it be attributed to “breaches.net”. The incident exposed 87k unique email addresses alongside genders, dates of birth, names, phone numbers and passwords stored as unsalted MD5 hashes.