Recent Data Leaks
Live
← Back to timeline

Data breaches in 2020

98 tracked incidents from 2020

Friday, October 3, 2025
BreachHave I Been PwnedOctober 3, 2025

HomeRefill

In April 2020, now defunct Brazilian e-commerce platform HomeRefill suffered a data breach that was later redistributed as part of a larger corpus of data . The data included 187k unique email addresses along with names, phone numbers, dates of birth and...

187,457 accounts affectedOccurred 2020
Monday, December 16, 2024
BreachHave I Been PwnedDecember 16, 2024

Hopamedia

In 2024, data relating to an unknown service referred to as "Hopamedia" and dating back to 2020 appeared in a publicly exposed database . The data included almost 24M records of email address, name, phone number, the country of the individual and their...

23,835,870 accounts affectedOccurred 2020
Thursday, October 31, 2024
BreachHave I Been PwnedOctober 31, 2024

Stalker Online

In May 2020, over 1.3M records from the MMO game Stalker Online were breached . The data included email and IP addresses, usernames and hashed passwords.

1,385,472 accounts affectedOccurred 2020
Sunday, October 27, 2024
BreachHave I Been PwnedOctober 27, 2024

StreamCraft

In July 2020, the Russian Minecraft service StreamCraft suffered a data breach that was later redistributed as part of a larger corpus of data . The data included 1.8M records of usernames, email and IP addresses and passwords stored as either MD5 or bcrypt...

1,772,620 accounts affectedOccurred 2020
Sunday, September 15, 2024
BreachHave I Been PwnedSeptember 15, 2024

Games Box

In September 2020, now defunct website Games Box suffered a data breach that was later redistributed as part of a larger corpus of data . The impacted data included 1.4M email addresses alongside usernames, genders, ages and passwords stored as either a hash...

1,439,354 accounts affectedOccurred 2020
Wednesday, November 15, 2023
BreachHave I Been PwnedNovember 15, 2023

Acuity

In mid-2020, a 437GB corpus of data attributed to an entity named "Acuity" was created and later extensively distributed . However, the source could not be confidently verified as any known companies named Acuity. The data totalled over 14M unique email...

14,055,729 accounts affectedOccurred 2020
Sunday, November 5, 2023
BreachHave I Been PwnedNovember 5, 2023

GamingMonk

In December 2020, India's "largest esports community" GamingMonk (since acquired by and redirected to MPL Esports), suffered a data breach. The incident exposed 655k unique email addresses along with names, usernames, phone numbers, dates of birth and bcrypt...

654,510 accounts affectedOccurred 2020
Monday, October 2, 2023
BreachHave I Been PwnedOctober 2, 2023

Horse Isle

In June 2020 then again in September that same year, Horse Isle "The Secrent Land of Horses" suffered a data breach . The incident exposed 28k unique email addresses along with names, usernames, IP addresses, genders, purchases and plain text passwords. The...

27,786 accounts affectedOccurred 2020
Thursday, August 31, 2023
BreachHave I Been PwnedAugust 31, 2023

Pampling

In January 2020, the online clothing retailer Pampling suffered a data breach that exposed 383k unique customer email addresses. The data was later shared on a popular hacking forum and also included names, usernames and unsalted MD5 password hashes.

383,468 accounts affectedOccurred 2020
Tuesday, July 18, 2023
BreachHave I Been PwnedJuly 18, 2023

Roblox Developer Conference (2023)

In July 2023, a list of alleged attendees from the 2017-2020 Roblox Developers Conferences was circulated on a forum . The data contained 4k unique email addresses along with names, usernames, dates of birth, phone numbers, physical and IP addresses and...

3,943 accounts affectedOccurred 2020
Saturday, June 10, 2023
BreachHave I Been PwnedJune 10, 2023

Zacks

In December 2022, the investment research company Zacks announced a data breach . The following month, reports emerged of the incident impacting 820k customers . However, in June 2023, a corpus of data with almost 9M Zacks customers appeared before being...

8,929,503 accounts affectedOccurred 2020
Wednesday, May 31, 2023
BreachHave I Been PwnedMay 31, 2023

RaidForums

In May 2023, 478k user records from the now defunct hacking forum known as "RaidForums" was posted to another hacking forum . The data dated back to September 2020 and included email addresses, usernames, dates of birth, IP addresses and passwords stored as...

