Recent Data Leaks
Live
← Back to timeline

Data breaches in 2018

78 tracked incidents from 2018

Monday, March 3, 2025
BreachHave I Been PwnedMarch 3, 2025

Color Dating

In September 2018, the dating app to match people with different ethnicities Color Dating suffered a data breach that was later redistributed as part of a larger corpus of data . The breach exposed 220k unique email addresses along with bios, names, profile...

220,503 accounts affectedOccurred 2018
Wednesday, October 30, 2024
BreachHave I Been PwnedOctober 30, 2024

VimeWorld

In October 2018, the Russian Minecraft service VimeWorld suffered a data breach that was later redistributed as part of a larger corpus of data . The data included 3.1M records of usernames, email and IP addresses and passwords stored as either MD5 or bcrypt...

3,118,964 accounts affectedOccurred 2018
Thursday, August 1, 2024
BreachHave I Been PwnedAugust 1, 2024

Multiplayer.it

In April 2024, over half a million records taken from the Italian gaming website Multiplayer.it were posted to a popular hacking forum . The impacted data included email addresses, usernames and salted MD5 password hashes. Multiplayer.it subsequently...

503,957 accounts affectedOccurred 2018
Sunday, November 6, 2022
BreachHave I Been PwnedNovember 6, 2022

Lolzteam

In May 2018, the Russian hacking forum Lolzteam suffered a data breach that exposed 400k members . The impacted data included usernames and email addresses which were later redistributed via another hacking forum.

398,011 accounts affectedOccurred 2018
Tuesday, May 24, 2022
BreachHave I Been PwnedMay 24, 2022

Wendy's

In March 2018, Wendy's in the Philippines suffered a data breach which impacted over 52k customers and job applicants. The breach exposed extensive personal information including names, email and IP addresses, physical addresses, phone numbers and passwords...

52,485 accounts affectedOccurred 2018
Sunday, September 26, 2021
BreachHave I Been PwnedSeptember 26, 2021

Ajarn

In September 2021, the Thai-based English language teaching website Ajarn discovered they'd been the victim of a data breach dating back to December 2018 . The breach was self-submitted to HIBP and included 266k email addresses, names, genders, phone numbers...

266,399 accounts affectedOccurred 2018
Wednesday, August 25, 2021
BreachHave I Been PwnedAugust 25, 2021

Eatigo

In October 2018, the restaurant reservation service Eatigo suffered a data breach that exposed 2.8 million accounts . The data included email addresses, names, phone numbers, social media profiles, genders and passwords stored as unsalted MD5 hashes.

2,789,609 accounts affectedOccurred 2018
Tuesday, June 15, 2021
BreachHave I Been PwnedJune 15, 2021

Fotolog

In December 2018, the photo sharing social network Fotolog suffered a data breach that exposed 16.7 million unique email addresses. The data also included usernames and unsalted SHA-256 password hashes. The site was dissolved the following year and repurposed...

16,717,854 accounts affectedOccurred 2018
Friday, May 21, 2021
BreachHave I Been PwnedMay 21, 2021

IIMJobs

In December 2018, the Indian job portal IIMJobs suffered a data breach that exposed 4.1 million unique email addresses . The data also included names, phone numbers, geographic locations, dates of birth, job titles, job applications and cover letters plus...

4,216,063 accounts affectedOccurred 2018
Monday, January 18, 2021
BreachHave I Been PwnedJanuary 18, 2021

Romwe

In mid-2018, the Hong Kong-based retailer Romwe suffered a data breach which exposed almost 20 million customers . The data was subsequently sold online and includes names, phone numbers, email and IP addresses, customer geographic locations and passwords...

19,531,820 accounts affectedOccurred 2018
Sunday, January 17, 2021
BreachHave I Been PwnedJanuary 17, 2021

Jobandtalent

In approximately February 2018, the employment website Jobandtalent suffered a data breach which then appeared for sale alongside other breaches a year later . The incident impacted 11 million subscribers and exposed their names, email and IP addresses and...

