Recent Data Leaks
Live
← Back to timeline

Data breaches in 2019

82 tracked incidents from 2019

Friday, December 26, 2025
BreachHave I Been PwnedDecember 26, 2025

Utair

In August 2020, news broke of a data breach of Russian airline Utair that dated back to the previous year . The breach contained over 400k unique email addresses along with extensive personal information including names, physical addresses, dates of birth,...

401,400 accounts affectedOccurred 2019
Friday, August 8, 2025
BreachHave I Been PwnedAugust 8, 2025

Unigame

In December 2019, the now defunct gaming website Unigame (maker of Hunter Online) suffered a data breach that was later redistributed as part of a larger corpus of data . The data included 844k email addresses and salted MD5 password hashes.

843,696 accounts affectedOccurred 2019
Sunday, February 16, 2025
BreachHave I Been PwnedFebruary 16, 2025

Storenvy

In mid-2019, the e-commerce website Storenvy suffered a data breach that exposed millions of customer records . A portion of the breached records were subsequently posted to a hacking forum with cracked password hashes, whilst the entire corpus of 23M rows...

11,052,071 accounts affectedOccurred 2019
Sunday, February 9, 2025
BreachHave I Been PwnedFebruary 9, 2025

Youthmanual

In January 2019, the Indonesian college and career platform Youthmanual suffered a data breach that exposed 1.1M records of data . The breached included 938k unique email addresses along with extensive personal information including names, genders, dates and...

937,912 accounts affectedOccurred 2019
Thursday, February 6, 2025
BreachHave I Been PwnedFebruary 6, 2025

Hakko Corporation

In March 2019, the Japanese solder-related business Hakko Corporation suffered a data breach . The incident exposed almost 10k customer records including email and physical addresses, phone numbers, names, usernames, genders, dates of birth and plain text...

9,665 accounts affectedOccurred 2019
Thursday, October 17, 2024
BreachHave I Been PwnedOctober 17, 2024

AlpineReplay

In 2019, the snow sports tracking app AlpineReplay suffered a data breach that exposed 900k unique email addresses. Later rolled into the Trace service, the breach included names, usernames, genders, dates of birth, weights and passwords stored as either...

898,681 accounts affectedOccurred 2019
Thursday, July 25, 2024
BreachHave I Been PwnedJuly 25, 2024

Condo.com

In June 2019, now defunct website Condo.com suffered a data breach that was later redistributed as part of a larger corpus of data . The impacted data included 1.5M email addresses alongside names, phone numbers and for a small number of records, physical...

1,481,555 accounts affectedOccurred 2019
Thursday, December 7, 2023
BreachHave I Been PwnedDecember 7, 2023

JoyGames

In December 2019, the forum for the JoyGames website suffered a data breach that exposed 4.5M unique email addresses. The impacted data also included usernames, IP addresses and salted MD5 password hashes.

4,461,787 accounts affectedOccurred 2019
Sunday, December 3, 2023
BreachHave I Been PwnedDecember 3, 2023

SoarGames

In December 2019, the now defunct gaming website SoarGames suffered a data breach that exposed 4.8M unique email addresses. The impacted data included usernames, email and IP addresses and salted MD5 password hashes. A significant number of the email...

4,774,445 accounts affectedOccurred 2019
Thursday, November 30, 2023
BreachHave I Been PwnedNovember 30, 2023

Go Ninja

In December 2019, the now defunct German gaming website Go Ninja suffered a data breach that exposed 5M unique email addresses. The impacted data included usernames, email and IP addresses and salted MD5 password hashes. More than 4M of the email addresses...

4,999,001 accounts affectedOccurred 2019
Wednesday, November 29, 2023
BreachHave I Been PwnedNovember 29, 2023

Estante Virtual

In February 2019, the Brazilian book store Estante Virtual suffered a data breach that impacted 5.4M customers . The exposed data included names, usernames, email and physical addresses, phone numbers, dates of birth and unsalted SHA-1 password hashes.

5,412,603 accounts affectedOccurred 2019
Monday, November 27, 2023
BreachHave I Been PwnedNovember 27, 2023

IndiHome

In mid-2021, reports emerged of a data breach of Indonesia's telecommunications company, IndiHome . Over 26M rows of data alleged to have been sourced from the company was posted to a popular hacking forum and contained 12.6M unique email addresses alongside...

