In 2019, Zeeroq, a cloud services provider that stores and manages data for businesses and individuals, reportedly experienced a data exposure involving a large collection of combolists. The incident affected over 200 million records. Among the compromised data were email addresses and passwords.
This collection is part of a larger series of data dumps, including Collections #1 through #5, which compiled email addresses and passwords from thousands of sources, from previously known data breaches and some new alleged breaches. Collection #1 alone contained about 2.7 billion records, including 1.2 billion unique email and password combinations, 773 million unique email addresses, and 21 million unique plaintext passwords. Additional collections, named Collections #2 through #5, along with "AP MYR&ZABUGOR #2" and "ANTIPUBLIC #1," were also discovered, significantly adding to the scope of compromised data.
In October 2021, a database backup taken from the 3D model sharing service Thingiverse began extensively circulating within the hacking community. Dating back to October 2020, the 36GB file contained 228 thousand unique email addresses, mostly alongside comments left on 3D models. The data also included usernames, IP addresses, full names and passwords stored as either unsalted SHA-1 or bcrypt hashes. In some cases, physical addresses was also exposed. Thingiverse's owner, MakerBot, is aware of the incident but at the time of writing, is yet to issue a disclosure statement.
In April 2023, the Indian rental service RentoMojo suffered a data breach. The breach exposed over 2M unique email addresses along with names, phone, passport and Aadhaar numbers, genders, dates of birth, purchases and bcrypt password hashes.