478,604 accounts affectedOccurred 2020
Monday, April 24, 2023
BreachHave I Been PwnedApril 24, 2023

MEO

In early 2023, a corpus of data sourced from the New Zealand based face mask company MEO was discovered. Dating back to December 2020, the data contained over 8k customer records including names, addresses, phone numbers and passwords stored as MD5 Wordpress...

8,227 accounts affectedOccurred 2020
Saturday, March 11, 2023
BreachHave I Been PwnedMarch 11, 2023

Shopper+

In March 2023, "Canada's online shopping mall" Shopper+ disclosed a data breach discovered on a public hacking forum . The breach dated back to September 2020 and included 878k customer records with email and physical addresses, names, phone numbers and in...

878,290 accounts affectedOccurred 2020
Monday, February 6, 2023
BreachHave I Been PwnedFebruary 6, 2023

LimeVPN

In October 2020, the VPN provider LimeVPN suffered a data breach that exposed the personal information of tens of thousands of customers . The data included email, IP and physical addresses, names, phone numbers, purchase histories and passwords stored as...

23,348 accounts affectedOccurred 2020
Tuesday, November 22, 2022
BreachHave I Been PwnedNovember 22, 2022

Not Acxiom

In 2020, a corpus of data containing almost a quarter of a billion records spanning over 400 different fields was misattributed to database marketing company Acxiom and subsequently circulated within the hacking community. On review, Acxiom concluded that...

51,730,831 accounts affectedOccurred 2020
Thursday, October 6, 2022
BreachHave I Been PwnedOctober 6, 2022

Bhinneka

In early 2020, the Indonesian consumer electronics website Bhinneka suffered a data breach that exposed almost 1.3M customer records . The data included email and physical addresses, names, genders, dates of birth, phone numbers and salted password hashes.

1,274,340 accounts affectedOccurred 2020
Wednesday, August 17, 2022
BreachHave I Been PwnedAugust 17, 2022

SitePoint

In June 2020, the web development site SitePoint suffered a data breach that exposed over 1M customer records . Impacted data included email and IP addresses, names, usernames, bios and passwords stored as bcrypt hashes.

1,021,790 accounts affectedOccurred 2020
Tuesday, July 26, 2022
BreachHave I Been PwnedJuly 26, 2022

Paytm

In August 2020, the Indian payment provider Paytm was reported as having suffered a data breach and subsequent ransom demand , after which the data was circulated publicly. Further investigation into the data concluded that the breach was fabricated and did...

3,395,101 accounts affectedOccurred 2020
Saturday, July 16, 2022
BreachHave I Been PwnedJuly 16, 2022

Famm

In late 2020, the Japanese family photos website Famm suffered a data breach that subsequently exposed 1.3M customer records , including 535k unique email addresses. Impacted data also included names, dates of birth, genders and passwords stored as SHA-256...

535,240 accounts affectedOccurred 2020
BreachHave I Been PwnedJuly 16, 2022

Eskimi

In late 2020, the AdTech platform Eskimi suffered a data breach that exposed 26M records with 1.2M unique email addresses . The data included usernames, dates of birth, genders and passwords stored as unsalted MD5 hashes.

1,197,620 accounts affectedOccurred 2020
Monday, July 4, 2022
BreachHave I Been PwnedJuly 4, 2022

Capital Economics

In December 2020, the economic research company Capital Economics suffered a data breach that exposed 263k customer records . The exposed data included email and physical addresses, names, phone numbers, job titles and the employer of impacted customers.

263,829 accounts affectedOccurred 2020
Thursday, May 26, 2022
BreachHave I Been PwnedMay 26, 2022

Preen.Me

In May 2020, social media marketing company Preen.Me was the target of a ransom attack that resulted in hundreds of thousands of records being publicly posted . Over 236k unique email addresses were exposed in the attack alongside names, usernames and links...

236,105 accounts affectedOccurred 2020
Friday, January 28, 2022
BreachHave I Been PwnedJanuary 28, 2022

RedDoorz

In September 2020, the hotel management & booking platform RedDoorz suffered a data breach that exposed over 5.8M user accounts . The breached data included names, email addresses, phone numbers, genders, dates of birth and passwords stored as bcrypt hashes.

