Have I Been Pwned is a user on mirrored.social. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

Have I Been Pwned @haveibeenpwned@mirrored.social

New breach: rbx.rocks/  was breached in August with the hack exposing 25k names, email addresses and passwords stored as bcrypt hashes. 28% of addresses were already in @haveibeenpwned haveibeenpwned.com/

New breach: The Italian Società Italiana degli Autori ed Editori had their website defaced and almost 4GB of data including 14k user accounts with email addresses and passwords posted to Twitter. 34% of addresses were already in @haveibeenpwned. More: repubblica.it/tecnologia/sicur

New breach: WP Sandbox identified their service being used to host a OneDrive phishing attack. They took the site offline, contacted all 858 victims of the attack then self-submitted the data to @haveibeenpwned. 44% of addresses were already in haveibeenpwned.com/

New breach: JoomlArt inadvertently exposed 22k records in a public Jira ticket in Jan. Impacted data included usernames, email addresses, purchase histories and MD5 password hashes. 75% were already in @haveibeenpwned haveibeenpwned.com/

New breach: Mac Forums had 326k records records breached in 2016 that included usernames, IP and email addresses, dates of birth and passwords stored as salted MD5 hashes. 79% were already in @haveibeenpwned haveibeenpwned.com/

New breach: Baby Names had 846k records breached "at least 10 years ago" according to the operators of the site. The exposed data included email addresses and passwords stored as salted MD5 hashes. 86% were already in @haveibeenpwned haveibeenpwned.com/

New sensitive breach: Adult site Wife Lovers had 1.2M addresses exposed. Exposed data also included names, IP addresses and passwords hashed with the weak DEScrypt algorithm. 57% were already in @haveibeenpwned. Read more: arstechnica.com/information-te

New breach: Facepunch had 343k records breached in 2016 which included email and IP addresses, dates of birth and salted MD5 hashes. 81% were already in @haveibeenpwned haveibeenpwned.com/

New breach: Apollo left 126M identities exposed in an unprotected database. The data contained personal and professional information used in their "revenue acceleration platform". 57% of addresses were already in @haveibeenpwned. Read more: wired.com/story/apollo-breach-

New breach: digimon[.]co[.]in had 7.7M email addresses exposed in 2016. Now defunct, the service was likely used for sending spam. The breached data included email recipients, subjects and tracking information. 50% were already in @haveibeenpwned haveibeenpwned.com/

New spam list: @MayhemDayOne discovered 43.5GB of personal data used for marketing campaigns titled "Yahoo_090618_ SaverSpy". Data provided to HIBP included 2.5M email addresses, names, genders and physical addresses. 90% were already in HIBP. Read more: linkedin.com/pulse/another-e-m

Updated breach: a further 37k email addresses have been added to the Mortal Online breach after the complete data was provided to HIBP. It included original unsalted MD5 hashes, names, usernames and physical addresses. 75% of addresses were already in HIBP haveibeenpwned.com/

New breach: Real Estate Mogul had 308K email addresses exposed in a 5GB Mongo DB leak. Data included names, phone numbers and property listing. 66% of email addresses were already in @haveibeenpwned haveibeenpwned.com/

New breach: NemoWeb had 3.5M email addresses (many auto-generated) exposed in a 21GB Mongo DB leak. Multiple attempts were made to contact the operator of the service without success. 2% of addresses were already in @haveibeenpwned haveibeenpwned.com/

New breach: The operator of the anonymous file sharing service kayo[.]moe identified a collection of 42M email addresses and passwords used for credential stuffing. 93% of the email addresses were already in @haveibeenpwned. Read more: /the-42m-record-kayo-moe-credential-stuffing-data/

New breach: Russian America had 183k records breached including names, email addresses, phone numbers and passwords stored in both plain text and as MD5 hashes. 71% were already in @haveibeenpwned. Read more: haveibeenpwned.com/

New breach: FreshMenu had 110k customer records exposed in 2016 including names, phone numbers, order histories, physical & email address. FreshMenu was aware of the incident & elected not to disclose it to customers. 75% were already in @haveibeenpwned haveibeenpwned.com/

New sensitive breach: Anabolic steroids retailer NapsGear was breached in 2015. Extensive personal information and purchase histories on 287k customers were exposed. 72% were already in @haveibeenpwned. Read more: thinksteroids.com/community/th

New breach: World of Warcraft service "Warmane" had 1.1M records breached in approximately 2016 including email addresses, usernames, dates of birth and salted MD5 hashes. 25% were already in @haveibeenpwned haveibeenpwned.com/