Recent Data Leaks
Live
← Back to timeline

Data breaches in 2013

28 tracked incidents from 2013

Monday, February 3, 2025
BreachHave I Been PwnedFebruary 3, 2025

DragonNest

In August 2013, the massively multiplayer online role-playing game (MMORGP) DragonNest suffered a data breach that was later redistributed as part of a larger corpus of data . The breach exposed over 500k unique email addresses along with usernames, IP...

511,290 accounts affectedOccurred 2013
Monday, November 20, 2023
BreachHave I Been PwnedNovember 20, 2023

OMGPOP

In approximately 2013, the maker of the Draw Something game OMGPOP suffered a data breach . Formerly known as i'minlikewithyou or iilwy and later purchased by Zynga, the breach exposed over 7M email address and plain text password pairs which were later...

7,071,293 accounts affectedOccurred 2013
Tuesday, August 2, 2022
BreachHave I Been PwnedAugust 2, 2022

Mecho Download

In October 2013, the (now defunct) downloads website "Mecho Download" suffered a data breach that exposed 438k records. Data from the vBulletin based website included email and IP addresses, usernames and passwords stored as salted MD5 hashes.

437,928 accounts affectedOccurred 2013
Wednesday, June 2, 2021
BreachHave I Been PwnedJune 2, 2021

JD

In 2013 (exact date unknown), the Chinese e-commerce service JD suffered a data breach that exposed 13GB of data containing 77 million unique email addresses. The data also included usernames, phone numbers and passwords stored as SHA-1 hashes.

77,449,341 accounts affectedOccurred 2013
Saturday, May 22, 2021
BreachHave I Been PwnedMay 22, 2021

Yam

In June 2013, the Taiwanese website Yam.com suffered a data breach which was shared to a popular hacking forum in 2021 . The data included 13 million unique email addresses alongside names, usernames, phone numbers, physical addresses, dates of birth and...

13,258,797 accounts affectedOccurred 2013
Sunday, July 14, 2019
BreachHave I Been PwnedJuly 14, 2019

Evite

In April 2019, the social planning website for managing online invitations Evite identified a data breach of their systems . Upon investigation, they found unauthorised access to a database archive dating back to 2013. The exposed data included a total of 101...

100,985,047 accounts affectedOccurred 2013
Sunday, January 13, 2019
BreachHave I Been PwnedJanuary 13, 2019

FaceUP

In 2013, the Danish social media site FaceUP suffered a data breach. The incident exposed 87k unique email addresses alongside genders, dates of birth, names, phone numbers and passwords stored as unsalted MD5 hashes. When notified of the incident, FaceUP...

87,633 accounts affectedOccurred 2013
Wednesday, July 4, 2018
BreachHave I Been PwnedJuly 4, 2018

Yatra

In September 2013, the Indian bookings website known as Yatra had 5 million records exposed in a data breach. The data contained email and physical addresses, dates of birth and phone numbers along with both PINs and passwords stored in plain text. The site...

5,033,997 accounts affectedOccurred 2013
Saturday, November 25, 2017
BreachHave I Been PwnedNovember 25, 2017

imgur

In September 2013, the online image sharing community imgur suffered a data breach . A selection of the data containing 1.7 million email addresses and passwords surfaced more than 4 years later in November 2017. Although imgur stored passwords as SHA-256...

1,749,806 accounts affectedOccurred 2013
Saturday, October 14, 2017
BreachHave I Been PwnedOctober 14, 2017

We Heart It

In November 2013, the image-based social network We Heart It suffered a data breach . The incident wasn't discovered until October 2017 when 8.6 million user records were sent to HIBP. The data contained user names, email addresses and password hashes, 80% of...

8,600,635 accounts affectedOccurred 2013
Wednesday, March 22, 2017
BreachHave I Been PwnedMarch 22, 2017

Torrent Invites

In December 2013, the torrent site Torrent Invites was hacked and over 352k accounts were exposed. The vBulletin forum contained usernames, email and IP addresses, birth dates and salted MD5 hashes of passwords.

352,120 accounts affectedOccurred 2013
Wednesday, January 25, 2017
BreachHave I Been PwnedJanuary 25, 2017

Non Nude Girls

In May 2013, the non-consensual voyeurism site "Non Nude Girls" suffered a data breach . The hack of the vBulletin forum led to the exposure of over 75k accounts along with email and IP addresses, names and plain text passwords.

75,383 accounts affectedOccurred 2013
Monday, November 7, 2016
BreachHave I Been PwnedNovember 7, 2016

Heroes of Gaia

In early 2013, the online fantasy multiplayer game Heroes of Gaia suffered a data breach. The newest records in the data set indicate a breach date of 4 January 2013 and include usernames, IP and email addresses but no passwords.

179,967 accounts affectedOccurred 2013
Monday, September 5, 2016
BreachHave I Been PwnedSeptember 5, 2016

Brazzers

In April 2013, the adult website known as Brazzers was hacked and 790k accounts were exposed publicly. Each record included a username, email address and password stored in plain text. The breach was brought to light by the Vigilante.pw data breach reporting...

