New breach: MGM Resorts had 10.6M records with 3.1M unique email addresses breached last year. Data also included names, phone numbers, DOBs and physical addresses. 82% of emails were already in @haveibeenpwned. Read more: https://www.zdnet.com/article/exclusive-details-of-10-6-million-of-mgm-hotel-guests-posted-on-a-hacking-forum/
New sensitive breach: "The world's largest sex & swinger community" Adult FriendFinder was breached in 2016. The incident exposed usernames, SHA-1 password hashes and 170M unique email addresses. 77% of addresses were already in @haveibeenpwned. Read more: https://www.zdnet.com/article/adultfriendfinder-network-hack-exposes-secrets-of-412-million-users/
New breach: Indian Rail left 583k unique email addresses exposed on an unprotected Firebase database instance alongside usernames and plain text passwords. 49% of addresses were already in @haveibeenpwned. Read more: https://medium.com/dvuln/why-you-should-choo-choo-choose-to-have-a-vulnerability-disclosure-policy-2m-accounts-exposed-7cd7eaec4da5
New data: 8M records sourced from data aggregator Factual were collated in 2017 then later exchanged as an alleged "breach". The set included 2.5M unique email addresses, business names, addresses and phone numbers. 77% were already in @haveibeenpwned. /when-is-data-public-and-2-5m-public-factual-records/
New breach: Zynga (creator of the Words with Friends game) suffered a data breach in September. Data included 173M unique email address, usernames and passwords stored as salted SHA-1 hashes. 69% were already in @haveibeenpwned. Read more: https://www.cnet.com/news/words-with-friends-hack-reportedly-exposes-data-of-more-than-200m-players/
New data exposure: A customer of People Data Labs exposed with 1.2B data enrichment records. The data contained 622M unique email addresses as well as phone numbers, social media profiles and job histories. 84% were already in @haveibeenpwned. More: /data-enrichment-people-data-labs-and-another-622m-email-addresses/
New breach: GateHub suffered a breach in June. 1.4M accounts subsequently appeared on a popular hacking forum and included email addresses, mnemonic phrases, wallet hashes and passwords stored as bcrypt hashes. 64% were already in @haveibeenpwned. More: https://arstechnica.com/information-technology/2019/11/password-data-dumped-online-for-2-2-million-users-of-currency-and-gaming-sites/
New breach: EpicBot had 817k accounts breached in September including email, IP, usernames and either salted MD5 or bcrypt password hashes. 74% were already in @haveibeenpwned. More: https://arstechnica.com/information-technology/2019/11/password-data-dumped-online-for-2-2-million-users-of-currency-and-gaming-sites/
New breach: GPS Underground had 670k accounts breached in mid-2016 including email, IP, usernames, dates of birth and salted MD5 password hashes. 81% were already in @haveibeenpwned. More: https://www.hackread.com/vbulletin-forums-hacked-accounts-sold-on-dark-web/
New breach: Comic strip website ToonDoo had 6M accounts breached in August including email, IP, location, gender and salted password hashes. 59% were already in @haveibeenpwned. More: https://www.zataz.com/6-000-000-de-donnees-personnelles-piratees-pour-le-site-toondoo/
New sensitive breach: Dutch prostitution forum Hookers[.]nl had 291k accounts compromised this month. Exposed data includes IP and email addresses, usernames and passwords stored as bcrypt or salted MD5 hashes. 48% already in @haveibeenpwned. More: https://www.forbes.com/sites/thomasbrewster/2019/10/10/dutch-prostitution-site-hookersnl-hacked--250000-users-data-leaked/#3e3f231522f8
New sensitive breach: The zoophilia and bestiality forum Zooville had 71k records breached last month. Impacted data includes usernames and email addresses. 36% of addresses were already in @haveibeenpwned. More (NSFW website): https://www.zooville.org/threads/security-incident-and-site-rebuild-september-2019.9/
New breach: StreetEasy had 988k records breached in mid-2016 which then appeared for sale in Feb this year. Impacted data includes names, usernames, email addresses and SHA-1 password hashes. 87% of addresses were already in @haveibeenpwned. Read more: https://therealdeal.com/2019/02/19/a-million-streeteasy-accounts-hacked/
Check if you have an account that has been compromised in a data breach. Created and maintained by @troyhunt.
Find this service useful? Kick in a few bucks to help keep it alive here: https://www.patreon.com/DaveWoodX Thanks.