Recent Data Leaks
Live
← Back to timeline

Data breaches in 2016

104 tracked incidents from 2016

Wednesday, December 17, 2025
BreachHave I Been PwnedDecember 17, 2025

Web Hosting Talk

In July 2016, the Web Hosting Talk forum suffered a data breach that was subsequently listed for sale . The breach of the vBulletin based forum exposed 515k user records including usernames, email addresses, IP addresses and salted MD5 password hashes.

515,149 accounts affectedOccurred 2016
Thursday, May 8, 2025
BreachHave I Been PwnedMay 8, 2025

OnRPG

In July 2016, the now defunct free online games list website OnRPG suffered a data breach that was later redistributed as part of a larger corpus of data . The incident exposed just over 1M email and IP addresses alongside usernames and passwords stored as...

1,047,640 accounts affectedOccurred 2016
Monday, September 23, 2024
BreachHave I Been PwnedSeptember 23, 2024

GameVN

In May 2016, the Vietnamese gaming forum GameVN suffered a data breach that was later redistributed as part of a larger corpus of data . Data breached from the XenForo-based forum included 1.4M unique email addresses, usernames, IP addresses and salted MD5...

1,369,485 accounts affectedOccurred 2016
Thursday, May 23, 2024
BreachHave I Been PwnedMay 23, 2024

Dota2

In July 2016, the Dota2 official developers forum suffered a data breach that exposed almost 2 million users . The hack of the vBulletin forum led to the disclosure of email and IP addresses, usernames and passwords stored as salted MD5 hashes.

1,907,205 accounts affectedOccurred 2016
Wednesday, March 27, 2024
BreachHave I Been PwnedMarch 27, 2024

GSM Hosting

In August 2016, breached data from the vBulletin forum for GSM-Hosting appeared for sale alongside dozens of other hacked services . The breach impacted 2.6M users of the service and included email and IP addresses, usernames and salted MD5 password hashes.

2,607,440 accounts affectedOccurred 2016
Saturday, December 9, 2023
BreachHave I Been PwnedDecember 9, 2023

Kaneva

In July 2016, now defunct website Kaneva, the service to "build and explore virtual worlds", suffered a data breach that exposed 3.9M user records. The data included email addresses, usernames, dates of birth and salted MD5 password hashes.

3,901,179 accounts affectedOccurred 2016
Saturday, October 21, 2023
BreachHave I Been PwnedOctober 21, 2023

Tunngle

In 2016, the now defunct global LAN gaming network Tunngle suffered a data breach that exposed 8.2M unique email addresses. The compromised data also included usernames, IP addresses and passwords stored as salted MD5 hashes.

8,192,928 accounts affectedOccurred 2016
Wednesday, September 20, 2023
BreachHave I Been PwnedSeptember 20, 2023

dBforums

In July 2016, a data breach of the now defunct database forum "dBforums" appeared for sale alongside several others hacked from the parent company, Penton . The breach of the vBulletin based forum contained 363k unique email addresses alongside usernames, IP...

363,468 accounts affectedOccurred 2016
Sunday, July 23, 2023
BreachHave I Been PwnedJuly 23, 2023

Roblox

In August 2016, Roblox disclosed a data breach that affected over 50k users . The security incident impacted email and IP addresses, usernames, purchases and Robux balances which were left exposed on a test server.

52,458 accounts affectedOccurred 2016
Wednesday, August 3, 2022
BreachHave I Been PwnedAugust 3, 2022

Tuned Global

In January 2021, data from a number of breached services including Tuned Global were released to a public hacking forum . The breach appears to date back to 2016 and includes 985k records containing email addresses, names, a small number of physical addresses...

985,586 accounts affectedOccurred 2016
Friday, July 29, 2022
BreachHave I Been PwnedJuly 29, 2022

Battlefy

In January 2016, the esports website Battlefy suffered a data breach that exposed 83k customer records . The impacted data included email addresses, usernames and passwords stored as bcrypt hashes.

83,610 accounts affectedOccurred 2016
Wednesday, July 20, 2022
BreachHave I Been PwnedJuly 20, 2022

Shadi.com

In July 2016, the Muslim dating site Shadi.com suffered a data breach that exposed over 2M members' email addresses . The breach also exposed passwords stored as MD5 hashes alongside their plain text equivalents.

2,021,984 accounts affectedOccurred 2016
Monday, July 18, 2022
BreachHave I Been PwnedJuly 18, 2022

PPCGeeks

In August 2016, the pocket PC fan site forum PPCGeeks suffered a data breach that exposed over 490k records . The breach of the vBulletin forum exposed email and IP addresses, usernames, dates of birth and passwords stored as salted MD5 hashes.

