More Info In approximately March 2015, the free web hosting provider 000webhost suffered a major data breach that exposed almost 15 million customer records. The data was sold and traded before 000webhost was alerted in October. The breach included names, email addresses and plain text passwords.

More Info In April 2016, customer data obtained from the streaming app known as "17" appeared listed for sale on a Tor hidden service marketplace. The data contained over 4 million unique email addresses along with IP addresses, usernames and passwords stored as unsalted MD5 hashes.

More Info In late 2011, a series of data breaches in China affected up to 100 million users, including 7.5 million from the gaming site known as 17173.

More Info This database leak was found being spread on a clearnet 'Hacker’s Forum'. Very little is known about this hack and as such is considered unverified. More information will be added about this leak as it comes available.

More Info This database leak was found being spread on a clearnet 'Hacker’s Forum'. Very little is known about this hack and as such is considered unverified. More information will be added about this leak as it comes available.

More Info In 2013, 51cto, a Chinese social media site was hacked and over 2 million accounts were leaked to the internet.

More Info In 2017, a leak surfaced from an unknown site which contained sensitive data for Korean nationals including names, phone numbers, and Korean Social Security Numbers.

More Info In late 2011, a series of data breaches in China affected up to 100 million users, including the social site known as 52pk. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified". The data in the breach contains usernames, email addresses and cleartext passwords

More Info In approximately 2011, it's alleged that the Chinese gaming site known as 7k7k suffered a data breach that impacted 9.1 million subscribers. The data in the breach contains usernames, email addresses and plain text passwords.

More Info In July 2018, the health and fitness service 8fit suffered a data breach. The data subsequently appeared for sale on a dark web marketplace in February 2019 and included over 15M unique email addresses alongside names, genders, IP addresses and passwords stored as bcrypt hashes.

More Info In June 2017, the online playlists service known as 8Tracks suffered a data breach which impacted 18 million accounts. In their disclosure, 8Tracks advised that "the vector for the attack was an employee’s GitHub account, which was not secured using two-factor authentication". Salted SHA-1 password hashes for users who didn't sign up with either Google or Facebook authentication were also included.

More Info In October 2013, 153 million Adobe accounts were breached with each containing an internal ID, username, email, encrypted password and a password hint in plain text. The password cryptography was poorly done and many were quickly resolved back to plain text. The unencrypted hints also disclosed much about the passwords adding further to the risk that hundreds of millions of Adobe customers already faced.

More Info In October 2016, the adult entertainment company Friend Finder Networks suffered a massive data breach. The incident impacted multiple separate online assets owned by the company, the largest of which was the Adult FriendFinder website alleged to be "the world's largest sex & swinger community". Exposed data included usernames, passwords stored as SHA-1 hashes and 170 million unique email addresses. This incident is separate to the 2015 data breach Adult FriendFinder also suffered.

More Info In May 2013, the torrent site AhaShare.com suffered a breach which resulted in more than 180k user accounts being published publicly. The breach included a raft of personal information on registered users plus despite assertions of not distributing personally identifiable information, the site also leaked the IP addresses used by the registered identities.

More Info In September 2016, data allegedly obtained from the Chinese gaming website known as Aipai.com and containing 6.5M accounts was leaked online. The data in the breach contains email addresses and MD5 password hashes.

More Info In October 2011, the Android Forums website was hacked and 745k user accounts were subsequently leaked publicly. The compromised data included email addresses, user birth dates and passwords stored as a salted MD5 hash.

More Info In July 2018, the cloud-based video making service Animoto suffered a data breach. The breach exposed 22 million unique email addresses alongside names, dates of birth, country of origin and salted password hashes.

More Info In January 2019, the game portal website website Armor Games suffered a data breach. A total of 10.6 million email addresses were impacted by the breach which also exposed usernames, IP addresses, birthdays of administrator accounts and passwords stored as salted SHA-1 hashes.

More Info In 2015, a database claiming to be from the Korean gaming site Aruon.com was leaked online. The site appears to be offline since 2013.

More Info In July 2015, the infidelity website Ashley Madison suffered a serious data breach. The attackers threatened Ashley Madison with the full disclosure of the breach unless the service was shut down. One month later, the database was dumped including more than 30M unique email addresses. This breach has been classed as "sensitive" and is not publicly searchable, although individuals may discover if they've been impacted by registering for notifications. Read about this approach in detail.

More Info In December 2015, the service for creating and running free Minecraft servers known as Aternos suffered a data breach that impacted 1.4 million subscribers. The data included usernames, email and IP addresses and hashed passwords.

More Info In June 2016, a data breach allegedly originating from the social website Badoo was found to be circulating amongst traders. Likely obtained several years earlier, the data contained 112 million unique email addresses with personal data including names, birthdates and passwords stored as MD5 hashes.

More Info This database leak was found being spread on a clearnet 'Hacker’s Forum'. Very little is known about this hack and as such is considered unverified. More information will be added about this leak as it comes available.

More Info In 2017, a database backup from a Korean market site was discovered online.

More Info In September 2014, the online game Bin Weevils suffered a data breach. net indicated that a more extensive set of personal attributes were impacted (comments there also suggest the data may have come from a later breach). Data matching that pattern was later provided to Have I been pwned by @akshayindia6 and included almost 1.3m unique email addresses, genders, ages and plain text passwords.

More Info In May 2014, the link management company Bitly announced they'd suffered a data breach. The breach contained over 9.3 million unique email addresses, usernames and hashed passwords, most using SHA1 with a small number using bcrypt.

