Here’s an overview of the various breaches consolidated on this site. Breach information is constantly being updated, so be sure to check back often.
Check all data breaches and protect your info.
PemiblancAn anonymously posted credential stuffing list titled Pemblanc was posted on a public French servers. ces. It contained over a hundred million email addresses. The emails in the list were used by hackers to take over accounts on other sites due to credential reuse.
ZomatoRestaurant search engine Zomato was affected by a breach conducted by an unknown hacker or hacker collective. The attackers compromised the records of over 16 million individual user accounts.
EdmodoThe education site Edmodo was hacked in May 2017, exposing 77 million confidential records. All of the data was posted to a public hacking forum.
Cross FireRussian gaming forum Cross Fire (cfire.mail.ru), along with other forums on the Russian mail provider mail.ru, were exposed to a data breach in August 2016.
Anti Public Combo ListIn December 2016, a massive data breach containing hundreds of millions of emails and password pairings appeared in a combo list Anti Public. The information contained data on 458 million unique email addresses, paired with passwords used on numerous online systems. The emails and password pairings were thoroughly inspected by attackers, who subsequently used them for credential stuffing attacks, then bragged about their exploits.
YoukuPopular Chinese video service Yuoku was comrpomised in a cyber attack in late 2016. Data breaches from China cannot be independently verified.
Exploit.InAn extensive list of email addresses and password pairs was discovered in a combo list named exploit.in in late 2016. Attackers used the compromised emails and passwords in subsequent credential stuffing attacks.
Justdate.comDating website Justdate.com apparently suffered a data breach in September 2016. Because much of the data released by hackers has been determined to be inconsistent and even inaccurate, many believe information about this breach to have been fabricated by a number of parties whether they were involved or not.
LeetCustom Minecraft server site Leet was the target of a data breach in August 2016.
uuu9Chinese gaming site uuu9 suffered a data breach that exposed account information in mid-2016. Data breaches from China cannot be independently verified.
ClixSenseClixSense was targeted by hackers in a successful data breach which compromised almost 2.5 million user identities. The hackers posted all of the stolen data on a public domain, claiming that it was part of an even bigger data breach which affected up to 6.6 million people. The stolen information included payment histories, full names and real-world locations.
Пара ПаRussian gaming site Пара Па (Para Pa) was hacked by an unknown entity, which compromised almost 5 million user accounts. This breach could be retaliation by Ukranian hackers due to Russian policy towards the Ukraine.
DLH.netGaming news site DLH.net experienced a data breach in July 2016. Breached data included users's keys for accessing the Steam gaming platform.
i-DressupTeen social site i-Dressup was breached in 2016. The website's main audience is underage children.
AbuseWith.UsAbusewith.us was the target of multiple data breaches in 2016. The attackers compromised the personal information of over a million user accounts.
FunimationFunimation, one of the most popular anime sites in the world, suffered a data breach in July 2016. The personal details about Funimation's mostly underage subscribers was shared openly on underground forums.
MangaFox.meManga fan website mangafox.me was the target of a data breach in July 2016.
EvonyOnline multiplayer game Evony suffered a data breach in mid 2016 which resulted in the exposure of a total of tens of millions of user accounts. The leaked records included data ranging from usernames to unsalted MD5 password hashes.
Army Force OnlineArmy Force Online was hacked in 2016, and the stolen data was found being traded on underground forums and markets.
17Proof of a data breach targeting streaming app 17 was uncovered in 2016. The discovery was made on a Tor browser marketplace where the data was found for sale.
Mate1.comPopular dating site Mate1.com was the target of a large data breach. Private chat records included in the data breach revealed deeply personal information about the site's subscribers.
Flash Flash RevolutionThe music-based game Flash Flash Revolution suffered a data breach on February 2016. The breached data was published in a discussion forum.
NihonomaruAnime community Nihonomaru was the target of a data breach in late 2015. The source of the breach is yet to be confirmed and it is likely that the majority of the hacked accounts belonged to underage individuals.
xatOnline chat service Xat was attacked in November 2015, exposing data on over 17 million subscribers.
InterPalsAttackers seized 4,569,249 email addresses, as well as geographical locations, birthdates and salted hashes of passwords from online penpal site InterPals.
R2GamesPopular gaming website R2 games suffered a data breach at the hands of an unknown hacker(s). The breach affected over 20 million user accounts. The identity of the attacker(s) has not yet been determined.
MPGHMPGH, a gaming site dedicated to hacking, cheating and modding multiplayer games was the target of a data breach in October 2015.
NetEaseNetEase, a Chinese site operating on the domain 135.com, suffered a data breach in 2015. While there is compelling evidence of the breach, data breaches from China cannot be independently verified.
