New breach: StreetEasy had 988k records breached in mid-2016 which then appeared for sale in Feb this year. Impacted data includes names, usernames, email addresses and SHA-1 password hashes. 87% of addresses were already in @haveibeenpwned. Read more: therealdeal.com/2019/02/19/a-m

New breach: Sephora South East Asia and ANZ had 780k records breached in 2017. Impacted data includes names, emails, genders, DOBs, ethnicities and other personal data. 78% of addresses were already in @haveibeenpwned. Read more: zdnet.com/article/sephora-data

New breach: Wanelo had 23M records breached in December. They subsequently appeared for sale in April and included email addresses and passwords stored as either MD5 or bcrypt hashes. 71% of addresses were already in @haveibeenpwned. Read more: zdnet.com/article/a-hacker-has

New breach: Lumin PDF had 15.5M records taken from MongoDB in April & posted to a hacking forum this week. Impacted data included names, email addresses, genders, languages, bcrypt hashes & Google auth tokens. 57% were already in @haveibeenpwned. More: zdnet.com/article/data-of-24-3

New breach: The forum for discussing "lolcows" (people who can be milked for laughs) Kiwi Farms has 4.6k accounts exposed this month including email & IP addresses, dates of birth & forum content. 29% of addresses were already in @haveibeenpwned. Read more kiwifarms.net/threads/dealing-

New breach: The Minecraft server website Minehut had 397k email addresses taken from a backup in May. 47% were already in @haveibeenpwned haveibeenpwned.com

New breach: Hacking site Void[.]to had 95k unique addresses exposed in June (86k users plus addresses in other tables). Exposed data included email & IP addresses, usernames, PMs and both MD5 & bcrypt password hashes. 46% were already in
@haveibeenpwned haveibeenpwned.com

New breach: Poshmark had 36M accounts compromised mid last year. Impacted data included email addresses, names, usernames, genders, locations and passwords stored as bcrypt hashes. 74% of addresses were already in @haveibeenpwned. Read more: techcrunch.com/2019/08/01/posh

New breach: German Mastercard bonus program "Priceless Specials" had almost 90k records posted publicly last month including names, phone numbers, email addresses and partial card data. 46% of addresses were already in @haveibeenpwned. Read more: spiegel.de/netzwelt/web/master

New breach: XKCD had 562k accounts breached last month. The phpBB forum exposed email and IP addresses, usernames and passwords stored in MD5 phpBB3 format. 58% of addresses were already in @haveibeenpwned haveibeenpwned.com/

New breach: Crypto coin brokerage Coinmama had 479k accounts exposed in Aug 2017. Breach was discovered this Feb and includes email addresses, usernames and passwords stored as MD5 WordPress hashes. 58% of addresses were already in @haveibeenpwned. More: cointelegraph.com/news/major-c

Updated breach: the remaining 10M records have now been added to @haveibeenpwned. 74% of all 8tracks addresses had been previously breached. twitter.com/haveibeenpwned/sta

New breach: Textbook rental service Chegg had 40M accounts exposed in April last year. Data included email addresses, names, usernames and passwords stored as unsalted MD5 hashes. 70% of addresses were already in @haveibeenpwned techcrunch.com/2018/09/26/cheg

New breach: Hacking site Cracked[.]to had 749k unique addresses exposed last month (321k users plus addresses in other tables). Exposed data included email and IP addresses, usernames, PMs and bcrypt password hashes. 29% were already in @haveibeenpwned haveibeenpwned.com/

New breach: StockX had 6.8M accounts breached last month. Data included email addresses, names, physical addresses, purchases and passwords stored as salted MD5 hashes. 56% were already in @haveibeenpwned stockx.com/news/update-on-data

New breach: Canva had 137M records breached in May. Exposed data included email addresses, names, usernames, cities and for users not using social logins, passwords stored as bcrypt hashes. 44% of addresses were already in @haveibeenpwned. Read more: support.canva.com/contact/cust

New breach: CafePress had 23M unique email addresses breached in February. Some records also contained names, physical addresses and phone numbers. 77% were already in @haveibeenpwned haveibeenpwned.com

New breach: The Xiaomi user forum had 7M email addresses breached in 2012. Many were on the bbs_ml_as_uid[.]xiaomi[.]com domain and were accompanied by usernames, IP addresses and salted MD5 password hashes. 7% were already in @haveibeenpwned. Read more: thehackernews.com/2014/10/xiao

New breach: Flash Flash Revolution had 1.9M accounts compromised last week. This is in addition to another breach of the service in 2016. Impacted data includes email and IP addresses, usernames, DoB & salted MD5 hashes. 98% were already in @haveibeenpwned haveibeenpwned.com

New breach: Stronghold Kingdoms had 5.2M accounts compromised in July last year. Impacted data included email addresses, usernames and passwords stored as salted SHA-1 hashes. 57% were already in @haveibeenpwned. Read more: techraptor.net/content/roll20-

Show more
Mirrored.Social [BETA]

This Mastodon instance is dedicated to mirroring the social media accounts of interesting/useful people and organizations from elsewhere on the Internet. At least until such time as they create their own accounts on the Mastodon network.

If you control an account that is being mirrored here and would like to make changes to how that's done (or not done), please contact Dave Wood via @davewoodx@mastodon.social.

Like this idea? Help support the costs and development at Patreon.

Currently in Beta status. Please let me know if you see bugs or issues.

Mirrors to Follow:

1Password [NEW]

1Password Status [NEW]

Android [NEW]

AppStore [NEW]

App Store Games [NEW]

Barack Obama

Canada [NEW]

CGP Grey [NEW]

Chris Hadfield [NEW]

CommitStrip [NEW]

Daring Fireball

#dearMoon [NEW]

Dianna Cowern

DuckDuckGo [NEW]

Elon Musk*

GitHub [NEW]

GitHub API [NEW]

GitHub Status [NEW]

Have I Been Pwned [NEW]

Internet of Shit*

iTC Status

Jony Ive Parody*

Keybase [NEW]

Let's Encrypt [NEW]

Linode [NEW]

Merge Conflict [NEW]

Marques Brownlee

NASA

NGINX, Inc. [NEW]

nginx web server [NEW]

php.net [NEW]

Orbital ATK [NEW]

Overcast [NEW]

Realm [NEW]

Relay FM [NEW]

Ryan Reynolds* [NEW]

Edward Snowden* [NEW]

SpaceX

Tesla [NEW]

Tim Cook [NEW]

Visual Studio [NEW]

Visual Studio App Center [NEW]

* Posts flagged as sensitive