12,629,245 accounts affectedOccurred 2019
Monday, October 30, 2023
BreachHave I Been PwnedOctober 30, 2023

GameSprite

In December 2019, the now defunct gaming platform GameSprite suffered a data breach that exposed over 6M unique email addresses. The impacted data also included usernames, IP addresses and salted MD5 password hashes.

6,164,643 accounts affectedOccurred 2019
Thursday, September 21, 2023
BreachHave I Been PwnedSeptember 21, 2023

ApexSMS

In May 2019, news broke of a massive SMS spam operation known as "ApexSMS" which was discovered after a MongoDB instance of the same name was found exposed without a password . The incident leaked over 80M records with 23M unique email addresses alongside...

23,246,481 accounts affectedOccurred 2019
Thursday, September 14, 2023
BreachHave I Been PwnedSeptember 14, 2023

MalindoAir

In early 2019, the Malaysian airline Malindo Air suffered a data breach that exposed tens of millions of customer records . Containing 4.3M unique email addresses, the breach also exposed extensive personal information including names, dates of birth,...

4,328,232 accounts affectedOccurred 2019
Sunday, March 5, 2023
BreachHave I Been PwnedMarch 5, 2023

LBB

In August 2022, customer data of the Indian shopping site "LBB" (Little Black Book) was posted to a popular hacking forum. The data contained over 3M records with 39k unique email addresses alongside IP and physical addresses, names and device information...

39,288 accounts affectedOccurred 2019
Saturday, February 4, 2023
BreachHave I Been PwnedFebruary 4, 2023

Truth Finder

In 2019, the public records search service TruthFinder suffered a data breach that later came to light in early 2023 . The data included over 8M unique customer email addresses, names, phone numbers and passwords stored as scrypt hashes.

8,159,573 accounts affectedOccurred 2019
BreachHave I Been PwnedFebruary 4, 2023

Instant Checkmate

In 2019, the public records search service Instant Checkmate suffered a data breach that later came to light in early 2023 . The data included almost 12M unique customer email addresses, names, phone numbers and passwords stored as scrypt hashes.

11,943,887 accounts affectedOccurred 2019
Monday, January 2, 2023
BreachHave I Been PwnedJanuary 2, 2023

Deezer

In late 2022, the music streaming service Deezer disclosed a data breach that impacted over 240M customers . The breach dated back to a mid-2019 backup exposed by a 3rd party partner which was subsequently sold and then broadly redistributed on a popular...

229,037,936 accounts affectedOccurred 2019
Sunday, January 1, 2023
BreachHave I Been PwnedJanuary 1, 2023

Benchmark

In November 2019, the Serbian technology news website Benchmark suffered a breach of its forum that exposed 93k customer records. The breach exposed IP and email addresses, usernames and passwords stored as salted MD5 hashes. A forum administrator...

93,343 accounts affectedOccurred 2019
Sunday, May 29, 2022
BreachHave I Been PwnedMay 29, 2022

MGM Resorts (2022 Update)

In July 2019, MGM Resorts discovered a data breach of one of their cloud services . The breach included 10.6M guest records with 3.1M unique email addresses stemming back to 2017. In May 2022, a superset of the data totalling almost 25M unique email addresses...

24,842,001 accounts affectedOccurred 2019
Monday, May 16, 2022
BreachHave I Been PwnedMay 16, 2022

Read Novel

In May 2019, the Chinese literature website Read Novel allegedly suffered a data breach that exposed 22M unique email addresses. Data also included usernames, genders, phone numbers and passwords stored as salted MD5 hashes. Read more about Chinese data...

22,424,472 accounts affectedOccurred 2019
Monday, May 2, 2022
BreachHave I Been PwnedMay 2, 2022

Aimware

In mid-2019, the video game cheats website "Aimware" suffered a data breach that exposed hundreds of thousands of subscribers' personal information. Data included email and IP addresses, usernames, forum posts, private messages, website activity and passwords...

