Audi – 2,743,539 breached accounts

In August 2019, Audio USA suffered a data breach after a vendor left data unsecured and exposed on the internet. The data contained 2.7M unique email addresses along with names, phone numbers, physical addresses and vehicle information including VIN. In a disclosure statement from Audi, they also advised some customers had driver's licenses, dates of birth, social security numbers and other personal information exposed.

Source

/by

Guntrader – 112,031 breached accounts

In July 2021, the United Kingdom based website Guntrader suffered a data breach that exposed 112k unique email addresses. Extensive personal information was also exposed including names, phone numbers, geolocation data, IP addresses and various physical address attributes (cities for all users, complete addresses for some). Passwords stored as bcrypt hashes were also exposed.

Source

/by

Short Édition – 505,466 breached accounts

In June 2021, the French publishing house of short literature Short Édition suffered a data breach that exposed 505k records. Impacted data included email and physical addresses, names, usernames, phone numbers, dates of birth, genders and passwords stored as either salted SHA-1 or salted SHA-512 hashes. Short Édition self-submitted the impacted data to HIBP.

Source

/by

Raychat – 938,981 breached accounts

In January 2021, the now defunct Iranian social media platform Raychat suffered a data breach that exposed 939 thousand unique email addresses. The data included names, IP addresses, browser user agent strings and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.

Source

/by

Teespring – 8,234,193 breached accounts

In April 2020, the custom printed apparel website Teespring suffered a data breach that exposed 8.2 million customer records. The data included email addresses, names, geographic locations and social media IDs.

Source

/by

yotepresto.com – 1,444,629 breached accounts

In June 2020, the Mexican lending platform yotepresto.com suffered a data breach. Over 1.4 million customers were impacted by the breach which disclosed email and IP addresses, usernames and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.

Source

/by

University of California – 547,422 breached accounts

In December 2020, the University of California, Berkeley suffered a data breach due to vulnerability in in a third-party provider, Accellion. The breach exposed extensive personal data on both students and staff including 547 thousand unique email addresses, names, dates of birth, genders, social security numbers, ethnicities and other academic related data attributes. Further analysis is available in Exploring the Impact of the UC Data Breach.

Source

/by

Fotolog – 16,717,854 breached accounts

In December 2018, the photo sharing social network Fotolog suffered a data breach that exposed 16.7 million unique email addresses. The data also included usernames and unsalted SHA-256 password hashes. The site was dissolved the following year and repurposed as a news website based in Brcko, Bosnia and Herzegovina.

Source

/by

Dominos India – 22,527,655 breached accounts

In April 2021, 13TB of compromised Dominos India appeared for sale on a hacking forum after which the company acknowledged a major data breach they dated back to March. The compromised data included 22.5 million unique email addresses, names, phone numbers, order histories and physical addresses.

Source

/by

JD – 77,449,341 breached accounts

In 2013 (exact date unknown), the Chinese e-commerce service JD suffered a data breach that exposed 13GB of data containing 77 million unique email addresses. The data also included usernames, phone numbers and passwords stored as SHA-1 hashes. The data was provided to HIBP by a source who requested it be attributed to “white_peacock@riseup.net”.

Source

/by