Recent Data Leaks
Live
← Back to timeline

Data breaches in 2024

85 tracked incidents from 2024

Thursday, September 25, 2025
BreachHave I Been PwnedSeptember 25, 2025

Cultura

In September 2024, French retailer Cultura was the victim of a cyber attack they attributed to an external IT service provider . The resultant data breach included almost 1.5M unique email addresses along with names, phone numbers, physical addresses and...

1,462,025 accounts affectedOccurred 2024
Wednesday, June 25, 2025
BreachHave I Been PwnedJune 25, 2025

Robinsons Malls

In June 2024, the Philippines' largest shopping-mall operators Robinsons Malls suffered a data breach stemming from their mobile app . The incident exposed 195k unique email addresses along with names, phone numbers, dates of birth, genders and the user's...

195,597 accounts affectedOccurred 2024
Tuesday, May 27, 2025
BreachHave I Been PwnedMay 27, 2025

Free

In October 2024, French ISP "Free" suffered a data breach which was subsequently posted for sale and later, leaked publicly. The data included 14M unique email addresses along with names, physical addresses, phone numbers, genders, dates of birth and for many...

13,926,173 accounts affectedOccurred 2024
Tuesday, April 8, 2025
BreachHave I Been PwnedApril 8, 2025

Boulanger

In September 2024, French electronics retailer Boulanger suffered a data breach that exposed over 27M rows of data . The data included 2M unique email addresses along with names, physical addresses, phone numbers and latitude and longitude. The data was later...

2,077,078 accounts affectedOccurred 2024
Wednesday, March 19, 2025
BreachHave I Been PwnedMarch 19, 2025

SpyX

In June 2024, spyware maker SpyX suffered a data breach that exposed almost 2M unique email addresses . The breach also exposed IP addresses, countries of residence, device information and 6-digit PINs in the password field. Further, a collection of iCloud...

1,977,011 accounts affectedOccurred 2024
Sunday, March 2, 2025
BreachHave I Been PwnedMarch 2, 2025

Flat Earth Sun, Moon and Zodiac App

In October 2024, the flat earth sun, moon and zodiac app created by Flat Earth Dave was found to be leaking extensive personal information of its users . The data included 33k unique email addresses along with usernames, latitudes and longitudes (their...

33,294 accounts affectedOccurred 2024
Thursday, February 27, 2025
BreachHave I Been PwnedFebruary 27, 2025

Spyzie

In February 2025, the spyware service Spyzie suffered a data breach along with sibling spyware services, Spyic and Cocospy . The Spyzie breach alone exposed almost 519k customer email addresses which were provided to HIBP, and reportedly also enabled...

518,643 accounts affectedOccurred 2024
Thursday, February 13, 2025
BreachHave I Been PwnedFebruary 13, 2025

Doxbin (TOoDA)

In February 2025, the "doxing" website Doxbin was compromised by a group calling themselves "TOoDA" and the data dumped publicly . Included in the breach were 336k unique email addresses alongside usernames.

136,461 accounts affectedOccurred 2024
Wednesday, February 12, 2025
BreachHave I Been PwnedFebruary 12, 2025

Zacks (2024)

In June 2024, the investment research company Zacks was allegedly breached, and data was later published to a popular hacking forum . This comes after a separate Zacks data breach confirmed by the organisation in 2023 with the subsequent breach disclosing...

11,994,223 accounts affectedOccurred 2024
Tuesday, February 4, 2025
BreachHave I Been PwnedFebruary 4, 2025

PoinCampus

In November 2024, the South Korean education platform PoinCampus suffered a data breach which was later published to a popular hacking forum . The data included 89k unique email addresses, names and a small number of phone numbers and dates of birth.

89,116 accounts affectedOccurred 2024
Monday, February 3, 2025
BreachHave I Been PwnedFebruary 3, 2025

1win

In November 2024, the online betting platform 1win suffered a data breach that exposed 96M users . The exposed data included email and IP addresses, phone numbers, dates of birth, country and SHA-256 password hashes.

96,166,543 accounts affectedOccurred 2024
Thursday, January 30, 2025
BreachHave I Been PwnedJanuary 30, 2025

Speedio

In December 2024, data alleged to have been taken from the Brazilian lead generation platform Speedio was posted for sale to a popular hacking forum . The data was allegedly obtained from an unsecured Elasticsearch instance and contained over 62M records of...