492,518 accounts affectedOccurred 2016
Wednesday, August 25, 2021
BreachHave I Been PwnedAugust 25, 2021

SubaGames

In November 2016, the game developer Suba Games suffered a data breach which led to the exposure of 6.1M unique email addresses. Impacted data also included usernames and passwords, most of which appeared circulating in the breached file in plain text after...

6,137,666 accounts affectedOccurred 2016
Tuesday, June 16, 2020
BreachHave I Been PwnedJune 16, 2020

Foodora

In April 2016, the online food delivery service Foodora suffered a data breach which was then extensively redistributed online. The breach included the personal information of hundreds of thousands of customers from multiple countries including their names,...

582,578 accounts affectedOccurred 2016
Thursday, February 6, 2020
BreachHave I Been PwnedFebruary 6, 2020

Adult FriendFinder (2016)

In October 2016, the adult entertainment company Friend Finder Networks suffered a massive data breach . The incident impacted multiple separate online assets owned by the company, the largest of which was the Adult FriendFinder website alleged to be "the...

169,746,810 accounts affectedOccurred 2016
Tuesday, November 19, 2019
BreachHave I Been PwnedNovember 19, 2019

GPS Underground

In early 2017, GPS Underground was amongst a collection of compromised vBulletin websites that were found being sold online . The breach dated back to mid-2016 and included 670k records with usernames, email and IP addresses, dates of birth and salted MD5...

669,584 accounts affectedOccurred 2016
Sunday, October 6, 2019
BreachHave I Been PwnedOctober 6, 2019

StreetEasy

In approximately June 2016, the real estate website StreetEasy suffered a data breach . In total, 988k unique email addresses were included in the breach alongside names, usernames and SHA-1 hashes of passwords, all of which appeared for sale on a dark web...

988,230 accounts affectedOccurred 2016
Sunday, July 28, 2019
BreachHave I Been PwnedJuly 28, 2019

Anime-Planet

In approximately 2016, the anime website Anime-Planet suffered a data breach that impacted 369k subscribers. The exposed data included usernames, IP and email addresses, dates of birth and passwords stored as unsalted MD5 hashes and for newer accounts, bcrypt...

368,507 accounts affectedOccurred 2016
Saturday, July 27, 2019
BreachHave I Been PwnedJuly 27, 2019

EpicNPC

In January 2016, the hacked account reseller EpicNPC suffered a data breach that impacted 409k subscribers. The impacted data included usernames, IP and email addresses and passwords stored as salted MD5 hashes. The data was provided to HIBP by dehashed.com .

408,795 accounts affectedOccurred 2016
BreachHave I Been PwnedJuly 27, 2019

Clash of Kings

In July 2016, the forum for the game "Clash of Kings" suffered a data breach that impacted 1.6 million subscribers. The impacted data included usernames, IP and email addresses and passwords stored as MD5 hashes. The data was provided to HIBP by dehashed.com .

1,604,957 accounts affectedOccurred 2016
Saturday, June 15, 2019
BreachHave I Been PwnedJune 15, 2019

D3Scene

In January 2016, the gaming website D3Scene, suffered a data breach. The compromised vBulletin forum exposed 569k million email addresses, IP address, usernames and passwords stored as salted MD5 hashes. The data was provided to HIBP by dehashed.com .

568,827 accounts affectedOccurred 2016
Wednesday, March 27, 2019
BreachHave I Been PwnedMarch 27, 2019

Whitepages

In mid-2016, the telephone and address directory service Whitepages was among a raft of sites that were breached and their data then sold in early-2019 . The data included over 11 million unique email addresses alongside names and passwords stored as either a...

11,657,763 accounts affectedOccurred 2016
Wednesday, December 5, 2018
BreachHave I Been PwnedDecember 5, 2018

ForumCommunity

In approximately mid-2016, the Italian-based service for creating forums known as ForumCommunity suffered a data breach. The incident impacted over 776k unique email addresses along with usernames and unsalted MD5 password hashes. No response was received...

776,648 accounts affectedOccurred 2016
Saturday, November 17, 2018
BreachHave I Been PwnedNovember 17, 2018

KnownCircle

In approximately April 2016, the "marketing automation for agents and professional service providers" company KnownCircle had a large volume of data obtained by an external party. The data belonging to the now defunct service appeared in JSON format and...

