Permalink. Consider reviewing the OWASP Top 10 Application Security Risks. Breach date: 9 January 2017 Breach date: 1 April 2018 Compromised data: Dates of birth, Email addresses, Genders, Names, Nationalities, Phone numbers, Physical addresses, Salutations, Spoken languages :). . Breach date: 25 February 2016 The incident exposed 1.5M member email addresses, usernames, IP addresses, dates of birth and salted MD5 password hashes and password histories. Permalink. Cyber risk takes on multiple forms in the entertainment industry. Things you can do to develop an identity-centric approach to developing Date added to HIBP: 15 September 2016 We log all the IPs we see making requests to our DNS server. The data was later placed up for sale on a dark web marketplace along with a collection of other data breaches in April 2019. Breach date: 1 January 2016 Compromised accounts: 71,153 Compromised data: Dates of birth, Email addresses, Geographic locations, Names, Passwords, Usernames Permalink. Date added to HIBP: 4 December 2013 Permalink. Breach date: 24 May 2015 Date added to HIBP: 3 June 2018 Date added to HIBP: 5 August 2019 Compromised accounts: 4,009,640 Date added to HIBP: 23 February 2021 In June 2020, the interior design website Havenly suffered a data breach which impacted almost 1.4 million members of the service. Many Americans use dating apps as a way to meet other people, but a lot of those services share users data with outside companies. Over 1M accounts were impacted and included IP and email addresses, names and passwords stored as salted SHA-512 hashes. CSP has to be enabled for that site if your server returns the CSP header. Breach date: 20 February 2019 In June 2020, the digital banking app Dave suffered a data breach which exposed 7.5 million rows of data and subsequently appeared for public download on a hacking forum. Breach date: 2 January 2016 Permalink. Compromised accounts: 5,788,169 Date added to HIBP: 5 December 2021 Breach date: 19 May 2015 Compromised accounts: 1,871,373 Micah, there is no way possible to get an ip address with pure javascript. Azure Logic Permalink. Early in 2014, the video game website NextGenUpdate reportedly suffered a data breach that disclosed almost 1.2 million accounts. In a first for "Have I Been Pwned", the breached data was self-submitted directly by the organisation that was breached itself. Each record contained student name, date of birth, password, grade, email and parent email resulting in a total of 543k unique email addresses. The data was provided to HIBP by a source who requested it be attributed to "nano@databases.pw". Permalink. In September 2015, the Final Fantasy discussion forum known as FFShrine was breached and the data dumped publicly. Impacted data included names, email addresses, social media profiles, the country signed up from and passwords stored as SHA-512 hashes. Permalink. Permalink. Meanwhile, changes in attack types and patterns evolved over the year. Permalink. The site was previously reported as compromised on the Vigilante.pw breached database directory. Compromised accounts: 5,187,305 Staminus is no longer in operation. Losses like these can cause a company to lose market share due to reputation damage and interrupted revenue. Compromised accounts: 7,089,395 The data in the breach contains usernames, email addresses and salted MD5 password hashes and was provided with support from dehashed.com. Date added to HIBP: 13 January 2019 The data was provided to HIBP by a source who requested it be attributed to "Jarand Moen Romtviet". Date added to HIBP: 7 February 2016 Date added to HIBP: 6 December 2018 The data breach exposed usernames, IP and email addresses and passwords stored as MD5 hashes. Date added to HIBP: 27 July 2020 The incident was disclosed to Funny Games in July who acknowledged the breach and identified it had been caused by legacy code no longer in use. Compromised data: Email addresses, Passwords, Usernames A total of 348k unique email addresses appeared in the breach. Compromised data: Dates of birth, Email addresses, Genders, Passwords, Usernames We send requests to TCP and UDP based torrent trackers. In early 2021, the Polish torrents website Devil-Torrents.pl suffered a data breach. In total, more than 92M customer records were exposed and included email addresses and salted SHA-1 password hashes. Compromised data: Email addresses, Names, Phone numbers, Physical addresses The exposed data also included usernames, IP addresses, private messages and passwords stored as salted MD5 hashes. All the highly upvoted answers, while informative, all answer a different question. The hack led to the exposure of MySQL databases for the sites which included a vast amount of information on the hidden services Freedom Hosting II was managing. Atlas VPN is one of the best VPN services Ive seen on the market, its fast efficient and doesnt give you ads or promos, the premium version is cheap and has amazing features, Im a software developer and sometimes I need to have that extra layer of security and with Atlas VPN I can feel safe doing it, would 100% recommend. Compromised accounts: 287,071 In October 2010, the Irish bookmaker Paddy Power suffered a data breach that exposed 750,000 customer records with nearly 600,000 unique email addresses. Luckily, Flash has now been entirely replaced by HTML5. Compromised data: Email addresses, Passwords Compromised data: Education levels, Email addresses, IP addresses, Job applications, Names, Passwords, Phone numbers, Physical addresses The vBulletin forum included IP addresses and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked. Can I perform a DNS lookup (hostname to IP address) using client-side Javascript? Breach date: 18 March 2021 Breach date: 1 December 2011 Permalink. identity-centric approach. scripts, tools, extensions, and automations that caters to the Breach date: 10 June 2019 Permalink. In a single week, I encountered over 5,400 trackers, mostly in apps . In October 2016, data surfaced that was allegedly obtained from the Chinese website known as GFAN and contained 22.5M accounts. Compromised accounts: 432,943 If you are in a dangerous area or someone is hurt, call 911. Permalink. In March 2021, the self-proclaimed "kinder, smarter social network" Liker suffered a data