Loading…
Loading…
Data breaches are where scams begin: once your email, name, and account details leak, criminals use them to craft convincing phishing and impersonation attacks. Below are recently disclosed, verified breaches from Have I Been Pwned (1,015 breaches tracked in total), refreshed automatically.
Last updated: 8 July 2026
moody.edu
2,303,416 accounts · breach dated 2026-06-15
Data exposed: Dates of birth, Email addresses, Genders, Marital statuses, Names, Phone numbers, Physical addresses
In June 2026, Moody Bible Institute was targeted by a ShinyHunters "pay or leak" extortion campaign. Over 2.3M unique email addresses and other personal data were later published publicly, including names, physical addresses, phone numbers, dates of birth and other information relating to donors, supporters, students and alumni. In their disclosure notice, Moody advised that they had "engaged both internal and external cybersecurity experts to thoroughly investigate the matter".
sysco.com
2,691,852 accounts · breach dated 2026-06-15
Data exposed: Customer feedback, Email addresses, Employers, Job titles, Names, Phone numbers, Physical addresses, Usernames
In June 2026, the food distribution company Sysco was targeted by a ShinyHunters "pay or leak" extortion campaign. Data was subsequently published containing 2.7M unique email addresses belonging to staff and customers. The data also contained largely corporate contact information including names, phone numbers, physical addresses, internal job titles, and customer feedback.
americantower.com
216,601 accounts · breach dated 2026-06-12
Data exposed: Email addresses, Job titles, Names, Phone numbers, Physical addresses
In June 2026, telecommunications tower infrastructure company American Tower was the target of a ShinyHunters "pay or leak" extortion campaign. The group subsequently published data allegedly taken from the company containing more than 200k unique email addresses belonging to employees, contractors, customers, and leads. Exposed data also included names, addresses, and phone numbers.
msgsports.com
9,796,738 accounts · breach dated 2026-06-05
Data exposed: Customer service records, Email addresses, Names, Phone numbers, Physical addresses
In June 2026, the sports and entertainment company Madison Square Garden Sports was the target of a ShinyHunters "pay or leak" extortion campaign. The group later published the alleged data, which included almost 10M unique email addresses spanning staff and customers, along with extensive personal, employment and customer relationship information.
jcpenny.com
368,418 accounts · breach dated 2026-06-12
Data exposed: Dates of birth, Email addresses, Government issued IDs, Job titles, Names, Phone numbers, Physical addresses, Usernames
In June 2026, retailer JCPenney and associated brands were targeted in a ShinyHunters "pay or leak" extortion campaign. Data allegedly obtained from JCPenney through the exploitation of a critical zero-day vulnerability in Oracle PeopleSoft was later published publicly. The exposed records indicated they primarily related to internal HR systems and impacted current and former employees. The data included 368k corporate and personal email addresses, names, dates of birth, Social Security numbers, phone numbers and home addresses.
ralphlauren.com
139,903 accounts · breach dated 2026-06-11
Data exposed: Age groups, Email addresses, Genders, Names, Phone numbers
In June 2026, fashion retailer Ralph Lauren was targeted in a ShinyHunters "pay or leak" extortion campaign. The group subsequently published hundreds of gigabytes of data they claimed was obtained from the organisation's Salesforce instance, including 140k unique email addresses along with names, phone numbers, genders and age groups.
4,160,519 accounts · breach dated 2026-06-18
Data exposed: Email addresses, Passwords
On 18 June 2026, the latest phase of Operation Endgame targeted the SocGholish malware operation, a prolific malware distribution network used to compromise systems and facilitate further cybercrime. Coordinated by international law enforcement agencies with support from Europol and Eurojust, the operation remediated almost 15,000 compromised websites and disrupted more than 100 servers and domains used to distribute malware. Authorities initially provided HIBP with 154k impacted email addresses and more than half a million previously unseen passwords recovered during the operation. The follow
cfgi.com
248,235 accounts · breach dated 2026-03-06
Data exposed: Email addresses, Employers, Job titles, Names, Phone numbers, Physical addresses
In March 2026, the financial consulting and advisory firm CFGI was the target of a ShinyHunters "pay-or-leak" extortion campaign. The group subsequently publicised data allegedly obtained from CFGI comprising corporate contact information, including 243k unique email addresses, names, phone numbers and physical addresses.