27,501,041 accounts affectedOccurred 2024
Saturday, January 18, 2025
BreachHave I Been PwnedJanuary 18, 2025

Otelier

In July 2024, a threat actor gained access to the hotel management platform Otelier and retrieved customer data from well-known hotel brands including Marriott, Hilton, and Hyatt . The data included 437k customer email addresses (a further 868k generated...

436,855 accounts affectedOccurred 2024
Friday, January 17, 2025
BreachHave I Been PwnedJanuary 17, 2025

MSI

In July 2024, MSI inadvertently exposed hundreds of thousands of customer records related to RMA claims that were subsequently found to be publicly accessible . The data included 250k unique email addresses alongside names, phone numbers, physical addresses...

249,990 accounts affectedOccurred 2024
Sunday, January 12, 2025
BreachHave I Been PwnedJanuary 12, 2025

SuperDraft

In October 2024, the fantasy sports platform SuperDraft suffered a data breach that exposed over 300k customer records. The breach contained 24GB of data including email addresses, usernames, purchases, latitudes and longitudes, dates of birth and bcrypt...

300,187 accounts affectedOccurred 2024
Friday, December 20, 2024
BreachHave I Been PwnedDecember 20, 2024

French Citizens

In September 2024, over 90M rows of data on French Citizens was found left exposed in a publicly facing database . Compiled from various data breaches, the corpus contained 28M unique email addresses with the various source breaches each exposing different...

28,445,106 accounts affectedOccurred 2024
Thursday, December 19, 2024
BreachHave I Been PwnedDecember 19, 2024

Young Living Essential Oils

In December 2024, data claimed to be breached from the multi-level marketing company Young Living Essential Oils was posted to a popular hacking forum . The data contained 1.1M unique email addresses alongside names, the country of the account and in many...

1,128,951 accounts affectedOccurred 2024
BreachHave I Been PwnedDecember 19, 2024

schenkYOU

In September 2024, data from the online German gift store schenkYOU was put up for sale on a popular hacking forum . Obtained the month before, the data included 237k unique email addresses alongside names, dates of birth and salted SHA-256 password hashes....

237,349 accounts affectedOccurred 2024
BreachHave I Been PwnedDecember 19, 2024

BitView

In December 2024, the video sharing Community BitView suffered a data breach that exposed 63k customer records . Attributed to a backup taken by a previous administrator earlier in the year, the breach exposed email and IP addresses, bcrypt password hashes,...

63,127 accounts affectedOccurred 2024
Sunday, December 15, 2024
BreachHave I Been PwnedDecember 15, 2024

MC2 Data

In August 2024, data aggregator MC2 Data left a database publicly accessible without a password which was subsequently discovered by a security researcher . The breach exposed the personal information of 2.1M subscribers to the service which was marketed...

2,122,280 accounts affectedOccurred 2024
Saturday, December 14, 2024
BreachHave I Been PwnedDecember 14, 2024

Yonéma

In November 2024, data from the Senegalese payment platform Yonéma was posted to a popular hacking forum . The data included 36k unique email addresses alongside phone numbers, names and what appears to be encrypted passwords and dates of birth.

35,962 accounts affectedOccurred 2024
BreachHave I Been PwnedDecember 14, 2024

Tibber

In November 2024, the German electricity provider Tibber suffered a data breach that exposed the personal information of 50k customers . The data included names, email addresses, geographic locations (city and postcode) and total spend on purchases.

50,002 accounts affectedOccurred 2024
Monday, December 9, 2024
BreachHave I Been PwnedDecember 9, 2024

Senior Dating

In 2024, the 40+ dating website Senior Dating suffered a data breach . Attributed to an exposed Firebase database, the breach included extensive personal information on 766k users of the service including email addresses, photos, genders, links to Facebook...

765,517 accounts affectedOccurred 2024
BreachHave I Been PwnedDecember 9, 2024

Ladies.com

In 2024, the lesbian dating website ladies.com suffered a data breach . Attributed to an exposed Firebase database, the breach included extensive personal information on 119k users of the service including email addresses, photos, sexual orientation, genders,...

