3,591 Total Breaches
332,476 Total Pastes
1 Breaches (30 days)
23,853 Pastes (30 days)

Breach Index

An aggregated list of data breaches in the BreachAware database
  Title Breach Date Description Credentials  
imesh.com iMesh
Domain: imesh.com
September 2013 In September 2013, the file sharing app iMesh was hacked, exposing almost 50 million unique accounts. Three years later the data appeared for sale on a darkweb marketplace and included email addresses, usernames, salted MD5 hashed passwords and IP addresses. In 2018, a huge collection of almost 40 million dehashed credentials from the iMesh breach appeared in a popular hacking forum, resulting in a subsequent influx of credential stuffing using these plaintext credential combinations. 49,467,475 More Information
win7vista.com Win7Vista Forum
Domain: win7vista.com
September 2013 In September 2013, the Win7Vista Windows forum (since renamed to the "Beyond Windows 9" forum) was hacked and later had its internal database dumped. The dump included over 200,000 members’ personal information and other internal data extracted from the forum. 203,717 More Information
badoo.com Badoo
Domain: badoo.com
June 2013 In June 2016, a data breach allegedly originating from the dating-focused social website Badoo was found to be circulating amongst traders. Likely obtained several years earlier, the data contained 112 million unique email addresses with personal data including names, birthdates and passwords stored as MD5 hashes. Whilst there are many indicators suggesting Badoo did indeed suffer a data breach, the legitimacy of the data could not be emphatically proven. 112,005,531 More Information
neopets.com Neopets
Domain: neopets.com
May 2013 In May 2016, a set of breached data originating from the virtual pet website "Neopets" was found being traded online. Allegedly hacked "several years earlier", the data contains sensitive personal information including birthdates, genders and names as well as over 35 million email addresses. Passwords were stored in plain text and IP addresses were also contained within the breach. 35,892,436 More Information
tumblr.com Tumblr
Domain: tumblr.com
February 2013 In early 2013, tumblr suffered a data breach which resulted in the exposure of over 65 million accounts. The data was later put up for sale on a dark market website and included email addresses and passwords stored as salted SHA1 hashes. 65,469,298 More Information
yahoo.com Yahoo
Domain: yahoo.com
July 2012 In July 2012, Yahoo! had their online publishing service "Voices" compromised via a SQL injection attack. The breach resulted in the disclosure of nearly half a million usernames and passwords stored in plain text. The breach showed that of the compromised accounts, a staggering 59% of people who also had accounts in the Sony breach reused their passwords across both services. 453,428 More Information
androidforums.com Android Forums
Domain: androidforums.com
July 2012 In October 2011, the Android Forums website was hacked and 745k user accounts were subsequently leaked publicly. The compromised data included email addresses, user birthdays and passwords stored as a salted MD5 hash. 452,537 More Information
adobe.com Adobe
Domain: adobe.com
July 2012 In October 2013, ~153 million Adobe accounts were breached with each containing an internal ID, username, email, encrypted password and a password hint in plain text. The password cryptography was poorly done and many were quickly resolved back to plain text. The unencrypted hints also disclosed much about the passwords adding further to the risk that hundreds of millions of Adobe customers already faced. 152,430,748 More Information
disqus.com Disqus
Domain: disqus.com
July 2012 In October 2017, the comment service Disqus publicly announced that they suffered a data breach. Forensics dated the original leak back to July 2012, however it surfaced several years later in mid 2017 and was widely traded within popular hacking forums. The breach contained over 17.5 million unique email addresses. The leak contained hashed passwords of users who registered directly with Disqus. For the users who registered with a social account, the leak contained references to the specific provider. 17,595,562 More Information
dropbox.com Dropbox
Domain: dropbox.com
July 2012 In mid-2012, Dropbox suffered a data breach which exposed the stored credentials of tens of millions of their customers. In August 2016, they forced password resets for customers they believed may be at risk. A large volume of data totalling over 68 million records was subsequently traded online and included email addresses and salted hashes of passwords (half of them SHA1, half of them bcrypt). 68,648,009 More Information
linkedin.com LinkedIn
Domain: linkedin.com
May 2012 In May 2016, LinkedIn had ~164 million email addresses and passwords exposed online. Originally hacked in 2012, the data remained out of sight until being offered for sale on a dark market site 4 years later. The passwords in the breach were stored as SHA1 hashes without salt, the vast majority of which were quickly cracked in the days following the release of the data. 164,611,595 More Information
last.fm Last.fm
Domain: last.fm
March 2012 In March 2012, the music website Last.fm was hacked and ~43 million user accounts were exposed. Whilst Last.fm knew of an incident back in 2012, the scale of the hack was not known until the data was released publicly in September 2016. The breach included ~37 million unique email addresses, usernames and passwords stored as unsalted MD5 hashes. 37,216,308 More Information
youporn.com YouPorn
Domain: youporn.com
February 2012 In February 2012, the adult website YouPorn had over 1.3M user accounts exposed in a data breach. The publicly released data included both email addresses and plain text passwords. 1,327,567 More Information
infowars.com InfoWars
Domain: infowars.com
January 2012 In 2016, the media outlet InfoWars made news headlines due to a data breach that occurred back in 2012. The data remained relatively well hidden and privately traded until it surfaced and became public in late 2018. The dataset contained email addresses, real names, usernames and MD5 hashed passwords, many of which were easily cracked. The exact date of the original data breach remains unknown. 49,727 More Information
stratfor.com Stratfor
Domain: stratfor.com
December 2011 In December 2011, "Anonymous" attacked the global intelligence company known as "Stratfor" and consequently disclosed a veritable treasure trove of data including hundreds of gigabytes of email and tens of thousands of credit card details which were promptly used by the attackers to make charitable donations (among other uses). The breach also included ~860,000 user accounts complete with email address, time zone, some internal system data and MD5 hashed passwords with no salt. 234,911 More Information