305,470 accounts affectedOccurred 2019
Friday, April 15, 2022
BreachHave I Been PwnedApril 15, 2022

Avvo

In approximately December 2019, an alleged data breach of the lawyer directory service Avvo was published to an online hacking forum and used in an extortion scam (it's possible the exposure dates back earlier than that). The data contained 4.1M unique email...

4,101,101 accounts affectedOccurred 2019
Thursday, March 31, 2022
BreachHave I Been PwnedMarch 31, 2022

Royal Enfield

In January 2020, motorcycle maker Royal Enfield left a database publicly exposed that resulted in the inadvertent publication of over 400k customers . The impacted data included email and physical addresses, names, motorcycle information, social media...

420,873 accounts affectedOccurred 2019
Friday, July 23, 2021
BreachHave I Been PwnedJuly 23, 2021

Audi

In August 2019, Audi USA suffered a data breach after a vendor left data unsecured and exposed on the internet . The data contained 2.7M unique email addresses along with names, phone numbers, physical addresses and vehicle information including VIN. In a...

2,743,539 accounts affectedOccurred 2019
Saturday, July 17, 2021
BreachHave I Been PwnedJuly 17, 2021

Vastaamo

In October 2020, the Finnish psychotherapy service Vastaamo was the subject of a ransomware attack targeting first the company itself, followed by their patients directly . The original security incident dates back to a period between late 2018 and early 2019...

30,433 accounts affectedOccurred 2019
Sunday, April 4, 2021
BreachHave I Been PwnedApril 4, 2021

Facebook

In April 2021, a large data set of over 500 million Facebook users was made freely available for download . Encompassing approximately 20% of Facebook's subscribers, the data was allegedly obtained by exploiting a vulnerability Facebook advises they rectified...

509,458,528 accounts affectedOccurred 2019
Sunday, December 6, 2020
BreachHave I Been PwnedDecember 6, 2020

Peatix

In January 2019, the event organising platform Peatix suffered a data breach . The incident exposed 4.2M email addresses, names and salted password hashes. The data was provided to HIBP by dehashed.com .

4,227,907 accounts affectedOccurred 2019
Sunday, November 1, 2020
BreachHave I Been PwnedNovember 1, 2020

Promofarma

In August 2019, a data breach from the Spanish online pharmacy Promofarma appeared for sale on a dark web marketplace . The breach exposed over 2.7M records and contained almost 1.3M unique customer email addresses. The data also included customer names and...

1,277,761 accounts affectedOccurred 2019
Friday, October 30, 2020
BreachHave I Been PwnedOctober 30, 2020

StarTribune

In October 2019, the Minnesota-based news service StarTribune suffered a data breach which was subsequently sold on the dark web. The breach exposed over 2 million unique email addresses alongside names, usernames, physical addresses, dates of birth, genders...

2,192,857 accounts affectedOccurred 2019
Tuesday, August 18, 2020
BreachHave I Been PwnedAugust 18, 2020

Sonicbids

In December 2019, the booking website Sonicbids suffered a data breach which they attributed to "a data privacy event involving our third-party cloud hosting services". The breach contained 752k user records including names and usernames, email addresses and...

751,700 accounts affectedOccurred 2019
Monday, July 27, 2020
BreachHave I Been PwnedJuly 27, 2020

Hurb

In approximately March 2019, the online Brazilian travel agency Hurb (formerly Hotel Urbano) suffered a data breach . The data subsequently appeared online for download the following year and included over 20 million customer records with email and IP...

20,727,771 accounts affectedOccurred 2019
Wednesday, June 24, 2020
BreachHave I Been PwnedJune 24, 2020

Quidd

In 2019, online marketplace for trading stickers, cards, toys, and other collectibles Quidd suffered a data breach . The breach exposed almost 4 million users' email addresses, usernames and passwords stored as bcrypt hashes. The data was subsequently sold...

3,805,863 accounts affectedOccurred 2019
Monday, May 25, 2020
BreachHave I Been PwnedMay 25, 2020

Lifebear

In early 2019, the Japanese schedule app Lifebear appeared for sale on a dark web marketplace amongst a raft of other hacked websites . The breach exposed almost 3.7M unique email addresses, usernames and passwords stored as salted MD5 hashes.