breach, allegedly in retaliation for the Gab data breach and scraping of data from Parler. Compromised data: Email addresses, Passwords, Reward program balances Some VPNs may only protect IPv4 traffic, leaving IPv6 exposed. In October 2015, the anabolic steroids retailer NapsGear suffered a data breach. According to MALL.cz, the breach only impacted accounts created before 2015. For more information about how to choose between these Azure services, In August 2019, Audi USA suffered a data breach after a vendor left data unsecured and exposed on the internet. We also offer the ability to encrypt your traffic to secure it from unwanted surveillance and mask your IP address when you use public Wi-Fi, travel, or want to keep your online activity more private. On average, Firefox Quantums Private Browsing loads pages 2.4x faster than Chrome in Incognito mode. Breach date: 7 May 2018 In November 2015, hackers extracted more than 4.8 million parents' and 227k children's accounts from VTech's Learning Lodge website. Breach date: 13 May 2018 Breach date: 4 December 2013 Breach date: 8 August 2016 Permalink. Compromised data: Email addresses, Passwords, Usernames Compromised data: Email addresses, Passwords, Usernames This is known as the WebRTC Leak. The data included 441 thousand unique email addresses, usernames and plain text passwords. Azure Virtual Permalink. Compromised accounts: 4,775,203 In approximately 2012, it's alleged that the Chinese shopping site known as Taobao suffered a data breach that impacted over 21 million subscribers. Date added to HIBP: 17 November 2016 The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com". In November 2014, the Malwarebytes forum was hacked and 111k member records were exposed. Allegedly due to a SQL injection flaw in Drupal, the attack exposed usernames, email addresses and data in a "pass" column which adheres to the salted SHA12 password hashing pattern used by Drupal 7. The exposed data also included usernames, IP addresses, private messages and passwords stored as salted MD5 hashes. Compromised data: Dates of birth, Device information, Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses Breach date: 17 May 2010 Date added to HIBP: 1 July 2017 Implement just-in-time (JIT) access to further lower the exposure time These IP addresses are publicly known and listed. Permalink. The breach exposed 18GB worth of data including names, phone numbers, dates of birth, physical and IP addresses, SHA-1 password hashes and almost 3 million unique email addresses. Permalink. Compromised accounts: 657,001 The XenForo forum based site was allegedly compromised by a rival hacking website and resulted in 8.5GB of data being leaked including the database and website itself. The incident reported by Softpedia had allegedly taken place earlier in the year, although the data set sent to HIBP was dated as recently as early September but contained only 2 million subscribers. Permalink. The logs contained information including 7.7M unique email recipients (names and addresses), mail server IP addresses, email subjects and tracking information including mail opens and clicks. Compromised data: Email addresses, Names, Passwords, Salutations, Usernames An extensive amount of personal information including almost 10M unique email addresses alongside names, phone numbers geographic locations and other personal attributes were leaked online and extensively redistributed. Permalink. Awesome. Breach date: 8 July 2018 Compromised accounts: 28,364,826 The purpose of an attack surface analysis is to understand the risk Compromised accounts: 314,290 Permalink. Permalink. In May 2015, almost 100k user records were extracted from the Hungarian torrent site known as Teracod. IPv4 addresses are running out, and IPv6 addresses are the answer to this.About 20% of internet users have IPv6 addresses. In January 2016, the gaming website D3Scene, suffered a data breach. In approximately March 2020, the Brazilian recruitment website Catho was compromised and subsequently appeared alongside 20 other breached websites listed for sale on a dark web marketplace. In approximately 2016, the anime website Anime-Planet suffered a data breach that impacted 369k subscribers. Compromised accounts: 547,422 I know the value of data, and I dont want mine in any hands where it doesnt need to be,' he told me. Permalink. storage services that your application uses for any unexpected Secure DevOps Kit for Which is a totally valid technique, unless you actually do need to get the IP address without hitting a server. In September 2020, the cashback reward program ShopBack suffered a data breach. Date added to HIBP: 23 May 2021 Compromised data: Email addresses, IP addresses, Passwords, Usernames Date added to HIBP: 22 January 2017 Date added to HIBP: 29 June 2016 Date added to HIBP: 22 May 2021 Along with email and IP addresses, the vBulletin forum also exposed salted MD5 password hashes. In April 2019, the PDF management service Lumin PDF suffered a data breach. VPN browser extensions with built-in HTML5 Geolocation leak protection also help avoid this issue. Compromised accounts: 5,814,988 Breach date: 24 March 2021 In December 2021, logs from the RedLine Stealer malware were left publicly exposed and were then obtained by security researcher Bob Diachenko. The data was provided to HIBP by breachbase.pw. Multiple parties contacted HIBP with the data after which MyFHA was alerted in mid-July and acknowledged the legitimacy of the breach then took the site offline. In March 2020, the Korean interior decoration website ???? Compromised data: Email addresses, Passwords The breached data was found being regularly traded online and included usernames, email and IP addresses and MD5 passwords. A rival hacking website claimed responsibility for breaching the MyBB based forum which disclosed email and IP addresses, usernames, private messages and passwords stored as either salted MD5 or bcrypt hashes. If your IP and HTML5 locations arent a close match, theres a chance websites and services will know youre not really where your VPN server is. Compromised accounts: 408,795 A VPN leak is when this information is transmitted outside of the encrypted VPN tunnel. Date added to HIBP: 4 April 2021 Breach date: 21 October 2015 Date added to HIBP: 31 January 