10,981,207 accounts affectedOccurred 2018
Saturday, December 5, 2020
BreachHave I Been PwnedDecember 5, 2020

Pluto TV

In October 2018, the internet television service Pluto TV suffered a data breach which was then shared extensively in hacking communities. Pluto TV "decided not to proactively inform users of the breach" which contained 3.2M unique email and IP addresses,...

3,225,080 accounts affectedOccurred 2018
Friday, June 5, 2020
BreachHave I Been PwnedJune 5, 2020

Zoomcar

In July 2018, the Indian self-drive car rental company Zoomcar suffered a data breach which was subsequently sold on a dark web marketplace in 2020 . The breach exposed over 3.5M records including names, email and IP addresses, phone numbers and passwords...

3,589,795 accounts affectedOccurred 2018
Monday, May 25, 2020
BreachHave I Been PwnedMay 25, 2020

Artsy

In April 2018, the online arts database Artsy suffered a data breach which consequently appeared for sale on a dark web marketplace . Over 1M accounts were impacted and included IP and email addresses, names and passwords stored as salted SHA-512 hashes.

1,079,970 accounts affectedOccurred 2018
Monday, May 4, 2020
BreachHave I Been PwnedMay 4, 2020

Elanic

In January 2020, the Indian fashion marketplace Elanic had 2.8M records with 2.3M unique email addresses posted publicly to a popular hacking forum. Elanic confirmed that they had "verified the data and it was pulled from one of our test servers where this...

2,325,283 accounts affectedOccurred 2018
Tuesday, March 24, 2020
BreachHave I Been PwnedMarch 24, 2020

PropTiger

In January 2018, the Indian property website PropTiger suffered a data breach which resulted in a 3.46GB database file being exposed and subsequently shared extensively on a popular hacking forum 2 years later. The exposed data contained both user records and...

2,156,921 accounts affectedOccurred 2018
Tuesday, January 28, 2020
BreachHave I Been PwnedJanuary 28, 2020

DailyObjects

In approximately January 2018, a collection of more than 464k customer records from the Indian online retailer DailyObjects were leaked online. The data included names, physical and email addresses, phone numbers and "pincodes" stored in plain text. After...

464,260 accounts affectedOccurred 2018
Monday, September 30, 2019
BreachHave I Been PwnedSeptember 30, 2019

Wanelo

In approximately December 2018, the digital mall Wanelo suffered a data breach . The data was later placed up for sale on a dark web marketplace along with a collection of other data breaches in April 2019. A total of 23 million unique email addresses were...

23,165,793 accounts affectedOccurred 2018
Monday, September 2, 2019
BreachHave I Been PwnedSeptember 2, 2019

Poshmark

In mid-2018, social commerce marketplace Poshmark suffered a data breach that exposed 36M user accounts. The compromised data included email addresses, names, usernames, genders, locations and passwords stored as bcrypt hashes.

36,395,491 accounts affectedOccurred 2018
Friday, August 16, 2019
BreachHave I Been PwnedAugust 16, 2019

Chegg

In April 2018, the textbook rental service Chegg suffered a data breach that impacted 40 million subscribers. The exposed data included email addresses, usernames, names and passwords stored as unsalted MD5 hashes. A small number of records also contained...

39,721,127 accounts affectedOccurred 2018
Sunday, July 21, 2019
BreachHave I Been PwnedJuly 21, 2019

Stronghold Kingdoms

In July 2018, the massive multiplayer online game Stronghold Kingdoms suffered a data breach . Almost 5.2 million accounts were impacted by the incident which exposed emails addresses, usernames and passwords stored as salted SHA-1 hashes.

5,187,305 accounts affectedOccurred 2018
Friday, July 19, 2019
BreachHave I Been PwnedJuly 19, 2019

Roll20

In December 2018, the tabletop role-playing games website Roll20 suffered a data breach . Almost 4 million customers were impacted by the breach and had email and IP addresses, names, bcrypt hashes of passwords and the last 4 digits of credit cards exposed.

