Data breaches in 2016
104 tracked incidents from 2016

EpicNPC
In January 2016, the hacked account reseller EpicNPC suffered a data breach that impacted 409k subscribers. The impacted data included usernames, IP and email addresses and passwords stored as salted MD5 hashes. The data was provided to HIBP by dehashed.com .

Clash of Kings
In July 2016, the forum for the game "Clash of Kings" suffered a data breach that impacted 1.6 million subscribers. The impacted data included usernames, IP and email addresses and passwords stored as MD5 hashes. The data was provided to HIBP by dehashed.com .

Wishbone (2016)
In August 2016, the mobile app to "compare anything" known as Wishbone suffered a data breach . The data contained 9.4 million records with 2.2 million unique email addresses and was allegedly a subset of the complete data set. The exposed data included...

NetProspex
In 2016, a list of over 33 million individuals in corporate America sourced from Dun & Bradstreet's NetProspex service was leaked online . D&B believe the targeted marketing data was lost by a customer who purchased it from them. It contained extensive...

Пара Па
In August 2016, the Russian gaming site known as Пара Па (or parapa.mail.ru) was hacked along with a number of other forums on the Russian mail provider, mail.ru. The vBulletin forum contained 4.9 million accounts including usernames, email addresses and...

Cross Fire
In August 2016, the Russian gaming forum known as Cross Fire (or cfire.mail.ru) was hacked along with a number of other forums on the Russian mail provider, mail.ru. The vBulletin forum contained 12.8 million accounts including usernames, email addresses and...

Aipai.com
In September 2016, data allegedly obtained from the Chinese gaming website known as Aipai.com and containing 6.5M accounts was leaked online. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese...

Epic Games
In August 2016, the Epic Games forum suffered a data breach , allegedly due to a SQL injection vulnerability in vBulletin. The attack resulted in the exposure of 252k accounts including usernames, email addresses and salted MD5 hashes of passwords.

Unreal Engine
In August 2016, the Unreal Engine Forum suffered a data breach , allegedly due to a SQL injection vulnerability in vBulletin. The attack resulted in the exposure of 530k accounts including usernames, email addresses and salted MD5 hashes of passwords.

Flash Flash Revolution (2016 breach)
In February 2016, the music-based rhythm game known as Flash Flash Revolution was hacked and 1.8M accounts were exposed. Along with email and IP addresses, the vBulletin forum also exposed salted MD5 password hashes.

Onverse
In January 2016, the online virtual world known as Onverse was hacked and 800k accounts were exposed. Along with email and IP addresses, the site also exposed salted MD5 password hashes.

ServerPact
In mid-2015, the Dutch Minecraft site ServerPact was hacked and 73k accounts were exposed. Along with birth dates, email and IP addresses, the site also exposed SHA1 password hashes with the username as the salt.

TruckersMP
In February 2016, the online trucking simulator mod TruckersMP suffered a data breach which exposed 84k user accounts. In a first for "Have I Been Pwned", the breached data was self-submitted directly by the organisation that was breached itself .

Naughty America
In March 2016, the adult website Naughty America was hacked and the data consequently sold online . The breach included data from numerous systems with various personal identity attributes, the largest of which had passwords stored as easily crackable MD5...

Mate1.com
In February 2016, the dating site mate1.com suffered a huge data breach resulting in the disclosure of over 27 million subscribers' information. The data included deeply personal information about their private lives including drug and alcohol habits, incomes...

COMELEC (Philippines Voters)
In March 2016, the Philippines Commission of Elections website (COMELEC) was attacked and defaced , allegedly by Anonymous Philippines. Shortly after, data on 55 million Filipino voters was leaked publicly and included sensitive information such as genders,...

KM.RU
In February 2016, the Russian portal and email service KM.RU was the target of an attack which was consequently detailed on Reddit . Allegedly protesting "the foreign policy of Russia in regards to Ukraine", KM.RU was one of several Russian sites in the...

Nival
In February 2016, the Russian gaming company Nival was the target of an attack which was consequently detailed on Reddit . Allegedly protesting "the foreign policy of Russia in regards to Ukraine", Nival was one of several Russian sites in the breach and...



















































