More Info Very little is known about this leak other than it came from Bit2Visitor.com, a now defunct Bitcoin related site.

More Info In September 2014, a large dump of nearly 5M usernames and passwords was posted to a Russian Bitcoin forum. ru addresses.

More Info In May 2015, the Bitcoin forum Bitcoin Talk was hacked and over 500k unique email addresses were exposed. The attack led to the exposure of a raft of personal data including usernames, email and IP addresses, genders, birth dates, security questions and MD5 hashes of their answers plus hashes of the passwords themselves.

More Info In 2017, a leak appeared from an inactive Bitcoin trading community/forum.

More Info Very little is known about this leak other than it came from BitLeak.net, a now defunct Bitcoin related site.

More Info This database leak was found being spread on a clearnet 'Hacker’s Forum'. Very little is known about this hack and as such is considered unverified. More information will be added about this leak as it comes available.

More Info In 2017, a leak from Bizbilla.com surfaced on the clear net. Originally with passwords in MD5 format, they were quickly cracked, and a plaintext version began circling.

More Info In December 2018, the Town of Salem website produced by BlankMediaGames suffered a data breach. The data contained 7.6M unique user email addresses alongside usernames, IP addresses, purchase histories and passwords stored as phpass hashes.

More Info This database leak was found being spread on a clearnet 'Hacker’s Forum'. Very little is known about this hack and as such is considered unverified. More information will be added about this leak as it comes available.

More Info This database leak was found being spread on a clearnet 'Hacker’s Forum'. Very little is known about this hack and as such is considered unverified. More information will be added about this leak as it comes available.

More Info This database leak was found being spread on a clearnet 'Hacker’s Forum'. Very little is known about this hack and as such is considered unverified. More information will be added about this leak as it comes available.

More Info In February 2014, the vBulletin forum for the Marijuana site cannabis.com was breached and leaked publicly.

More Info In May 2019, the graphic design tool website Canva suffered a data breach that impacted 137 million subscribers. The exposed data included email addresses, usernames, names, cities of residence and passwords stored as bcrypt hashes for users not using social logins.

More Info In June 2017, news broke that CashCrate had suffered a data breach exposing 6.8 million records. The breach of the cash-for-surveys site dated back to November 2016 and exposed names, physical addresses, email addresses and passwords stored in plain text for older accounts along with weak MD5 hashes for newer ones.

More Info In March 2016, Polish game developer CD Projekt RED suffered a data breach. The hack of their forum led to the exposure of almost 1.9 million accounts along with usernames, email addresses and salted SHA1 passwords.

More Info In August 2016, the Russian gaming forum known as Cross Fire (or cfire.mail.ru) was hacked along with a number of other forums on the Russian mail provider, mail.ru. The vBulletin forum contained 12.8 million accounts including usernames, email addresses and passwords stored as salted MD5 hashes.

More Info This database leak was found being spread on a clearnet 'Hacker’s Forum'. Very little is known about this hack and as such is considered unverified. More information will be added about this leak as it comes available.

More Info This database leak was found being spread on a clearnet 'Hacker’s Forum'. Very little is known about this hack and as such is considered unverified. More information will be added about this leak as it comes available.

More Info In April 2018, the textbook rental service Chegg suffered a data breach that impacted 40 million subscribers. The exposed data included email addresses, usernames, names and passwords stored as unsalted MD5 hashes.

More Info This database leak was found being spread on a clearnet 'Hacker’s Forum'. Very little is known about this hack and as such is considered unverified. More information will be added about this leak as it comes available.

More Info In September 2016, the paid-to-click site ClixSense suffered a data breach which exposed 2.4 million subscriber identities. The breached data was then posted online by the attackers who claimed it was a subset of a larger data breach totalling 6.6 million records. The leaked data was extensive and included names, physical, email and IP addresses, genders and birth dates, account balances and passwords stored as plain text.

More Info This is a compliation of numerous untitled email:password leaks including giant lists like Colletion #1-#5, Breach Comp, Exploit.In, Anti Public, etc... Note: This list does not include data from many of the most popular free email services. If your org uses a free email service, contact us for a more detailed search.

More Info In 2014, a file allegedly containing data hacked from Coupon Mom was created and included 11 million email addresses and plain text passwords. On further investigation, the file was also found to contain data indicating it had been sourced from Armor Games.

More Info One of the biggest programming communities in China, leaked 6M user data. A text file with 6M CSDN user info: user name, password, emails, all in clear text, was found on the internet.

More Info In October 2016, the video sharing platform Dailymotion suffered a data breach. The attack led to the exposure of more than 85 million user accounts and included email addresses, usernames and bcrypt hashes of passwords.

More Info In late 2015, the technology and social site DaniWeb suffered a data breach. The attack resulted in the disclosure of 1.1 million accounts including email and IP addresses which were also accompanied by salted MD5 hashes of passwords. However, DaniWeb have advised that "the breached password hashes and salts are incorrect" and that they have since switched to new infrastructure and software.

More Info In April 2013, the interactive video game Dungeons & Dragons Online suffered a data breach that exposed almost 1.6M players' accounts. The data was being actively traded on underground forums and included email addresses, birth dates and password hashes.

More Info In late 2011, a series of data breaches in China affected up to 100 million users, including the social site known as Desura. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified". The data in the breach contains email addresses and cleartext passwords

More Info This database leak was found being spread on a clearnet 'Hacker’s Forum'. Very little is known about this hack and as such is considered unverified. More information will be added about this leak as it comes available.

