Updated breach: the remaining 10M records have now been added to @haveibeenpwned. 74% of all 8tracks addresses had been previously breached. https://twitter.com/haveibeenpwned/status/964397927320858626
New breach: Textbook rental service Chegg had 40M accounts exposed in April last year. Data included email addresses, names, usernames and passwords stored as unsalted MD5 hashes. 70% of addresses were already in @haveibeenpwned https://techcrunch.com/2018/09/26/chegg-resets-40-million-user-passwords-after-data-breach/
New breach: StockX had 6.8M accounts breached last month. Data included email addresses, names, physical addresses, purchases and passwords stored as salted MD5 hashes. 56% were already in @haveibeenpwned https://stockx.com/news/update-on-data-security-issue/
New breach: Canva had 137M records breached in May. Exposed data included email addresses, names, usernames, cities and for users not using social logins, passwords stored as bcrypt hashes. 44% of addresses were already in @haveibeenpwned. Read more: https://support.canva.com/contact/customer-support/may-24-security-incident-faqs/
New breach: The Xiaomi user forum had 7M email addresses breached in 2012. Many were on the bbs_ml_as_uid[.]xiaomi[.]com domain and were accompanied by usernames, IP addresses and salted MD5 password hashes. 7% were already in @haveibeenpwned. Read more: https://thehackernews.com/2014/10/xiaomi-data-breach-hacker.html
New breach: Stronghold Kingdoms had 5.2M accounts compromised in July last year. Impacted data included email addresses, usernames and passwords stored as salted SHA-1 hashes. 57% were already in @haveibeenpwned. Read more: https://techraptor.net/content/roll20-stronghold-kingdoms-subject-security-breach
New breach: GameSalad had 1.5M accounts compromised in February. Data included email and IP addresses, usernames and passwords stored as SHA-256 hashes. 65% were already in @haveibeenpwned. Read more: https://www.zdnet.com/article/round-4-hacker-returns-and-puts-26mil-user-records-for-sale-on-the-dark-web/
New breach: Armor Games had 10.6M accounts compromised in January. Data included email and IP addresses, usernames, birthdays of admins and passwords stored as salted SHA-1 hashes. 71% were already in @haveibeenpwned. Read more: https://techraptor.net/content/armor-games-data-breach-january-2019
New breach: Tabletop role-playing games website Roll20 had 4M records breached in December. Data included email addresses, names, bcrypt password hashes and last 4 digits of credit cards. 70% were already in @haveibeenpwned. Read more: https://app.roll20.net/forum/post/7209691/roll20-security-breach
New breach: EatStreet had 6.4M customers exposed when hacked in May. Extensive personal data including names, phone numbers, addresses, dates of birth, partial CC data and bcrypt password hashes were exposed. 75% were already in @haveibeenpwned. Read more: https://www.zdnet.com/article/eatstreet-food-ordering-service-discloses-security-breach/
New breach: Bulgarian National Revenue Agency suffered a data breach that began circulating publicly this week. Extensive personal info and tax data on 5M individuals with 471k unique email addresses included. 27% were already in @haveibeenpwned. More: https://thenextweb.com/security/2019/07/16/bulgaria-tax-agency-data-leak-hack/
There's a brand new API for @haveibeenpwned! It moves away from attempting to rate limit by IP and instead introduces auth keys which will make for a much more reliable experience. They're provisioned at the cost of providing the service, full details here https://www.troyhunt.com/authentication-and-the-have-i-been-pwned-api/
New breach: Broadcasting service YouNow had their data appear for sale on the dark web in Feb. 18M unique email addresses were exposed plus names, IPs and links to social profiles. No passwords were impacted. 49% were already in @haveibeenpwned. More: https://techcrunch.com/2019/02/14/hacker-strikes-again/
New breach: Video making service Animoto had 22M unique email addresses breached in July last year. Also exposed were names, dates of birth, country of origin and salted password hashes. 58% were already in @haveibeenpwned. Read more: https://techcrunch.com/2018/08/20/animoto-hack-exposes-personal-information-geolocation-data/
New breach: Fashion retailer SHEIN had 39M unique email addresses breached in June last year. Exposed data also included passwords stored as MD5 hashes. 57% were already in @haveibeenpwned. Read more: https://www.zdnet.com/article/shein-fashion-retailer-announces-breach-affecting-6-42-million-users/
Check if you have an account that has been compromised in a data breach. Created and maintained by @troyhunt.
This Mastodon instance is dedicated to mirroring the social media accounts of interesting/useful people and organizations from elsewhere on the Internet. At least until such time as they create their own accounts on the Mastodon network.
If you control an account that is being mirrored here and would like to make changes to how that's done (or not done), please contact Dave Wood via @firstname.lastname@example.org.
Like this idea? Help support the costs and development at Patreon.
Currently in Beta status. Please let me know if you see bugs or issues.
1Password Status [NEW]
App Store Games [NEW]
CGP Grey [NEW]
Chris Hadfield [NEW]
GitHub API [NEW]
GitHub Status [NEW]
Have I Been Pwned [NEW]
Let's Encrypt [NEW]
Merge Conflict [NEW]
NGINX, Inc. [NEW]
nginx web server [NEW]
Orbital ATK [NEW]
Relay FM [NEW]
Ryan Reynolds* [NEW]
Edward Snowden* [NEW]
Tim Cook [NEW]
Visual Studio [NEW]
Visual Studio App Center [NEW]
* Posts flagged as sensitive