3,994,436 accounts affectedOccurred 2018
Thursday, July 18, 2019
BreachHave I Been PwnedJuly 18, 2019

Animoto

In July 2018, the cloud-based video making service Animoto suffered a data breach . The breach exposed 22 million unique email addresses alongside names, dates of birth, country of origin and salted password hashes.

22,437,749 accounts affectedOccurred 2018
Wednesday, July 17, 2019
BreachHave I Been PwnedJuly 17, 2019

SHEIN

In June 2018, online fashion retailer SHEIN suffered a data breach . The company discovered the breach 2 months later in August then disclosed the incident another month after that. A total of 39 million unique email addresses were found in the breach...

39,086,762 accounts affectedOccurred 2018
Sunday, June 9, 2019
BreachHave I Been PwnedJune 9, 2019

Emuparadise

In April 2018, the self-proclaimed "biggest retro gaming website on earth", Emuparadise, suffered a data breach. The compromised vBulletin forum exposed 1.1 million email addresses, IP address, usernames and passwords stored as salted MD5 hashes. The data was...

1,131,229 accounts affectedOccurred 2018
Sunday, May 19, 2019
BreachHave I Been PwnedMay 19, 2019

OGUsers (2019 breach)

In May 2019, the account hijacking and SIM swapping forum OGusers suffered a data breach . The breach exposed a database backup from December 2018 which was published on a rival hacking forum. There were 161k unique email addresses spread across 113k forum...

161,143 accounts affectedOccurred 2018
Tuesday, April 23, 2019
BreachHave I Been PwnedApril 23, 2019

Club Penguin Rewritten (January 2018)

In January 2018, the children's gaming site Club Penguin Rewritten (CPRewritten) suffered a data breach (note: CPRewritten is an independent recreation of Disney's Club Penguin game). The incident exposed almost 1.7 million unique email addresses alongside IP...

1,688,176 accounts affectedOccurred 2018
Saturday, April 20, 2019
BreachHave I Been PwnedApril 20, 2019

Morele.net

In October 2018, the Polish e-commerce website Morele.net suffered a data breach . The incident exposed almost 2.5 million unique email addresses alongside phone numbers, names and passwords stored as md5crypt hashes.

2,467,304 accounts affectedOccurred 2018
Monday, April 8, 2019
BreachHave I Been PwnedApril 8, 2019

Knuddels

In September 2018, the German social media website Knuddels suffered a data breach . The incident exposed 808k unique email addresses alongside usernames, real names, the city of the person and their password in plain text. Knuddels was subsequently fined...

808,330 accounts affectedOccurred 2018
Monday, March 25, 2019
BreachHave I Been PwnedMarch 25, 2019

500px

In mid-2018, the online photography community 500px suffered a data breach . The incident exposed almost 15 million unique email addresses alongside names, usernames, genders, dates of birth and either an MD5 or bcrypt password hash. In 2019, the data...

14,867,999 accounts affectedOccurred 2018
Friday, March 22, 2019
BreachHave I Been PwnedMarch 22, 2019

Bookmate

In mid-2018, the social ebook subscription service Bookmate was among a raft of sites that were breached and their data then sold in early-2019 . The data included almost 4 million unique email addresses alongside names, genders, dates of birth and passwords...

3,830,916 accounts affectedOccurred 2018
Thursday, March 21, 2019
BreachHave I Been PwnedMarch 21, 2019

HauteLook

In mid-2018, the fashion shopping site HauteLook was among a raft of sites that were breached and their data then sold in early-2019 . The data included over 28 million unique email addresses alongside names, genders, dates of birth and passwords stored as...

28,510,459 accounts affectedOccurred 2018
BreachHave I Been PwnedMarch 21, 2019

8fit

In July 2018, the health and fitness service 8fit suffered a data breach . The data subsequently appeared for sale on a dark web marketplace in February 2019 and included over 15M unique email addresses alongside names, genders, IP addresses and passwords...

15,025,407 accounts affectedOccurred 2018
Tuesday, March 12, 2019
BreachHave I Been PwnedMarch 12, 2019

Houzz

In mid-2018, the housing design website Houzz suffered a data breach . The company learned of the incident later that year then disclosed it to impacted members in February 2019. Almost 49 million unique email addresses were in the breach alongside names, IP...