More Info In August 2014, the diet and nutrition website diet.com suffered a data breach resulting in the exposure of 1.4 million unique user records dating back as far as 2004. The data contained email and IP addresses, usernames, plain text passwords and dietary information about the site members including eating habits, BMI and birth date. The site was previously reported as compromised on the Vigilante.pw breached database directory.

More Info In October 2017, the blog commenting service Disqus announced they'd suffered a data breach. The breach dated back to July 2012 but wasn't identified until years later when the data finally surfaced. The breach contained over 17.5 million unique email addresses and usernames. Users who created logins on Disqus had salted SHA1 hashes of passwords whilst users who logged in via social providers only had references to those accounts.

More Info In July 2016, the gaming news site DLH.net suffered a data breach which exposed 3.3M subscriber identities. Along with the keys used to redeem and activate games on the Steam platform, the breach also resulted in the exposure of email addresses, birth dates and salted MD5 password hashes. The data was donated to Have I been pwned by data breach monitoring service Vigilante.pw.

More Info In late 2011, data was allegedly obtained from the Chinese website known as Dodonew.com and contained 8.7M accounts. The data in the breach contains email addresses and user names.

More Info This database leak was found being spread on a clearnet 'Hacker’s Forum'. Very little is known about this hack and as such is considered unverified. More information will be added about this leak as it comes available.

More Info In mid-2012, Dropbox suffered a data breach which exposed the stored credentials of tens of millions of their customers. In August 2016, they forced password resets for customers they believed may be at risk. A large volume of data totalling over 68 million records was subsequently traded online and included email addresses and salted hashes of passwords (half of them SHA1, half of them bcrypt).

More Info In December 2018, the video messaging service Dubsmash suffered a data breach. The incident exposed 162 million unique email addresses alongside usernames and PBKDF2 password hashes. In 2019, the data appeared listed for sale on a dark web marketplace (along with several other large breaches) and subsequently began circulating more broadly.

More Info In May 2017, the education platform Edmodo was hacked resulting in the exposure of 77 million records comprised of over 43 million unique customer email addresses. The data was consequently published to a popular hacking forum and made freely available. The records in the breach included usernames, email addresses and bcrypt hashes of passwords.

More Info In 2018, a leak from the Korean fashion site Elle.co.kr was discovered and contained a lot of personally identifiable information.

More Info This database leak was found being spread on a clearnet 'Hacker’s Forum'. Very little is known about this hack and as such is considered unverified. More information will be added about this leak as it comes available.

More Info This database leak was found being spread on a clearnet 'Hacker’s Forum'. Very little is known about this hack and as such is considered unverified. More information will be added about this leak as it comes available.

More Info In early 2018, a large dataset consisting of over 1400 individual databases was found online. This leak contained a file named lavoraconnoi.euronics.it.txt consisting of email addresses and a combination of hashed and plaintext passwords. While the validity of this breach cannot be confirmed, many of the accounts had not been seen in previous data breaches.

More Info In June 2016, the online multiplayer game Evony was hacked and over 29 million unique accounts were exposed. The attack led to the exposure of usernames, email and IP addresses and MD5 hashes of passwords (without salt).

More Info In February 2018, photography website EyeEm suffered a data breach. The breach was identified among a collection of other large incidents and exposed almost 20M unique email addresses, names, usernames, bios and password hashes.

More Info In late 2016, the fashion gaming website Fashion Fantasy Game suffered a data breach. The incident exposed 2.3 million unique user accounts and corresponding MD5 password hashes with no salt. The data was contributed to Have I been pwned courtesy of rip@creep.im.

More Info This database leak was found being spread on a clearnet 'Hacker’s Forum'. Very little is known about this hack and as such is considered unverified. More information will be added about this leak as it comes available.

More Info In February 2016, the music-based rhythm game known as Flash Flash Revolution was hacked and 1.8M accounts were exposed. Along with email and IP addresses, the vBulletin forum also exposed salted MD5 password hashes.

More Info In 2011, the self-proclaimed "World's Best Adult Social Network" website known as Fling was hacked and more than 40 million accounts obtained by the attacker. The breached data included highly sensitive personal attributes such as sexual orientation and sexual interests as well as email addresses and passwords stored in plain text.

More Info In February 2014, the Forbes website succumbed to an attack that leaked over 1 million user accounts. The attack was attributed to the Syrian Electronic Army, allegedly as retribution for a perceived "Hate of Syria". The attack not only leaked user credentials, but also resulted in the posting of fake news stories to forbes.com.

More Info This database leak was found being spread on a clearnet 'Hacker’s Forum'. Very little is known about this hack and as such is considered unverified. More information will be added about this leak as it comes available.

More Info In early 2018, a large dataset consisting of over 1400 individual databases was found online. This leak contained a file named www.fotoboom.com.txt consisting of email addresses and a combination of hashed and plaintext passwords. While the validity of this breach cannot be confirmed, many of the accounts had not been seen in previous data breaches.

More Info This database leak was found being spread on a clearnet 'Hacker’s Forum'. Very little is known about this hack and as such is considered unverified. More information will be added about this leak as it comes available.

More Info This database leak was found being spread on a clearnet 'Hacker’s Forum'. Very little is known about this hack and as such is considered unverified. More information will be added about this leak as it comes available.

More Info In May 2015, the Indian motoring website known as Gaadi had 4.3 million records exposed in a data breach. The data contained usernames, email and IP addresses, genders, the city of users as well as passwords stored in both plain text and as MD5 hashes.

