Data breaches in 2022

61 tracked incidents from 2022

Wednesday, December 24, 2025

BreachHave I Been PwnedDecember 24, 2025

Медицинская лаборатория Гемотест (Gemotest)

In April 2022, Russian pharmaceutical company Gemotest suffered a data breach that exposed 31 million patients . The data contained 6.3 million unique email addresses along with names, physical addresses, dates of birth, passport and insurance numbers....

6,341,495 accounts affectedOccurred 2022

Thursday, November 20, 2025

BreachHave I Been PwnedNovember 20, 2025

Vultr

In March 2023, the "AI-first global cloud platform" Vultr disclosed a security incident at a third-party vendor . Dating back to the previous year, the incident was attributed to the ActiveCampaign email marketing service provider and resulted in the exposure...

187,872 accounts affectedOccurred 2022

Friday, October 3, 2025

BreachHave I Been PwnedOctober 3, 2025

Latest Pilot Jobs

In August 2022, the Latest Pilot Jobs website suffered a data breach that later appeared on a popular hacking forum before being redistributed as part of a larger corpus of data . The data included 119k unique email addresses along with names, usernames and...

118,864 accounts affectedOccurred 2022

Tuesday, June 10, 2025

BreachHave I Been PwnedJune 10, 2025

WiredBucks

In May 2022, the now defunct social media influencer platform WiredBucks suffered a data breach that was later redistributed as part of a larger corpus of data . The incident exposed over 900k email and IP addresses alongside names, usernames, earnings via...

918,529 accounts affectedOccurred 2022

Saturday, June 7, 2025

BreachHave I Been PwnedJune 7, 2025

Disk Union

In June 2022, the Japanese record chain store Disk Union suffered a data breach . The incident exposed 690k unique email addresses along with names, post codes, phone numbers and plain text passwords.

690,667 accounts affectedOccurred 2022

Monday, February 10, 2025

BreachHave I Been PwnedFebruary 10, 2025

Adopt Me Trading Values

In July 2022, the Adopt Me Trading Values website for assessing the value of pet trades within the "Adopt Me!" Roblox game suffered a data breach that was later redistributed as part of a larger corpus of data . The breach exposed 86k unique email addresses...

86,136 accounts affectedOccurred 2022

Tuesday, November 5, 2024

BreachHave I Been PwnedNovember 5, 2024

Altenen

In June 2022, the malicious "carding" (referring to credit card fraud) website Altenen suffered a data breach that was later redistributed as part of a larger corpus of data . The data included 1.3M unique email addresses, usernames, bcrypt password hashes...

1,267,701 accounts affectedOccurred 2022

Wednesday, October 30, 2024

BreachHave I Been PwnedOctober 30, 2024

TNAFlix

In June 2022, the adult website TNAFlix suffered a data breach that was later redistributed as part of a larger corpus of data . The data included 1.4M records of email and IP addresses, usernames and plain text passwords.

1,374,344 accounts affectedOccurred 2022

Sunday, August 25, 2024

BreachHave I Been PwnedAugust 25, 2024

Traderie

In September 2022, the in-game trading marketplace Traderie suffered a data breach that exposed almost 400k records (this preceded a subsequent breach the following year). The incident exposed email and IP addresses, usernames and links to social media...

364,898 accounts affectedOccurred 2022

Thursday, July 25, 2024

BreachHave I Been PwnedJuly 25, 2024

Explore Talent (July 2024)

In July 2024, a data breach attributed to Explore Talent was publicly posted to a popular hacking forum . Containing 5.7M rows with 5.4M unique email addresses, the incident has been described by various sources as occurring between early 2022 to 2023 and...

5,371,574 accounts affectedOccurred 2022

Sunday, March 31, 2024

BreachHave I Been PwnedMarch 31, 2024

Washington State Food Worker Card

In June 2023, the Tacoma-Pierce County Health Department announced a data breach of their Washington State Food Worker Card online training system . The breach was published to a popular hacking forum the year before and dated back to a 2018 database backup....

1,594,305 accounts affectedOccurred 2022

Thursday, March 28, 2024

BreachHave I Been PwnedMarch 28, 2024

Exvagos

In July 2022, the direct download website Exvagos suffered a data breach that was later redistributed as part of a larger corpus of data . The breach exposed 2.1M unique email addresses along with IP addresses, usernames, dates of birth and MD5 password...