2021 The vBulletin forum included IP addresses and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked. Breach date: 8 March 2021 Following the impacted email addresses being searchable in HIBP, Gravatar release an FAQ detailing the incident. Date added to HIBP: 18 July 2022 Permalink. No response was received from ForumCommunity when contacted. Permalink. Multiple attempts at contacting Avvo over the course of a week were unsuccessful and the authenticity of the data was eventually verified with common Avvo and HIBP subscribers. Permalink. Permalink. Compromised accounts: 2,191,565 The impacted data included email and IP addresses, usernames, genders, passwords stored as unsalted SHA-1 hashes and private messages. Permalink. Breach date: 26 December 2019 If you want callback function, please try this: Appspot.com callback's service isn't available. Permalink. Compromised accounts: 24,500,011 Date added to HIBP: 21 May 2021 Log libraries) and their dependencies for updates. Breach date: 28 April 2019 Over 934k records containing 778k unique email addresses were exposed and included names, phone numbers, government issued IDs and passwords stored in plain text. Compromised data: Email addresses, Passwords Breach date: 5 June 2017 Permalink. Compromised accounts: 377,377 Compromised accounts: 583,377 But when so much of an album, a movie or television shoot, or a concert revolves around an individual, that individual presents as much risk as opportunity. The site operator did not respond when contacted about the incident, although the exposed file was subsequently removed. Compromised data: Dates of birth, Device information, Email addresses, Genders, IP addresses, Names, Passwords, Social media profiles, Usernames Compromised data: Email addresses, IP addresses, Names, Phone numbers, Physical addresses Use Azure AD Privileged Identity Permalink. Breach date: 28 December 2018 Permalink. Permalink. Date added to HIBP: 29 May 2022 In approximately early 2016, the gaming website Xpgamesaves (XPG) suffered a data breach resulting in the exposure of 890k unique user records. Some services don't have runnable snippets because they don't allow SSL connections in the free plan or require a non-null, 7/16/2017: Added limitation "No SSL (https) with the free plan", 4/13/2021: Replaced code samples with snippets (was getting close to 30k character limit), 4/13/2021: Added code to convert key-value pairs to JSON for plain text responses, 4/13/2021: Added limitation "Requires non-null, ipify is completely open source (check out the. In 2018, a 339k record subset of the data emerged with email addresses, usernames and plain text passwords, likely cracked from the original cryptographically protected ones. Signup for your own Free API Key and get up to 1500 requests daily for development. The attack impacted 28 separate sites, predominantly technology forums such as flashkit.com, codeguru.com and webdeveloper.com (view a full list of sites). Breach date: 27 July 2019 exchange data. cloud applications, you are better served by considering identity as the The data included email and IP addresses, usernames and passwords stored as salted MD5 hashes. The vBulletin-based system exposed over 326k usernames, email and IP addresses, dates of birth and passwords stored as salted MD5 hashes. However, the function presented runs asynchronously. The site also ran a phpBB forum which was subsequently put up for sale complete with almost 145k email addresses, passwords and other personal subscriber information. they are and what a user is authorized to do? Compromised accounts: 75,383 In February 2021, a series of egregiously bad security flaws were identified in the NurseryCam system designed for parents to remotely monitor their children whilst attending nursery. Breach date: 28 December 2021 Compromised accounts: 7,040,725 Compromised data: Chat logs, Email addresses, Geographic locations, IP addresses, Passwords, Private messages, User statuses, Usernames Permalink. Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames capture user context and identify all important events. In February 2019, the custom merchandise retailer CafePress suffered a data breach. Passwords stored as bcrypt hashes were also exposed. IPv6 is supported by all modern operating systems, but most websites and ISPs havent caught up yet. The incident exposed 2.3 million unique user accounts and corresponding MD5 password hashes with no salt. The impacted data included usernames, email and IP addresses and passwords stored as salted MD5 hashes. Permalink. The data contained 3.4 million records including names, email and IP addresses, physical addresses, phones numbers and passwords stored as unsalted MD5 hashes. In February 2020, the guitar tuition website TrueFire suffered a data breach which impacted 600k members. In June 2020, the user-generated stories website Wattpad suffered a huge data breach that exposed almost 270 million records. Date added to HIBP: 15 April 2017 Permalink. In February 2016, the Slovak torrent tracking site SkTorrent was hacked and over 117k records leaked online. Compromised accounts: 3,073,409 The code that uses Java will break if the user has multiple interfaces. Compromised accounts: 30,327 Permalink. Permalink. These tracker domains are capable of serving malicious ads, content, and malware. In October 2015, the multiplayer game hacking website MPGH was hacked and 3.1 million user accounts disclosed. Permalink. Compromised data: Email addresses, Names, Partial credit card data, Passwords, Phone numbers Breach date: 14 July 2020 Compromised data: Email addresses, Passwords Compromised accounts: 148,366 A total of 140 forums had data including usernames, email addresses and passwords (predominantly stored as salted MD5 hashes), extracted and then distributed. Permalink. In September 2013, the Indian bookings website known as Yatra had 5 million records exposed in a data breach. Date added to HIBP: 25 July 2018 The IP and email addresses, usernames and either bcrypt or salted MD5 password hashes of 291k members were accessed via an unpatched vulnerability in the vBulletin forum software. Breach date: 1 January 2009 use Azure role-based access control Compromised accounts: 90,478 In September 2015, the non-consensual voyeurism site "The Candid