More Info Likely in early 2015, the video game website GameTuts suffered a data breach and over 2 million user accounts were exposed. The site later shut down in July 2016 but was identified as having been hosted on a vBulletin forum. The exposed data included usernames, email and IP addresses and salted MD5 hashes.

More Info In approximately October 2015, the online gaming forum known as Gamerzplanet was hacked and more than 1.2M accounts were exposed. The vBulletin forum included IP addresses and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.

More Info This database leak was found being spread on a clearnet 'Hacker’s Forum'. Very little is known about this hack and as such is considered unverified. More information will be added about this leak as it comes available.

More Info In March 2012, the German online game publisher Gamigo was hacked and more than 8 million accounts publicly leaked. The breach included email addresses and passwords stored as weak MD5 hashes with no salt.

More Info In October 2016, data surfaced that was allegedly obtained from the Chinese website known as GFAN and contained 22.5M accounts.

More Info This database leak was found being spread on a clearnet 'Hacker’s Forum'. Very little is known about this hack and as such is considered unverified. More information will be added about this leak as it comes available.

More Info This database leak was found being spread on a clearnet 'Hacker’s Forum'. Very little is known about this hack and as such is considered unverified. More information will be added about this leak as it comes available.

More Info In July 2007, the multiplayer game portal known as gPotato (link to archive of the site at that time) suffered a data breach and over 2 million user accounts were exposed. The site later merged into the Webzen portal where the original accounts still exist today. The exposed data included usernames, email and IP addresses, MD5 hashes and personal attributes such as gender, birth date, physical address and security questions and answers stored in plain text.

More Info This database leak was found being spread on a clearnet 'Hacker’s Forum'. Very little is known about this hack and as such is considered unverified. More information will be added about this leak as it comes available.

More Info This database leak was found being spread on a clearnet 'Hacker’s Forum'. Very little is known about this hack and as such is considered unverified. More information will be added about this leak as it comes available.

More Info In early 2010, the popular computer hardware market Hacker.co.kr was breached. Its not known who was the responsible party that leaked the stolen database. Due to its age and the fact that the site no longer exists, its not possible to verify the data.

More Info In mid-2018, the fashion shopping site HauteLook was among a raft of sites that were breached and their data then sold in early-2019. The data included over 28 million unique email addresses alongside names, genders, dates of birth and passwords stored as bcrypt hashes.

More Info In approximately 2014, it's alleged that the Chinese Android store known as HIAPK suffered a data breach that impacted 13.8 million unique subscribers. The data in the breach contains usernames, email addresses and salted MD5 password hashes

More Info This database leak was found being spread on a clearnet 'Hacker’s Forum'. Very little is known about this hack and as such is considered unverified. More information will be added about this leak as it comes available.

More Info This database leak was found being spread on a clearnet 'Hacker’s Forum'. Very little is known about this hack and as such is considered unverified. More information will be added about this leak as it comes available.

More Info This database leak was found being spread on a clearnet 'Hacker’s Forum'. Very little is known about this hack and as such is considered unverified. More information will be added about this leak as it comes available.

More Info In June 2016, the teen social site known as i-Dressup was hacked and over 2 million user accounts were exposed. At the time the hack was reported, the i-Dressup operators were not contactable and the underlying SQL injection flaw remained open, allegedly exposing a total of 5.5 million accounts. The breach included email addresses and passwords stored in plain text.

More Info In early 2018, a large dataset consisting of over 1400 individual databases was found online. This leak contained a file named lifetip.icross.co.kr.txt consisting of email addresses and a combination of hashed and plaintext passwords. While the validity of this breach cannot be confirmed, many of the accounts had not been seen in previous data breaches.

More Info In September 2013, the media and file sharing client known as iMesh was hacked and approximately 50M accounts were exposed. The data was later put up for sale on a dark market website in mid-2016 and included email and IP addresses, usernames and salted MD5 hashes.

More Info In September 2013, the online image sharing community imgur suffered a data breach. A selection of the data containing 1.7 million email addresses and passwords surfaced more than 4 years later in November 2017. Although imgur stored passwords as SHA-256 hashes, the data in the breach contained plain text passwords suggesting that many of the original hashes had been cracked. imgur advises that they rolled over to bcrypt hashes in 2016.

More Info In late 2015, the online penpal site InterPals had their website hacked and 3.4 million accounts exposed. The compromised data included email addresses, geographical locations, birthdates and salted hashes of passwords.

More Info This database leak was found being spread on a clearnet 'Hacker’s Forum'. Very little is known about this hack and as such is considered unverified. More information will be added about this leak as it comes available.

More Info In October 2017, the Malaysian website lowyat.net ran a story on a massive set of breached data affecting millions of Malaysians after someone posted it for sale on their forums. The data spanned multiple separate breaches including the JobStreet jobs website which contained almost 4 million unique email addresses. The dates in the breach indicate the incident occurred in March 2012. The data later appeared freely downloadable on a Tor hidden service and contained extensive information on job seekers includ

More Info In February 2014, the crowdfunding platform Kickstarter announced they'd suffered a data breach. The breach contained almost 5.2 million unique email addresses, usernames and salted SHA1 hashes of passwords.

More Info This database leak was found being spread on a clearnet 'Hacker’s Forum'. Very little is known about this hack and as such is considered unverified. More information will be added about this leak as it comes available.

More Info In March 2012, the music website Last.fm was hacked and 43 million user accounts were exposed. fm knew of an incident back in 2012, the scale of the hack was not known until the data was released publicly in September 2016. The breach included 37 million unique email addresses, usernames and passwords stored as unsalted MD5 hashes.