3,670,561 accounts affectedOccurred 2019
Sunday, May 3, 2020
BreachHave I Been PwnedMay 3, 2020

TaiLieu

In November 2019, the Vietnamese education website TaiLieu allegedly suffered a data breach exposing 7.3M customer records. Impacted data included names and usernames, email addresses, dates of birth, genders and passwords stored as unsalted MD5 hashes. The...

7,327,477 accounts affectedOccurred 2019
Monday, March 16, 2020
BreachHave I Been PwnedMarch 16, 2020

The Halloween Spot

In September 2019, the Halloween costume store The Halloween Spot suffered a data breach. Originally misattributed to fancy dress store Smiffys , the breach contained 13GB of data with over 10k unique email addresses alongside names, physical and IP...

10,653 accounts affectedOccurred 2019
Thursday, February 20, 2020
BreachHave I Been PwnedFebruary 20, 2020

MGM Resorts

In July 2019, MGM Resorts discovered a data breach of one of their cloud services . The breach included 10.6M guest records with 3.1M unique email addresses stemming back to 2017. The exposed data included email and physical addresses, names, phone numbers...

3,081,321 accounts affectedOccurred 2019
Wednesday, January 15, 2020
BreachHave I Been PwnedJanuary 15, 2020

europa.jobs

In August 2019, the now defunct European jobs website europa.jobs (Google cache link) suffered a data breach. The incident exposed 226k unique email addresses alongside extensive personal information including names, dates of birth, job applications and...

226,095 accounts affectedOccurred 2019
Sunday, January 12, 2020
BreachHave I Been PwnedJanuary 12, 2020

Planet Calypso

In approximately July 2019, the forums for the Planet Calypso game suffered a data breach . The breach of the vBulletin based forum exposed email and IP addresses, usernames and passwords stored as salted MD5 hashes.

62,261 accounts affectedOccurred 2019
Saturday, January 11, 2020
BreachHave I Been PwnedJanuary 11, 2020

BtoBet

In December 2019, a large collection of data from Nigerian gambling company Surebet247 was sent to HIBP . Alongside the Surebet247, database backups from gambling sites BetAlfa, BetWay, BongoBongo and TopBet was also included. Further investigation implicated...

444,241 accounts affectedOccurred 2019
Friday, January 10, 2020
BreachHave I Been PwnedJanuary 10, 2020

Indian Railways

In November 2019, the website for Indian Rail left more than 2M records exposed on an unprotected Firebase database instance . The exposed data included 583k unique email addresses alongside usernames and passwords stored in plain text.

583,377 accounts affectedOccurred 2019
Friday, January 3, 2020
BreachHave I Been PwnedJanuary 3, 2020

Universarium

In approximately November 2019, the Russian "Remote preparatory faculty for IT specialties" Universarium suffered a data breach. The incident exposed 565k email addresses and passwords in plain text. Universarium did not respond to multiple attempts to make...

564,962 accounts affectedOccurred 2019
Thursday, December 19, 2019
BreachHave I Been PwnedDecember 19, 2019

Zynga

In September 2019, game developer Zynga (the creator of Words with Friends) suffered a data breach . The incident exposed 173M unique email addresses alongside usernames and passwords stored as salted SHA-1 hashes. The data was provided to HIBP by...

172,869,660 accounts affectedOccurred 2019
Wednesday, December 4, 2019
BreachHave I Been PwnedDecember 4, 2019

AgusiQ-Torrents.pl

In September 2019, Polish torrent site AgusiQ-Torrents.pl suffered a data breach. The incident exposed 90k member records including email and IP addresses, usernames and passwords stored as MD5 hashes.

90,478 accounts affectedOccurred 2019
Friday, November 22, 2019
BreachHave I Been PwnedNovember 22, 2019

Data Enrichment Exposure From PDL Customer

In October 2019, security researchers Vinny Troia and Bob Diachenko identified an unprotected Elasticsearch server holding 1.2 billion records of personal data . The exposed data included an index indicating it was sourced from data enrichment company People...

622,161,052 accounts affectedOccurred 2019
Wednesday, November 20, 2019
BreachHave I Been PwnedNovember 20, 2019

GateHub

In October 2019, 1.4M accounts from the cryptocurrency wallet service GateHub were posted to a popular hacking forum . GateHub had previously acknowledged a data breach in June , albeit with a smaller number of impacted accounts. Data from the breach included...