5,890,277 accounts affectedOccurred 2020
Thursday, January 20, 2022
BreachHave I Been PwnedJanuary 20, 2022

ShockGore

In August 2020, the website for sharing graphic videos and images of gore and animal cruelty suffered a data breach. The breach exposed 74k unique email addresses alongside usernames, IP addresses, genders and unsalted SHA-1 password hashes. Private messages...

73,944 accounts affectedOccurred 2020
Sunday, December 5, 2021
BreachHave I Been PwnedDecember 5, 2021

Gravatar

In October 2020, a security researcher published a technique for scraping large volumes of data from Gravatar, the service for providing globally unique avatars . 167 million names, usernames and MD5 hashes of email addresses used to reference users' avatars...

113,990,759 accounts affectedOccurred 2020
Thursday, October 14, 2021
BreachHave I Been PwnedOctober 14, 2021

Thingiverse

In October 2021, a database backup taken from the 3D model sharing service Thingiverse began extensively circulating within the hacking community . Dating back to October 2020, the 36GB file contained 228 thousand unique email addresses, mostly alongside...

228,102 accounts affectedOccurred 2020
Monday, October 11, 2021
BreachHave I Been PwnedOctober 11, 2021

Playbook

In September 2021, a publicly accessible PostgresSQL database belonging to the Playbook service was identified . Run by VC firm Plug and Play Ventures, the database had been exposed since October 2020 and contained more than 50 thousand unique email addresses...

50,538 accounts affectedOccurred 2020
Sunday, August 8, 2021
BreachHave I Been PwnedAugust 8, 2021

OrderSnapp

In June 2020, the restaurant solutions provider OrderSnapp suffered a data breach which exposed 1.3M unique email addresses. Impacted data also included names, phone numbers, dates of birth and passwords stored as bcrypt hashes. The data was provided to HIBP...

1,304,447 accounts affectedOccurred 2020
Saturday, August 7, 2021
BreachHave I Been PwnedAugust 7, 2021

MMG Fusion

In December 2020, the dental practice management service MMG Fusion was the victim of a data breach which exposed 2.6M unique email addresses. The data also included patient appointments, names, phone numbers, dates of birth, genders and physical addresses. A...

2,660,295 accounts affectedOccurred 2020
Friday, June 25, 2021
BreachHave I Been PwnedJune 25, 2021

Teespring

In April 2020, the custom printed apparel website Teespring suffered a data breach that exposed 8.2 million customer records . The data included email addresses, names, geographic locations and social media IDs.

8,234,193 accounts affectedOccurred 2020
BreachHave I Been PwnedJune 25, 2021

yotepresto.com

In June 2020, the Mexican lending platform yotepresto.com suffered a data breach . Over 1.4 million customers were impacted by the breach which disclosed email and IP addresses, usernames and passwords stored as bcrypt hashes. The data was provided to HIBP by...

1,444,629 accounts affectedOccurred 2020
Sunday, June 20, 2021
BreachHave I Been PwnedJune 20, 2021

University of California

In December 2020, the University of California suffered a data breach due to vulnerability in in a third-party provider, Accellion . The breach exposed extensive personal data on both students and staff including 547 thousand unique email addresses, names,...

547,422 accounts affectedOccurred 2020
Wednesday, June 9, 2021
BreachHave I Been PwnedJune 9, 2021

Nameless Malware

In January 2021, NordLocker provided HIBP 1.1 million email addresses collected by nameless malware . The malware campaign ran between 2018 and 2020 and infected 3.25 million computers, stealing files, credentials and taking screenshots and photos using the...

1,121,484 accounts affectedOccurred 2020
Sunday, May 23, 2021
BreachHave I Been PwnedMay 23, 2021

MobiFriends

In January 2020, the Barcelona-based dating app MobiFriends suffered a data breach that exposed 3.5 million unique email addresses. The data also included usernames, genders, dates of birth and MD5 password hashes.

3,512,952 accounts affectedOccurred 2020
Saturday, May 22, 2021
BreachHave I Been PwnedMay 22, 2021

Livpure

In August 2020, the Indian retailer Livpure suffered a data breach which exposed over 1 million customer purchases with 270 thousand unique email addresses. The data also included names, phone numbers, physical addresses and details of purchased items.

269,552 accounts affectedOccurred 2020
Monday, May 10, 2021
BreachHave I Been PwnedMay 10, 2021

DriveSure

In December 2020, the car dealership service provider DriveSure suffered a data breach . The incident resulted in 26GB of data being downloaded and later shared on a hacking forum. Impacted personal information included 3.6 million unique email addresses,...

