New breach: StreetEasy had 988k records breached in mid-2016 which then appeared for sale in Feb this year. Impacted data includes names, usernames, email addresses and SHA-1 password hashes. 87% of addresses were already in @haveibeenpwned. Read more: https://therealdeal.com/2019/02/19/a-million-streeteasy-accounts-hacked/
New breach: Sephora South East Asia and ANZ had 780k records breached in 2017. Impacted data includes names, emails, genders, DOBs, ethnicities and other personal data. 78% of addresses were already in @haveibeenpwned. Read more: https://www.zdnet.com/article/sephora-data-breach-hits-southeast-asia-and-anz-customers/
New breach: Wanelo had 23M records breached in December. They subsequently appeared for sale in April and included email addresses and passwords stored as either MD5 or bcrypt hashes. 71% of addresses were already in @haveibeenpwned. Read more: https://www.zdnet.com/article/a-hacker-has-dumped-nearly-one-billion-user-records-over-the-past-two-months/
New breach: Lumin PDF had 15.5M records taken from MongoDB in April & posted to a hacking forum this week. Impacted data included names, email addresses, genders, languages, bcrypt hashes & Google auth tokens. 57% were already in @haveibeenpwned. More: https://www.zdnet.com/article/data-of-24-3-million-lumin-pdf-users-shared-on-hacking-forum/
New breach: The forum for discussing "lolcows" (people who can be milked for laughs) Kiwi Farms has 4.6k accounts exposed this month including email & IP addresses, dates of birth & forum content. 29% of addresses were already in @haveibeenpwned. Read more https://kiwifarms.net/threads/dealing-with-the-compromise.60767/
New breach: Poshmark had 36M accounts compromised mid last year. Impacted data included email addresses, names, usernames, genders, locations and passwords stored as bcrypt hashes. 74% of addresses were already in @haveibeenpwned. Read more: https://techcrunch.com/2019/08/01/poshmark-confirms-data-breach/
New breach: German Mastercard bonus program "Priceless Specials" had almost 90k records posted publicly last month including names, phone numbers, email addresses and partial card data. 46% of addresses were already in @haveibeenpwned. Read more: https://www.spiegel.de/netzwelt/web/mastercard-datenleck-bei-bonusprogramm-a-1282697.html
New breach: Crypto coin brokerage Coinmama had 479k accounts exposed in Aug 2017. Breach was discovered this Feb and includes email addresses, usernames and passwords stored as MD5 WordPress hashes. 58% of addresses were already in @haveibeenpwned. More: https://cointelegraph.com/news/major-crypto-brokerage-coinmama-reports-450-000-users-affected-by-data-breach
Updated breach: the remaining 10M records have now been added to @haveibeenpwned. 74% of all 8tracks addresses had been previously breached. https://twitter.com/haveibeenpwned/status/964397927320858626
New breach: Textbook rental service Chegg had 40M accounts exposed in April last year. Data included email addresses, names, usernames and passwords stored as unsalted MD5 hashes. 70% of addresses were already in @haveibeenpwned https://techcrunch.com/2018/09/26/chegg-resets-40-million-user-passwords-after-data-breach/
New breach: StockX had 6.8M accounts breached last month. Data included email addresses, names, physical addresses, purchases and passwords stored as salted MD5 hashes. 56% were already in @haveibeenpwned https://stockx.com/news/update-on-data-security-issue/
New breach: Canva had 137M records breached in May. Exposed data included email addresses, names, usernames, cities and for users not using social logins, passwords stored as bcrypt hashes. 44% of addresses were already in @haveibeenpwned. Read more: https://support.canva.com/contact/customer-support/may-24-security-incident-faqs/
New breach: The Xiaomi user forum had 7M email addresses breached in 2012. Many were on the bbs_ml_as_uid[.]xiaomi[.]com domain and were accompanied by usernames, IP addresses and salted MD5 password hashes. 7% were already in @haveibeenpwned. Read more: https://thehackernews.com/2014/10/xiaomi-data-breach-hacker.html
New breach: Stronghold Kingdoms had 5.2M accounts compromised in July last year. Impacted data included email addresses, usernames and passwords stored as salted SHA-1 hashes. 57% were already in @haveibeenpwned. Read more: https://techraptor.net/content/roll20-stronghold-kingdoms-subject-security-breach
Check if you have an account that has been compromised in a data breach. Created and maintained by @troyhunt.
This Mastodon instance is dedicated to mirroring the social media accounts of interesting/useful people and organizations from elsewhere on the Internet. At least until such time as they create their own accounts on the Mastodon network.
If you control an account that is being mirrored here and would like to make changes to how that's done (or not done), please contact Dave Wood via @email@example.com.
Like this idea? Help support the costs and development at Patreon.
Currently in Beta status. Please let me know if you see bugs or issues.
1Password Status [NEW]
App Store Games [NEW]
CGP Grey [NEW]
Chris Hadfield [NEW]
GitHub API [NEW]
GitHub Status [NEW]
Have I Been Pwned [NEW]
Let's Encrypt [NEW]
Merge Conflict [NEW]
NGINX, Inc. [NEW]
nginx web server [NEW]
Orbital ATK [NEW]
Relay FM [NEW]
Ryan Reynolds* [NEW]
Edward Snowden* [NEW]
Tim Cook [NEW]
Visual Studio [NEW]
Visual Studio App Center [NEW]
* Posts flagged as sensitive