1,408,078 accounts affectedOccurred 2019
Tuesday, November 19, 2019
BreachHave I Been PwnedNovember 19, 2019

EpicBot

In September 2019, the RuneScape bot provider EpicBot suffered a data breach that impacted 817k subscribers . Data from the breach was subsequently shared on a popular hacking forum and included usernames, email and IP addresses and passwords stored as either...

816,662 accounts affectedOccurred 2019
Monday, November 11, 2019
BreachHave I Been PwnedNovember 11, 2019

ToonDoo

In August 2019, the comic strip creation website ToonDoo suffered a data breach . The data was subsequently redistributed on a popular hacking forum in November where the personal information of over 6M subscribers was shared. Impacted data included email and...

6,002,694 accounts affectedOccurred 2019
Friday, November 1, 2019
BreachHave I Been PwnedNovember 1, 2019

Vedantu

In mid-2019, the Indian interactive online tutoring platform Vedantu suffered a data breach which exposed the personal data of 687k users. The JSON formatted database dump exposed extensive personal information including email and IP address, names, phone...

686,899 accounts affectedOccurred 2019
Wednesday, October 23, 2019
BreachHave I Been PwnedOctober 23, 2019

Hookers.nl

In October 2019, the Dutch prostitution forum Hookers.nl suffered a data breach which exposed the personal information of sex workers and their customers. The IP and email addresses, usernames and either bcrypt or salted MD5 password hashes of 291k members...

290,955 accounts affectedOccurred 2019
Saturday, October 19, 2019
BreachHave I Been PwnedOctober 19, 2019

Zooville

In September 2019, the zoophilia and bestiality forum Zooville suffered a data breach . The usernames and email addresses of 71k members were accessed via an unpatched vulnerability in the vBulletin forum software then subsequently distributed online. A...

71,407 accounts affectedOccurred 2019
Wednesday, September 18, 2019
BreachHave I Been PwnedSeptember 18, 2019

Lumin PDF

In April 2019, the PDF management service Lumin PDF suffered a data breach . The breach wasn't publicly disclosed until September when 15.5M records of user data appeared for download on a popular hacking forum. The data had been left publicly exposed in a...

15,453,048 accounts affectedOccurred 2019
Tuesday, September 17, 2019
BreachHave I Been PwnedSeptember 17, 2019

KiwiFarms

In September 2019, the forum for discussing "lolcows" (people who can be milked for laughs) Kiwi Farms suffered a data breach . The disclosure notice advised that email and IP addresses, dates of birth and content created by members were all exposed in the...

4,606 accounts affectedOccurred 2019
BreachHave I Been PwnedSeptember 17, 2019

Minehut

In May 2019, the Minecraft server website Minehut suffered a data breach. The company advised a database backup had been obtained after which they subsequently notified all impacted users. 397k email addresses from the incident were provided to HIBP. A data...

396,533 accounts affectedOccurred 2019
Wednesday, September 11, 2019
BreachHave I Been PwnedSeptember 11, 2019

Void.to

In June 2019, the hacking website Void.to suffered a data breach. There were 95k unique email addresses spread across 86k forum users and other tables in the database. A rival hacking website claimed responsibility for breaching the MyBB based forum which...

95,431 accounts affectedOccurred 2019
Sunday, September 1, 2019
BreachHave I Been PwnedSeptember 1, 2019

Mastercard Priceless Specials

In August 2019, the German Mastercard bonus program "Priceless Specials" suffered a data breach . Personal data on almost 90k program members was subsequently extensively circulated online and included names, email and IP addresses, phone numbers and partial...

89,388 accounts affectedOccurred 2019
BreachHave I Been PwnedSeptember 1, 2019

XKCD

In July 2019, the forum for webcomic XKCD suffered a data breach that impacted 562k subscribers. The breached phpBB forum leaked usernames, email and IP addresses and passwords stored in MD5 phpBB3 format. The data was provided to HIBP by white hat security...

561,991 accounts affectedOccurred 2019
Monday, August 12, 2019
BreachHave I Been PwnedAugust 12, 2019

Cracked.to

In July 2019, the hacking website Cracked.to suffered a data breach. There were 749k unique email addresses spread across 321k forum users and other tables in the database. A rival hacking website claimed responsibility for breaching the MyBB based forum...