3,675,099 accounts affectedOccurred 2020
Tuesday, April 27, 2021
BreachHave I Been PwnedApril 27, 2021

Jefit

In August 2020, the workout tracking app Jefit suffered a data breach . The data was subsequently sold within the hacking community and included over 9 million email and IP addresses, usernames and passwords stored as either vBulletin or argon2 hashes....

9,052,457 accounts affectedOccurred 2020
Monday, April 26, 2021
BreachHave I Been PwnedApril 26, 2021

bigbasket

In October 2020, the Indian grocery platform bigbasket suffered a data breach that exposed over 20 million customer records . The data was originally sold before being leaked publicly in April the following year and included email, IP and physical addresses,...

24,500,011 accounts affectedOccurred 2020
Sunday, April 25, 2021
BreachHave I Been PwnedApril 25, 2021

ShopBack

In September 2020, the cashback reward program ShopBack suffered a data breach . The incident exposed over 20 million unique email addresses along with names, phone numbers, country of residence and passwords stored as salted SHA-1 hashes. The data was...

20,529,819 accounts affectedOccurred 2020
Wednesday, March 10, 2021
BreachHave I Been PwnedMarch 10, 2021

Travel Oklahoma

In December 2020, the Oklahoma state Tourism and Recreation Department suffered a data breach . The incident exposed 637k email addresses across a variety of tables including age ranges against brochure orders and dates of birth against contest entries....

637,279 accounts affectedOccurred 2020
Tuesday, February 23, 2021
BreachHave I Been PwnedFebruary 23, 2021

Filmai.in

In approximately 2019 or 2020, the Lithuanian movie streaming service Filmai.in suffered a data breach exposing 645k email addresses, usernames and plain text passwords.

645,786 accounts affectedOccurred 2020
BreachHave I Been PwnedFebruary 23, 2021

People's Energy

In December 2020, the UK power company People's Energy suffered a data breach . The breach exposed almost 7GB of files containing 359k unique email addresses along with names, phones numbers, physical addresses and dates of birth. The incident also included...

358,822 accounts affectedOccurred 2020
BreachHave I Been PwnedFebruary 23, 2021

NetGalley

In December 2020, the book promotion site NetGalley suffered a data breach . The incident exposed 1.4 million unique email addresses alongside names, usernames, physical and IP addresses, phone numbers, dates of birth and passwords stored as salted SHA-1...

1,436,435 accounts affectedOccurred 2020
Monday, February 1, 2021
BreachHave I Been PwnedFebruary 1, 2021

Pixlr

In October 2020, the online photo editing application Pixlr suffered a data breach exposing 1.9 million subscribers. Impacted data included names, email addresses, social media profiles, the country signed up from and passwords stored as SHA-512 hashes. The...

1,906,808 accounts affectedOccurred 2020
Sunday, January 31, 2021
BreachHave I Been PwnedJanuary 31, 2021

MeetMindful

In early 2020, the online dating service MeetMindful suffered a data breach that exposed 1.4 million unique customer email addresses. Included in the data was an extensive array of personal information used to find romantic matches including physical...

1,422,717 accounts affectedOccurred 2020
BreachHave I Been PwnedJanuary 31, 2021

Bonobos

In August 2020, the clothing store Bonobos suffered a data breach that exposed almost 70GB of data containing 2.8 million unique email addresses. The breach also exposed names, physical and IP addresses, phone numbers, order histories and passwords stored as...

2,811,929 accounts affectedOccurred 2020
Tuesday, January 19, 2021
BreachHave I Been PwnedJanuary 19, 2021

Nitro

In September 2020, the Nitro PDF service suffered a massive data breach which exposed over 70 million unique email addresses . The breach also exposed names, bcrypt password hashes and the titles of converted documents. The data was provided to HIBP by...

77,159,696 accounts affectedOccurred 2020
Sunday, January 10, 2021
BreachHave I Been PwnedJanuary 10, 2021

Glofox

In March 2020, the Irish gym management software company Glofox suffered a data breach which exposed 2.3M membership records . The data included email addresses, names, phone numbers, genders, dates of birth and passwords stored as unsalted MD5 hashes.