2,121,789 accounts affectedOccurred 2022

Wednesday, March 13, 2024

BreachHave I Been PwnedMarch 13, 2024

ClickASnap

In September 2022, the online photo sharing platform ClickASnap suffered a data breach . The incident exposed almost 3.3M personal records including email addresses, usernames and passwords stored as SHA-512 hashes. Further, a collection of paid subscriptions...

3,262,980 accounts affectedOccurred 2022

Tuesday, March 12, 2024

BreachHave I Been PwnedMarch 12, 2024

Misattributed Flipkart Data

In September 2022, over 500k customer records alleged to have been sourced from the Indian e-commerce service Flipkart appeared on a popular hacking forum . Flipkart subsequently reviewed the data and concluded there was minimal overlap with their subscriber...

552,094 accounts affectedOccurred 2022

Saturday, March 9, 2024

BreachHave I Been PwnedMarch 9, 2024

APK.TW

In September 2022, the Taiwanese Android forum APK.TW suffered a data breach that was later redistributed as part of a larger corpus of data . The breach exposed 2.5M unique email addresses along with IP addresses, usernames and salted MD5 password hashes.

2,451,197 accounts affectedOccurred 2022

Thursday, March 7, 2024

BreachHave I Been PwnedMarch 7, 2024

Online Trade (Онлайн Трейд)

In September 2022, the Russian e-commerce website Online Trade (Онлайн Трейд) suffered a data breach that exposed 3.8M customer records. The data included email and IP addresses, names, phone numbers, dates of birth and MD5 password hashes.

3,805,265 accounts affectedOccurred 2022

Saturday, January 27, 2024

BreachHave I Been PwnedJanuary 27, 2024

MyPertamina

In November 2022, the Indonesian oil and gas company Pertamina suffered a data breach of their MyPertamina service . The incident exposed 44M records with 6M unique email addresses along with names, dates of birth, genders, physical addresses and purchases.

5,970,416 accounts affectedOccurred 2022

Friday, December 8, 2023

BreachHave I Been PwnedDecember 8, 2023

Movie Forums

In December 2022, the Movie Forums website suffered a data breach that affected 40k users. The breach exposed email and IP addresses, usernames, dates of birth and passwords stored as easily crackable salted MD5 hashes. The data was subsequently posted a...

39,914 accounts affectedOccurred 2022

Tuesday, December 5, 2023

BreachHave I Been PwnedDecember 5, 2023

RailYatri

In December 2022, India’s government-approved online travel agency RailYatri suffered a data breach . The incident impacted over 31M customers and exposed 23M unique email addresses. Also impacted were names, genders, phone numbers and tickets purchased,...

23,209,732 accounts affectedOccurred 2022

Tuesday, November 14, 2023

BreachHave I Been PwnedNovember 14, 2023

Avito

In November 2022, the Moroccan e-commerce service Avito suffered a data breach that exposed the personal information of 2.7M customers . The data included name, email, phone, IP address and geographic location.

2,721,835 accounts affectedOccurred 2022

Sunday, October 29, 2023

BreachHave I Been PwnedOctober 29, 2023

MemeChat

In mid-2022, "the ultimate hub of memes" MemeChat suffered a data breach that exposed 7.4M records . Alleged to be due to a misconfigured Elasticsearch instance, the data contained 4.3M unique email addresses alongside usernames.

4,348,570 accounts affectedOccurred 2022

Sunday, October 8, 2023

BreachHave I Been PwnedOctober 8, 2023

PaySystem.tech

In mid-2022, data alleged to have been sourced from the Russian payment provider PaySystem.tech appeared in hacking circles where it was made publicly available for download . Consisting of 16M rows with 1.4M unique email addresses, the data also included...

1,410,764 accounts affectedOccurred 2022

Thursday, October 5, 2023

BreachHave I Been PwnedOctober 5, 2023

Hjedd

In July 2022, the Chinese adult website Hjedd was found to be leaking more than 13M customer records which subsequently appeared on a popular hacking forum . The exposed data included email and IP addresses, usernames and passwords stored as bcrypt hashes.

13,204,029 accounts affectedOccurred 2022

Tuesday, October 3, 2023

BreachHave I Been PwnedOctober 3, 2023

Activision

In December 2022, attackers socially engineered an Activision HR employee into disclosing information which led to the breach of almost 20k employee records . The data contained 16k unique email addresses along with names, phone numbers, job titles and the...

