New breach: Comic strip website ToonDoo had 6M accounts breached in August including email, IP, location, gender and salted password hashes. 59% were already in @haveibeenpwned. More: zataz.com/6-000-000-de-donnees

New breach: Indian training site Vedantu had 687k records exposed in July. Exposed data includes IP and email addresses, names, phone numbers, genders and passwords stored as bcrypt hashes. 28% of addresses were already in @haveibeenpwned haveibeenpwned.com/

New sensitive breach: Dutch prostitution forum Hookers[.]nl had 291k accounts compromised this month. Exposed data includes IP and email addresses, usernames and passwords stored as bcrypt or salted MD5 hashes. 48% already in @haveibeenpwned. More: forbes.com/sites/thomasbrewste

A more complete data set has since been provided including dates of birth, IP addresses and passwords stored as bcrypt hashes

New sensitive breach: The zoophilia and bestiality forum Zooville had 71k records breached last month. Impacted data includes usernames and email addresses. 36% of addresses were already in @haveibeenpwned. More (NSFW website): zooville.org/threads/security-

New breach: StreetEasy had 988k records breached in mid-2016 which then appeared for sale in Feb this year. Impacted data includes names, usernames, email addresses and SHA-1 password hashes. 87% of addresses were already in @haveibeenpwned. Read more: therealdeal.com/2019/02/19/a-m

New breach: Sephora South East Asia and ANZ had 780k records breached in 2017. Impacted data includes names, emails, genders, DOBs, ethnicities and other personal data. 78% of addresses were already in @haveibeenpwned. Read more: zdnet.com/article/sephora-data

New breach: Wanelo had 23M records breached in December. They subsequently appeared for sale in April and included email addresses and passwords stored as either MD5 or bcrypt hashes. 71% of addresses were already in @haveibeenpwned. Read more: zdnet.com/article/a-hacker-has

New breach: Lumin PDF had 15.5M records taken from MongoDB in April & posted to a hacking forum this week. Impacted data included names, email addresses, genders, languages, bcrypt hashes & Google auth tokens. 57% were already in @haveibeenpwned. More: zdnet.com/article/data-of-24-3

New breach: The forum for discussing "lolcows" (people who can be milked for laughs) Kiwi Farms has 4.6k accounts exposed this month including email & IP addresses, dates of birth & forum content. 29% of addresses were already in @haveibeenpwned. Read more kiwifarms.net/threads/dealing-

New breach: The Minecraft server website Minehut had 397k email addresses taken from a backup in May. 47% were already in @haveibeenpwned haveibeenpwned.com

New breach: Hacking site Void[.]to had 95k unique addresses exposed in June (86k users plus addresses in other tables). Exposed data included email & IP addresses, usernames, PMs and both MD5 & bcrypt password hashes. 46% were already in
@haveibeenpwned haveibeenpwned.com

New breach: Poshmark had 36M accounts compromised mid last year. Impacted data included email addresses, names, usernames, genders, locations and passwords stored as bcrypt hashes. 74% of addresses were already in @haveibeenpwned. Read more: techcrunch.com/2019/08/01/posh

New breach: German Mastercard bonus program "Priceless Specials" had almost 90k records posted publicly last month including names, phone numbers, email addresses and partial card data. 46% of addresses were already in @haveibeenpwned. Read more: spiegel.de/netzwelt/web/master

New breach: XKCD had 562k accounts breached last month. The phpBB forum exposed email and IP addresses, usernames and passwords stored in MD5 phpBB3 format. 58% of addresses were already in @haveibeenpwned haveibeenpwned.com/

New breach: Crypto coin brokerage Coinmama had 479k accounts exposed in Aug 2017. Breach was discovered this Feb and includes email addresses, usernames and passwords stored as MD5 WordPress hashes. 58% of addresses were already in @haveibeenpwned. More: cointelegraph.com/news/major-c

Updated breach: the remaining 10M records have now been added to @haveibeenpwned. 74% of all 8tracks addresses had been previously breached. twitter.com/haveibeenpwned/sta

New breach: Textbook rental service Chegg had 40M accounts exposed in April last year. Data included email addresses, names, usernames and passwords stored as unsalted MD5 hashes. 70% of addresses were already in @haveibeenpwned techcrunch.com/2018/09/26/cheg

New breach: Hacking site Cracked[.]to had 749k unique addresses exposed last month (321k users plus addresses in other tables). Exposed data included email and IP addresses, usernames, PMs and bcrypt password hashes. 29% were already in @haveibeenpwned haveibeenpwned.com/

New breach: StockX had 6.8M accounts breached last month. Data included email addresses, names, physical addresses, purchases and passwords stored as salted MD5 hashes. 56% were already in @haveibeenpwned stockx.com/news/update-on-data

Show more
Mirrored.Social [BETA]

Find this service useful? Kick in a few bucks to help keep it alive here: https://www.patreon.com/DaveWoodX Thanks.