2,330,735 accounts affectedOccurred 2020
Friday, January 8, 2021
BreachHave I Been PwnedJanuary 8, 2021

GeniusU

In November 2020, a collection of data breaches were made public including the "Entrepreneur Success Platform", GeniusU . Dating back to the previous month, the data included 1.3M names, email and IP addresses, genders, links to social media profiles and...

1,301,460 accounts affectedOccurred 2020
Sunday, December 20, 2020
BreachHave I Been PwnedDecember 20, 2020

Ledger

In June 2020, the hardware crypto wallet manufacturer Ledger suffered a data breach that exposed over 1 million email addresses . The data was initially sold before being dumped publicly in December 2020 and included names, physical addresses and phone...

1,075,241 accounts affectedOccurred 2020
Thursday, November 19, 2020
BreachHave I Been PwnedNovember 19, 2020

Cit0day

In November 2020, a collection of more than 23,000 allegedly breached websites known as Cit0day were made available for download on several hacking forums . The data consisted of 226M unique email address alongside password pairs, often represented as both...

226,883,414 accounts affectedOccurred 2020
Sunday, November 15, 2020
BreachHave I Been PwnedNovember 15, 2020

123RF

In March 2020, the stock photo site 123RF suffered a data breach which impacted over 8 million subscribers and was subsequently sold online. The breach included email, IP and physical addresses, names, phone numbers and passwords stored as MD5 hashes. The...

8,661,578 accounts affectedOccurred 2020
Friday, November 13, 2020
BreachHave I Been PwnedNovember 13, 2020

Home Chef

In early 2020, the food delivery service Home Chef suffered a data breach which was subsequently sold online. The breach exposed the personal information of almost 9 million customers including names, IP addresses, post codes, the last 4 digits of credit card...

8,815,692 accounts affectedOccurred 2020
Thursday, November 12, 2020
BreachHave I Been PwnedNovember 12, 2020

Animal Jam

In October 2020, the online game for kids Animal Jam suffered a data breach which was subsequently shared through online hacking communities the following month. The data contained 46 million user accounts with over 7 million unique email addresses. Impacted...

7,104,998 accounts affectedOccurred 2020
Tuesday, November 10, 2020
BreachHave I Been PwnedNovember 10, 2020

Mashable

In approximately mid-2020, Mashable suffered a data breach that subsequently turned up publicly in November 2020. The data included 1.4 million unique email addresses along with names, genders, expired auth tokens, physical locations, links to social media...

1,414,677 accounts affectedOccurred 2020
BreachHave I Been PwnedNovember 10, 2020

Lazada RedMart

In October 2020, news broke of Lazada RedMart data breach containing records as recent as July 2020 and being sold via an online marketplace. In all, the data contained 1.1 million customer email addresses alongside names, phone numbers, physical addresses,...

1,107,789 accounts affectedOccurred 2020
Thursday, November 5, 2020
BreachHave I Been PwnedNovember 5, 2020

James

In June 2020, 14 previously undisclosed data breaches appeared for sale including the Brazilian delivery service, "James". The breach occurred in March 2020 and exposed 1.5M unique email addresses, customer locations expressed in longitude and latitude and...

1,541,284 accounts affectedOccurred 2020
Wednesday, November 4, 2020
BreachHave I Been PwnedNovember 4, 2020

Wongnai

In October 2020, 17 previously undisclosed data breaches appeared for sale including the Thai restaurant, hotel and attraction finding service, Wongnai. The breach exposed almost 4M unique customer records from some time during 2020 along with names, phone...

3,924,454 accounts affectedOccurred 2020
Tuesday, November 3, 2020
BreachHave I Been PwnedNovember 3, 2020

Minted

In May 2020, the online marketplace for independent artists Minted suffered a data breach that exposed 4.4M unique customer records subsequently sold on a dark web marketplace. Exposed data also included names, physical addresses, phone numbers and passwords...

4,418,182 accounts affectedOccurred 2020
Tuesday, October 6, 2020
BreachHave I Been PwnedOctober 6, 2020

Chowbus

In October 2020, the Asian food delivery app Chowbus suffered a data breach which led to over 800,000 records being emailed to customers . The email contained a link to a CSV file with customer data including physical addresses, names, phone numbers and over...