16,006 accounts affectedOccurred 2022

Monday, September 11, 2023

BreachHave I Been PwnedSeptember 11, 2023

Viva Air

In March 2022, the now defunct Colombian airline Viva Air suffered a data breach and subsequent ransomware attack . Among a trove of other ransomed data, the incident exposed a log of 2.6M transactions with 932k unique email addresses, physical and IP...

932,232 accounts affectedOccurred 2022

Thursday, August 24, 2023

BreachHave I Been PwnedAugust 24, 2023

SevenRooms

In December 2022, over 400GB of data belonging to restaurant customer management platform SevenRooms was posted for sale to a popular hacking forum . The data included 1.2M unique email addresses alongside names and purchases. SevenRooms advised that the...

1,205,385 accounts affectedOccurred 2022

Thursday, August 17, 2023

BreachHave I Been PwnedAugust 17, 2023

iMenu360

In approximately late 2022, 3.4M customer records from iMenu360 ("The world's #1 most trusted online ordering platform") were exposed. The data appeared to be from ordering systems using the platform and contained email and physical addresses, latitudes and...

3,425,860 accounts affectedOccurred 2022

Tuesday, August 8, 2023

BreachHave I Been PwnedAugust 8, 2023

CraftRise

In May 2023, news broke of a data breach of the Turkish Minecraft server known as CraftRise . The data of over 2.5M users was subsequently shared on a popular hacking forum and included email addresses, usernames, geographic locations and plain text...

2,532,527 accounts affectedOccurred 2022

Wednesday, July 26, 2023

BreachHave I Been PwnedJuly 26, 2023

BreachForums

In November 2022, the well-known hacking forum "BreachForums" was itself, breached. Later the following year, the operator of the website was arrested and the site seized by law enforcement agencies . The breach exposed 212k records including usernames, IP...

212,156 accounts affectedOccurred 2022

Monday, July 10, 2023

BreachHave I Been PwnedJuly 10, 2023

Locally

In October 2022, "The Industry's Leading Online-to-Offline Shopping Solution" Locally suffered a data breach . Whilst Locally acknowledged the breach privately, it's unknown whether impacted customers were subsequently notified of the incident which exposed...

362,619 accounts affectedOccurred 2022

Friday, April 14, 2023

BreachHave I Been PwnedApril 14, 2023

OGUsers (2022 breach)

In July 2022, the account hijacking and SIM swapping forum OGusers suffered a data breach, the fifth since December 2018. The breach contained usernames, email and IP addresses and passwords stored as argon2 hashes. A total of 529k unique email addresses...

529,020 accounts affectedOccurred 2022

Friday, March 31, 2023

BreachHave I Been PwnedMarch 31, 2023

Sundry Files

In January 2022, the now defunct file upload service Sundry Files suffered a data breach that exposed 274k unique email addresses. The data also included usernames, IP addresses and passwords stored as salted SHA-256 hashes.

274,461 accounts affectedOccurred 2022

BreachHave I Been PwnedMarch 31, 2023

Leaked Reality

In January 2022, the now defunct uncensored video website Leaked Reality suffered a data breach that exposed 115k unique email addresses. The data also included usernames, IP addresses and passwords stored as either MD5 or phpass hashes.

114,907 accounts affectedOccurred 2022

Thursday, March 2, 2023

BreachHave I Been PwnedMarch 2, 2023

GunAuction.com

In December 2022, the online firearms auction website GunAuction.com suffered a data breach which was later discovered left unprotected on the hacker's server . The data included over 565k user records with extensive personal data including email, IP and...

565,470 accounts affectedOccurred 2022

Sunday, February 19, 2023

BreachHave I Been PwnedFebruary 19, 2023

RealDudesInc

In October 2022, the GTA mod menu provider RealDudesInc suffered a data breach that exposed over 100k email addresses (many of which are temporary guest account addresses). The breach also included usernames and bcrypt password hashes.

101,543 accounts affectedOccurred 2022

Wednesday, February 8, 2023

BreachHave I Been PwnedFebruary 8, 2023

Weee

In February 2023, data belonging to the Asian and Hispanic food delivery service Weee appeared on a popular hacking forum . Dating back to mid-2022, the data included 1.1M unique email addresses from 11M rows of orders containing names, phone numbers and...

