Contact us Today!
Report an Incident

Breach List

RSS Error: WP HTTP Error: A valid URL was not provided.
RSS Latest Breaches
  • TheSqua.re - 107,041 breached accounts August 27, 2025
    In June 2025, 107k unique customer email addresses were allegedly obtained from TheSqua.re, the "easiest way to find your next serviced apartment". The data also included names, phone numbers and cities which were subsequently posted to a popular hacking forum. TheSqua.re did not respond to repeated attempts to disclose the incident, however multiple impacted HIBP […]
  • Allianz Life - 1,115,061 breached accounts August 18, 2025
    In July 2025, Allianz Life was the victim of a cyber attack which resulted in millions of records later being leaked online. Allianz attributed the attack to "a social engineering technique" which targeted data on Salesforce and resulted in the exposure of 1.1M unique email addresses, names, genders, dates of birth, phone numbers and physical […]
  • Data Troll Stealer Logs - 109,532,219 breached accounts August 13, 2025
    In June 2025, headlines erupted over a "16 billion password" breach. In reality, the dataset was a compilation of publicly accessible stealer logs, mostly repurposed from older leaks, with only a small portion of genuinely new material. HIBP received 2.7B rows containing 109M unique email addresses, which was subsequently added to the service under the […]
  • Unigame - 843,696 breached accounts August 8, 2025
    In December 2019, the now defunct gaming website Unigame (maker of Hunter Online) suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 844k email addresses and salted MD5 password hashes.
  • Pi-hole - 29,926 breached accounts July 31, 2025
    In July 2025, a vulnerability in the GiveWP WordPress plugin exposed the names and email addresses of approximately 30k donors to the Pi-hole network-wide ad blocking project. Pi-hole subsequently self-submitted the list of impacted donors to HIBP.
  • Creams Cafe - 159,652 breached accounts July 23, 2025
    In May 2025, 160k records of customer data was allegedly obtained from Creams Cafe, "the UK's favourite dessert parlour". The data included email and physical addresses, names and phone numbers. Creams Cafe did not respond to repeated attempts to disclose the incident, however multiple impacted HIBP subscribers confirmed the legitimacy and accuracy of the data.
  • MaReads - 74,453 breached accounts July 15, 2025
    In June 2025, MaReads, the website for readers and writers of Thai-language fiction and comics suffered a data breach that exposed 74k records. The breach included usernames, email addresses, phone numbers and dates of birth. MaReads is aware of the breach.
  • Omnicuris - 215,298 breached accounts July 13, 2025
    In June 2025, the Indian CME platform Omnicuris suffered a data breach that exposed approximately 200k records of healthcare professionals. The data included names, email addresses, phone numbers, geographic locations and other data attributes relating to professional expertise and training progress. Omnicuris is aware of the incident.
  • Catwatchful - 61,641 breached accounts July 3, 2025
    In June 2025, spyware maker Catwatchful suffered a data breach that exposed over 60k customer records. The breach was due to a SQL injection vulnerability that enabled email addresses and plain text passwords to be extracted from the system.
  • Robinsons Malls - 195,597 breached accounts June 25, 2025
    In June 2024, the Philippines' largest shopping-mall operators Robinsons Malls suffered a data breach stemming from their mobile app. The incident exposed 195k unique email addresses along with names, phone numbers, dates of birth, genders and the user's city and province.
  • Have Fun Teaching - 27,126 breached accounts June 25, 2025
    In August 2021, the teaching resources website Have Fun Teaching suffered a data breach that leaked 80k WooCommerce transactions which were later posted to a popular hacking forum. The data contained 27k unique email addresses along with physical and IP addresses, names, payment methods and the item purchased. Have Fun Teaching is aware of the […]
  • Ualabee - 472,296 breached accounts June 13, 2025
    In May 2025, the South American mobility services platform Ualabee had hundreds of thousands of records scraped from an interface on their platform. The data included 472k unique email addresses along with names, profile photos, dates of birth and phone numbers.
  • WiredBucks - 918,529 breached accounts June 10, 2025
    In May 2022, the now defunct social media influencer platform WiredBucks suffered a data breach that was later redistributed as part of a larger corpus of data. The incident exposed over 900k email and IP addresses alongside names, usernames, earnings via the platform, physical addresses and passwords stored as plain text.
  • Disk Union - 690,667 breached accounts June 7, 2025
    In June 2022, the Japanese record chain store Disk Union suffered a data breach. The incident exposed 690k unique email addresses along with names, post codes, phone numbers and plain text passwords.
  • ColoCrossing - 7,183 breached accounts June 3, 2025
    In May 2025, hosting provider ColoCrossing identified a data breach that impacted customers of their ColoCloud virtual server product. ColoCrossing advised the incident was isolated to their cloud/VPS platform and stemmed from a single sign-on vulnerability. 7k email addresses were exposed in the incident along with names and MD5-Crypt password hashes.
  • Free - 13,926,173 breached accounts May 27, 2025
    In October 2024, French ISP "Free" suffered a data breach which was subsequently posted for sale and later, leaked publicly. The data included 14M unique email addresses along with names, physical addresses, phone numbers, genders, dates of birth and for many records, IBAN bank account numbers. Free advised that the numbers were "not enough to […]
  • Operation Endgame 2.0 - 15,436,844 breached accounts May 23, 2025
    In May 2025, a coalition of law enforcement agencies took down the criminal infrastructure behind the malware used to launch ransomware attacks in a new phase of "Operation Endgame". This followed the first Operation Endgame exercise a year earlier, with the latest action resulting in 15.3M victim email addresses being provided to HIBP by law […]
  • Fédération Francaise de Rugby - 281,977 breached accounts May 22, 2025
    In June 2023, the Fédération Francaise de Rugby (French Rugby Federation) suffered a data breach and attempted ransom. The breach exposed 282k unique email addresses along with names, dates of birth and phone numbers. The Federation subsequently published a disclosure notice and stated that the attack primarily affected email servers.
  • OnRPG - 1,047,640 breached accounts May 8, 2025
    In July 2016, the now defunct free online games list website OnRPG suffered a data breach that was later redistributed as part of a larger corpus of data. The incident exposed just over 1M email and IP addresses alongside usernames and passwords stored as salted MD5 hashes.
  • TehetségKapu - 54,357 breached accounts May 1, 2025
    In March 2025, almost 55k records were breached from the Hungarian education office website TehetségKapu. The data was subsequently published to a popular hacking forum and included email addresses, names and usernames.

Attackers Are Abusing Microsoft 365’s Direct Send to Send Internal-Looking Phishing. Learn now to mitigate!

SOClogix delivers enterprise-grade cybersecurity for growing businesses, with 24/7 monitoring, rapid threat response, and expert-driven protection you can trust.

Company

Resources

Newsletter

Name
Confirmation

@ 2025 SOClogix. All rights reserved. | Privacy | Terms | Security