118,809 accounts affectedOccurred 2024
Friday, November 22, 2024
BreachHave I Been PwnedNovember 22, 2024

The Real World

In November 2024, the online course founded by Andrew Tate known as "The Real World" (previously "Hustler's University" suffered a data breach that exposed almost 325k users of the platform . The impacted data was limited to usernames, email addresses and...

324,382 accounts affectedOccurred 2024
Wednesday, November 20, 2024
BreachHave I Been PwnedNovember 20, 2024

FlipaClip

In November 2024, the animation app FlipaClip suffered a data breach that exposed almost 900k records due to an exposed Firebase server . The impacted data included name, email address, country and date of birth. FlipaClip advised the issue has since been...

892,854 accounts affectedOccurred 2024
Tuesday, November 19, 2024
BreachHave I Been PwnedNovember 19, 2024

Finsure

In October 2024, almost 300k unique email addresses from Australian mortgage broking group Finsure were obtained from the ActivePipe real estate marketing platform. The impacted data also included names, phone numbers and physical addresses. The incident did...

296,124 accounts affectedOccurred 2024
Wednesday, November 13, 2024
BreachHave I Been PwnedNovember 13, 2024

DemandScience by Pure Incubation

In early 2024, a large corpus of data from DemandScience (a company owned by Pure Incubation), appeared for sale on a popular hacking forum . Later attributed to a leak from a decommissioned legacy system, the breach contained extensive data that was largely...

121,796,165 accounts affectedOccurred 2024
Monday, November 11, 2024
BreachHave I Been PwnedNovember 11, 2024

Hot Topic

In October 2024, retailer Hot Topic suffered a data breach that exposed 57 million unique email addresses . The impacted data also included physical addresses, phone numbers, purchases, genders, dates of birth and partial credit data containing card type,...

56,904,909 accounts affectedOccurred 2024
Thursday, November 7, 2024
BreachHave I Been PwnedNovember 7, 2024

Earth 2

In October 2024, 421k unique email addresses from the virtual earth game Earth 2 were derived from embedded Gravatar images. Appearing alongside player usernames, the root cause was related to how Gravatar presents links to avatars as MD5 hashes within...

420,961 accounts affectedOccurred 2024
Monday, November 4, 2024
BreachHave I Been PwnedNovember 4, 2024

Z-lib

In June 2024, almost 10M user records from Z-lib were discovered exposed online . Now defunct, Z-lib was a malicious clone of Z-Library, a well-known shadow online platform for pirating books and academic papers. The exposed data included usernames, email...

9,737,374 accounts affectedOccurred 2024
Saturday, October 26, 2024
BreachHave I Been PwnedOctober 26, 2024

The Club Penguin Experience

In October 2024, The Club Penguin Experience (TCPE) suffered a data breach . The incident exposed over 6k subscribers' email addresses alongside usernames, age groups, passwords stored as bcrypt hashes and in some cases, plain text password hints. TCPE sent...

6,342 accounts affectedOccurred 2024
Friday, October 25, 2024
BreachHave I Been PwnedOctober 25, 2024

digiDirect

In September 2024, a data breach sourced from the Australian retailer digiDirect was published to a popular hacking forum . The breach exposed over 300k rows of data including email and physical address, name, phone number and date of birth. Approximately...

304,337 accounts affectedOccurred 2024
Monday, October 21, 2024
BreachHave I Been PwnedOctober 21, 2024

Fair Vote Canada

In March 2024, the Canadian national citizens' campaign for proportional representation Fair Vote Canada suffered a data breach . The incident was attributed to "a well-meaning volunteer" who inadvertently exposed data from 2020 which included 134k unique...

134,336 accounts affectedOccurred 2024
Wednesday, October 9, 2024
BreachHave I Been PwnedOctober 9, 2024

Internet Archive

In September 2024, the digital library of internet sites Internet Archive suffered a data breach that exposed 31M records . The breach exposed user records including email addresses, screen names and bcrypt password hashes.

31,081,179 accounts affectedOccurred 2024
Tuesday, October 8, 2024
BreachHave I Been PwnedOctober 8, 2024

Muah.AI

In September 2024, the "AI girlfriend" website Muah.AI suffered a data breach . The breach exposed 1.9M email addresses alongside prompts to generate AI-based images. Many of the prompts were highly sexual in nature, with many also describing child...