790,724 accounts affectedOccurred 2013
Thursday, July 7, 2016
BreachHave I Been PwnedJuly 7, 2016

Neopets

In May 2016, a set of breached data originating from the virtual pet website "Neopets" was found being traded online . Allegedly hacked "several years earlier", the data contains sensitive personal information including birthdates, genders and names as well...

26,892,897 accounts affectedOccurred 2013
Wednesday, July 6, 2016
BreachHave I Been PwnedJuly 6, 2016

Badoo

In June 2016, a data breach allegedly originating from the social website Badoo was found to be circulating amongst traders . Likely obtained several years earlier, the data contained 112 million unique email addresses with personal data including names,...

112,005,531 accounts affectedOccurred 2013
Saturday, July 2, 2016
BreachHave I Been PwnedJuly 2, 2016

iMesh

In September 2013, the media and file sharing client known as iMesh was hacked and approximately 50M accounts were exposed . The data was later put up for sale on a dark market website in mid-2016 and included email and IP addresses, usernames and salted MD5...

49,467,477 accounts affectedOccurred 2013
Sunday, May 29, 2016
BreachHave I Been PwnedMay 29, 2016

tumblr

In early 2013, tumblr suffered a data breach which resulted in the exposure of over 65 million accounts. The data was later put up for sale on a dark market website and included email addresses and passwords stored as salted SHA1 hashes.

65,469,298 accounts affectedOccurred 2013
Saturday, March 12, 2016
BreachHave I Been PwnedMarch 12, 2016

Lord of the Rings Online

In August 2013, the interactive video game Lord of the Rings Online suffered a data breach that exposed over 1.1M players' accounts. The data was being actively traded on underground forums and included email addresses, birth dates and password hashes.

1,141,278 accounts affectedOccurred 2013
BreachHave I Been PwnedMarch 12, 2016

Dungeons & Dragons Online

In April 2013, the interactive video game Dungeons & Dragons Online suffered a data breach that exposed almost 1.6M players' accounts. The data was being actively traded on underground forums and included email addresses, birth dates and password hashes.

1,580,933 accounts affectedOccurred 2013
Saturday, February 6, 2016
BreachHave I Been PwnedFebruary 6, 2016

OwnedCore

In approximately August 2013, the World of Warcraft exploits forum known as OwnedCore was hacked and more than 880k accounts were exposed. The vBulletin forum included IP addresses and passwords stored as salted hashes using a weak implementation enabling...

880,331 accounts affectedOccurred 2013
Sunday, January 17, 2016
BreachHave I Been PwnedJanuary 17, 2016

Nexus Mods

In December 2015, the game modding site Nexus Mods released a statement notifying users that they had been hacked . They subsequently dated the hack as having occurred in July 2013 although there is evidence to suggest the data was being traded months in...

5,915,013 accounts affectedOccurred 2013
Saturday, August 8, 2015
BreachHave I Been PwnedAugust 8, 2015

XSplit

In November 2013, the makers of gaming live streaming and recording software XSplit was compromised in an online attack . The data breach leaked almost 3M names, email addresses, usernames and hashed passwords.

2,983,472 accounts affectedOccurred 2013
Tuesday, February 3, 2015
BreachHave I Been PwnedFebruary 3, 2015

Crack Community

In late 2013, the Crack Community forum specialising in cracks for games was compromised and over 19k accounts published online. Built on the MyBB forum platform, the compromised data included email addresses, IP addresses and salted MD5 passwords.

19,210 accounts affectedOccurred 2013
Thursday, November 6, 2014
BreachHave I Been PwnedNovember 6, 2014

AhaShare.com

In May 2013, the torrent site AhaShare.com suffered a breach which resulted in more than 180k user accounts being published publicly. The breach included a raft of personal information on registered users plus despite assertions of not distributing personally...

180,468 accounts affectedOccurred 2013
Sunday, July 6, 2014
BreachHave I Been PwnedJuly 6, 2014

Lounge Board

At some point in 2013, 45k accounts were breached from the Lounge Board "General Discussion Forum" and then dumped publicly . Lounge Board was a MyBB forum launched in 2012 and discontinued in mid 2013 (the last activity in the logs was from August 2013).

45,018 accounts affectedOccurred 2013
BreachHave I Been PwnedJuly 6, 2014

Astropid

In December 2013, the vBulletin forum for the social engineering site known as "AstroPID" was breached and leaked publicly . The site provided tips on fraudulently obtaining goods and services, often by providing a legitimate "PID" or Product Information...

5,788 accounts affectedOccurred 2013
Sunday, June 1, 2014
BreachHave I Been PwnedJune 1, 2014

Win7Vista Forum

In September 2013, the Win7Vista Windows forum (since renamed to the "Beyond Windows 9" forum) was hacked and later had its internal database dumped . The dump included over 200k members’ personal information and other internal data extracted from the forum.

202,683 accounts affectedOccurred 2013