Breach Intelligence

Approximately between 2022-2023, the U.S. Environmental Protection Agency (https://www.epa.gov/) suffered a data breach impacting over 8.5 million users and exposing personal and sensitive information of its customers and contractors. A hacker operating under the pseudonym @USDoD claimed responsibility and released the EPA's global contact database on a dark web forum. The leaked database contained three zipped files with approximately 500MB of data in CSV formats, holding common fields such as "Zipcodes," "Full names," "Phone numbers," "Email addresses," and "County, City, States," as well as additional fields in each file.

In mid-2023, Tigo, a Chinese video chat platform, allegedly suffered a data breach after 300GB of data containing more than 100 million records was discovered. The dataset, dating back to March 2023, reportedly included over 700,000 unique names. Among the compromised information were usernames, email addresses, IP addresses, genders, profile photos, and private messages.

In January 2018, PropTiger, an Indian property website, allegedly suffered a data breach that exposed a 3.46GB database file. The data, which surfaced on a popular hacking forum two years later, reportedly contained user records and login histories with more than 2 million unique customer email addresses. Among the compromised information were names, dates of birth, genders, IP addresses, and passwords stored as MD5 hashes.

In January 2021, the Indian wedding planning platform WedMeGood suffered a data breach that exposed 1.3 million customers. The breach exposed 41.5GB of data including email and physical addresses, names, genders, phone numbers and password hashes.

In November 2021, the Indonesian real estate website Travelio suffered a data breach that exposed over 470k customer accounts. The data included email addresses, names, password hashes, phone numbers and for some accounts, dates of birth, physical address and Facebook auth tokens.