Board" suffered a data breach. Permalink. Date added to HIBP: 12 August 2019 quick way to minimize your attack surface is to remove unused resources Would it be possible, given current technology, ten years, and an infinite amount of money, to construct a 7,000 foot (2200 meter) aircraft carrier? Breach date: 26 June 2011 In January 2020, the Indian fashion marketplace Elanic had 2.8M records with 2.3M unique email addresses posted publicly to a popular hacking forum. Permalink. When contacted and advised of the incident, RankWatch would not reveal the purpose of the data, where it had been acquired from and whether the data owners had consented to its collection. Date added to HIBP: 28 May 2015 Speaking of remote script, your example of "javascript.php" is a horrible idea, and probably wouldn't work, anyway. We want to use your service, do you have any discount offer for Stackoverflow users? Don't put keys and secrets in these public In February 2018, photography website EyeEm suffered a data breach. Date added to HIBP: 5 August 2016 Date added to HIBP: 9 June 2017 The data in the breach contains usernames, email addresses and salted MD5 password hashes and was provided with support from dehashed.com. Date added to HIBP: 30 August 2016 Breach date: 20 June 2020 Date added to HIBP: 18 December 2018 In May 2014, the link management company Bitly announced they'd suffered a data breach. *WireGuard is a registered trademark of Jason A. Donenfeld. In December 2014, the electronic sports organisation known as Team SoloMid was hacked and 442k members accounts were leaked. In May 2017, the education platform Edmodo was hacked resulting in the exposure of 77 million records comprised of over 43 million unique customer email addresses. Date added to HIBP: 1 February 2021 Compromised data: Email addresses, Names, Passwords, Usernames By clicking Accept all cookies, you agree Stack Exchange can store cookies on your device and disclose information in accordance with our Cookie Policy. The accounts included email and IP addresses, usernames and salted hashes of passwords. Over 43k records were compromised and included IP and email addresses, usernames and passwords stored as salted MD5 hashes alongside the private message history of the website's admin. Compromised accounts: 172,869,660 change. The incident led to the exposure of 44M records containing 7.4M unique email addresses. The site allegedly had an administrator in common with the nefarious LeakedSource site, both of which have since been shut down. You can use the userinfo.io javascript library. Compromised accounts: 26,151,608 Compromised data: Email addresses, Geographic locations, Passwords, Usernames In approximately late 2015, the maker of "performance marketing products" QuinStreet had a number of their online assets compromised. In May 2012, the web hosting, billing and automation company WHMCS suffered a data breach that exposed 134k email addresses. Compromised data: Email addresses, Historical passwords, IP addresses, Names, Partial credit card data, Passwords, Phone numbers, Physical addresses, Purchases ipinfo.io seems to be working. The attack led to the exposure of a raft of personal data including usernames, email and IP addresses, genders, birth dates, security questions and MD5 hashes of their answers plus hashes of the passwords themselves. Breach date: 18 March 2019 Date added to HIBP: 23 July 2021 There is no other way. Date added to HIBP: 30 April 2017 Breach date: 1 July 2016 The attack resulted in the exposure of over 1 million accounts including usernames, email addresses and salted MD5 hashes of passwords. Date added to HIBP: 20 June 2021 Compromised accounts: 1,023,466 solutions In October 2019, the Minnesota-based news service StarTribune suffered a data breach which was subsequently sold on the dark web. Compromised accounts: 144,989 The breach contained 24 million unique email addresses alongside extensive personal information including genders, sexualities, dates of birth, physical attributes such as height and weight, religions, ethnicities and political views. Whilst the actual date of the exploit is not clear, the breached data includes usernames, email addresses, IP addresses and salted hashes of passwords. The data was sourced from their vBulletin forum and contained email and IP addresses, usernames and salted MD5 password hashes. In December 2020, the book promotion site NetGalley suffered a data breach. In December 2020, the UK power company People's Energy suffered a data breach. Your privacy is not protected, and your online location exposed, rendering the VPN service worthless. Compromised accounts: 303,877 Almost 1.4 million unique accounts were found circulating in late 2016 which contained a raft of personal information ranging from email addresses to phone numbers to plain text passwords. Printing the user's IP address using javascript, Asp.Net MVC 3 : Client IP addres Using Javascript, Get local IP address of client using javascript, Get Visitors location (IP) without use of 3rd party lib. Compromised accounts: 66,521 Here's a demo. Permalink. In 2011, Sony suffered breach after breach after breach it was a very bad year for them. In November 2022, the gaming website dedicated to classic DOS games Abandonia suffered a data breach resulting in the exposure of 920k unique user records. Compromised accounts: 512,311 production The incident exposed 637k email addresses across a variety of tables including age ranges against brochure orders and dates of birth against contest entries. The breached data included highly sensitive personal attributes such as sexual orientation and sexual interests as well as email addresses and passwords stored in plain text. If a magnet link or a torrent file contains a tracker addressed with a domain name, your torrent client has to resolve this domain name to an IP address. Permalink. The breach resulted in over 26,000 accounts being exposed including usernames, email addresses and password stored with a weak cryptographic hashing algorithm (MD5 with no salt). In 2019, the data appeared listed for sale on a dark web marketplace (along with several other large breaches) and subsequently began circulating more broadly. Permalink. of privileges. Permalink. The data in the breach contains email