Xbox 360 ISOAlmost 1.3 million Xbox360ISO.com accounts were compromised by a breach. The breach was conducted by an unidentified hacker or hacker collective.
PSP ISOA forum named PSP ISO was the target of a data breach which was conducted by an unknown hacker (or possibly a hacker collective). The purpose of the infiltration was to extract as much data as possible, and successfully compromised the personal information of over a million user accounts.
Final Fantasy ShrineThe Final Fantasy discussion forum FFShrine was breached which resulted in a public data dump. The breached data contained numerous records spanning from email addresses to passwords.
ExperianExperian was targeted by a hacker 2015 who were seeking the information of customers who signed up for financial consultations via the company's T-Mobile platform. The breached data was found circulating dark net marketplaces, and contained over 7 million data records tied to millions of individuals.
myRepoSpaceCydia repository myRepoSpace was hacked which lead to the data records of over 250,000 users being publicly leaked. The culprits behind the breach were likely to have been motivated by the service's refusal to remove pirated tweaks on iOS devices.
iPmartMobi NUKE, formerly iPmart, was hacked in 2015. Users's data was protected only by a weak hashing implementation, allowing the majority of accounts to be comporomised quickly.
EroticyAdult website Eroticy allegedly had its data breached in 2016, and evidence of the breached data uncovered later that same year in a number of trader forums.
Adult Friend FinderPopular dating website Adult Friend Finder was breached in 2015, compromising the email addresses and domains of 3,594,037 user accounts, as well as 814,195 IP addresses, 1,064,930 passwords, 397,542 usernames and additional personal information.
Спрашивай.руA hacker going by the moniker w0rm publicly released account records of millions of users subscribed to the Russian anonymous Q&A website Спрашивай.ру.
HongFireThe vBulletin-hosted anime and manga forum HongFire suffered a data breach in March 2015.
000webhostFree web hosting provider 000webhost experienced a large data breach; by the time they discovered, the breach the data had long since been sold and was being traded openly on the internet.
GameTutsThe popular video game website GameTuts experienced a mass data breach as the result of an unauthorized infiltration in March 2015. The stolen data was displayed in black hat forums and communities. The website shut down a little over a year after the attack.
Acne.orgAcne.org was hacked in 2014. The breach compromised over 400,000 accounts. It was later found out that the breached data contained the records of an additional 270,000 accounts. Reportedly, stolen data has been traded on various underground dark net boards.
mail.ru DumpSeveral data dumps of user information sourced from accounts on the domain [mail.ru] on the Russian Bitcoin Security Forum in September 2014. It's likely that [mail.ru] wasn't itself directly attacked, as the breached user accounts and emails were subscribers of other services.
diet.comDiet.com was targeted by hackers and the attack exposed over a million user accounts. The breach data contained significant information on each user, including eating habits, BMI, physical attributes and so on.
NextGenUpdateVideo game website NextGenUpdate was targeted in a data breach that successfully compromised over one million user identities. The hackers behind the breach remain unknown.
RamblerA data dump of approximately 100 million accounts from the Russian site Rambler was found circulating dark net boards. Both the entity behind the breach and the date at which the breach occurred are unknown.
VodafoneThe Icelandic Vodafone website was compromised by the Turkish hacker collective Maxn3y. The attackers publicly exposed all the data they could procure from the attack, including server logs containing personal information.
AdobeAdobe was hacked in 2013, which resulted in the exposure of hundreds of millions of user accounts. The breached data contained unencrypted password hints, which pose a risk of additional data breaches on Adobe users in the future.
iMeshThe media and file sharing site iMesh was hacked in September 2013. The data was offered for sale on a dark market site about three years later.
Nexus ModsGame modding site Nexus Mods suffered a data breach, likely in July 2013. Nexus Mods released a statement declaring that its users had been hacked in late 2015.
BadooA large data breach was uncovered in trading between black hat actors in June 2016. The data breach appears to have originated from social media site Badoo. While there is compelling evidence that a large data breach originated from Badoo, the data extracted is yet to be verified.
NeopetsThe Neopets breach likely occurred in 2013, though information related to the breach wasn't uncovered for several years. Because of the nature of the website and its attendant game(s), the majority of users affected by this breach were likely underage.
Dungeons & Dragons OnlineThe game Dungeons & Dragons Online suffered a data breach which compromised the identities of over 1.5 million users. Evidence of this breach was originally discovered when the stolen data was found circulating several underground marketplaces and forums.
TumblrA mass cyber attack on popular social site Tumblr resulted in the exposure of 65,469,298 accounts; the data was subsequently sold on dark net marketplaces.