48,881,308 accounts affectedOccurred 2018
Sunday, March 3, 2019
BreachHave I Been PwnedMarch 3, 2019

ShareThis

In July 2018, the social bookmarking and sharing service ShareThis suffered a data breach . The incident exposed 41 million unique email addresses alongside names and in some cases, dates of birth and password hashes. In 2019, the data appeared listed for...

40,960,499 accounts affectedOccurred 2018
Monday, February 25, 2019
BreachHave I Been PwnedFebruary 25, 2019

Dubsmash

In December 2018, the video messaging service Dubsmash suffered a data breach . The incident exposed 162 million unique email addresses alongside usernames and PBKDF2 password hashes. In 2019, the data appeared listed for sale on a dark web marketplace (along...

161,749,950 accounts affectedOccurred 2018
Thursday, February 21, 2019
BreachHave I Been PwnedFebruary 21, 2019

MyFitnessPal

In February 2018, the diet and exercise service MyFitnessPal suffered a data breach . The incident exposed 144 million unique email addresses alongside usernames, IP addresses and passwords stored as SHA-1 and bcrypt hashes (the former for earlier accounts,...

143,606,147 accounts affectedOccurred 2018
Saturday, February 16, 2019
BreachHave I Been PwnedFebruary 16, 2019

EyeEm

In February 2018, photography website EyeEm suffered a data breach . The breach was identified among a collection of other large incidents and exposed almost 20M unique email addresses, names, usernames, bios and password hashes.

19,611,022 accounts affectedOccurred 2018
Tuesday, January 8, 2019
BreachHave I Been PwnedJanuary 8, 2019

BannerBit

In approximately December 2018, the online ad platform BannerBit suffered a data breach. Containing 213k unique email addresses and plain text passwords, the data was provided to HIBP by a third party. Multiple attempts were made to contact BannerBit, but no...

213,415 accounts affectedOccurred 2018
Wednesday, January 2, 2019
BreachHave I Been PwnedJanuary 2, 2019

BlankMediaGames

In December 2018, the Town of Salem website produced by BlankMediaGames suffered a data breach . Reported to HIBP by DeHashed , the data contained 7.6M unique user email addresses alongside usernames, IP addresses, purchase histories and passwords stored as...

7,633,234 accounts affectedOccurred 2018
Thursday, December 27, 2018
BreachHave I Been PwnedDecember 27, 2018

GoldSilver

In October 2018, the bullion education and dealer services site GoldSilver suffered a data breach that exposed 243k unique email addresses spanning customers and mailing list subscribers. An extensive amount of personal information on customers was obtained...

242,715 accounts affectedOccurred 2018
Tuesday, December 18, 2018
BreachHave I Been PwnedDecember 18, 2018

Mappery

In December 2018, the mapping website Mappery suffered a data breach that exposed over 205k unique email addresses. The incident also exposed usernames, the geographic location of the user and passwords stored as unsalted SHA-1 hashes. No response was...

205,242 accounts affectedOccurred 2018
Monday, December 10, 2018
BreachHave I Been PwnedDecember 10, 2018

Bombuj.eu

In December 2018, the Slovak website for watching movies online for free Bombuj.eu suffered a data breach. The incident exposed over 575k unique email addresses and passwords stored as unsalted MD5 hashes. No response was received from Bombuj.eu when...

575,437 accounts affectedOccurred 2018
Thursday, December 6, 2018
BreachHave I Been PwnedDecember 6, 2018

You've Been Scraped

In October and November 2018, security researcher Bob Diachenko identified several unprotected MongoDB instances believed to be hosted by a data aggregator . Containing a total of over 66M records, the owner of the data couldn't be identified but it is...

66,147,869 accounts affectedOccurred 2018
BreachHave I Been PwnedDecember 6, 2018

AerServ

In April 2018, the ad management platform known as AerServ suffered a data breach. Acquired by InMobi earlier in the year, the AerServ breach impacted over 66k unique email addresses and also included contact information and passwords stored as salted SHA-512...