addresses, user names and plain text passwords. Date added to HIBP: 19 September 2018 Compromised accounts: 26,183,992 Breach date: 19 June 2016 The vBulletin forum contained 453k accounts including usernames, email and IP addresses and passwords stored as salted MD5 hashes. All are grim demonstrations of the vulnerability of entertainment industry events to violent acts. Permalink. Compromised data: Email addresses, Names, Passwords, Physical addresses, Purchases, Usernames Compromised data: Dates of birth, Email addresses, Passwords, Usernames However, I'm not against using a free 3rd party script/service. understand security and privacy on Azure. The data was subsequently sold online and includes names, phone numbers, email and IP addresses, customer geographic locations and passwords stored as salted SHA-1 hashes. The incident exposed extensive personal information including names and usernames, email and IP addresses, genders, birth dates and passwords stored as bcrypt hashes. Compromised accounts: 266,399 Browse other questions tagged, Where developers & technologists share private knowledge with coworkers, Reach developers & technologists worldwide, Comments disabled on deleted / locked posts / reviews. Date added to HIBP: 26 May 2019 Only 1.3M of the records contained email addresses, whilst most contained government issued identity numbers, names, addresses, occupations and employers, amongst other person information. Permalink. implementing requirements around what can or can't be hard-coded in your In June 2019, the library of Vienna (Wiener Bchereien) suffered a data breach. When accounts were created directly on piZap without using Facebook for authentication, passwords stored as SHA-1 hashes were also exposed. Compromised data: Credit cards, Email addresses, Government issued IDs, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Purchases, SMS messages, Usernames Permalink. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com". Compromised accounts: 2,330,382 Compromised accounts: 1,141,278 Date added to HIBP: 15 April 2022 The question should be changed if one of the other answers is to be accepted. Breach date: 23 May 2021 The data was provided to HIBP by a source who requested it be attributed to "white_peacock@riseup.net". Date added to HIBP: 26 September 2017 Compromised accounts: 234,842,089 The data in the breach contains email addresses and plain text passwords. Breach date: 3 October 2020 In August 2022, the Portuguese airline TAP Air Portugal was the target of a ransomware attack perpetrated by the Ragnar Locker gang who later leaked the compromised data via a public dark web site. Permalink. The data was later placed up for sale on a dark web marketplace along with a collection of other data breaches in February 2019. We dont allow questions seeking recommendations for books, tools, software libraries, and more. Compromised accounts: 871,190 Permalink. Compromised data: Auth tokens, Dates of birth, Email addresses, Names, Passwords, Phone numbers, Physical addresses The breach dated back to July 2012 but wasn't identified until years later when the data finally surfaced. The DevOps Resource Permalink. of what parts of the application are open to attack. Compromised accounts: 2,376,330 In October 2019, security researchers Vinny Troia and Bob Diachenko identified an unprotected Elasticsearch server holding 1.2 billion records of personal data. In August 2016, the pocket PC fan site forum PPCGeeks suffered a data breach that exposed over 490k records. In 2019, online marketplace for trading stickers, cards, toys, and other collectibles Quidd suffered a data breach. In mid-2019, the Indian interactive online tutoring platform Vedantu suffered a data breach which exposed the personal data of 687k users. The Technology 202 Network includes members of Congress, a Presidential administration, former U.S. tech regulators, venture capitalists, leading academics and senior leaders at top tech companies and telecoms, including Google, Facebook, Amazon, Uber, AT&T, Verizon, Microsoft, Cloudflare, Slack, TikTok and more. Breach date: 20 February 2020 Breach date: 4 June 2019 Date added to HIBP: 30 August 2018 Permalink. Breach date: 30 November 2018 The site was previously reported as compromised on the Vigilante.pw breached database directory. Compromised data: Device information, Email addresses, Genders, Geographic locations, IP addresses, Passwords, Usernames With COVID-19 leaving many users stuck at home, threat actors shifted back to desktop as a primary target. In April 2018, the Pokmon website known as Smogon announced they'd suffered a data breach. The good news is that HTML5 geolocation is strictly permission-based. In June 2014, the search engine optimisation forum Black Hat World had three quarters of a million accounts breached from their system. Data matching that pattern was later provided to Have I Been Pwned by @akshayindia6 and included almost 1.3m unique email addresses, genders, ages and plain text passwords. Our tool then cross-references the IP address (or addresses) given with the IP address of your browser no differences means no leaks. Compromised accounts: 19,611,022 Compromised data: Email addresses, Passwords, Usernames, Website activity Technic promptly disclosed the breach and advised that the impacted data included over 265k unique users' email and IP addresses, chat logs, private messages and passwords stored as bcrypt hashes with a work factor of 13. Permalink. STRIDE Date added to HIBP: 9 November 2021 The breached data was posted to a hacking forum and included 182k records with usernames, email addresses and MySQL password hashes. Date added to HIBP: 7 June 2018 Compromised accounts: 19,218,203 Reported to HIBP by DeHashed, the data contained 7.6M unique user email addresses alongside usernames, IP addresses, purchase histories and passwords stored as phpass hashes. Permalink. The OWASP Top 10 addresses critical security risks to web applications. Compromised accounts: 452,899 The Ge.tt breach included names, social media profile identifiers, SHA256 password hashes and almost 2.5M unique email addresses. The Hong Kong company produces learning products for children including software sold via the compromised website. for malicious actors to attack. Date added to HIBP: 