More Info In January 2016, the Minecraft community known as Lifeboat was hacked and more than 7 million accounts leaked. Lifeboat knew of the incident for three months before the breach was made public but elected not to advise customers. The leaked data included usernames, email addresses and passwords stored as straight MD5 hashes.

More Info In August 2016, the service for creating and running Pocket Minecraft edition servers known as Leet was reported as having suffered a data breach that impacted 6 million subscribers. The incident reported by Softpedia had allegedly taken place earlier in the year contained only 2 million subscribers. The data included usernames, email and IP addresses and SHA512 hashes.

More Info In May 2016, LinkedIn had 164 million email addresses and passwords exposed. Originally hacked in 2012, the data remained out of sight until being offered for sale on a dark market site 4 years later. The passwords in the breach were stored as SHA1 hashes without salt, the vast majority of which were quickly cracked in the days following the release of the data.

More Info In August 2013, the interactive video game Lord of the Rings Online suffered a data breach that exposed over 1.1M players' accounts. The data was being actively traded on underground forums and included email addresses, birth dates and password hashes.

More Info In April 2019, the PDF management service Lumin PDF suffered a data breach. The breach wasn't publicly disclosed until September when 15.5M records of user data appeared for download on a popular hacking forum. The data had been left publicly exposed in a MongoDB instance after which Lumin PDF was allegedly been "contacted multiple times, but ignored all the queries". The exposed data included names, email addresses, genders, spoken language and either a bcrypt password hash or Google auth token.

More Info This database leak was found being spread on a clearnet 'Hacker’s Forum'. Very little is known about this hack and as such is considered unverified. More information will be added about this leak as it comes available.

More Info In approximately July 2016, the manga website known as mangafox.me suffered a data breach. The vBulletin based forum exposed 1.3 million accounts including usernames, email and IP addresses, dates of birth and salted MD5 password hashes.

More Info In February 2016, the dating site mate1.com suffered a huge data breach resulting in the disclosure of over 27 million subscribers' information. The data included deeply personal information about their private lives including drug and alcohol habits, incomes levels and sexual fetishes as well as passwords stored in plain text.

More Info This database leak was found being spread on a clearnet 'Hacker’s Forum'. Very little is known about this hack and as such is considered unverified. More information will be added about this leak as it comes available.

More Info This database leak was found being spread on a clearnet 'Hacker’s Forum'. Very little is known about this hack and as such is considered unverified. More information will be added about this leak as it comes available.

More Info This database leak was found being spread on a clearnet 'Hacker’s Forum'. Very little is known about this hack and as such is considered unverified. More information will be added about this leak as it comes available.

More Info In October 2016, a large Mongo DB file containing tens of millions of accounts was shared publicly on Twitter (the file has since been removed). The database contained over 58M unique email addresses along with IP addresses, names, home addresses, genders, job titles, dates of birth and phone numbers. The data was subsequently attributed to "Modern Business Solutions", a company that provides data storage and database hosting solutions. They've yet to acknowledge the incident or explain how they came to be

More Info Sometime in 2009, the e-wallet service known as Money Bookers suffered a data breach which exposed almost 4.5M customers. Now called Skrill, the breach was not discovered until October 2015 and included names, email addresses, home addresses and IP addresses.

More Info In late 2011, a series of data breaches in China affected up to 100 million users, including the social site known as Mop. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified". The data in the breach contains email addresses and cleartext passwords

More Info In October 2018, the Polish e-commerce website Morele.net suffered a data breach. The incident exposed almost 2.5 million unique email addresses alongside phone numbers, names and passwords stored as md5crypt hashes.

More Info In October 2015, the multiplayer game hacking website MPGH was hacked and 3.1 million user accounts disclosed. The vBulletin forum breach contained usernames, email addresses, IP addresses and salted hashes of passwords.

More Info This database leak was found being spread on a clearnet 'Hacker’s Forum'. Very little is known about this hack and as such is considered unverified. More information will be added about this leak as it comes available.

More Info This database leak was found being spread on a clearnet 'Hacker’s Forum'. Very little is known about this hack and as such is considered unverified. More information will be added about this leak as it comes available.

More Info In February 2018, the diet and exercise service MyFitnessPal suffered a data breach. The incident exposed 144 million unique email addresses alongside usernames, IP addresses and passwords stored as SHA-1 and bcrypt hashes (the former for earlier accounts, the latter for newer accounts). In 2019, the data appeared listed for sale on a dark web marketplace (along with several other large breaches) and subsequently began circulating more broadly.

More Info In October 2017, the genealogy website MyHeritage suffered a data breach. The incident was reported 7 months later after a security researcher discovered the data and contacted MyHeritage. In total, more than 92M customer records were exposed and included email addresses and salted SHA-1 password hashes. In 2019, the data appeared listed for sale on a dark web marketplace (along with several other large breaches) and subsequently began circulating more broadly.

More Info In approximately 2008, MySpace suffered a data breach that exposed almost 360 million accounts. In May 2016 the data was offered up for sale on the "Real Deal" dark market website and included email addresses, usernames and SHA1 hashes of the first 10 characters of the password converted to lowercase and stored without a salt. The exact breach date is unknown, but analysis of the data suggests it was 8 years before being made public.

More Info In May 2016, a set of breached data originating from the virtual pet website "Neopets" was found being traded online. Allegedly hacked "several years earlier", the data contains sensitive personal information including birthdates, genders and names as well as almost 27 million unique email addresses. Passwords were stored in plain text and IP addresses were also present in the breach.