66,308 accounts affectedOccurred 2018
Tuesday, December 4, 2018
BreachHave I Been PwnedDecember 4, 2018

Technic

In November 2018, the Minecraft modpack platform known as Technic suffered a data breach . Technic promptly disclosed the breach and advised that the impacted data included over 265k unique users' email and IP addresses, chat logs, private messages and...

265,410 accounts affectedOccurred 2018
Wednesday, November 28, 2018
BreachHave I Been PwnedNovember 28, 2018

Data & Leads

In November 2018, security researcher Bob Diachenko identified an unprotected database believed to be hosted by a data aggregator . Upon further investigation, the data was linked to marketing company Data & Leads . The exposed Elasticsearch instance...

44,320,330 accounts affectedOccurred 2018
Thursday, November 22, 2018
BreachHave I Been PwnedNovember 22, 2018

Adapt

In November 2018, security researcher Bob Diachenko identified an unprotected database hosted by data aggregator "Adapt" . A provider of "Fresh Quality Contacts", the service exposed over 9.3M unique records of individuals and employer information including...

9,363,740 accounts affectedOccurred 2018
Tuesday, November 20, 2018
BreachHave I Been PwnedNovember 20, 2018

HTH Studios

In August 2018, the adult furry interactive game creator HTH Studios suffered a data breach impacting multiple repositories of customer data. Several months later, the data surfaced on a popular hacking forum and included 411k unique email addresses along...

411,755 accounts affectedOccurred 2018
Saturday, November 17, 2018
BreachHave I Been PwnedNovember 17, 2018

Elasticsearch Instance of Sales Leads on AWS

In October 2018, security researcher Bob Diachenko identified multiple exposed databases with hundreds of millions of records . One of those datasets was an Elasticsearch instance on AWS containing sales lead data and 5.8M unique email addresses. The data...

5,788,169 accounts affectedOccurred 2018
Wednesday, November 7, 2018
BreachHave I Been PwnedNovember 7, 2018

Rbx.Rocks

In August 2018, the Roblox trading site Rbx.Rocks suffered a data breach. Almost 25k records were sent to HIBP in November and included names, email addresses and passwords stored as bcrypt hashes. In July 2019, a further 125k records emerged bringing the...

149,958 accounts affectedOccurred 2018
BreachHave I Been PwnedNovember 7, 2018

Società Italiana degli Autori ed Editori

In November 2018, the Società Italiana degli Autori ed Editori (Italian Society of Authors and Publishers, or SIAE) was hacked, defaced and almost 4GB of data leaked publicly via Twitter . The data included over 14k registered users' names, email addresses...

14,609 accounts affectedOccurred 2018
Tuesday, November 6, 2018
BreachHave I Been PwnedNovember 6, 2018

WPSandbox

In November 2018, the WordPress sandboxing service that allows people to create temporary websites WP Sandbox discovered their service was being used to host a phishing site attempting to collect Microsoft OneDrive accounts. After identifying the malicious...

858 accounts affectedOccurred 2018
Thursday, November 1, 2018
BreachHave I Been PwnedNovember 1, 2018

JoomlArt

In January 2018, the Joomla template website JoomlArt inadvertently exposed more than 22k unique customer records in a Jira ticket. The exposed data was from iJoomla and JomSocial, both services that JoomlArt acquired the previous year . The data included...

22,477 accounts affectedOccurred 2018
Saturday, October 20, 2018
BreachHave I Been PwnedOctober 20, 2018

Wife Lovers

In October 2018, the site dedicated to posting naked photos and other erotica of wives Wife Lovers suffered a data breach . The underlying database supported a total of 8 different adult websites and contained over 1.2M unique email addresses. Wife Lovers...

1,274,051 accounts affectedOccurred 2018
Friday, October 5, 2018
BreachHave I Been PwnedOctober 5, 2018

Apollo

In July 2018, the sales engagement startup Apollo left a database containing billions of data points publicly exposed without a password . The data was discovered by security researcher Vinny Troia who subsequently sent a subset of the data containing 126...