1,910,261 accounts affectedOccurred 2024
Saturday, October 5, 2024
BreachHave I Been PwnedOctober 5, 2024

Switch

In October 2024, the Hungarian IT headhunting service Switch inadvertently exposed thousands of customer records via a public GitHub repository . The exposed data contained job applications with names, email addresses and in some cases, commentary on the...

5,397 accounts affectedOccurred 2024
Tuesday, October 1, 2024
BreachHave I Been PwnedOctober 1, 2024

BudTrader

In July 2024, a data breach of the now defunct cannabis social platform BudTrader was posted for sale on a hacking forum . Dating back to the previous month, the breach of the website exposed 2.7M email addresses, usernames and WordPress password hashes.

2,721,185 accounts affectedOccurred 2024
Monday, September 30, 2024
BreachHave I Been PwnedSeptember 30, 2024

Central Tickets

In September 2024, data from the ticketing service Central Tickets was publicly posted to a hacking forum . The data suggests the breach occurred several months earlier and exposed 723k unique email addresses alongside names, phone numbers, IP addresses,...

722,860 accounts affectedOccurred 2024
Thursday, September 19, 2024
BreachHave I Been PwnedSeptember 19, 2024

HuntStand

In March 2024, millions of records scraped from the hunting and land management service HuntStand were publicly posted to a popular hacking forum . The data included 2.8M unique email addresses with many records also containing name, date of birth and country.

2,795,947 accounts affectedOccurred 2024
Monday, September 16, 2024
BreachHave I Been PwnedSeptember 16, 2024

Instituto Nacional de Deportes de Chile

In September 2024, the Instituto Nacional de Deportes de Chile (Chile's National Sports Institute) suffered a data breach . The incident exposed 1.7M rows of data with 320k unique email addresses alongside names, dates of birth, genders and bcrypt password...

319,613 accounts affectedOccurred 2024
Friday, August 30, 2024
BreachHave I Been PwnedAugust 30, 2024

Lookiero

In August 2024, a data breach from the online styling service Lookiero was posted to a popular hacking forum . Dating back to March 2024, the data included 5M unique email addresses, with many of the records also including name, phone number and physical...

4,981,760 accounts affectedOccurred 2024
Wednesday, August 28, 2024
BreachHave I Been PwnedAugust 28, 2024

Sport 2000

In April 2024, the French sporting equipment manufacturer Sport 2000 announced it had suffered a data breach . The data was subsequently put up for sale on a popular hacking forum and included 4.4M rows with 3.2M unique email addresses alongside names,...

3,189,643 accounts affectedOccurred 2024
Monday, August 19, 2024
BreachHave I Been PwnedAugust 19, 2024

Tracki

In August 2024, a slew of security vulnerabilities were identified with a conglomerate of online services which included the GPS tracking service Tracki . Multiple vulnerabilities exposed the personal records of 372k users of the service including names and...

372,557 accounts affectedOccurred 2024
BreachHave I Been PwnedAugust 19, 2024

Explore Talent (August 2024)

In August 2024, a slew of security vulnerabilities were identified with a conglomerate of online services which included the talent network Explore Talent . A vulnerable API exposed the personal records of 11.4M users of the service of which 8.9M unique email...

8,929,384 accounts affectedOccurred 2024
Tuesday, August 13, 2024
BreachHave I Been PwnedAugust 13, 2024

Chris Leong

In August 2024, the website of Master Chris Leong "a leading Tit Tar practitioner in Malaysia" suffered a data breach . The incident exposed 27k unique email addresses along with names, physical addresses, dates of birth, genders, nationalities and in many...

27,096 accounts affectedOccurred 2024
BreachHave I Been PwnedAugust 13, 2024

LDLC

In March 2024, French retailer LDLC disclosed a data breach that impacted customers of their physical stores . The data was previously listed for sale on a popular hacking forum and contained 1.26M unique email addresses along with names, phone numbers and...

1,266,026 accounts affectedOccurred 2024
BreachHave I Been PwnedAugust 13, 2024

National Public Data

In April 2024, a large trove of data made headlines as having exposed "3 billion people" due to a breach of the National Public Data background check service . The initial corpus of data released in the breach contained billions of rows of personal...

133,957,569 accounts affectedOccurred 2024
Friday, August 9, 2024
BreachHave I Been PwnedAugust 9, 2024

Not SOCRadar

In August 2024, over 332M rows of email addresses were posted to a popular hacking forum. The post alleged the addresses were scraped from cybersecurity firm SOCRadar, however an investigation on their behalf concluded that "the actor merely utilised...