1,957,600 accounts affectedOccurred 2016
Monday, October 29, 2018
BreachHave I Been PwnedOctober 29, 2018

Mac Forums

In July 2016, the self-proclaimed "Ultimate Source For Your Mac" website Mac Forums suffered a data breach. The vBulletin-based system exposed over 326k usernames, email and IP addresses, dates of birth and passwords stored as salted MD5 hashes. The data was...

326,714 accounts affectedOccurred 2016
Wednesday, October 17, 2018
BreachHave I Been PwnedOctober 17, 2018

Facepunch

In June 2016, the game development studio Facepunch suffered a data breach that exposed 343k users. The breached data included usernames, email and IP addresses, dates of birth and salted MD5 password hashes. Facepunch advised they were aware of the incident...

342,913 accounts affectedOccurred 2016
Friday, September 28, 2018
BreachHave I Been PwnedSeptember 28, 2018

Digimon

In September 2016, over 16GB of logs from a service indicated to be digimon.co.in were obtained, most likely from an unprotected Mongo DB instance. The service ceased running shortly afterwards and no information remains about the precise nature of it. Based...

7,687,679 accounts affectedOccurred 2016
Monday, September 24, 2018
BreachHave I Been PwnedSeptember 24, 2018

Real Estate Mogul

In September 2016, the real estate investment site Real Estate Mogul had a Mongo DB instance compromised and 5GB of data downloaded by an unauthorised party. The data contained real estate listings including addresses and the names, phone numbers and 308k...

307,768 accounts affectedOccurred 2016
Wednesday, September 19, 2018
BreachHave I Been PwnedSeptember 19, 2018

NemoWeb

In September 2016, almost 21GB of data from the French website used for "standardised and decentralized means of exchange for publishing newsgroup articles" NemoWeb was leaked from what appears to have been an unprotected Mongo DB. The data consisted of a...

3,472,916 accounts affectedOccurred 2016
Monday, September 10, 2018
BreachHave I Been PwnedSeptember 10, 2018

FreshMenu

In July 2016, the India-based food delivery service FreshMenu suffered a data breach. The incident exposed the personal data of over 110k customers and included their names, email addresses, phone numbers, home addresses and order histories. When advised of...

110,355 accounts affectedOccurred 2016
Saturday, September 8, 2018
BreachHave I Been PwnedSeptember 8, 2018

Warmane

In approximately December 2016, the online service for World of Warcraft private servers Warmane suffered a data breach. The incident exposed over 1.1M accounts including usernames, email addresses, dates of birth and salted MD5 password hashes. The data was...

1,116,256 accounts affectedOccurred 2016
Friday, April 20, 2018
BreachHave I Been PwnedApril 20, 2018

CashCrate

In June 2017, news broke that CashCrate had suffered a data breach exposing 6.8 million records . The breach of the cash-for-surveys site dated back to November 2016 and exposed names, physical addresses, email addresses and passwords stored in plain text for...

6,844,490 accounts affectedOccurred 2016
Sunday, March 25, 2018
BreachHave I Been PwnedMarch 25, 2018

MDPI

In August 2016, the Swiss scholarly open access publisher known as MDPI had 17.5GB of data obtained from an unprotected Mongo DB instance. The data contained email exchanges between MDPI and their authors and reviewers which included 845k unique email...

845,012 accounts affectedOccurred 2016
Saturday, March 17, 2018
BreachHave I Been PwnedMarch 17, 2018

MangaFox.me

In approximately July 2016, the manga website known as mangafox.me suffered a data breach. The vBulletin based forum exposed 1.3 million accounts including usernames, email and IP addresses, dates of birth and salted MD5 password hashes.

1,311,610 accounts affectedOccurred 2016
Thursday, March 8, 2018
BreachHave I Been PwnedMarch 8, 2018

xHamster

In November 2016, news broke that hackers were trading hundreds of thousands of xHamster porn account details . In total, the data contained almost 380k unique user records including email addresses, usernames and unsalted MD5 password hashes.

377,377 accounts affectedOccurred 2016
Wednesday, February 14, 2018
BreachHave I Been PwnedFebruary 14, 2018

Guns and Robots

In approximately April 2016, the gaming website Guns and Robots suffered a data breach resulting in the exposure of 143k unique records. The data contained email and IP addresses, usernames and SHA-1 password hashes. The site was previously reported as...

143,569 accounts affectedOccurred 2016
Sunday, December 10, 2017
BreachHave I Been PwnedDecember 10, 2017

CrackingForum

In approximately mid-2016, the cracking community forum known as CrackingForum suffered a data breach. The vBulletin based forum exposed 660k email and IP addresses, usernames and salted MD5 hashes.