125,929,660 accounts affectedOccurred 2018
Tuesday, September 25, 2018
BreachHave I Been PwnedSeptember 25, 2018

SaverSpy

In September 2018, security researcher Bob Diachenko discovered a massive collection of personal details exposed in an unprotected Mongo DB instance . The data appears to have been used in marketing campaigns (possibly for spam purposes) but had little...

2,457,420 accounts affectedOccurred 2018
Thursday, September 13, 2018
BreachHave I Been PwnedSeptember 13, 2018

Kayo.moe Credential Stuffing List

In September 2018, a collection of almost 42 million email address and plain text password pairs was uploaded to the anonymous file sharing service kayo.moe . The operator of the service contacted HIBP to report the data which, upon further investigation,...

41,826,763 accounts affectedOccurred 2018
Friday, August 31, 2018
BreachHave I Been PwnedAugust 31, 2018

Mortal Online

In June 2018, the massively multiplayer online role-playing game (MMORPG) Mortal Online suffered a data breach . A file containing 570k email addresses and cracked passwords was subsequently distributed online. A larger more complete file containing 607k...

606,637 accounts affectedOccurred 2018
Monday, August 27, 2018
BreachHave I Been PwnedAugust 27, 2018

Atlas Quantum

In August 2018, the cryptocurrency investment platform Atlas Quantum suffered a data breach . The breach leaked the personal data of 261k investors on the platform including their names, phone numbers, email addresses and account balances.

261,463 accounts affectedOccurred 2018
Friday, August 24, 2018
BreachHave I Been PwnedAugust 24, 2018

SpyFone

In August 2018, the spyware company SpyFone left terabytes of data publicly exposed . Collected surreptitiously whilst the targets were using their devices, the data included photos, audio recordings, text messages and browsing history which were then exposed...

44,109 accounts affectedOccurred 2018
Wednesday, August 8, 2018
BreachHave I Been PwnedAugust 8, 2018

Lanwar

In July 2018, staff of the Lanwar gaming site discovered a data breach they believe dates back to sometime over the previous several months. The data contained 45k names, email addresses, usernames and plain text passwords. A Lanwar staff member...

45,120 accounts affectedOccurred 2018
Monday, August 6, 2018
BreachHave I Been PwnedAugust 6, 2018

Adult-FanFiction.Org

In May 2018, the website for sharing adult-orientated works of fiction known as Adult-FanFiction.Org had 186k records exposed in a data breach. The data contained names, email addresses, dates of birth and passwords stored as both MD5 hashes and plain text....

186,082 accounts affectedOccurred 2018
Tuesday, July 31, 2018
BreachHave I Been PwnedJuly 31, 2018

Fashion Nexus

In July 2018, UK-based ecommerce company Fashion Nexus suffered a data breach which exposed 1.4 million records . Multiple websites developed by sister company White Room Solutions were impacted in the breach amongst which were sites including Jaded London...

1,279,263 accounts affectedOccurred 2018
Wednesday, July 25, 2018
BreachHave I Been PwnedJuly 25, 2018

Exactis

In June 2018, the marketing firm Exactis inadvertently publicly leaked 340 million records of personal data . Security researcher Vinny Troia of Night Lion Security discovered the leak contained multiple terabytes of personal information spread across...

131,577,763 accounts affectedOccurred 2018
Tuesday, July 24, 2018
BreachHave I Been PwnedJuly 24, 2018

Funny Games

In April 2018, the online entertainment site Funny Games suffered a data breach that disclosed 764k records including usernames, email and IP addresses and salted MD5 password hashes. The incident was disclosed to Funny Games in July who acknowledged the...

764,357 accounts affectedOccurred 2018
Monday, July 9, 2018
BreachHave I Been PwnedJuly 9, 2018

Pemiblanc

In April 2018, a credential stuffing list containing 111 million email addresses and passwords known as Pemiblanc was discovered on a French server. The list contained email addresses and passwords collated from different data breaches and used to mount...

