Data breaches in 2019
82 tracked incidents from 2019

Truth Finder
In 2019, the public records search service TruthFinder suffered a data breach that later came to light in early 2023 . The data included over 8M unique customer email addresses, names, phone numbers and passwords stored as scrypt hashes.

Instant Checkmate
In 2019, the public records search service Instant Checkmate suffered a data breach that later came to light in early 2023 . The data included almost 12M unique customer email addresses, names, phone numbers and passwords stored as scrypt hashes.

KiwiFarms
In September 2019, the forum for discussing "lolcows" (people who can be milked for laughs) Kiwi Farms suffered a data breach . The disclosure notice advised that email and IP addresses, dates of birth and content created by members were all exposed in the...

Minehut
In May 2019, the Minecraft server website Minehut suffered a data breach. The company advised a database backup had been obtained after which they subsequently notified all impacted users. 397k email addresses from the incident were provided to HIBP. A data...

Mastercard Priceless Specials
In August 2019, the German Mastercard bonus program "Priceless Specials" suffered a data breach . Personal data on almost 90k program members was subsequently extensively circulated online and included names, email and IP addresses, phone numbers and partial...

XKCD
In July 2019, the forum for webcomic XKCD suffered a data breach that impacted 562k subscribers. The breached phpBB forum leaked usernames, email and IP addresses and passwords stored in MD5 phpBB3 format. The data was provided to HIBP by white hat security...

Flash Flash Revolution (2019 breach)
In July 2019, the music-based rhythm game Flash Flash Revolution suffered a data breach. The 2019 breach imapcted almost 1.9 million members and is in addition to the 2016 data breach of the same service . Email and IP addesses, usernames, dates of birth and...

GameSalad
In February 2019, the education and game creation website Game Salad suffered a data breach . The incident impacted 1.5M accounts and exposed email addresses, usernames, IP addresses and passwords stored as SHA-256 hashes.

Artvalue
In June 2019, the France-based art valuation website Artvalue.com left their 158k member subscriber base publicly exposed in a text file on their website. The exposed data included names, usernames, email addresses and passwords stored as MD5 hashes. The site...

EatStreet
In May 2019, the online food ordering service EatStreet suffered a data breach affecting 6.4 million customers . An extensive amount of personal data was obtained including names, phone numbers, addresses, partial credit card data and passwords stored as...

Bulgarian National Revenue Agency
In July 2019, a massive data breach of the Bulgarian National Revenue Agency began circulating with data on 5 million people . Allegedly obtained in June, the data was broadly shared online and included taxation information alongside names, phone numbers,...

YouNow
In February 2019, data from the live broadcasting service YouNow appeared for sale on a dark web marketplace . Whilst it's not clear what date the actual breach occurred on, the impacted data included 18M unique email addresses, IP addresses, names, usernames...

































