749,161 accounts affectedOccurred 2019
Saturday, August 10, 2019
BreachHave I Been PwnedAugust 10, 2019

StockX

In July 2019, the fashion and sneaker trading platform StockX suffered a data breach which was subsequently sold via a dark webmarketplace. The exposed data included 6.8 million unique email addresses, names, physical addresses, purchases and passwords stored...

6,840,339 accounts affectedOccurred 2019
Friday, August 9, 2019
BreachHave I Been PwnedAugust 9, 2019

Canva

In May 2019, the graphic design tool website Canva suffered a data breach that impacted 137 million subscribers. The exposed data included email addresses, usernames, names, cities of residence and passwords stored as bcrypt hashes for users not using social...

137,272,116 accounts affectedOccurred 2019
Monday, August 5, 2019
BreachHave I Been PwnedAugust 5, 2019

CafePress

In February 2019, the custom merchandise retailer CafePress suffered a data breach. The exposed data included 23 million unique email addresses with some records also containing names, physical addresses, phone numbers and passwords stored as SHA-1 hashes.

23,205,290 accounts affectedOccurred 2019
Tuesday, July 30, 2019
BreachHave I Been PwnedJuly 30, 2019

Club Penguin Rewritten (July 2019)

In July 2019, the children's gaming site Club Penguin Rewritten (CPRewritten) suffered a data breach (note: CPRewritten is an independent recreation of Disney's Club Penguin game). In addition to an earlier data breach that impacted 1.7 million accounts, the...

4,007,909 accounts affectedOccurred 2019
Sunday, July 21, 2019
BreachHave I Been PwnedJuly 21, 2019

Flash Flash Revolution (2019 breach)

In July 2019, the music-based rhythm game Flash Flash Revolution suffered a data breach. The 2019 breach imapcted almost 1.9 million members and is in addition to the 2016 data breach of the same service . Email and IP addesses, usernames, dates of birth and...

1,858,124 accounts affectedOccurred 2019
BreachHave I Been PwnedJuly 21, 2019

GameSalad

In February 2019, the education and game creation website Game Salad suffered a data breach . The incident impacted 1.5M accounts and exposed email addresses, usernames, IP addresses and passwords stored as SHA-256 hashes.

1,506,242 accounts affectedOccurred 2019
Saturday, July 20, 2019
BreachHave I Been PwnedJuly 20, 2019

Armor Games

In January 2019, the game portal website Armor Games suffered a data breach . A total of 10.6 million email addresses were impacted by the breach which also exposed usernames, IP addresses, birthdays of administrator accounts and passwords stored as salted...

10,604,307 accounts affectedOccurred 2019
Friday, July 19, 2019
BreachHave I Been PwnedJuly 19, 2019

Artvalue

In June 2019, the France-based art valuation website Artvalue.com left their 158k member subscriber base publicly exposed in a text file on their website. The exposed data included names, usernames, email addresses and passwords stored as MD5 hashes. The site...

157,692 accounts affectedOccurred 2019
BreachHave I Been PwnedJuly 19, 2019

EatStreet

In May 2019, the online food ordering service EatStreet suffered a data breach affecting 6.4 million customers . An extensive amount of personal data was obtained including names, phone numbers, addresses, partial credit card data and passwords stored as...

6,353,564 accounts affectedOccurred 2019
Thursday, July 18, 2019
BreachHave I Been PwnedJuly 18, 2019

Bulgarian National Revenue Agency

In July 2019, a massive data breach of the Bulgarian National Revenue Agency began circulating with data on 5 million people . Allegedly obtained in June, the data was broadly shared online and included taxation information alongside names, phone numbers,...

471,167 accounts affectedOccurred 2019
BreachHave I Been PwnedJuly 18, 2019

YouNow

In February 2019, data from the live broadcasting service YouNow appeared for sale on a dark web marketplace . Whilst it's not clear what date the actual breach occurred on, the impacted data included 18M unique email addresses, IP addresses, names, usernames...