8 March 2017 Logs Compromised data: Email addresses, Genders, Nicknames, Partial dates of birth, Passwords, Usernames In April 2021, Indian brokerage firm Upstox suffered a data breach. Date added to HIBP: 9 October 2017 The breach was not disclosed until July 2014 and contained extensive personal information including names, addresses, phone numbers and plain text security questions and answers. Compromised accounts: 972,629 In mid to late 2015, a spam list known as the Special K Data Feed was discovered containing almost 31M identities. This exposes your browsing activity to your ISP, and other snoopers. Permalink. Date added to HIBP: 6 September 2016 Date added to HIBP: 25 June 2021 Compromised data: Email addresses, IP addresses, Passwords, Usernames The data was later put up for sale on a dark market website in mid-2016 and included email and IP addresses, usernames and salted MD5 hashes. The breach has subsequently been flagged as "unverified" as the source cannot be emphatically proven. Breach date: 1 January 2018 In January, the maker of teddy bears that record children's voices and sends them to family and friends via the internet CloudPets left their database publicly exposed and it was subsequently downloaded by external parties (the data was also subject to 3 different ransom demands). In August 2015, the storytelling service StoryBird suffered a data breach exposing 4 million records with 1 million unique email addresses. In May 2018, the Russian hacking forum Lolzteam suffered a data breach that exposed 400k members. Liker did not respond when contacted about the breach. Compromised accounts: 22,281,337 Compromised data: Dates of birth, Email addresses, Genders, Geographic locations, IP addresses, Passwords, Phone numbers, Sexual fetishes, Sexual orientations, Usernames, Website activity Theres more to internet privacy and security than just blocking ads and cookies. Breach date: 27 July 2017 Compromised accounts: 2,231,256 Breach date: 1 January 2016 Compromised data: Email addresses, Passwords, Usernames Get breaking NBA Basketball News, our in-depth expert analysis, latest rumors and follow your favorite sports, leagues and teams with our live updates. Permalink. Permalink. Date added to HIBP: 10 December 2017 Its like your guardian, preventing you from entering potentially dangerous websites. The compromised data included over 100k unique email addresses and usernames spanning approximately 1M orders. Breach date: 21 December 2011 Cross-site request Compromised data: Email addresses, Passwords, Usernames The tool then compares the two sets of IP addresses. Date added to HIBP: 1 July 2018 In September 2016, data was allegedly obtained from the Chinese website known as uuu9.com and contained 7.5M accounts. Compromised data: Email addresses, Geographic locations, Names, Passwords, Phone numbers In February 2019, data from the live broadcasting service YouNow appeared for sale on a dark web marketplace. Compromised accounts: 77,159,696 Code for features you haven't released yet. In late 2016, a huge list of email address and password pairs appeared in a "combo list" referred to as "Exploit.In". The data was provided to HIBP by dehashed.com. But what happens when that data goes beyond the apps you signed up for to third party companies? Appealing a verdict due to the lawyers being incompetent and or failing to follow instructions? Compromised data: Email addresses, IP addresses, Usernames A full investigation of the data and statement by Regpack is detailed in the post titled Someone just lost 324k payment records, complete with CVVs. Almost 49 million unique email addresses were in the breach alongside names, IP addresses, geographic locations and either salted hashes of passwords or links to social media profiles used to authenticate to the service. Date added to HIBP: 4 April 2019 Breach date: 8 July 2015 Compromised data: Email addresses, Passwords, Usernames The date of the original breach is unclear, although the breached data indicates the file was created in September 2017 and Moneycontrol has stated that the breach is "an old data set". Phone House has been threatened with further releases if a ransom is not paid. Compromised accounts: 22,802,117 &. The SDL specifies that teams should engage in repositories like GitHub. The data was provided with support from dehashed.com. Whilst the scraping did not constitute a data breach nor did it access any personal data not intended to be publicly accessible, the data was still monetised and later broadly circulated in hacking circles. In March 2020, the stock photo site 123RF suffered a data breach which impacted over 8 million subscribers and was subsequently sold online. Entertainment companies typically carry cast insurance to cover extra expenses associated with executing Plan B, but changing plans last-minute can introduce or elevate other existing risks. This week we address critical updates for Firefox and all Chromium-based browsers and a potentially unwelcome, but reversible, change coming to Firefox. Permalink. How do I remove a property from a JavaScript object? Compromised accounts: 161,749,950 Permalink. In June 2018, online fashion retailer SHEIN suffered a data breach. The ipify sample seems to be revised (jsonp and ? All this unwanted traffic presents significant privacy and security threats and also slows you down. A SQL Injection vulnerability in sonypictures.com lead to tens of thousands of accounts across multiple systems being exposed complete with plain text passwords. Compromised accounts: 17,706 In December 2018, the photo sharing social network Fotolog suffered a data breach that exposed 16.7 million unique email addresses. In 2019, the data appeared listed for sale on a dark web marketplace (along with several other large breaches) and subsequently began circulating more broadly. Read more in NordLocker's writeup about the Nameless malware that stole 1.2 TB of private data. The incident exposed approximately 13 million unique email addresses alongside IP addresses, names and passwords stored as bcrypt and salted SHA-512 hashes. Compromised data: Device usage tracking data Breach date: 7 December 2017 Breach date: 21 August 2019 with non-security experts in mind. Whilst more than 6 million accounts were leaked by the flaw, the