In August 2019, Audio USA suffered a data breach after a vendor left data unsecured and exposed on the internet. The data contained 2.7M unique email addresses along with names, phone numbers, physical addresses and vehicle information including VIN. In a disclosure statement from Audi, they also advised some customers had driver's licenses, dates of birth, social security numbers and other personal information exposed.
In July 2021, the United Kingdom based website Guntrader suffered a data breach that exposed 112k unique email addresses. Extensive personal information was also exposed including names, phone numbers, geolocation data, IP addresses and various physical address attributes (cities for all users, complete addresses for some). Passwords stored as bcrypt hashes were also exposed.
In June 2021, the French publishing house of short literature Short Édition suffered a data breach that exposed 505k records. Impacted data included email and physical addresses, names, usernames, phone numbers, dates of birth, genders and passwords stored as either salted SHA-1 or salted SHA-512 hashes. Short Édition self-submitted the impacted data to HIBP.
In January 2021, the now defunct Iranian social media platform Raychat suffered a data breach that exposed 939 thousand unique email addresses. The data included names, IP addresses, browser user agent strings and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.
In April 2020, the custom printed apparel website Teespring suffered a data breach that exposed 8.2 million customer records. The data included email addresses, names, geographic locations and social media IDs.
In June 2020, the Mexican lending platform yotepresto.com suffered a data breach. Over 1.4 million customers were impacted by the breach which disclosed email and IP addresses, usernames and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.
In December 2020, the University of California, Berkeley suffered a data breach due to vulnerability in in a third-party provider, Accellion. The breach exposed extensive personal data on both students and staff including 547 thousand unique email addresses, names, dates of birth, genders, social security numbers, ethnicities and other academic related data attributes. Further analysis is available in Exploring the Impact of the UC Data Breach.
In December 2018, the photo sharing social network Fotolog suffered a data breach that exposed 16.7 million unique email addresses. The data also included usernames and unsalted SHA-256 password hashes. The site was dissolved the following year and repurposed as a news website based in Brcko, Bosnia and Herzegovina.
In April 2021, 13TB of compromised Dominos India appeared for sale on a hacking forum after which the company acknowledged a major data breach they dated back to March. The compromised data included 22.5 million unique email addresses, names, phone numbers, order histories and physical addresses.
In 2013 (exact date unknown), the Chinese e-commerce service JD suffered a data breach that exposed 13GB of data containing 77 million unique email addresses. The data also included usernames, phone numbers and passwords stored as SHA-1 hashes. The data was provided to HIBP by a source who requested it be attributed to “email@example.com”.
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email firstname.lastname@example.org