18,241,518 accounts affectedOccurred 2019
Wednesday, July 17, 2019
BreachHave I Been PwnedJuly 17, 2019

BlackSpigotMC

In July 2019, the hacking website BlackSpigotMC suffered a data breach . The XenForo forum based site was allegedly compromised by a rival hacking website and resulted in 8.5GB of data being leaked including the database and website itself. The exposed data...

140,029 accounts affectedOccurred 2019
Saturday, July 13, 2019
BreachHave I Been PwnedJuly 13, 2019

Mindjolt

In March 2019, the online gaming website MindJolt suffered a data breach that exposed 28M unique email addresses . Also impacted were names and dates of birth, but no passwords.

28,364,826 accounts affectedOccurred 2019
Friday, June 28, 2019
BreachHave I Been PwnedJune 28, 2019

Wiener Büchereien

In June 2019, the library of Vienna (Wiener Büchereien) suffered a data breach . The compromised data included 224k unique email addresses, names, physical addresses, phone numbers and dates of birth. The breached data was subsequently posted to Twitter by...

224,119 accounts affectedOccurred 2019
Sunday, June 23, 2019
BreachHave I Been PwnedJune 23, 2019

Social Engineered

In June 2019, the "Art of Human Hacking" site Social Engineered suffered a data breach. The breach of the MyBB forum was published on a rival hacking forum and included 89k unique email addresses spread across 55k forum users and other tables in the database....

89,392 accounts affectedOccurred 2019
Sunday, May 26, 2019
BreachHave I Been PwnedMay 26, 2019

Ordine Avvocati di Roma

In May 2019, the Lawyers Order of Rome suffered a data breach by a group claiming to be Anonymous Italy . Data on tens of thousands of Roman lawyers was taken from the breached system and redistributed online. The data included contact information, email...

41,960 accounts affectedOccurred 2019
Thursday, April 4, 2019
BreachHave I Been PwnedApril 4, 2019

Demon Forums

In February 2019, the hacking forum Demon Forums suffered a data breach. The compromise of the vBulletin forum exposed 52k unique email addresses alongside usernames and passwords stored as salted MD5 hashes.

52,623 accounts affectedOccurred 2019
Wednesday, April 3, 2019
BreachHave I Been PwnedApril 3, 2019

Everybody Edits

In March 2019, the multiplayer platform game Everybody Edits suffered a data breach . The incident exposed 871k unique email addresses alongside usernames and IP addresses. The data was subsequently distributed online across a collection of files.

871,190 accounts affectedOccurred 2019
Tuesday, April 2, 2019
BreachHave I Been PwnedApril 2, 2019

Intelimost

In March 2019, a spam operation known as "Intelimost" sent millions of emails appearing to come from people the recipients knew . Security researcher Bob Diachenko found over 3 million unique email addresses in an exposed Elasticsearch database , alongside...

3,073,409 accounts affectedOccurred 2019
Sunday, March 17, 2019
BreachHave I Been PwnedMarch 17, 2019

ixigo

In January 2019, the travel and hotel booking site ixigo suffered a data breach . The data appeared for sale on a dark web marketplace the following month and included over 17M unique email addresses alongside names, genders, phone numbers, connections to...

17,204,697 accounts affectedOccurred 2019
Saturday, March 9, 2019
BreachHave I Been PwnedMarch 9, 2019

Verifications.io

In February 2019, the email address validation service verifications.io suffered a data breach . Discovered by Bob Diachenko and Vinny Troia , the breach was due to the data being stored in a MongoDB instance left publicly facing without a password and...

763,117,241 accounts affectedOccurred 2019
Monday, February 11, 2019
BreachHave I Been PwnedFebruary 11, 2019

devkitPro

In February 2019, the devkitPro forum suffered a data breach . The phpBB based forum had 1,508 unique email addresses exposed in the breach alongside forum posts, private messages and passwords stored as weak salted hashes. The data breach was self-submitted...

1,508 accounts affectedOccurred 2019
Wednesday, January 16, 2019
BreachHave I Been PwnedJanuary 16, 2019

Collection #1

In January 2019, a large collection of credential stuffing lists (combinations of email addresses and passwords used to hijack accounts on other services) was discovered being distributed on a popular hacking forum. The data contained almost 2.7 billion...

772,904,991 accounts affectedOccurred 2019