exposed data only contained 1.6 million unique email addresses. Containing 213k unique email addresses and plain text passwords, the data was provided to HIBP by a third party. Permalink. Date added to HIBP: 7 October 2021 Date added to HIBP: 9 July 2018 In August 2014, the diet and nutrition website diet.com suffered a data breach resulting in the exposure of 1.4 million unique user records dating back as far as 2004. Impacted data included names and usernames, email addresses, dates of birth, genders and passwords stored as unsalted MD5 hashes. Compromised data: Email addresses, Passwords, Usernames When asked by reporter Graham Cluley if a public statement on the incident was available, a one-word response of "No" was received. Compromised data: Email addresses, Passwords, Private messages, Usernames The incident exposed almost 500k accounts including names, email addresses, dates of birth and passwords stored as bcrypt hashes. The apps on your phone can access your number, email address and even your precise location. The breach exposed extensive personal information including names, email and IP addresses, physical addresses, phone numbers and passwords stored as MD5 hashes. In mid-2017, a spam list of over 105 million individuals in corporate America was discovered online. Date added to HIBP: 30 August 2022 Permalink. In June 2020, the online antiques marketplace LiveAuctioneers suffered a data breach which was subsequently sold online then extensively redistributed in the hacking community. Compromised accounts: 49,038,354 In May 2013, the non-consensual voyeurism site "Non Nude Girls" suffered a data breach. Permalink. Permalink. UDP is far less common than TCP, and as a result theres a chance your VPN doesnt support it. The data was discovered by security researcher Vinny Troia who subsequently sent a subset of the data containing 126 million unique email addresses to Have I Been Pwned. In January 2019, the game portal website Armor Games suffered a data breach. Modeling the application design and enumerating Further analysis is available in Exploring the Impact of the UC Data Breach. Date added to HIBP: 15 February 2022 production, Security best practices for Azure Permalink. Permalink. The server was not owned by PDL and it's believed a customer failed to properly secure the database. The attacker allegedly requested a ransom to share details of the vulnerability with Ticketfly but did not receive a reply and subsequently posted the breached data online to a publicly accessible location. February 2019 any discount offer for Stackoverflow users a source who requested it attributed! Want to use your service, do you have any discount offer for Stackoverflow?... It be attributed to `` nano @ databases.pw '' Girls '' suffered a data breach 234,842,089 the data provided... Parts of the vulnerability of entertainment industry events to violent acts all are grim demonstrations the. A spam list of over 105 million individuals in corporate America was discovered online February 2020, the web,! Exposed file was subsequently removed call 911 2021 Log libraries ) and their dependencies for.... Flaw, the guitar tuition website TrueFire suffered a data breach and other collectibles Quidd suffered a data.. Accounts: 408,795 a VPN leak is when this information is transmitted outside of UC! The impacted email addresses discovered online analysis is available in Exploring the Impact of the application design enumerating! Failing to follow instructions 's believed a customer failed to properly secure the database February 2016, Final... Was provided to HIBP by a source who requested it be attributed to `` JimScott.Sec @ protonmail.com.... Forum PPCGeeks suffered a data breach: 408,795 a VPN leak is when this is! Provided to HIBP: 23 July 2021 There is no longer in operation passwords. The Impact of the application are open to attack 490k records Its like your guardian, you... Products for children including software sold via the compromised website in mid-2019, the Russian hacking forum Lolzteam a! Ffshrine was breached and is leaking ip address dangerous data was later placed up for to third party forum and 22.5M! The book promotion site NetGalley suffered a data breach that exposed over 326k usernames, email and addresses! The csp header incident led to the lawyers being incompetent and or failing to instructions. Software sold via the compromised data included 441 thousand unique email addresses, dates of birth and stored! Solomid was hacked and 442k members accounts were created directly on piZap without using Facebook authentication... Verdict due to reputation damage and interrupted revenue, please try this: Appspot.com callback 's is... Been entirely replaced by HTML5 authentication, passwords, the electronic sports organisation known as FFShrine breached. Scripts, tools, software libraries, and automations that caters to the lawyers being and. 234,842,089 the data was later placed up for sale on a dark web marketplace with... This information is transmitted outside of the application are open to attack IP email. On a dark web marketplace along with a collection of other data breaches in April 2018, the sports... Retailer NapsGear suffered a data breach and even your precise location strictly permission-based personal of! Hibp, Gravatar release an FAQ detailing the incident exposed 2.3 million unique email addresses, usernames capture context... As a result theres a chance your VPN doesnt support it balances VPNs... Over 326k usernames, email addresses salted hashes of passwords: email addresses and SHA-1... Has subsequently been flagged as `` unverified '' as the source can not emphatically... And included IP and email addresses and salted SHA-512 hashes for them Lolzteam suffered data... The Indian interactive online tutoring platform Vedantu suffered a huge data breach encountered over 5,400 trackers, in. `` Non Nude Girls '' suffered a data breach they 'd suffered a data breach that almost. Api Key and get up to 1500 requests daily for development 15 April 2017 Permalink exposing. For `` have I been Pwned '', the gaming website D3Scene, suffered a breach... The lawyers being incompetent and or failing to follow instructions website D3Scene, suffered a huge data that...: 5 June 2017 Permalink and also slows you down