660,305 accounts affectedOccurred 2016
Friday, November 17, 2017
BreachHave I Been PwnedNovember 17, 2017

V-Tight Gel

In approximately February 2016, data surfaced which was allegedly obtained from V-Tight Gel (vaginal tightening gel) . Whilst the data set was titled V-Tight, within there were 50 other (predominantly wellness-related) domain names , most owned by the same...

2,013,164 accounts affectedOccurred 2016
Friday, November 3, 2017
BreachHave I Been PwnedNovember 3, 2017

RankWatch

In approximately November 2016, the search engine optimisation management company RankWatch exposed a Mongo DB with no password publicly whereupon their data was exfiltrated and posted to an online forum. The data contained 7.4 million unique email addresses...

7,445,067 accounts affectedOccurred 2016
Sunday, October 29, 2017
BreachHave I Been PwnedOctober 29, 2017

Shotbow

In May 2016, the multiplayer server for Minecraft service Shotbow announced they'd suffered a data breach . The incident resulted in the exposure of over 1 million unique email addresses, usernames and salted SHA-256 password hashes.

1,052,753 accounts affectedOccurred 2016
Monday, October 9, 2017
BreachHave I Been PwnedOctober 9, 2017

AbuseWith.Us

In 2016, the site dedicated to helping people hack email and online gaming accounts known as Abusewith.us suffered multiple data breaches. The site allegedly had an administrator in common with the nefarious LeakedSource site , both of which have since been...

1,372,550 accounts affectedOccurred 2016
Thursday, October 5, 2017
BreachHave I Been PwnedOctober 5, 2017

Staminus

In March 2016, the DDoS protection service Staminus was "massively hacked" resulting in an outage of more than 20 hours and the disclosure of customer credentials (with unsalted MD5 hashes), support tickets, credit card numbers and other sensitive data. 27k...

26,815 accounts affectedOccurred 2016
Sunday, October 1, 2017
BreachHave I Been PwnedOctober 1, 2017

AKP Emails

In July 2016, a hacker known as Phineas Fisher hacked Turkey's ruling party (Justice and Development Party or "AKP") and gained access to 300k emails . The full contents of the emails were subsequently published by WikiLeaks and made searchable . HIBP...

917,461 accounts affectedOccurred 2016
Wednesday, August 23, 2017
BreachHave I Been PwnedAugust 23, 2017

Biohack.me

In December 2016, the forum for the biohacking website Biohack.me suffered a data breach that exposed 3.4k accounts. The data included usernames, email addresses and hashed passwords along with the private messages of forum members. The data was...

3,402 accounts affectedOccurred 2016
Monday, August 7, 2017
BreachHave I Been PwnedAugust 7, 2017

Dailymotion

In October 2016, the video sharing platform Dailymotion suffered a data breach . The attack led to the exposure of more than 85 million user accounts and included email addresses, usernames and bcrypt hashes of passwords.

85,176,234 accounts affectedOccurred 2016
Sunday, July 23, 2017
BreachHave I Been PwnedJuly 23, 2017

MCBans

In October 2016, the Minecraft banning service known as MCBans suffered a data breach resulting in the exposure of 120k unique user records. The data contained email and IP addresses, usernames and password hashes of unknown format. The site was previously...

119,948 accounts affectedOccurred 2016
Saturday, July 1, 2017
BreachHave I Been PwnedJuly 1, 2017

XPG

In approximately early 2016, the gaming website Xpgamesaves (XPG) suffered a data breach resulting in the exposure of 890k unique user records. The data contained email and IP addresses, usernames and salted MD5 hashes of passwords. The site was previously...

890,341 accounts affectedOccurred 2016
Thursday, June 8, 2017
BreachHave I Been PwnedJune 8, 2017

Data Enrichment Records

In December 2016, more than 200 million "data enrichment profiles" were found for sale on the darknet . The seller claimed the data was sourced from Experian and whilst that claim was rejected by the company, the data itself was found to be legitimate...

8,176,132 accounts affectedOccurred 2016
Saturday, May 6, 2017
BreachHave I Been PwnedMay 6, 2017

Exploit.In

In late 2016, a huge list of email address and password pairs appeared in a "combo list" referred to as "Exploit.In". The list contained 593 million unique email addresses, many with multiple different passwords hacked from various online systems. The list...

593,427,119 accounts affectedOccurred 2016
Thursday, May 4, 2017
BreachHave I Been PwnedMay 4, 2017

Anti Public Combo List

In December 2016, a huge list of email address and password pairs appeared in a "combo list" referred to as "Anti Public". The list contained 458 million unique email addresses, many with multiple different passwords hacked from various online systems. The...