282,478,425 accounts affectedOccurred 2024
Monday, August 5, 2024
BreachHave I Been PwnedAugust 5, 2024

Shoe Zone

In June 2024, the UK footwear chain Shoe Zone disclosed a data breach that was subsequently posted for sale on a popular hacking forum . The data included over 100k orders containing names, addresses, partial credit card numbers (card type and last 4 digits),...

46,140 accounts affectedOccurred 2024
Friday, August 2, 2024
BreachHave I Been PwnedAugust 2, 2024

LuLu

In July 2024, the Emirati-based LuLu retail store suffered a data breach . The impacted data included 190k email addresses and associated phone numbers which were subsequently shared on a popular hacking forum. The following month, the threat of leaking the...

2,796,835 accounts affectedOccurred 2024
Thursday, August 1, 2024
BreachHave I Been PwnedAugust 1, 2024

Stealer Logs Posted to Telegram

In July 2024, info stealer logs with 26M unique email addresses were collated from malicious Telegram channels . The data contained 22GB of logs consisting of email addresses, passwords and the websites they were used on, all obtained by malware running on...

26,105,473 accounts affectedOccurred 2024
Wednesday, July 31, 2024
BreachHave I Been PwnedJuly 31, 2024

AnimeLeague

In July 2024, AnimeLeague disclosed a data breach of their services . The data was posted for sale on a popular hacking forum and included 2 databases covering both event registration records and a dump of the phpBB bulletin board. The impacted data included...

192,134 accounts affectedOccurred 2024
Tuesday, July 30, 2024
BreachHave I Been PwnedJuly 30, 2024

Ubook

In July 2024, 700k unique email addresses from the audiobook platform Ubook were posted to a popular hacking forum . Allegedly scraped from the service, the data appears to be sourced from the Ubook Exchange (UBX) and also includes names, genders, dates of...

699,908 accounts affectedOccurred 2024
BreachHave I Been PwnedJuly 30, 2024

Spytech

In July 2024, spyware maker Spytech suffered a data breach that exposed data collected as recently as the previous month . Designed to "invisibly record everything users do", the breach exposed information related to both purchasers and targets of the...

5,645 accounts affectedOccurred 2024
Saturday, July 20, 2024
BreachHave I Been PwnedJuly 20, 2024

Life360

In July 2024, data scraped from a misconfigured Life360 API was posted online after being obtained several months earlier . The records included 443k unique email addresses and in most cases, corresponding names and phone numbers (some records were null or...

442,519 accounts affectedOccurred 2024
Thursday, July 11, 2024
BreachHave I Been PwnedJuly 11, 2024

mSpy (2024)

In June 2024, a huge trove of data from spyware maker mSpy was obtained by hacktivists and published online . Comprising of 142GB of user data and support tickets along with 176GB of more than half a million attachments, the data contained 2.4M unique email...

2,394,179 accounts affectedOccurred 2024
Wednesday, July 10, 2024
BreachHave I Been PwnedJuly 10, 2024

The Heritage Foundation

In July 2024, hacktivists published almost 2GB of data taken from The Heritage Foundation and their media arm, The Daily Signal . The data contained 72k unique email addresses, primarily used for commenting on articles (along with names, IP addresses and the...

72,004 accounts affectedOccurred 2024
Tuesday, July 9, 2024
BreachHave I Been PwnedJuly 9, 2024

Neiman Marcus

In May 2024, the American luxury retailer Neiman Marcus suffered a data breach which was later posted to a popular hacking forum . The data included 31M unique email addresses, names, phone numbers, dates of birth, physical addresses and partial credit card...

31,152,842 accounts affectedOccurred 2024
Sunday, July 7, 2024
BreachHave I Been PwnedJuly 7, 2024

Husky Owners

In July 2024, the Husky Owners forum website was defaced and linked to a breach of user data containing 16k records. The exposed data included usernames, email addresses, dates of birth and time zones.

16,502 accounts affectedOccurred 2024
Saturday, July 6, 2024
BreachHave I Been PwnedJuly 6, 2024

FNTECH

In July 2024, the events management platform FNTECH suffered a data breach that exposed 10k unique email addresses. The data contained registrants from various events, including participants of the Roblox Developer Conference registration list . The data also...