YahooVoices, a publishing service of Yahoo, was breached via an SQL injection attack in July 2012. The breach compromised varying numbers of unique email addresses and domains, passwords and user names. Approximately 59% of the compromised accounts reused email addresses and passwords on additional websites, making them susceptible to credential stuffing attacks.
DropboxHackers attacked file storage service Dropbox some time in mid-2012, exposing data on over 68 million subscribers. Exposed passwords included salted hashes using SHA1 and bcrypt and were traded online. Dropbox issued a statement in August 2016 asking its subscribers to change their passwords.
Last.fmThe music website Last.fm was hacked in 2012. Last.fm was aware of this incident in 2012, but the full scale of the breach remained unknown until the data was publicly released in September 2016.
GamigoGerman game publisher Gamigo experienced a data breach in March 2012. All of the stolen information was publicly released.
YouPornYouPorn.com was compromised in a data breach. The attacker published the information publicly, indicating a desire to make it easily accessible. The stolen records include account credentials and personal data. Due to the pornographic nature of the site and the personal information exposed in the breach, this breach is considered sensitive.
TaobaoChinese ecommerce site Taobao was the target of an alleged data breach that took place sometime in 2012. Due to the foreign nature of this breach, it is impossible to verify the stolen data.
VKRussian social media site VK suffered a data breach in 2012. Evidence regarding the breach was uncovered in June 2016 when data tracing back to the site was found circulating on dark net market sites.
126Chinese email services 126 suffered a data breach likely affecting about 7.2 million users. However, due to the foreign nature of this breach, it is impossible to verify the stolen data.
QIPQIP, a Russian instant messaging service, was subject to a data breach at the hands of unknown hackers. The breached data was pulled from over 26 million accounts.
FlingPopular adult social network Fling suffered a data breach in March 2011. Because the compromised data included sexual interests and fetishes, blackmail was a real concern for affected users.
ZooskDating service Zoosk was likely breached by hackers in 2011. Dating site accounts typically contain personal information about the individual including their sexual preferences, fetishes and so on, increasing the possibility of blackmail attempts against identified users.
7k7kChinese gaming site 7k7k Chinese was breached by hackers. Due to the foreign nature of this breach, it is impossible to verify the stolen data.
Money BookersMoney Bookers, an e-wallet service, suffered a data breach which exposed almost 4.5M customers. The exact date of the breach, as well as those responsible, cannot be determined.
ElanceElance was targeted in a data breach which dates back to 2009. The breached data contained records of over 1 million user accounts, including uncategorized personal data which could be used with in blackmail.
MySpacePopular social media site MySpace was targeted by hackers in 2008. Stolen data was offered for sale on dark net marketplace the Real Deal in 2016, about eight years after the breach.2016. The data is somewhat unusual in the world of breaches because the exposed passwords were stored as unsalted SHA1 hashes of the first ten letters of each password, and converted to plain text.
gPotatogPotato was targeted by hackers who managed to extract information on over 2 million user accounts. The stolen records included usernames, IP addresses and so on, and was stored in plain text format.
Shadi.comUser data compromised in a data breach
Steam usersUser data compromised in a data breach
ClassmatesUser data compromised in a data breach
MOP.comUser data compromised in a data breach
Bedstore.co.ukUser data compromised in a data breach
Mixed Emails & PasswordsUser data compromised in a data breach
TurkishCitizenshipUser data compromised in a data breach
345WUser data compromised in a data breach
DFB.deUser data compromised in a data breach
Subagames.comUser data compromised in a data breach
USA HomeownersUser data compromised in a data breach
Alarabiya.ccUser data compromised in a data breach
USA Consumer DatabaseUser data compromised in a data breach
abraham-hicksUser data compromised in a data breach
Harvested Gmail Accounts 2015User data compromised in a data breachUser data compromised in a data breach
GrinderScapeUser data compromised in a data breachUser data compromised in a data breach
Russian MailsUser data compromised in a data breach
Japanese Gaming DatabasesUser data compromised in a data breach
Dota2.comUser data compromised in a data breach
Kaixin001.comUser data compromised in a data breach
OneDriveUser data compromised in a data breach
GameVNUser data compromised in a data breach
USA Marketing DataUser data compromised in a data breachUser data compromised in a data breach
scam.comUser data compromised in a data breach
Florida VotersUser data compromised in a data breach
SharkSearchUser data compromised in a data breach
LOTRO.comUser data compromised in a data breach
766.comUser data compromised in a data breach
USA Business DatabaseUser data compromised in a data breach
Numbering Plan AreasUser data compromised in a data breachLinkedIn was compromised in early 2012. A few years later in 2016, the data surfaced and was available among various threat actors on deep web communities. The information in the breach included hashed passwords which could easily be cracked. This exposed users account information and was very concerning. LinkedIn has taken measures to protect the compromised accounts by resetting passwords.