444,224 accounts affectedOccurred 2020
Monday, October 5, 2020
BreachHave I Been PwnedOctober 5, 2020

WiziShop

In July 2020, the French e-commerce platform WiziShop suffered a data breach. The breach exposed 18GB worth of data including names, phone numbers, dates of birth, physical and IP addresses, SHA-1 password hashes and almost 3 million unique email addresses.

2,856,769 accounts affectedOccurred 2020
Tuesday, September 1, 2020
BreachHave I Been PwnedSeptember 1, 2020

Experian (South Africa)

In August 2020, Experian South Africa suffered a data breach which exposed the personal information of tens of millions of individuals. Only 1.3M of the records contained email addresses, whilst most contained government issued identity numbers, names,...

1,284,637 accounts affectedOccurred 2020
Saturday, August 22, 2020
BreachHave I Been PwnedAugust 22, 2020

LiveAuctioneers

In June 2020, the online antiques marketplace LiveAuctioneers suffered a data breach which was subsequently sold online then extensively redistributed in the hacking community. The data contained 3.4 million records including names, email and IP addresses,...

3,385,862 accounts affectedOccurred 2020
Wednesday, August 19, 2020
BreachHave I Been PwnedAugust 19, 2020

Unico Campania

In August 2020, the Neapolitan public transport website Unico Campania was hacked and the data extensively circulated . The breach contained 166k user records with email addresses and plain text passwords.

166,031 accounts affectedOccurred 2020
BreachHave I Been PwnedAugust 19, 2020

Utah Gun Exchange

In July 2020, the Utah Gun Exchange website suffered a data breach which included several other associated websites. In total, 235k unique email addresses were exposed before being traded online alongside names, usernames, genders, IP addresses and password...

235,233 accounts affectedOccurred 2020
Tuesday, August 18, 2020
BreachHave I Been PwnedAugust 18, 2020

Catho

In approximately March 2020, the Brazilian recruitment website Catho was compromised and subsequently appeared alongside 20 other breached websites listed for sale on a dark web marketplace. The breach included almost 11 million records with 1.2 million...

1,173,012 accounts affectedOccurred 2020
Friday, August 7, 2020
BreachHave I Been PwnedAugust 7, 2020

Zoosk (2020)

In January 2020, the online dating service Zoosk suffered a data breach which was subsequently shared extensively across online hacking communities. The breach contained 24 million unique email addresses alongside extensive personal information including...

23,927,853 accounts affectedOccurred 2020
Thursday, August 6, 2020
BreachHave I Been PwnedAugust 6, 2020

ProctorU

In June 2020, the online exam service ProctorU suffered a data breach which was subsequently shared extensively across online hacking communities. The breach contained 444k user records including names, email and physical addresses, phones numbers and...

444,453 accounts affectedOccurred 2020
Monday, August 3, 2020
BreachHave I Been PwnedAugust 3, 2020

Kreditplus

In June 2020, the Indonesian credit service Kreditplus suffered a data breach which exposed 896k records containing 769k unique email addresses. The breach exposed extensive personal information including names, family makeup, information on spouses, income...

768,890 accounts affectedOccurred 2020
Sunday, August 2, 2020
BreachHave I Been PwnedAugust 2, 2020

TrueFire

In February 2020, the guitar tuition website TrueFire suffered a data breach which impacted 600k members. The breach exposed extensive personal information including names, email and physical addresses, account balances and unsalted MD5 password hashes. The...

599,667 accounts affectedOccurred 2020
BreachHave I Been PwnedAugust 2, 2020

집꾸미기

In March 2020, the Korean interior decoration website ???? (Decorating the House) suffered a data breach which impacted almost 1.3 million members. Served via the URL ggumim.co.kr , the exposed data included email addresses, names, usernames and phone...

1,298,651 accounts affectedOccurred 2020
Saturday, August 1, 2020
BreachHave I Been PwnedAugust 1, 2020

Vakinha

In June 2020, the Brazilian fund raising service Vakinha suffered a data breach which impacted almost 4.8 million members. The exposed data included email addresses, names, phone numbers, geographic locations and passwords stored as bcrypt hashes, all of...

4,775,203 accounts affectedOccurred 2020
BreachHave I Been PwnedAugust 1, 2020

Havenly

In June 2020, the interior design website Havenly suffered a data breach which impacted almost 1.4 million members of the service. The exposed data included email addresses, names, phone numbers, geographic locations and passwords stored as SHA-1 hashes, all...