10,386 accounts affectedOccurred 2024
Friday, June 28, 2024
BreachHave I Been PwnedJune 28, 2024

Ticketek

In May 2024, the Australian event ticketing company Ticketek reported a data breach linked to a third party cloud-based platform . The following month, the data appeared for sale on a popular hacking forum and was later linked to a series of breaches of the...

17,643,173 accounts affectedOccurred 2024
Monday, June 24, 2024
BreachHave I Been PwnedJune 24, 2024

Advance Auto Parts

In June 2024, Advance Auto Parts confirmed they had suffered a data breach which was posted for sale to a popular hacking forum. Linked to unauthorised access to Snowflake cloud services, the breach exposed a large number of records related to both customers...

79,243,727 accounts affectedOccurred 2024
Monday, June 3, 2024
BreachHave I Been PwnedJune 3, 2024

Combolists Posted to Telegram

In May 2024, 2B rows of data with 361M unique email addresses were collated from malicious Telegram channels . The data contained 122GB across 1.7k files with email addresses, usernames, passwords and in many cases, the website they were entered into. The...

361,468,099 accounts affectedOccurred 2024
Thursday, May 30, 2024
BreachHave I Been PwnedMay 30, 2024

Operation Endgame

In May 2024, a coalition of international law enforcement agencies took down a series of botnets in a campaign they coined "Operation Endgame" . Data seized in the operation included impacted email addresses and passwords which were provided to HIBP to help...

16,466,858 accounts affectedOccurred 2024
Saturday, May 25, 2024
BreachHave I Been PwnedMay 25, 2024

pcTattletale

In May 2024, the spyware service pcTattletale suffered a data breach that defaced the website and posted tens of gigabytes of data to the homepage , allegedly due to pcTattletale not responding to a previous security vulnerability report. The breach exposed...

138,751 accounts affectedOccurred 2024
Friday, May 10, 2024
BreachHave I Been PwnedMay 10, 2024

The Post Millennial

In May 2024, the conservative news website The Post Millennial suffered a data breach . The breach resulted in the defacement of the website and links posted to 3 different corpuses of data including hundreds of writers and editors (IP, physical address and...

56,973,345 accounts affectedOccurred 2024
Thursday, May 9, 2024
BreachHave I Been PwnedMay 9, 2024

Tappware

In April 2024, a substantial volume of data was taken from the Bangladeshi IT services provider Tappware and published to a popular hacking forum . Comprising of 95k unique email addresses, the data also included extensive labour information on local citizens...

94,734 accounts affectedOccurred 2024
Tuesday, April 30, 2024
BreachHave I Been PwnedApril 30, 2024

MovieBoxPro

In April 2024, over 6M records from the streaming service MovieBoxPro were scraped from a vulnerable API. Of questionable legality, the service provided no contact information to disclose the incident , although reportedly the vulnerability was rectified...

6,009,014 accounts affectedOccurred 2024
Friday, April 26, 2024
BreachHave I Been PwnedApril 26, 2024

Piping Rock

In April 2024, 2.1M email addresses from the online health products store Piping Rock were publicly posted to a popular hacking forum . The data also included names, phone numbers and physical addresses. The account posting the data had previously posted...

2,103,100 accounts affectedOccurred 2024
Monday, April 22, 2024
BreachHave I Been PwnedApril 22, 2024

T2

In April 2024, 95k records from the T2 tea store were posted to a popular hacking forum . Data included email and physical addresses, names, phone numbers, dates of birth, purchases and passwords stored as scrypt hashes.

94,584 accounts affectedOccurred 2024
Thursday, April 18, 2024
BreachHave I Been PwnedApril 18, 2024

Le Slip Français

In April 2024, the French underwear maker Le Slip Français suffered a data breach . The breach included 1.5M email addresses, physical addresses, names and phone numbers.

1,495,127 accounts affectedOccurred 2024
Friday, April 12, 2024
BreachHave I Been PwnedApril 12, 2024

Giant Tiger

In March 2024, Canadian discount store Giant Tiger suffered a data breach that exposed 2.8M customer records . Attributed to a vendor of the retailer, the breach included physical and email addresses, names and phone numbers.