457,962,538 accounts affectedOccurred 2016
Thursday, April 20, 2017
BreachHave I Been PwnedApril 20, 2017

FashionFantasyGame

In late 2016, the fashion gaming website Fashion Fantasy Game suffered a data breach . The incident exposed 2.3 million unique user accounts and corresponding MD5 password hashes with no salt. The data was contributed to Have I Been Pwned courtesy of...

2,357,872 accounts affectedOccurred 2016
Saturday, April 15, 2017
BreachHave I Been PwnedApril 15, 2017

Youku

In late 2016, the online Chinese video service Youku suffered a data breach. The incident exposed 92 million unique user accounts and corresponding MD5 password hashes. The data was contributed to Have I Been Pwned courtesy of rip@creep.im.

91,890,110 accounts affectedOccurred 2016
Saturday, March 25, 2017
BreachHave I Been PwnedMarch 25, 2017

Evony

In June 2016, the online multiplayer game Evony was hacked and over 29 million unique accounts were exposed. The attack led to the exposure of usernames, email and IP addresses and MD5 hashes of passwords (without salt).

29,396,116 accounts affectedOccurred 2016
Wednesday, March 22, 2017
BreachHave I Been PwnedMarch 22, 2017

HLTV

In June 2016, the "home of competitive Counter Strike" website HLTV was hacked and 611k accounts were exposed. The attack led to the exposure of names, usernames, email addresses and bcrypt hashes of passwords.

611,070 accounts affectedOccurred 2016
Wednesday, March 15, 2017
BreachHave I Been PwnedMarch 15, 2017

Wishbone (2016)

In August 2016, the mobile app to "compare anything" known as Wishbone suffered a data breach . The data contained 9.4 million records with 2.2 million unique email addresses and was allegedly a subset of the complete data set. The exposed data included...

2,247,314 accounts affectedOccurred 2016
BreachHave I Been PwnedMarch 15, 2017

NetProspex

In 2016, a list of over 33 million individuals in corporate America sourced from Dun & Bradstreet's NetProspex service was leaked online . D&B believe the targeted marketing data was lost by a customer who purchased it from them. It contained extensive...

33,698,126 accounts affectedOccurred 2016
Monday, February 20, 2017
BreachHave I Been PwnedFebruary 20, 2017

Funimation

In July 2016, the anime site Funimation suffered a data breach that impacted 2.5 million accounts. The data contained usernames, email addresses, dates of birth and salted SHA1 hashes of passwords.

2,491,103 accounts affectedOccurred 2016
Tuesday, February 7, 2017
BreachHave I Been PwnedFebruary 7, 2017

Justdate.com

An alleged breach of the dating website Justdate.com began circulating in approximately September 2016. Comprised of over 24 million records, the data contained various personal attributes such as email addresses, dates of birth and physical locations....

24,451,312 accounts affectedOccurred 2016
Tuesday, January 31, 2017
BreachHave I Been PwnedJanuary 31, 2017

CD Projekt RED

In March 2016, Polish game developer CD Projekt RED suffered a data breach . The hack of their forum led to the exposure of almost 1.9 million accounts along with usernames, email addresses and salted SHA1 passwords.

1,871,373 accounts affectedOccurred 2016
Sunday, January 22, 2017
BreachHave I Been PwnedJanuary 22, 2017

MrExcel

In December 2016, the forum for the Microsoft Excel tips and solutions site Mr Excel suffered a data breach . The hack of the vBulletin forum led to the exposure of over 366k accounts along with email and IP addresses, dates of birth and salted passwords...

366,140 accounts affectedOccurred 2016
Tuesday, January 3, 2017
BreachHave I Been PwnedJanuary 3, 2017

Pokémon Negro

In approximately October 2016, the Spanish Pokémon site Pokémon Negro suffered a data breach. The attack resulted in the disclosure of 830k accounts including email and IP addresses along with plain text passwords. Pokémon Negro did not respond when contacted...

830,155 accounts affectedOccurred 2016
Wednesday, December 28, 2016
BreachHave I Been PwnedDecember 28, 2016

Пара Па

In August 2016, the Russian gaming site known as Пара Па (or parapa.mail.ru) was hacked along with a number of other forums on the Russian mail provider, mail.ru. The vBulletin forum contained 4.9 million accounts including usernames, email addresses and...

4,946,850 accounts affectedOccurred 2016
BreachHave I Been PwnedDecember 28, 2016

Cross Fire

In August 2016, the Russian gaming forum known as Cross Fire (or cfire.mail.ru) was hacked along with a number of other forums on the Russian mail provider, mail.ru. The vBulletin forum contained 12.8 million accounts including usernames, email addresses and...