1,369,180 accounts affectedOccurred 2020
Friday, July 31, 2020
BreachHave I Been PwnedJuly 31, 2020

Swvl

In June 2020, the Egyptian bus operator Swvl suffered a data breach which impacted over 4 million members of the service. The exposed data included names, email addresses, phone numbers, profile photos, partial credit card data (type and last 4 digits) and...

4,195,918 accounts affectedOccurred 2020
Thursday, July 30, 2020
BreachHave I Been PwnedJuly 30, 2020

Appen

In June 2020, the AI training data company Appen suffered a data breach exposing the details of almost 5.9 million users which were subsequently sold online. Included in the breach were names, email addresses and passwords stored as bcrypt hashes. Some...

5,888,405 accounts affectedOccurred 2020
BreachHave I Been PwnedJuly 30, 2020

Scentbird

In June 2020, the online fragrance service Scentbird suffered a data breach that exposed the personal information of over 5.8 million customers. Personal information including names, email addresses, genders, dates of birth, passwords stored as bcrypt hashes...

5,814,988 accounts affectedOccurred 2020
Wednesday, July 29, 2020
BreachHave I Been PwnedJuly 29, 2020

Chatbooks

In March 2020, the photo print service Chatbooks suffered a data breach which was subsequently put up for sale on a dark web marketplace. The breach contained 15 million user records with 2.5 million unique email addresses alongside names, phone numbers,...

2,520,441 accounts affectedOccurred 2020
BreachHave I Been PwnedJuly 29, 2020

Dunzo

In approximately June 2019, the Indian delivery service Dunzo suffered a data breach . Exposing 3.5 million unique email addresses, the Dunzo breach also included names, phone numbers and IP addresses which were all broadly distributed online via a hacking...

3,465,259 accounts affectedOccurred 2020
Tuesday, July 28, 2020
BreachHave I Been PwnedJuly 28, 2020

Drizly

In approximately July 2020, the US-based online alcohol delivery service Drizly suffered a data breach . The data was sold online before being extensively redistributed and contained 2.5 million unique email addresses alongside names, physical and IP...

2,479,044 accounts affectedOccurred 2020
Monday, July 27, 2020
BreachHave I Been PwnedJuly 27, 2020

Dave

In June 2020, the digital banking app Dave suffered a data breach which exposed 7.5 million rows of data and subsequently appeared for public download on a hacking forum. The breach exposed extensive personal information including almost 3 million unique...

2,964,182 accounts affectedOccurred 2020
Sunday, July 26, 2020
BreachHave I Been PwnedJuly 26, 2020

Promo

In July 2020, the self-proclaimed "World's #1 Marketing Video Maker" Promo suffered a data breach which was then shared extensively on a hacking forum. The incident exposed 22 million records containing almost 15 million unique email addresses alongside IP...

14,610,585 accounts affectedOccurred 2020
Sunday, July 19, 2020
BreachHave I Been PwnedJuly 19, 2020

Wattpad

In June 2020, the user-generated stories website Wattpad suffered a huge data breach that exposed almost 270 million records . The data was initially sold then published on a public hacking forum where it was broadly shared. The incident exposed extensive...

268,765,495 accounts affectedOccurred 2020
Friday, June 5, 2020
BreachHave I Been PwnedJune 5, 2020

Mathway

In January 2020, the math solving website Mathway suffered a data breach that exposed over 25M records . The data was subsequently sold on a dark web marketplace and included names, Google and Facebook IDs, email addresses and salted password hashes.

25,692,862 accounts affectedOccurred 2020
Wednesday, June 3, 2020
BreachHave I Been PwnedJune 3, 2020

Lead Hunter

In March 2020, a massive trove of personal information referred to as "Lead Hunter" was provided to HIBP after being found left exposed on a publicly facing Elasticsearch server. The data contained 69 million unique email addresses across 110 million rows of...

68,693,853 accounts affectedOccurred 2020
Thursday, May 28, 2020
BreachHave I Been PwnedMay 28, 2020

Wishbone (2020)

In January 2020, the mobile app to "compare anything" Wishbone suffered another data breach which followed their breach from 2016. An extensive amount of personal information including almost 10M unique email addresses alongside names, phone numbers...

