A total of 20 breaches were found and analysed resulting in 15,942,325 leaked accounts containing a total of 20 different data types. The breaches found publicly and freely available included Baihe, Katapult, Level Travel, Ferret Check and Trackitt. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

A data breach came after an administrator account was sold online, allowing a threat actor to scrape data. The website in question is an immigration tracking site where users can upload the progress of their visa applications for several western countries including the United Kingdom, Canada, and more. Over 420K email addresses along with IP addresses and account information were disclosed.

A 3rd party partner of a mainstream music streaming platform who suffered a data breach back in 2019 is probably not feeling very festive at the moment. Threat actors managed to take a snapshot of the streaming service users and they confirmed their data was exposed a month ago. The 'snap' contains over 257 million users and exposed a massive amount of data including Santa's physical address and links to his country specific playlists. Data types such as device information and browser fingerprints are just a couple to mention.

And finally, an adult websites' user base that was for sale in July of this year is now freely available on various forums and channels. Data types include hashed SHA1 passwords and over 200K unique email addresses.