Breach List

SOClogix > Breach List
RSS Latest Breaches
  • pcTattletale - 138,751 breached accounts May 25, 2024
    In May 2024, the spyware service pcTattletale suffered a data breach that defaced the website and posted tens of gigabytes of data to the homepage, allegedly due to pcTattletale not responding to a previous security vulnerability report. The breach exposed data including membership records, infected PC names, captured messages and extensive logs of IP addresses […]
  • Dota2 - 1,907,205 breached accounts May 23, 2024
    In July 2016, the Dota2 official developers forum suffered a data breach that exposed almost 2 million users. The hack of the vBulletin forum led to the disclosure of email and IP addresses, usernames and passwords stored as salted MD5 hashes.
  • The Post Millennial - 56,973,345 breached accounts May 10, 2024
    In May 2024, the conservative news website The Post Millennial suffered a data breach. The breach resulted in the defacement of the website and links posted to 3 different corpuses of data including hundreds of writers and editors (IP, physical address and email exposed), tens of thousands of subscribers to the site (name, email, username, […]
  • Tappware - 94,734 breached accounts May 9, 2024
    In April 2024, a substantial volume of data was taken from the Bangladeshi IT services provider Tappware and published to a popular hacking forum. Comprising of 95k unique email addresses, the data also included extensive labour information on local citizens including names, physical addresses, job titles, dates of birth, genders and scans of government issued […]
  • MovieBoxPro - 6,009,014 breached accounts April 30, 2024
    In April 2024, over 6M records from the streaming service MovieBoxPro were scraped from a vulnerable API. Of questionable legality, the service provided no contact information to disclose the incident, although reportedly the vulnerability was rectified after being mass enumerated.
  • Piping Rock - 2,103,100 breached accounts April 26, 2024
    In April 2024, 2.1M email addresses from the online health products store Piping Rock were publicly posted to a popular hacking forum. The data also included names, phone numbers and physical addresses. The account posting the data had previously posted multiple other data breaches which all appear to have been obtained from the Shopify service […]
  • T2 - 94,584 breached accounts April 22, 2024
    In April 2024, 95k records from the T2 tea store were posted to a popular hacking forum. Data included email and physical addresses, names, phone numbers, dates of birth, purchases and passwords stored as scrypt hashes.
  • Le Slip Français - 1,495,127 breached accounts April 18, 2024
    In April 2024, the French underwear maker Le Slip Français suffered a data breach. The breach included 1.5M email addresses, physical addresses, names and phone numbers.
  • Giant Tiger - 2,842,669 breached accounts April 12, 2024
    In March 2024, Canadian discount store Giant Tiger suffered a data breach that exposed 2.8M customer records. Attributed to a vendor of the retailer, the breach included physical and email addresses, names and phone numbers.
  • Salvadoran Citizens - 946,989 breached accounts April 10, 2024
    In April 2024, nearly 6 million records of Salvadoran citizens were published to a popular hacking forum. The data included names, dates of birth, phone numbers, physical addresses and nearly 1M unique email addresses. Further, over 5M corresponding profile photos were also included in the breach.
  • Kaspersky Club - 55,971 breached accounts April 9, 2024
    In March 2024, the independent fan forum Kaspersky Club suffered a data breach. The incident exposed 56k unique email addresses alongside usernames, IP addresses and passwords stored as either MD5 or bcrypt hashes.
  • boAt - 7,528,985 breached accounts April 8, 2024
    In March 2024, the Indian audio and wearables brand boAt suffered a data breach that exposed 7.5M customer records. The data included physical and email address, names and phone numbers, all of which were subsequently published to a popular clear web hacking forum.
  • SurveyLama - 4,426,879 breached accounts April 2, 2024
    In February 2024, the paid survey website SurveyLama suffered a data breach that exposed 4.4M customer email addresses. The incident also exposed names, physical and IP addresses, phone numbers, dates of birth and passwords stored as either salted SHA-1, bcrypt or argon2 hashes. When contacted about the incident, SurveyLama advised that they had already "notified […]
  • Pandabuy - 1,348,407 breached accounts April 1, 2024
    In March 2024, 1.3M unique email addresses from the online store for purchasing goods from China, Pandabuy, were posted to a popular hacking forum. The data also included IP and physical addresses, names, phone numbers and order enquiries. The breach was alleged to be attributed to "Sanggiero" and "IntelBroker".
  • Washington State Food Worker Card - 1,594,305 breached accounts March 31, 2024
    In June 2023, the Tacoma-Pierce County Health Department announced a data breach of their Washington State Food Worker Card online training system. The breach was published to a popular hacking forum the year before and dated back to a 2018 database backup. Included in the data were 1.6M unique email addresses along with names, post […]
  • England Cricket - 43,299 breached accounts March 29, 2024
    In March 2024, English Cricket's icoachcricket website suffered a data breach that exposed over 40k records. The data included email addresses and passwords stored as either bcrypt hashes, salted MD5 hashes or both. The data was provided to HIBP by a source who requested it be attributed to "IntelBroker".
  • Exvagos - 2,121,789 breached accounts March 28, 2024
    In July 2022, the direct download website Exvagos suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 2.1M unique email addresses along with IP addresses, usernames, dates of birth and MD5 password hashes.
  • GSM Hosting - 2,607,440 breached accounts March 27, 2024
    In August 2016, breached data from the vBulletin forum for GSM-Hosting appeared for sale alongside dozens of other hacked services. The breach impacted 2.6M users of the service and included email and IP addresses, usernames and salted MD5 password hashes.
  • SwordFantasy - 2,690,657 breached accounts March 26, 2024
    In January 2019, the now defunct MMO and RPG game SwordFantasy suffered a data breach that exposed 2.7M unique email addresses. Other impacted data included username, IP address and salted MD5 password hashes.
  • MediaWorks - 162,710 breached accounts March 22, 2024
    In March 2024, millions of rows of data from the New Zealand media company MediaWorks was publicly posted to a popular hacking forum. The incident exposed 163k unique email addresses provided by visitors who filled out online competitions and included names, physical addresses, phone numbers, dates of birth, genders and the responses to questions in […]