9,705,172 accounts affectedOccurred 2020
Sunday, May 24, 2020
BreachHave I Been PwnedMay 24, 2020

Nulled.ch

In May 2020, the hacking forum Nulled.ch was breached and the data published to a rival hacking forum. Over 43k records were compromised and included IP and email addresses, usernames and passwords stored as salted MD5 hashes alongside the private message...

43,491 accounts affectedOccurred 2020
Friday, May 15, 2020
BreachHave I Been PwnedMay 15, 2020

Covve

In February 2020, a massive trove of personal information referred to as "db8151dd" was provided to HIBP after being found left exposed on a publicly facing Elasticsearch server. Later identified as originating from the Covve contacts app, the exposed data...

22,802,117 accounts affectedOccurred 2020
Friday, May 8, 2020
BreachHave I Been PwnedMay 8, 2020

Ulmon

In January 2020, the travel app creator Ulmon suffered a data breach . The service had almost 1.3M records with 777k unique email addresses, names, passwords stored as bcrypt hashes and in some cases, social media profile IDs, telephone numbers and bios. The...

777,769 accounts affectedOccurred 2020
Saturday, May 2, 2020
BreachHave I Been PwnedMay 2, 2020

Tokopedia

In April 2020, Indonesia's largest online store Tokopedia suffered a data breach . The incident resulted in 15M rows of data being posted to a popular hacking forum. An additional 76M rows were later provided to HIBP in July 2020. In total, the data included...

71,443,698 accounts affectedOccurred 2020
Wednesday, April 22, 2020
BreachHave I Been PwnedApril 22, 2020

Vianet

In April 2020, the Nepalese internet service provider Vianet suffered a data breach . The attack on the ISP led to the exposure of 177k customer records including 94k unique email addresses. Also exposed were names, phone numbers and physical addresses.

94,353 accounts affectedOccurred 2020
Sunday, April 19, 2020
BreachHave I Been PwnedApril 19, 2020

Aptoide

In April 2020, the independent Android app store Aptoide suffered a data breach . The incident resulted in the exposure of 20M customer records which were subsequently shared online via a popular hacking forum. Impacted data included email and IP addresses,...

20,012,235 accounts affectedOccurred 2020
Monday, April 6, 2020
BreachHave I Been PwnedApril 6, 2020

HTC Mania

In January 2020, the Spanish mobile phone forum HTC Mania suffered a data breach of the vBulletin based site. The incident exposed 1.5M member email addresses, usernames, IP addresses, dates of birth and salted MD5 password hashes and password histories. Data...

1,488,089 accounts affectedOccurred 2020
Saturday, April 4, 2020
BreachHave I Been PwnedApril 4, 2020

OGUsers (2020 breach)

In April 2020, the account hijacking and SIM swapping forum OGUsers suffered their second data breach in less than a year . As with the previous breach, the exposed data included email and IP addresses, usernames, private messages and passwords stored as...

263,189 accounts affectedOccurred 2020
Tuesday, March 24, 2020
BreachHave I Been PwnedMarch 24, 2020

Tamodo

In February 2020, the affiliate marketing network Tamodo suffered a data breach which was subsequently shared on a popular hacking forum. The incident exposed almost 500k accounts including names, email addresses, dates of birth and passwords stored as bcrypt...

494,945 accounts affectedOccurred 2020
Monday, March 9, 2020
BreachHave I Been PwnedMarch 9, 2020

AnimeGame

In February 2020, the gaming website AnimeGame suffered a data breach. The incident affected 1.4M subscribers and exposed email addresses, usernames and passwords stored as salted MD5 hashes. The data was subsequently shared on a popular hacking forum and was...

1,431,378 accounts affectedOccurred 2020
Thursday, February 27, 2020
BreachHave I Been PwnedFebruary 27, 2020

Straffic

In February 2020, Israeli marketing company Straffic exposed a database with 140GB of personal data . The publicly accessible Elasticsearch database contained over 300M rows with 49M unique email addresses. Exposed data also included names, phone numbers,...

48,580,249 accounts affectedOccurred 2020
Saturday, February 22, 2020
BreachHave I Been PwnedFebruary 22, 2020

Slickwraps

In February 2020, the online store for consumer electronics wraps Slickwraps suffered a data breach . The incident resulted in the exposure of 858k unique email addresses across customer records and newsletter subscribers. Additional impacted data included...

857,611 accounts affectedOccurred 2020