More Info In October 2015, the Chinese site known as NetEase (located at 163.com) was reported as having suffered a data breach that impacted hundreds of millions of subscribers. The data in the breach contains email addresses and plain text passwords.

More Info In May 2010, the e-wallet service known as Neteller suffered a data breach which exposed over 3.6M customers. The breach was not discovered until October 2015 and included names, email addresses, home addresses and account balances.

More Info In December 2015, the game modding site Nexus Mods released a statement notifying users that they had been hacked. They subsequently dated the hack as having occurred in July 2013 although there is evidence to suggest the data was being traded months in advance of that. The breach contained usernames, email addresses and passwords stored as a salted hashes.

More Info In late 2015, the anime community known as Nihonomaru had their vBulletin forum hacked and 1.7 million accounts exposed. The compromised data included email and IP addresses, usernames and salted hashes of passwords.

More Info In May 2016, the cracking community forum known as Nulled was hacked and 599k user accounts were leaked publicly. The compromised data included email and IP addresses, weak salted MD5 password hashes and hundreds of thousands of private messages between members.

More Info This database leak was found being spread on a clearnet 'Hacker’s Forum'. Very little is known about this hack and as such is considered unverified. More information will be added about this leak as it comes available.

More Info In mid-2018, social commerce marketplace Poshmark suffered a data breach that exposed 36M user accounts. The compromised data included email addresses, names, usernames, genders, locations and passwords stored as bcrypt hashes.

More Info In July 2020, the self-proclaimed "World's #1 Marketing Video Maker" Promo suffered a data breach which was then shared extensively on a hacking forum. The incident exposed 22 million records containing almost 15 million unique email addresses alongside IP addresses, genders, names and salted SHA-256 password hashes.

More Info This database leak was found being spread on a clearnet 'Hacker’s Forum'. Very little is known about this hack and as such is considered unverified. More information will be added about this leak as it comes available.

More Info This database leak was found being spread on a clearnet 'Hacker’s Forum'. Very little is known about this hack and as such is considered unverified. More information will be added about this leak as it comes available.

More Info In late 2015, the gaming website R2Games was hacked and more than 2.1M personal records disclosed. The vBulletin forum included IP addresses and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked. A further 11M accounts were added to "Have I been pwned" in March 2016 and another 9M in July 2016 bringing the total to over 22M.

More Info This database leak was found being spread on a clearnet 'Hacker’s Forum'. Very little is known about this hack and as such is considered unverified. More information will be added about this leak as it comes available.

More Info In December 2011 a database breach affecting renren.com leaked 4.7 million user records including email addresses and plaintext passwords.

More Info In 2016 Shadi.com's Database was breached containing 2 million of their users information containing private information about their sexual lives or fantasies along with their addresses, names and email/passwords.

More Info In July 2018, the social bookmarking and sharing service ShareThis suffered a data breach. The incident exposed 41 million unique email addresses alongside names and in some cases, dates of birth and password hashes. In 2019, the data appeared listed for sale on a dark web marketplace (along with several other large breaches) and subsequently began circulating more broadly.

More Info In June 2018, online fashion retailer SHEIN suffered a data breach. The company discovered the breach 2 months later in August then disclosed the incident another month after that. A total of 39 million unique email addresses were found in the breach alongside MD5 password hashes.

More Info This database leak was found being spread on a clearnet 'Hacker’s Forum'. Very little is known about this hack and as such is considered unverified. More information will be added about this leak as it comes available.

More Info In July 2019, the fashion and sneaker trading platform StockX suffered a data breach which was subsequently sold via a dark webmarketplace. The exposed data included 6.8 million unique email addresses, names, physical addresses, purchases and passwords stored as salted MD5 hashes.

More Info In December 2011, "Anonymous" attacked the global intelligence company known as "Stratfor" and consequently disclosed a veritable treasure trove of data including hundreds of gigabytes of email and tens of thousands of credit card details which were promptly used by the attackers to make charitable donations (among other uses). The breach also included 860,000 user accounts complete with email address, time zone, some internal system data and MD5 hashed passwords with no salt.

More Info In September 2016, SubaGames.com was hacked and 3,494,889 Users' account data was breached. The passwords in this database are in salted(hex) vB hashes.

More Info This database leak was found being spread on a clearnet 'Hacker’s Forum'. Very little is known about this hack and as such is considered unverified. More information will be added about this leak as it comes available.

More Info In approximately 2012, it's alleged that the Chinese shopping site known as Taobao suffered a data breach that impacted over 21 million subscribers. The data in the breach contains email addresses and plain text passwords.

More Info In September 2017, news broke that Taringa had suffered a data breach exposing 28 million records. Known as "The Latin American Reddit", Taringa's breach disclosure notice indicated the incident dated back to August that year. The exposed data included usernames, email addresses and weak MD5 hashes of passwords.

More Info In approximately 2017, it's alleged that the Chinese gaming site known as TGBUS suffered a data breach that impacted over 10 million unique subscribers.

More Info In December 2011, China's largest online forum known as Tianya was hacked and tens of millions of accounts were obtained by the attacker. The leaked data included names, usernames and email addresses.

More Info This database leak was found being spread on a clearnet 'Hacker’s Forum'. Very little is known about this hack and as such is considered unverified. More information will be added about this leak as it comes available.

More Info In early 2013, tumblr suffered a data breach which resulted in the exposure of over 65 million accounts. The data was later put up for sale on a dark market website and included email addresses and passwords stored as salted SHA1 hashes.