Data breaches containing monitored assets are prioritised for uploading into the system. Go PRO to add your organisation assets.

Latest Discoveries
Monday, 22-Apr-2019 00:18:34 UTC
56 seconds ago
Pastebin [TEXT] - Qg8AVQ3K
Author: Anonymous
Title: Untitled
20 unique credentials found
Monday, 22-Apr-2019 00:16:34 UTC
2 minutes ago
Pastebin [TEXT] - YYTHPdsD
Author: Anonymous
Title: Untitled
2 unique credentials found
Monday, 22-Apr-2019 00:16:19 UTC
3 minutes ago
Pastebin [TEXT] - 6YW9K92S
Author: osum4est
Title: Untitled
30 unique credentials found
Monday, 22-Apr-2019 00:14:17 UTC
5 minutes ago
Pastebin [TEXT] - 5vpyVReV
Author: lapitch
Title: HBO-GO
3 unique credentials found
Monday, 22-Apr-2019 00:14:10 UTC
5 minutes ago
Pastebin [TEXT] - NzqM6pWw
Author: Anonymous
Title: Untitled
1 unique credential found
Monday, 22-Apr-2019 00:12:47 UTC
6 minutes ago
Pastebin [TEXT] - Z7dTc6m0
Author: Anonymous
Title: Untitled
17 unique credentials found
Monday, 22-Apr-2019 00:12:30 UTC
7 minutes ago
Pastebin [TEXT] - DwT2Les3
Author: Anonymous
Title: Untitled
17 unique credentials found
Monday, 22-Apr-2019 00:11:45 UTC
7 minutes ago
Pastebin [TEXT] - qhYEDbyx
Author: Anonymous
Title: Untitled
17 unique credentials found
Monday, 22-Apr-2019 00:11:17 UTC
8 minutes ago
Pastebin [TEXT] - yxM8RpPg
Author: Anonymous
Title: Untitled
14 unique credentials found
Monday, 22-Apr-2019 00:11:17 UTC
8 minutes ago
Pastebin [TEXT] - cmFWLxBj
Author: osum4est
Title: Untitled
30 unique credentials found
Monday, 22-Apr-2019 00:08:15 UTC
11 minutes ago
Pastebin [TEXT] - JPaHh5xg
Author: Anonymous
Title: john
1 unique credential found