Breach Intelligence

2,693

Total breached databases

Search breaches

In June 2020, the user-generated stories website Wattpad suffered a huge data breach that exposed almost 270 million records. The data was initially sold then published on a public hacking forum where it was broadly shared. The incident exposed extensive personal information including names and usernames, email and IP addresses, genders, birth dates and passwords stored as bcrypt hashes.
  • Date: Jun 29, 2020
  • Domain: wattpad.com
  • Category: Education
  • Records Announced: 288,584,667
  • Numer of lines: 344,106,166
  • Records Imported: 278,412,348
  • Size: 113.33 GB
  • Data: Bios, Birthdates, Email Addresses, Genders, Geographic Locations, IP Addresses, Names, Passwords, Social Profiles, Usernames, Websites
  • Passwords: BCrypt
  • Cracked: 14%
  • Imported:
  • Sources:
In August 2024, over 332M rows of email addresses were posted to a popular hacking forum. The post alleged the addresses were scraped from cybersecurity firm SOCRadar, however an investigation on their behalf concluded that "the actor merely utilised functionalities inherent in the platform's standard offerings, designed to gather information from publicly available sources". There is no suggestion the incident compromised SOCRadar's security or posed any risk to their customers. In total, the data set contained 282M unique addresses of valid email address format.
  • Date: Aug 3, 2024
  • Domain: socradar.io
  • Threat Actor: USDoD
  • Category: Cybersecurity
  • Records Announced: 282,478,425
  • Numer of lines: 332,975,076
  • Size: 14.69 GB
  • Data: Email Addresses
  • Passwords: No
  • Imported:
  • Source: haveibeenpwned.com
In late 2022, the music streaming service Deezer disclosed a data breach that impacted over 240M customers. The breach dated back to a mid-2019 backup exposed by a 3rd party partner which was subsequently sold and then broadly redistributed on a popular hacking forum. Impacted data included 229M unique email addresses, IP addresses, names, usernames, genders, DoBs and the geographic location of the customer.
  • Date: Apr 22, 2019
  • Domain: deezer.com
  • Category: Streaming & Entertainment
  • Records Announced: 257,829,454
  • Numer of lines: 317,776,280
  • Records Imported: 257,829,453
  • Size: 73.11 GB
  • Data: Birthdates, Email Addresses, Genders, Geographic Locations, IP Addresses, Languages, Names, Usernames
  • Passwords: No
  • Imported:
  • Source: haveibeenpwned.com
In May 2024, the conservative news website The Post Millennial suffered a data breach. The breach resulted in the defacement of the website and links posted to 3 different corpuses of data including hundreds of writers and editors (IP, physical address and email exposed), tens of thousands of subscribers to the site (name, email, username, phone and plain text password exposed), and tens of millions of email addresses from thousands of mailing lists alleged to have been used by The Post Millennial (this has not been independently verified). The mailing lists appear to be sourced from various campaigns not necessarily run by The Post Millennial and contain a variety of different personal attributes including name, phone and physical address (depending on the campaign). The data was subsequently posted to a popular hacking forum and extensively torrented.
  • Date: May 2, 2024
  • Domain: thepostmillennial.com
  • Category: News & Media
  • Records Announced: 56,973,345
  • Numer of lines: 308,204,285
  • Size: 16.16 GB
  • Data: Email Addresses, Genders, IP Addresses, Names, Passwords, Phone Numbers, Physical Locations, Usernames
  • Passwords: Plaintext
  • Imported:
  • Source: haveibeenpwned.com
In March 2021, the world's largest eyewear company Luxoticca suffered a data breach via one of their partners that exposed the personal information of more than 70M people. The data was subsequently sold via a popular hacking forum in late 2022 and included email and physical addresses, names, genders, dates of birth and phone numbers. In a statement from Luxottica, they advised they were aware of the incident and are currently "considering other notification obligations".
  • Date: Mar 16, 2021
  • Domain: luxottica.com
  • Category: E-commerce & Retail
  • Records Announced: 77,093,812
  • Numer of lines: 305,759,991
  • Records Imported: 300,218,611
  • Size: 15.82 GB
  • Data: Birthdates, Email Addresses, Genders, Names, Phone Numbers, Physical Locations
  • Passwords: No
  • Imported:
  • Source: haveibeenpwned.com