More Info This database leak was found being spread on a clearnet 'Hacker’s Forum'. Very little is known about this hack and as such is considered unverified. More information will be added about this leak as it comes available.

More Info In September 2016, data was allegedly obtained from the Chinese website known as uuu9.com and contained 7.5M accounts. The data in the breach contains email addresses and user names.

More Info In approximately 2012, the Russian social media site known as VK was hacked and almost 100 million accounts were exposed. The data emerged in June 2016 where it was being sold via a dark market website and included names, phone numbers email addresses and plain text passwords.

More Info In approximately December 2018, the digital mall Wanelo suffered a data breach. The data was later placed up for sale on a dark web marketplace along with a collection of other data breaches in April 2019. A total of 23 million unique email addresses were included in the breach alongside passwords stored as either MD5 or bcrypt hashes.

More Info In June 2020, the user-generated stories website Wattpad suffered a huge data breach that exposed almost 270 million records. The data was initially sold then published on a public hacking forum where it was broadly shared. The incident exposed extensive personal information including names and usernames, email and IP addresses, genders, birth dates and passwords stored as bcrypt hashes.

More Info In November 2013, the image-based social network We Heart It suffered a data breach. The data contained user names, email addresses and password hashes, 80% of which were salted SHA-256 with the remainder being MD5 with no salt.

More Info In late 2011, a series of data breaches in China affected up to 100 million users, including the social site known as Weibo. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified". The data in the breach contains email addresses and cleartext passwords

More Info In August 2016, the mobile app to "compare anything" known as Wishbone suffered a data breach. The data contained 9.4 million records with 2.2 million unique email addresses and was allegedly a subset of the complete data set. The exposed data included genders, birthdates, email addresses and phone numbers for an audience predominantly composed of teenagers and young adults.

More Info In November 2015, the online chatroom known as "xat" was hacked and 6 million user accounts were exposed. Used as a chat engine on websites, the leaked data included usernames, email and IP addresses along with hashed passwords.

More Info In late 2016, the online Chinese video service Youku suffered a data breach. The incident exposed 92 million unique user accounts and corresponding MD5 password hashes. The data was contributed to Have I been pwned courtesy of rip@creep.im.

More Info In April 2018, news broke of a massive data breach impacting the Vietnamese company known as VNG after data was discovered being traded on a popular hacking forum where it was extensively redistributed. The breach dated back to an incident in May of 2015 and included of over 163 million customers. The data in the breach contained a wide range of personal attributes including usernames, birth dates, genders and home addresses along with unsalted MD5 hashes and 25 million unique email addresses.

More Info In May 2017, the restaurant guide website Zomato was hacked resulting in the exposure of almost 17 million accounts. The data was consequently redistributed online and contains email addresses, usernames and salted MD5 hashes of passwords (the password hash was not present on all accounts).

More Info In approximately 2011, an alleged breach of the dating website Zoosk began circulating. Comprised of almost 53 million records, the data contained email addresses and plain text passwords. However, during extensive verification in May 2016 no evidence could be found that the data was indeed sourced from the dating service. This breach has consequently been flagged as fabricated; it's highly unlikely the data was sourced from Zoosk.

More Info Jefit is a workout and fitness tracking software that had its vBulletin based forum compromised in January 2017; as per result accounts of 2,892,644 users were stolen and now being sold on the Dark Web. Multiple versions of this leak were available. This version contained only emails and cleartext passwords. Other data leaked in other versions include user id, username, emails, hashed passwords, and IP address for over 4.6 million users.

More Info In September 2020, the Nitro PDF service suffered a massive data breach which exposed over 70 million unique email addresses. The breach also exposed names, bcrypt password hashes and the titles of converted documents.

More Info This is a compilation of numerous untitled email:password leaks. This leak, originally labeled "CompilationOfManyBreaches" or COMB, was cleaned up, parsed, and imported into Leaked.Domains. Only email:password combinations that did not already exists in the original CompDB are included here. COMB line count is in excess of 3.2 billion lines. A little over 82 million were not already in CompDB and are included here.

More Info In August 2015, the storytelling service StoryBird suffered a data breach exposing 4 million records with 1 million unique email addresses. Impacted data also included names, usernames and passwords stored as SHA1 and PBKDF2 hashes.

More Info In late December 2020, a database claiming to be from learnable.com (which currently redirects to sitepoint.com) was discovered being sold on hacker forums. Sitepoint confirmed the hack in early February 2021 claiming the breach happened by a third-party and non-sensitive customer data was accessed.

More Info In October 2020, the online photo editing application Pixlr suffered a data breach exposing 1.9 million subscribers. Impacted data included names, email addresses, social media profiles, the country signed up from and passwords stored as SHA-512 hashes

More Info In mid-2018, the social ebook subscription service Bookmate was among a raft of sites that were breached and their data then sold in early-2019. The data included almost 4 million unique email addresses alongside names, genders, dates of birth and passwords stored as salted SHA-512 hashes.

More Info In March 2020, the Korean interior decoration website 집꾸미기 (Decorating the House) suffered a data breach which impacted almost 1.3 million members. Served via the URL ggumim.co.kr, the exposed data included email addresses, names, usernames and phone numbers, all of which was subsequently shared extensively throughout online hacking communities.

More Info In April 2019, the social planning website for managing online invitations Evite identified a data breach of their systems. Upon investigation, they found unauthorized access to a database archive dating back to 2013. The exposed data included a total of 101 million unique email addresses, most belonging to recipients of invitations. Members of the service also had names, phone numbers, physical addresses, dates of birth, genders and passwords stored in plain text exposed.