110,964,206 accounts affectedOccurred 2018
Wednesday, July 4, 2018
BreachHave I Been PwnedJuly 4, 2018

Light's Hope

In June 2018, the World of Warcraft service Light's Hope suffered a data breach which they subsequently self-submitted to HIBP. Over 30K unique users were impacted and their exposed data included email addresses, dates of birth, private messages and passwords...

30,484 accounts affectedOccurred 2018
Thursday, June 14, 2018
BreachHave I Been PwnedJune 14, 2018

Trik Spam Botnet

In June 2018, the command and control server of a malicious botnet known as the "Trik Spam Botnet" was misconfigured such that it exposed the email addresses of more than 43 million people . The researchers who discovered the exposed Russian server believe...

43,432,346 accounts affectedOccurred 2018
Monday, June 11, 2018
BreachHave I Been PwnedJune 11, 2018

Estonian Citizens (via Estonian Cybercrime Bureau)

In June 2018, the Cybercrime Bureau of the Estonian Central Criminal Police contacted HIBP and asked for assistance in making a data set of 655k email addresses searchable. The Estonian police suspected the email addresses and passwords they obtained were...

655,161 accounts affectedOccurred 2018
Thursday, June 7, 2018
BreachHave I Been PwnedJune 7, 2018

Creative

In May 2018, the forum for Singaporean hardware company Creative Technology suffered a data breach which resulted in the disclosure of 483k unique email addresses. Running on an old version of vBulletin, the breach also disclosed usernames, IP addresses and...

483,015 accounts affectedOccurred 2018
BreachHave I Been PwnedJune 7, 2018

Linux Forums

In May 2018, the Linux Forums website suffered a data breach which resulted in the disclosure of 276k unique email addresses. Running on an old version of vBulletin, the breach also disclosed usernames, IP addresses and salted MD5 password hashes. Linux...

275,785 accounts affectedOccurred 2018
Sunday, June 3, 2018
BreachHave I Been PwnedJune 3, 2018

Ticketfly

In May 2018, the website for the ticket distribution service Ticketfly was defaced by an attacker and was subsequently taken offline . The attacker allegedly requested a ransom to share details of the vulnerability with Ticketfly but did not receive a reply...

26,151,608 accounts affectedOccurred 2018
Thursday, May 24, 2018
BreachHave I Been PwnedMay 24, 2018

ViewFines

In May 2018, the South African website for viewing traffic fines online known as ViewFines suffered a data breach . Over 934k records containing 778k unique email addresses were exposed and included names, phone numbers, government issued IDs and passwords...

777,649 accounts affectedOccurred 2018
Thursday, March 29, 2018
BreachHave I Been PwnedMarch 29, 2018

Bestialitysextaboo

In March 2018, the animal bestiality website known as Bestialitysextaboo was hacked . A collection of various sites running on the same service were also compromised and details of the hack (including links to the data) were posted on a popular forum. In all,...

3,204 accounts affectedOccurred 2018
Sunday, March 18, 2018
BreachHave I Been PwnedMarch 18, 2018

Florida Virtual School

In March 2018, the Florida Virtual School (FLVS) posted a data breach notification to their website . The school had identified a data breach which had occurred sometime between 6 May 2016 and 12 Feb 2018 and an XML file containing 368k student records was...

542,902 accounts affectedOccurred 2018
Monday, February 26, 2018
BreachHave I Been PwnedFebruary 26, 2018

2,844 Separate Data Breaches

In February 2018, a massive collection of almost 3,000 alleged data breaches was found online . Whilst some of the data had previously been seen in Have I Been Pwned, 2,844 of the files consisting of more than 80 million unique email addresses had not...

80,115,532 accounts affectedOccurred 2018
Friday, February 9, 2018
BreachHave I Been PwnedFebruary 9, 2018

Autocentrum.pl

In February 2018, data belonging to the Polish motoring website autocentrum.pl was found online . The data contained 144k email addresses and plain text passwords.

143,717 accounts affectedOccurred 2018