1,117,405 accounts affectedOccurred 2022

Saturday, January 7, 2023

BreachHave I Been PwnedJanuary 7, 2023

DoorDash

In August 2022, the food ordering and delivery service DoorDash disclosed a data breach that impacted a portion of their customers . DoorDash attributed the breach to an unnamed "third-party vendor" they stated was the victim of a phishing campaign. The...

367,476 accounts affectedOccurred 2022

Friday, December 16, 2022

BreachHave I Been PwnedDecember 16, 2022

Gemini

In late 2022, a hacker posted a data set to a public hacking forum which they alleged was sourced from the Gemini crypto exchange , a claim that was later proven to be false as the data was traced back to an incident at a third-party vendor . The source of...

5,274,214 accounts affectedOccurred 2022

Monday, December 12, 2022

BreachHave I Been PwnedDecember 12, 2022

CoinTracker

In December 2022, the Crypto & NFT taxes service CoinTracker reported a data breach that impacted over 1.5M of their customers . The company later attributed the breach to a compromise SendGrid in an attack that targeted multiple customers of the email...

1,557,153 accounts affectedOccurred 2022

Wednesday, December 7, 2022

BreachHave I Been PwnedDecember 7, 2022

Abandonia (2022)

In November 2022, the gaming website dedicated to classic DOS games Abandonia suffered a data breach resulting in the exposure of 920k unique user records. This breach was in addition to another one 7 years earlier in 2015. The data contained email and IP...

919,790 accounts affectedOccurred 2022

Tuesday, November 15, 2022

BreachHave I Been PwnedNovember 15, 2022

Get Revenge On Your Ex

In September 2022, the revenge website Get Revenge On Your Ex suffered a data breach that exposed almost 80k unique email addresses. The data spanned both customers and victims including names, IP and physical addresses, phone numbers, purchase histories and...

79,195 accounts affectedOccurred 2022

Tuesday, November 8, 2022

BreachHave I Been PwnedNovember 8, 2022

GGCorp

In August 2022, the MMORPG website GGCorp suffered a data breach that exposed almost 2.4M unique email addresses . The data also included IP addresses, usernames and MD5 password hashes.

2,376,330 accounts affectedOccurred 2022

Monday, October 24, 2022

BreachHave I Been PwnedOctober 24, 2022

Doomworld

In October 2022, the Doomworld fourm suffered a data breach that exposed 34k member records. The data included email and IP addresses, usernames and bcrypt password hashes.

34,478 accounts affectedOccurred 2022

BreachHave I Been PwnedOctober 24, 2022

E-Pal

In October 2022, the service dedicated to finding friends on Discord known as E-Pal disclosed a data breach . The compromised data included over 100k unique email addresses and usernames spanning approximately 1M orders. The data was subsequently distributed...

108,887 accounts affectedOccurred 2022

Thursday, October 6, 2022

BreachHave I Been PwnedOctober 6, 2022

Wakanim

In August 2022, the European streaming service Wakanim suffered a data breach which was subsequently advertised and sold on a popular hacking forum . The breach exposed 6.7M customer records including email, IP and physical addresses, names and usernames.

6,706,951 accounts affectedOccurred 2022

Friday, September 23, 2022

BreachHave I Been PwnedSeptember 23, 2022

TAP Air Portugal

In August 2022, the Portuguese airline TAP Air Portugal was the target of a ransomware attack perpetrated by the Ragnar Locker gang who later leaked the compromised data via a public dark web site. Over 5M unique email addresses were exposed alongside other...

6,083,479 accounts affectedOccurred 2022

Thursday, September 8, 2022

BreachHave I Been PwnedSeptember 8, 2022

Brand New Tube

In August 2022, the streaming website Brand New Tube suffered a data breach that exposed the personal information of almost 350k subscribers . The impacted data included email and IP addresses, usernames, genders, passwords stored as unsalted SHA-1 hashes and...

349,627 accounts affectedOccurred 2022

Tuesday, August 16, 2022

BreachHave I Been PwnedAugust 16, 2022

Shitexpress

In August 2022, the online faeces delivery service Shitexpress suffered a data breach that exposed 24k unique email addresses . The addresses spanned invoices, gift cards, promotions and PayPal records. The breach also exposed the IP and email addresses of...

23,817 accounts affectedOccurred 2022

Saturday, August 13, 2022

BreachHave I Been PwnedAugust 13, 2022

Twitter

In January 2022, a vulnerability in Twitter's platform allowed an attacker to build a database of the email addresses and phone numbers of millions of users of the social platform . In a disclosure notice later shared in August 2022, Twitter advised that the...