2,842,669 accounts affectedOccurred 2024
Wednesday, April 10, 2024
BreachHave I Been PwnedApril 10, 2024

Salvadoran Citizens

In April 2024, nearly 6 million records of Salvadoran citizens were published to a popular hacking forum . The data included names, dates of birth, phone numbers, physical addresses and nearly 1M unique email addresses. Further, over 5M corresponding profile...

946,989 accounts affectedOccurred 2024
Tuesday, April 9, 2024
BreachHave I Been PwnedApril 9, 2024

Kaspersky Club

In March 2024, the independent fan forum Kaspersky Club suffered a data breach . The incident exposed 56k unique email addresses alongside usernames, IP addresses and passwords stored as either MD5 or bcrypt hashes.

55,971 accounts affectedOccurred 2024
Monday, April 8, 2024
BreachHave I Been PwnedApril 8, 2024

boAt

In March 2024, the Indian audio and wearables brand boAt suffered a data breach that exposed 7.5M customer records . The data included physical and email address, names and phone numbers, all of which were subsequently published to a popular clear web hacking...

7,528,985 accounts affectedOccurred 2024
Tuesday, April 2, 2024
BreachHave I Been PwnedApril 2, 2024

SurveyLama

In February 2024, the paid survey website SurveyLama suffered a data breach that exposed 4.4M customer email addresses. The incident also exposed names, physical and IP addresses, phone numbers, dates of birth and passwords stored as either salted SHA-1,...

4,426,879 accounts affectedOccurred 2024
Monday, April 1, 2024
BreachHave I Been PwnedApril 1, 2024

Pandabuy

In March 2024, 1.3M unique email addresses from the online store for purchasing goods from China, Pandabuy, were posted to a popular hacking forum . The data also included IP and physical addresses, names, phone numbers and order enquiries. The breach was...

1,348,407 accounts affectedOccurred 2024
Friday, March 29, 2024
BreachHave I Been PwnedMarch 29, 2024

England Cricket

In March 2024, English Cricket's icoachcricket website suffered a data breach that exposed over 40k records . The data included email addresses and passwords stored as either bcrypt hashes, salted MD5 hashes or both.

43,299 accounts affectedOccurred 2024
Thursday, March 7, 2024
BreachHave I Been PwnedMarch 7, 2024

WoTLabs

In March 2024, WoTLabs (World of Tanks Statistics and Resources) suffered a data breach and website defacement attributed to "chromebook breachers" . The breach exposed 22k forum members' personal data including email and IP addresses, usernames, dates of...

21,994 accounts affectedOccurred 2024
Sunday, March 3, 2024
BreachHave I Been PwnedMarch 3, 2024

Mr. Green Gaming

In March 2024, the online games community Mr. Green Gaming suffered a data breach that exposed 27k user records. Acknowledged on their Discord server, the incident exposed email and IP addresses, usernames, geographic locations and dates of birth.

27,123 accounts affectedOccurred 2024
Wednesday, February 28, 2024
BreachHave I Been PwnedFebruary 28, 2024

Cutout.Pro

In February 2024, the AI-powered visual design platform Cutout.Pro suffered a data breach that exposed 20M records . The data included email and IP addresses, names and salted MD5 password hashes which were subsequently broadly distributed on a popular...

19,972,829 accounts affectedOccurred 2024
BreachHave I Been PwnedFebruary 28, 2024

Tangerine

In February 2024, the Australian Telco Tangerine suffered a data breach that exposed over 200k customer records . Attributed to a legacy customer database, the data included physical and email addresses, names, phone numbers and dates of birth. Whilst the...

243,462 accounts affectedOccurred 2024
Monday, February 5, 2024
BreachHave I Been PwnedFebruary 5, 2024

Spoutible

In January 2024, Spoutible had 207k records scraped from a misconfigured API that inadvertently returned excessive personal information . The data included names, usernames, email and IP addresses, phone numbers (where provided to the platform), genders and...

207,114 accounts affectedOccurred 2024
Monday, January 22, 2024
BreachHave I Been PwnedJanuary 22, 2024

Trello

In January 2024, data was scraped from Trello and posted for sale on a popular hacking forum . Containing over 15M email addresses, names and usernames, the data was obtained by enumerating a publicly accessible resource using email addresses from previous...

15,111,945 accounts affectedOccurred 2024