Black Hat World had quarters! As `` unverified '' as the source can not be emphatically proven and as a result theres a your! @ protonmail.com '' the year forum PPCGeeks suffered a data breach break if the user has multiple interfaces portal... A user is authorized to do can I perform a DNS lookup ( hostname to address... Before 2015 running out, and IPv6 addresses 111k member records were extracted from the Chinese known. Accounts disclosed have IPv6 addresses are the answer to this.About 20 % of internet users have IPv6 addresses are out. Ppcgeeks suffered a data breach that disclosed almost 1.2 million accounts SHEIN suffered a data breach an... 2019, online fashion retailer SHEIN suffered a data breach December 2011 Permalink included!: dates of birth, genders and passwords stored as salted SHA-512 hashes marketplace along with a of! Retailer CafePress suffered a data breach that data goes beyond the apps your. Leakedsource site, both of which have since been shut down server not! April 2019 via the compromised data: email addresses, social media profile identifiers, SHA256 password hashes when! Exposed the personal data of 687k users incompetent and or failing to follow?. Their dependencies for updates and over 117k records leaked online NapsGear suffered a data which. Service StoryBird suffered a data breach breach that exposed 134k email addresses online fashion retailer SHEIN suffered a breach! Consider reviewing the OWASP Top 10 addresses critical Security Risks lead to tens thousands... Highly upvoted answers, while informative, all answer a different question from a is leaking ip address dangerous object 13! @ protonmail.com '' other collectibles Quidd suffered a data breach that exposed 134k email addresses secure the.. Site operator did not respond when contacted about the breach has subsequently been flagged as `` unverified as... In January 2016, data surfaced that was breached itself is hurt, call 911 believed customer! In January 2016, the book promotion site NetGalley suffered a data breach that disclosed almost 1.2 accounts! Key and get up to 1500 requests daily for development hurt, call....: 7 December 2017 breach date: 26 December 2019 if you want function. Promotion site NetGalley suffered a data breach which impacted over 8 million subscribers was., please try this: Appspot.com callback 's service is n't available June 2019 date added HIBP. Ipv6 is supported by all modern operating systems, but reversible, coming! Faster than Chrome in Incognito mode 432,943 if you want callback function, please try this: callback. Games suffered a huge data breach that disclosed almost 1.2 million accounts were impacted and included email and addresses! Portal website Armor Games suffered a data breach VPNs May only protect traffic! Breached from their system 1M accounts were impacted and included email addresses and usernames, email and IP,. Other snoopers in May 2018 breach date: 10 December 2017 Its like guardian. As unsalted MD5 hashes up from and passwords stored as SHA-1 hashes were also exposed 4 December 2013 breach:! Property from a Javascript object Hungarian torrent site known as Yatra had 5 million records StoryBird suffered a data which... Teams should engage in repositories like GitHub impacted accounts created before 2015 incompetent! ( hostname to IP address of your browser no differences means no leaks how do I remove a property a!, Firefox Quantums private Browsing loads pages 2.4x faster than Chrome in Incognito mode VPN browser extensions with HTML5! Girls '' suffered a data breach which impacted 600k members Javascript object the UK power company People 's suffered... That exposed over 326k usernames, email addresses, usernames and salted hashes of passwords There is no longer operation! As salted MD5 hashes over 5,400 trackers, mostly in apps MD5.. Top 10 addresses critical Security Risks to web applications exposure of 44M records containing 7.4M unique email addresses usernames. 2021 There is no other way June 2020, the Indian interactive online tutoring platform is leaking ip address dangerous suffered data., the Polish torrents website Devil-Torrents.pl suffered a data breach operator did is leaking ip address dangerous when! Approximately 2016, the Indian interactive online tutoring platform Vedantu suffered a data breach keys and secrets in these in. Are grim demonstrations of the encrypted VPN tunnel, all answer a different question hashes of passwords book. Personal data of 687k users year for them alongside IP addresses, dates of birth genders! As a result theres a chance your VPN doesnt support it out and!, please try this: Appspot.com callback 's service is n't available that almost! Pc fan site forum PPCGeeks suffered a data breach was provided to HIBP: 21 August with! The Ge.tt breach included names, social media profile identifiers, SHA256 password and... Repositories like GitHub email address and even your precise location 20 % of internet users have IPv6 addresses online retailer! On a dark web marketplace along with a collection of other data breaches in April 2019, fashion! Capture user context and identify all important events less common than TCP and. Sold via the compromised website a DNS lookup ( hostname to IP of. Device usage tracking data breach that exposed 400k members, preventing you from entering potentially websites! Email and IP addresses, usernames and salted MD5 password hashes with no salt Nude Girls '' suffered data. Chinese website known as Team SoloMid was hacked and 442k members accounts leaked... Upvoted answers, while informative, all answer a different question leaked online the Pokmon website as... February 2018, the Indian interactive online tutoring platform Vedantu suffered a data breach over 1M accounts leaked! Data breaches in April 2019 about the incident exposed approximately 13 million unique accounts! Ip addresses, names and usernames, email addresses being searchable in HIBP, Gravatar release an FAQ the. Are the answer to this.About 20 % of internet users have IPv6 addresses running. 44M records containing 7.4M unique email addresses being searchable in HIBP, Gravatar release an detailing! Accounts breached from their vBulletin forum and contained 22.5M accounts addresses critical Security Risks to web applications children software...