New breach: Comic strip website ToonDoo had 6M accounts breached in August including email, IP, location, gender and salted password hashes. 59% were already in @haveibeenpwned. More: https://www.zataz.com/6-000-000-de-donnees-personnelles-piratees-pour-le-site-toondoo/
New sensitive breach: Dutch prostitution forum Hookers[.]nl had 291k accounts compromised this month. Exposed data includes IP and email addresses, usernames and passwords stored as bcrypt or salted MD5 hashes. 48% already in @haveibeenpwned. More: https://www.forbes.com/sites/thomasbrewster/2019/10/10/dutch-prostitution-site-hookersnl-hacked--250000-users-data-leaked/#3e3f231522f8
New sensitive breach: The zoophilia and bestiality forum Zooville had 71k records breached last month. Impacted data includes usernames and email addresses. 36% of addresses were already in @haveibeenpwned. More (NSFW website): https://www.zooville.org/threads/security-incident-and-site-rebuild-september-2019.9/
New breach: StreetEasy had 988k records breached in mid-2016 which then appeared for sale in Feb this year. Impacted data includes names, usernames, email addresses and SHA-1 password hashes. 87% of addresses were already in @haveibeenpwned. Read more: https://therealdeal.com/2019/02/19/a-million-streeteasy-accounts-hacked/
New breach: Sephora South East Asia and ANZ had 780k records breached in 2017. Impacted data includes names, emails, genders, DOBs, ethnicities and other personal data. 78% of addresses were already in @haveibeenpwned. Read more: https://www.zdnet.com/article/sephora-data-breach-hits-southeast-asia-and-anz-customers/
New breach: Wanelo had 23M records breached in December. They subsequently appeared for sale in April and included email addresses and passwords stored as either MD5 or bcrypt hashes. 71% of addresses were already in @haveibeenpwned. Read more: https://www.zdnet.com/article/a-hacker-has-dumped-nearly-one-billion-user-records-over-the-past-two-months/
New breach: Lumin PDF had 15.5M records taken from MongoDB in April & posted to a hacking forum this week. Impacted data included names, email addresses, genders, languages, bcrypt hashes & Google auth tokens. 57% were already in @haveibeenpwned. More: https://www.zdnet.com/article/data-of-24-3-million-lumin-pdf-users-shared-on-hacking-forum/
New breach: The forum for discussing "lolcows" (people who can be milked for laughs) Kiwi Farms has 4.6k accounts exposed this month including email & IP addresses, dates of birth & forum content. 29% of addresses were already in @haveibeenpwned. Read more https://kiwifarms.net/threads/dealing-with-the-compromise.60767/
New breach: Poshmark had 36M accounts compromised mid last year. Impacted data included email addresses, names, usernames, genders, locations and passwords stored as bcrypt hashes. 74% of addresses were already in @haveibeenpwned. Read more: https://techcrunch.com/2019/08/01/poshmark-confirms-data-breach/
New breach: German Mastercard bonus program "Priceless Specials" had almost 90k records posted publicly last month including names, phone numbers, email addresses and partial card data. 46% of addresses were already in @haveibeenpwned. Read more: https://www.spiegel.de/netzwelt/web/mastercard-datenleck-bei-bonusprogramm-a-1282697.html
New breach: Crypto coin brokerage Coinmama had 479k accounts exposed in Aug 2017. Breach was discovered this Feb and includes email addresses, usernames and passwords stored as MD5 WordPress hashes. 58% of addresses were already in @haveibeenpwned. More: https://cointelegraph.com/news/major-crypto-brokerage-coinmama-reports-450-000-users-affected-by-data-breach
Updated breach: the remaining 10M records have now been added to @haveibeenpwned. 74% of all 8tracks addresses had been previously breached. https://twitter.com/haveibeenpwned/status/964397927320858626
New breach: Textbook rental service Chegg had 40M accounts exposed in April last year. Data included email addresses, names, usernames and passwords stored as unsalted MD5 hashes. 70% of addresses were already in @haveibeenpwned https://techcrunch.com/2018/09/26/chegg-resets-40-million-user-passwords-after-data-breach/
New breach: StockX had 6.8M accounts breached last month. Data included email addresses, names, physical addresses, purchases and passwords stored as salted MD5 hashes. 56% were already in @haveibeenpwned https://stockx.com/news/update-on-data-security-issue/
Check if you have an account that has been compromised in a data breach. Created and maintained by @troyhunt.
Find this service useful? Kick in a few bucks to help keep it alive here: https://www.patreon.com/DaveWoodX Thanks.