6,682,453 accounts affectedOccurred 2022

Friday, August 5, 2022

BreachHave I Been PwnedAugust 5, 2022

QuestionPro

In May 2022, the survey website QuestionPro was the target of an extortion attempt relating to an alleged data breach . Over 100GB of data containing 22M unique email addresses (some of which appear to be generated by the platform), are alleged to have been...

22,229,637 accounts affectedOccurred 2022

Thursday, July 14, 2022

BreachHave I Been PwnedJuly 14, 2022

La Poste Mobile

In July 2022, the French telecommunications company La Poste Mobile was the target of an attack by the LockBit ransomware which resulted in company data being published publicly. The impacted data included 533k unique email addresses along with names,...

533,886 accounts affectedOccurred 2022

Wednesday, July 6, 2022

BreachHave I Been PwnedJuly 6, 2022

Mangatoon

In May 2022, the Hong Kong based Manga service Mangatoon suffered a data breach that exposed 23M subscriber records. The breach exposed names, email addresses, genders, social media account identities, auth tokens from social logins and passwords stored as...

23,040,238 accounts affectedOccurred 2022

Wednesday, May 25, 2022

BreachHave I Been PwnedMay 25, 2022

Amart Furniture

In May 2022, the Australian retailer Amart Furniture advised that their warranty claims database hosted on Amazon Web Services had been the target of a cyber attack . Over 100k records containing email and physical address, names, phone numbers and passwords...

108,940 accounts affectedOccurred 2022

Tuesday, May 24, 2022

BreachHave I Been PwnedMay 24, 2022

Fanpass

In April 2022, the UK based website for buying and selling soccer tickets Fanpass suffered a data breach which exposed 112k customer records. Impacted data includes names, phone numbers, physical addresses, purchase histories and salted password hashes.

112,251 accounts affectedOccurred 2022

Monday, May 16, 2022

BreachHave I Been PwnedMay 16, 2022

BlackBerry Fans

In May 2022, the Chinese BlackBerry enthusiasts website BlackBerry Fans suffered a data breach that exposed 174k member records. The impacted data included usernames, email and IP addresses and passwords stored as salted MD5 hashes.

174,168 accounts affectedOccurred 2022

Monday, May 2, 2022

BreachHave I Been PwnedMay 2, 2022

PayHere

In late March 2022, the Sri Lankan payment gateway PayHere suffered a data breach that exposed more than 65GB of payment records including over 1.5M unique email addresses. The data also included IP and physical addresses, names, phone numbers, purchase...

1,580,249 accounts affectedOccurred 2022

Thursday, March 17, 2022

BreachHave I Been PwnedMarch 17, 2022

CDEK

In early 2022, a collective known as IT Army whose stated goal is to "completely de-anonymise most Russian users by leaking hundreds of gigabytes of databases" published over 30GB of data allegedly sourced from Russian courier service CDEK. The data contained...

19,218,203 accounts affectedOccurred 2022

Thursday, March 3, 2022

BreachHave I Been PwnedMarch 3, 2022

MacGeneration

In January 2022, the French Apple news website MacGeneration suffered a data breach . The incident exposed over 100k usernames, email addresses and passwords stored as salted SHA-512 hashes. After discovering the incident, MacGeneration self-submitted data to...

101,004 accounts affectedOccurred 2022

Wednesday, March 2, 2022

BreachHave I Been PwnedMarch 2, 2022

NVIDIA

In February 2022, microchip company NVIDIA suffered a data breach that exposed employee credentials and proprietary code . Impacted data included over 70k employee email addresses and NTLM password hashes, many of which were subsequently cracked and...

71,335 accounts affectedOccurred 2022

Tuesday, February 15, 2022

BreachHave I Been PwnedFebruary 15, 2022

GiveSendGo

In February 2022, the Christian fundraising service GiveSendGo suffered a data breach which exposed the personal data of 90k donors to the Canadian "Freedom Convoy" protest against vaccine mandates . The breach exposed names, email addresses, post codes,...

89,966 accounts affectedOccurred 2022

Saturday, January 8, 2022

BreachHave I Been PwnedJanuary 8, 2022

Doxbin

In January 2022, the "doxing" website designed to disclose the personal information of targeted individuals ("doxes") Doxbin suffered a data breach . The breach was subsequently leaked online and included over 370k unique email addresses across user accounts...

370,794 accounts affectedOccurred 2022