12,865,609 accounts affectedOccurred 2016
Tuesday, December 27, 2016
BreachHave I Been PwnedDecember 27, 2016

uuu9

In September 2016, data was allegedly obtained from the Chinese website known as uuu9.com and contained 7.5M accounts. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged...

7,485,802 accounts affectedOccurred 2016
Tuesday, December 20, 2016
BreachHave I Been PwnedDecember 20, 2016

Ethereum

In December 2016, the forum for the public blockchain-based distributed computing platform Ethereum suffered a data breach . The database contained over 16k unique email addresses along with IP addresses, private forum messages and (mostly) bcrypt hashed...

16,431 accounts affectedOccurred 2016
Saturday, December 17, 2016
BreachHave I Been PwnedDecember 17, 2016

PayAsUGym

In December 2016, an attacker breached PayAsUGym's website exposing over 400k customers' personal data. The data was consequently leaked publicly and broadly distributed via Twitter. The leaked data contained personal information including email addresses and...

400,260 accounts affectedOccurred 2016
Thursday, November 17, 2016
BreachHave I Been PwnedNovember 17, 2016

GeekedIn

In August 2016, the technology recruitment site GeekedIn left a MongoDB database exposed and over 8M records were extracted by an unknown third party. The breached data was originally scraped from GitHub in violation of their terms of use and contained...

1,073,164 accounts affectedOccurred 2016
Thursday, November 10, 2016
BreachHave I Been PwnedNovember 10, 2016

Army Force Online

In May 2016, the online gaming site Army Force Online suffered a data breach that exposed 1.5M accounts. The breached data was found being regularly traded online and included usernames, email and IP addresses and MD5 passwords.

1,531,235 accounts affectedOccurred 2016
Monday, November 7, 2016
BreachHave I Been PwnedNovember 7, 2016

Aipai.com

In September 2016, data allegedly obtained from the Chinese gaming website known as Aipai.com and containing 6.5M accounts was leaked online. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese...

6,496,778 accounts affectedOccurred 2016
BreachHave I Been PwnedNovember 7, 2016

Epic Games

In August 2016, the Epic Games forum suffered a data breach , allegedly due to a SQL injection vulnerability in vBulletin. The attack resulted in the exposure of 252k accounts including usernames, email addresses and salted MD5 hashes of passwords.

251,661 accounts affectedOccurred 2016
BreachHave I Been PwnedNovember 7, 2016

Unreal Engine

In August 2016, the Unreal Engine Forum suffered a data breach , allegedly due to a SQL injection vulnerability in vBulletin. The attack resulted in the exposure of 530k accounts including usernames, email addresses and salted MD5 hashes of passwords.

530,147 accounts affectedOccurred 2016
Saturday, November 5, 2016
BreachHave I Been PwnedNovember 5, 2016

uTorrent

In early 2016, the forum for the uTorrent BitTorrent client suffered a data breach which came to light later in the year. The database from the IP.Board based forum contained 395k accounts including usernames, email addresses and MD5 password hashes without a...

395,044 accounts affectedOccurred 2016
Wednesday, October 12, 2016
BreachHave I Been PwnedOctober 12, 2016

Modern Business Solutions

In October 2016, a large Mongo DB file containing tens of millions of accounts was shared publicly on Twitter (the file has since been removed). The database contained over 58M unique email addresses along with IP addresses, names, home addresses, genders,...

58,843,488 accounts affectedOccurred 2016
Monday, October 10, 2016
BreachHave I Been PwnedOctober 10, 2016

GFAN

In October 2016, data surfaced that was allegedly obtained from the Chinese website known as GFAN and contained 22.5M accounts. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has...

22,526,334 accounts affectedOccurred 2016
Friday, September 30, 2016
BreachHave I Been PwnedSeptember 30, 2016

Leet

In August 2016, the service for creating and running Pocket Minecraft edition servers known as Leet was reported as having suffered a data breach that impacted 6 million subscribers . The incident reported by Softpedia had allegedly taken place earlier in the...

5,081,689 accounts affectedOccurred 2016
Monday, September 26, 2016
BreachHave I Been PwnedSeptember 26, 2016

i-Dressup

In June 2016, the teen social site known as i-Dressup was hacked and over 2 million user accounts were exposed. At the time the hack was reported, the i-Dressup operators were not contactable and the underlying SQL injection flaw remained open, allegedly...

2,191,565 accounts affectedOccurred 2016
Tuesday, September 20, 2016
BreachHave I Been PwnedSeptember 20, 2016

MoDaCo

In approximately January 2016, the UK based Android community known as MoDaCo suffered a data breach which exposed 880k subscriber identities. The data included email and IP addresses, usernames and passwords stored as salted MD5 hashes.