More Info In mid-2019, news broke of an alleged LiveJournal data breach. This followed multiple reports of credential abuse against Dreamwidth beginning in 2018, a fork of LiveJournal with a significant crossover in user base. The breach allegedly dates back to 2017 and contains 26M unique usernames and email addresses (both of which have been confirmed to exist on LiveJournal) alongside plain text passwords. An archive of the data was subsequently shared on a popular hacking forum in May 2020 and redistributed broadly.

More Info In October 2020, the online game for kids Animal Jam suffered a data breach which was subsequently shared through online hacking communities the following month. The data contained 46 million user accounts with over 7 million unique email addresses. Impacted data also included usernames, IP addresses and for some records, dates of birth (sometimes in partial form), physical addresses, parent names and passwords stored as PBKDF2 hashes.

More Info In March 2017, the Flash game based on the Yu-Gi-Oh trading card game Dueling Network suffered a data breach. The site itself was taken offline in 2016 due to a cease-and-desist order but the forum remained online for another year. The data breach exposed usernames, IP and email addresses and passwords stored as MD5 hashes.

More Info Data from gaming and e-sports community Rooter was found online. The data contained compromised email addresses, passwords, mobile phone numbers, names and usernames. The exact date of the breach remains unknown and the validity of the data has not been verified.

More Info In October 2020, 17 previously undisclosed data breaches appeared for sale including the Thai restaurant, hotel and attraction finding service, Wongnai. The breach exposed almost 4M unique customer records from some time during 2020 along with names, phone numbers, links to social media profiles and passwords stored as MD5 hashes.

More Info In March 2020, the stock photo site 123RF suffered a data breach which impacted over 8 million subscribers and was subsequently sold online. The breach included email, IP and physical addresses, names, phone numbers and passwords stored as MD5 hashes.

More Info

More Info

More Info In April 2020, Indonesia's largest online store Tokopedia suffered a data breach. The incident resulted in over 76M rows of data being posted to a popular hacking forum. In total, the data included over 71M unique email addresses alongside names, genders, birth dates and passwords stored as SHA2-384 hashes.

More Info In March 2020, the photo print service Chatbooks suffered a data breach which was subsequently put up for sale on a dark web marketplace. The breach contained 15 million user records with 2.5 million unique email addresses alongside names, phone numbers, social media profiles and salted SHA-512 password hashes.

More Info In May 2020, the online marketplace for independent artists Minted suffered a data breach that exposed 4.4M unique customer records subsequently sold on a dark web marketplace. Exposed data also included names, physical addresses, phone numbers and passwords stored as bcrypt hashes.

More Info In July 2015, the Cydia repository known as myRepoSpace was hacked and user data leaked publicly. Cydia is designed to facilitate the installation of apps on jailbroken iOS devices. The repository service was allegedly hacked by @its_not_herpes and 0x8badfl00d in retaliation for the service refusing to remove pirated tweaks.

More Info In December 2019, the German online multiplayer game Go Ninja was allegedly breached. The stolen data contains usernames, IPs, passwords, salts, email addresses and additional personal information. This breach is being privately shared on the internet.

More Info In September 2019, game developer Zynga suffered a data breach. The incident exposed 173M unique email addresses alongside usernames and passwords stored as salted SHA-1 hashes.

More Info In 2013 (exact date unknown), the Chinese e-commerce service JD suffered a data breach that exposed 13GB of data containing 77 million unique email addresses. The data also included usernames, phone numbers and passwords stored as SHA-1 hashes.

More Info In October 2020, the Indian grocery platform bigbasket suffered a data breach that exposed over 20 million customer records. The data was originally sold before being leaked publicly in April the following year and included email, IP and physical addresses, names, phones numbers, dates of birth passwords stored as Django(SHA-1) hashes.

More Info In April 2021, the market research surveys company ClearVoice Surveys had a publicly facing database backup from 2015 taken and redistributed on a popular hacking forum. The data included 16M unique email addresses, names, physical and IP addresses, genders, dates of birth and plain text passwords. ClearVoice Surveys advised they were aware of the breach and confirmed its authenticity.

More Info More information coming soon.

More Info More information coming soon!

More Info In November 2020, a collection of data breaches were made public including the "Entrepreneur Success Platform", GeniusU. Dating back to the previous month, the data included 1.3M names, email and IP addresses, genders, links to social media profiles and passwords stored as bcrypt hashes.

More Info In March 2020, the Irish gym management software company Glofox suffered a data breach which exposed 2.3M membership records. The data included email addresses, names, phone numbers, genders, dates of birth and passwords stored as unsalted MD5 hashes.

More Info n early 2020, the food delivery service Home Chef suffered a data breach which was subsequently sold online. The breach exposed the personal information of almost 9 million customers including names, IP addresses, post codes, the last 4 digits of credit card numbers and passwords stored as bcrypt hashes.

More Info In March 2021, the mobile parking app service ParkMobile suffered a data breach which exposed 21 million customers' personal data. The impacted data included email addresses, names, phone numbers, vehicle licence plates and passwords stored as bcrypt hashes. The following month, the data appeared on a public hacking forum where it was extensively redistributed.

More Info In approximately December 2017, the online photo editing site piZap suffered a data breach. The data was later placed up for sale on a dark web marketplace along with a collection of other data breaches in February 2019. A total of 42 million unique email addresses were included in the breach alongside names, genders and links to Facebook profiles when the social media platform was used to authenticate to piZap. When accounts were created directly on piZap without using Facebook for authentication, passwords stored as SHA-1 hashes were also exposed.