In approximately March 2015, the free web hosting provider 000webhost suffered a major data breach that exposed almost 15 million customer records.
The data was sold and traded before 000webhost was alerted in October.
Breach date: 1 November 2015 Date added to HIBP: 5 June 2017 Compromised accounts: 776,125 Compromised data: Email addresses, IP addresses, Passwords, Usernames In 2016, the site dedicated to helping people hack email and online gaming accounts known as suffered multiple data breaches.
The site allegedly had an administrator in common with the nefarious Leaked Source site, both of which have since been shut down.
Breach date: 19 February 2018 Date added to HIBP: 26 February 2018 Compromised accounts: 80,115,532 Compromised data: Email addresses, Passwords In December 2017, the Belgian motorcycle forum 2fast4u discovered a data breach of their system.
The breach of the v Bulletin message board impacted over 17k individual users and exposed email addresses, usersnames and salted MD5 passwords.
Breach date: 1 July 2016 Date added to HIBP: 9 October 2017 Compromised accounts: 1,372,550 Compromised data: Email addresses, IP addresses, Passwords, Usernames In November 2014, the acne website suffered a data breach that exposed over 430k forum members' accounts.Breach date: Date added to HIBP: 6 November 2014 Compromised accounts: 180,468 Compromised data: Email addresses, Genders, Geographic locations, IP addresses, Passwords, Usernames, Website activity, Years of birth In December 2017, the virtual keyboard application was found to have left a huge amount of data publicly facing in an unsecured Mongo DB instance.Discovered by researchers at The Kromtech Security Center, the 577GB data set included extensive personal information including over 20 million unique email addresses, social media profiles and address book contacts.The data contained over 4 million unique email addresses along with IP addresses, usernames and passwords stored as unsalted MD5 hashes.Breach date: 19 April 2016 Date added to HIBP: 8 July 2016 Compromised accounts: 4,009,640 Compromised data: Device information, Email addresses, IP addresses, Passwords, Usernames In late 2011, a series of data breaches in China affected up to 100 million users, including 7.5 million from the gaming site known as 17173.Read more about Chinese data breaches in Have I been pwned.Breach date: 1 January 2012 Date added to HIBP: 8 October 2016 Compromised accounts: 6,414,191 Compromised data: Email addresses, Passwords In April 2016, customer data obtained from the streaming app known as "17" appeared listed for sale on a Tor hidden service marketplace.Breach date: Date added to HIBP: Compromised accounts: 3,867,997 Compromised data: Dates of birth, Email addresses, Genders, Geographic locations, IP addresses, Races, Relationship statuses, Sexual orientations, Spoken languages, Usernames In May 2018, the website for sharing adult-orientated works of fiction known as Adult-Fan Fiction. The data contained names, email addresses, dates of birth and passwords stored as MD5 hashes and plain text.AFF did not respond when contacted about the breach and the site was previously reported as compromised on the breached database directory.Whilst some of the data had previously been seen in Have I Been Pwned, 2,844 of the files consisting of more than 80 million unique email addresses had not previously been seen.Each file contained both an email address and plain text password and were consequently loaded as a single "unverified" data breach.