879,703 accounts affectedOccurred 2016
Thursday, September 15, 2016
BreachHave I Been PwnedSeptember 15, 2016

eThekwini Municipality

In September 2016, the new eThekwini eServices website in South Africa was launched with a number of security holes that lead to the leak of over 98k residents' personal information and utility bills across 82k unique email addresses. Emails were sent prior...

81,830 accounts affectedOccurred 2016
Tuesday, September 13, 2016
BreachHave I Been PwnedSeptember 13, 2016

Regpack

In July 2016, a tweet was posted with a link to an alleged data breach of BlueSnap, a global payment gateway and merchant account provider . The data contained 324k payment records across 105k unique email addresses and included personal attributes such as...

104,977 accounts affectedOccurred 2016
Sunday, September 11, 2016
BreachHave I Been PwnedSeptember 11, 2016

ClixSense

In September 2016, the paid-to-click site ClixSense suffered a data breach which exposed 2.4 million subscriber identities. The breached data was then posted online by the attackers who claimed it was a subset of a larger data breach totalling 6.6 million...

2,424,784 accounts affectedOccurred 2016
Wednesday, September 7, 2016
BreachHave I Been PwnedSeptember 7, 2016

DLH.net

In July 2016, the gaming news site DLH.net suffered a data breach which exposed 3.3M subscriber identities. Along with the keys used to redeem and activate games on the Steam platform, the breach also resulted in the exposure of email addresses, birth dates...

3,264,710 accounts affectedOccurred 2016
Tuesday, September 6, 2016
BreachHave I Been PwnedSeptember 6, 2016

Flash Flash Revolution (2016 breach)

In February 2016, the music-based rhythm game known as Flash Flash Revolution was hacked and 1.8M accounts were exposed. Along with email and IP addresses, the vBulletin forum also exposed salted MD5 password hashes.

1,771,845 accounts affectedOccurred 2016
BreachHave I Been PwnedSeptember 6, 2016

Onverse

In January 2016, the online virtual world known as Onverse was hacked and 800k accounts were exposed. Along with email and IP addresses, the site also exposed salted MD5 password hashes.

800,157 accounts affectedOccurred 2016
BreachHave I Been PwnedSeptember 6, 2016

ServerPact

In mid-2015, the Dutch Minecraft site ServerPact was hacked and 73k accounts were exposed. Along with birth dates, email and IP addresses, the site also exposed SHA1 password hashes with the username as the salt.

73,587 accounts affectedOccurred 2016
Monday, August 29, 2016
BreachHave I Been PwnedAugust 29, 2016

Minecraft World Map

In approximately January 2016, the Minecraft World Map site designed for sharing maps created for the game was hacked and over 71k user accounts were exposed. The data included usernames, email and IP addresses along with salted and hashed passwords.

71,081 accounts affectedOccurred 2016
Tuesday, August 23, 2016
BreachHave I Been PwnedAugust 23, 2016

GTAGaming

In August 2016, the Grand Theft Auto forum GTAGaming was hacked and nearly 200k user accounts were leaked . The vBulletin based forum included usernames, email addresses and password hashes.

197,184 accounts affectedOccurred 2016
Monday, August 22, 2016
BreachHave I Been PwnedAugust 22, 2016

Teracod

In May 2015, almost 100k user records were extracted from the Hungarian torrent site known as Teracod. The data was later discovered being torrented itself and included email addresses, passwords, private messages between members and the peering history of IP...

97,151 accounts affectedOccurred 2016
Friday, July 8, 2016
BreachHave I Been PwnedJuly 8, 2016

17

In April 2016, customer data obtained from the streaming app known as "17" appeared listed for sale on a Tor hidden service marketplace . The data contained over 4 million unique email addresses along with IP addresses, usernames and passwords stored as...

4,009,640 accounts affectedOccurred 2016
Wednesday, June 29, 2016
BreachHave I Been PwnedJune 29, 2016

Muslim Match

In June 2016, the Muslim Match dating website had 150k email addresses exposed . The data included private chats and messages between relationship seekers and numerous other personal attributes including passwords hashed with MD5.

149,830 accounts affectedOccurred 2016
Monday, June 27, 2016
BreachHave I Been PwnedJune 27, 2016

Uiggy

In June 2016, the Facebook application known as Uiggy was hacked and 4.3M accounts were exposed, 2.7M of which had email addresses against them. The leaked accounts also exposed names, genders and the Facebook ID of the owners.

2,682,650 accounts affectedOccurred 2016
Wednesday, June 8, 2016
BreachHave I Been PwnedJune 8, 2016

BitTorrent

In January 2016, the forum for the popular torrent software BitTorrent was hacked . The IP.Board based forum stored passwords as weak SHA1 salted hashes and the breached data also included usernames, email and IP addresses.

34,235 accounts affectedOccurred 2016
Friday, May 27, 2016
BreachHave I Been PwnedMay 27, 2016

Fur Affinity

In May 2016, the Fur Affinity website for people with an interest in anthropomorphic animal characters (also known as "furries") was hacked . The attack exposed 1.2M email addresses (many accounts had a different "first" and "last" email against them) and...

1,270,564 accounts affectedOccurred 2016
Tuesday, May 10, 2016
BreachHave I Been PwnedMay 10, 2016

Rosebutt Board

Some time prior to May 2016, the forum known as "Rosebutt Board" was hacked and 107k accounts were exposed. The self-described "top one board for anal fisting, prolapse, huge insertions and rosebutt fans" had email and IP addresses, usernames and weakly...

107,303 accounts affectedOccurred 2016
Monday, May 9, 2016
BreachHave I Been PwnedMay 9, 2016

Nulled.cr

In May 2016, the cracking community forum known as Nulled.cr was hacked and 599k user accounts were leaked publicly. The compromised data included email and IP addresses, weak salted MD5 password hashes and hundreds of thousands of private messages between...

599,080 accounts affectedOccurred 2016
Monday, April 25, 2016
BreachHave I Been PwnedApril 25, 2016

Lifeboat

In January 2016, the Minecraft community known as Lifeboat was hacked and more than 7 million accounts leaked . Lifeboat knew of the incident for three months before the breach was made public but elected not to advise customers. The leaked data included...

7,089,395 accounts affectedOccurred 2016
Sunday, April 24, 2016
BreachHave I Been PwnedApril 24, 2016

TruckersMP

In February 2016, the online trucking simulator mod TruckersMP suffered a data breach which exposed 84k user accounts. In a first for "Have I Been Pwned", the breached data was self-submitted directly by the organisation that was breached itself .

83,957 accounts affectedOccurred 2016
BreachHave I Been PwnedApril 24, 2016

Naughty America

In March 2016, the adult website Naughty America was hacked and the data consequently sold online . The breach included data from numerous systems with various personal identity attributes, the largest of which had passwords stored as easily crackable MD5...

1,398,630 accounts affectedOccurred 2016
Thursday, April 14, 2016
BreachHave I Been PwnedApril 14, 2016

Mate1.com

In February 2016, the dating site mate1.com suffered a huge data breach resulting in the disclosure of over 27 million subscribers' information. The data included deeply personal information about their private lives including drug and alcohol habits, incomes...

27,393,015 accounts affectedOccurred 2016
BreachHave I Been PwnedApril 14, 2016

COMELEC (Philippines Voters)

In March 2016, the Philippines Commission of Elections website (COMELEC) was attacked and defaced , allegedly by Anonymous Philippines. Shortly after, data on 55 million Filipino voters was leaked publicly and included sensitive information such as genders,...

228,605 accounts affectedOccurred 2016
Thursday, March 3, 2016
BreachHave I Been PwnedMarch 3, 2016

KM.RU

In February 2016, the Russian portal and email service KM.RU was the target of an attack which was consequently detailed on Reddit . Allegedly protesting "the foreign policy of Russia in regards to Ukraine", KM.RU was one of several Russian sites in the...

1,476,783 accounts affectedOccurred 2016
BreachHave I Been PwnedMarch 3, 2016

Nival

In February 2016, the Russian gaming company Nival was the target of an attack which was consequently detailed on Reddit . Allegedly protesting "the foreign policy of Russia in regards to Ukraine", Nival was one of several Russian sites in the breach and...

1,535,473 accounts affectedOccurred 2016
Tuesday, February 23, 2016
BreachHave I Been PwnedFebruary 23, 2016

SkTorrent

In February 2016, the Slovak torrent tracking site SkTorrent was hacked and over 117k records leaked online . The data dump included usernames, email addresses and passwords stored in plain text.

117,070 accounts affectedOccurred 2016
Monday, February 22, 2016
BreachHave I Been PwnedFebruary 22, 2016

Linux Mint

In February 2016, the website for the Linux distro known as Linux Mint was hacked and the ISO infected with a backdoor . The site also ran a phpBB forum which was subsequently put up for sale complete with almost 145k email addresses, passwords and other...

144,989 accounts affectedOccurred 2016