56,278,397 accounts · breach dated 2026-06-15
Data exposed: Email addresses, Passwords
In June 2026, a collection of accumulated stealer logs from various sources was added to HIBP. The corpus comprised 56M unique email addresses across hundreds of millions of stealer log records. The data also contained 124M unique passwords, which have been added to Pwned Passwords and are now searchable. Individuals can view any records captured against their email address in the stealer logs section of their dashboard. Organisations can see logs affecting their domain via the stealer logs API.
berkadia.com
305,216 accounts · breach dated 2026-03-19
Data exposed: Email addresses, Employers, Names, Phone numbers, Physical addresses
In March 2026, the commercial real estate finance company Berkadia was the target of a ShinyHunters "pay or leak" extortion campaign. The group subsequently published data they alleged was taken from Berkadia's Salesforce instance, including over 300k unique email addresses as well as names, physical addresses and phone numbers, among other data.
infinitecampus.com
137,123 accounts · breach dated 2026-03-18
Data exposed: Email addresses, Employers, Job titles, Names, Phone numbers, Physical addresses, Support tickets, Usernames
In March 2026, the student information system Infinite Campus was targeted in a ShinyHunters "pay or leak" extortion campaign. The group subsequently published data they alleged was taken from Infinite Campus, containing 137k unique email addresses along with names, phone numbers, physical addresses and support tickets. Infinite Campus subsequently sent notifications, advising that the exposed data largely consisted of "names and contact information for school staff" and that "the majority is directory information commonly found on school websites".
nottingham.ac.uk
454,635 accounts · breach dated 2026-06-09
Data exposed: Academic records, Citizenship statuses, Dates of birth, Disabilities, Email addresses, Ethnicities, Genders, IP addresses
In June 2026, the University of Nottingham was the target of a cyber attack, later linked to a ShinyHunters "pay or leak" extortion campaign. Tens of gigabytes of data were subsequently published online and included 455k unique email addresses along with extensive personal information including names, addresses, phone numbers, ethnicities, disabilities, passport numbers and information relating to academic enrolments and fee payments. In a post about the incident, the university advised that the breach affected both "current students, and alumni".
bakerdist.com
102,935 accounts · breach dated 2026-05-23
Data exposed: Email addresses, Names, Phone numbers, Physical addresses, Support tickets
In May 2026, the HVAC/R wholesale distributor Baker Distributing Company was added to the ShinyHunters data extortion group's "pay or leak" site. In early June, the group publicly published data they claimed had been obtained from Baker's SharePoint and Salesforce infrastructure including 103k unique email addresses along with names, physical addresses, phone numbers and tickets relating to the company's HVAC contractor customer base. The exposed data was largely corporate contact and support information with limited sensitivity.
bcdtravel.com
396,313 accounts · breach dated 2026-05-29
Data exposed: Email addresses, Employers, Job titles, Names, Phone numbers, Physical addresses, Support tickets
In May 2026, the corporate travel management company BCD Travel was claimed as a victim of the ShinyHunters "pay or leak" extortion campaign. Data allegedly obtained from BCD was subsequently published publicly in early June and contained 396k unique email addresses. Other exposed data included names, addresses, phone numbers, job titles and employer names, spanning a variety of different data sets including leads, internal staff and support tickets.
dentaquest.com
2,553,599 accounts · breach dated 2026-05-23
Data exposed: Dates of birth, Email addresses, Genders, Government issued IDs, Health insurance information, Names, Phone numbers, Physical addresses
In May 2026, the dental benefits administrator DentaQuest was the target of a ShinyHunters "pay or leak" extortion campaign that resulted in the group publicly publishing hundreds of gigabytes of data allegedly obtained from the company. The data included 2.6M unique email addresses along with names, addresses and phone numbers. Much of the data appeared in healthcare enrollment files (ASC X12 transaction sets) with some containing Medicaid IDs, while additional data appeared in member records and related files. DentaQuest acknowledged "a cybersecurity incident involving unauthorized access to
edmunds.com
177,860 accounts · breach dated 2026-01-24
Data exposed: Device information, Email addresses, IP addresses, Passwords, Phone numbers, Usernames
In January 2026, the automotive research and car-shopping platform Edmunds was listed by the ShinyHunters hacking group as having been breached. Data purportedly obtained in the incident was later published publicly and included 178k unique email addresses, usernames, passwords, IP addresses, phone numbers and vehicle-related records.
atlasmenu.net
63,926 accounts · breach dated 2026-05-30
Data exposed: Email addresses, IP addresses, Passwords, Support tickets, Usernames
In May 2026, the GTA V and CS2 cheat service Atlas Menu suffered a data breach. An attacker claimed to have gained access to all Atlas systems and published the service's database to a public GitHub repository. The incident exposed 64k unique email addresses along with usernames, IP addresses, support tickets and passwords stored as bcrypt hashes.
charter.com
4,851,517 accounts · breach dated 2026-05-23
Data exposed: Email addresses, Job titles, Names, Phone numbers, Physical addresses
In May 2026, the telecommunications company Charter Communications (the parent company behind the consumer broadband and cable brand Spectrum) was named by the ShinyHunters group in a "pay or leak" extortion campaign. The group later published the data, which exposed 4.9M unique email addresses along with names, phone numbers and physical addresses. A subset of approximately 85k records originating from an internal employee directory also included job titles. Charter confirmed the incident, but stated that no sensitive personal information or customer proprietary network information (CPNI) was
kemper.com
269,299 accounts · breach dated 2026-04-15
Data exposed: Email addresses, Names, Partial credit card data, Phone numbers, Physical addresses, Purchases
In April 2026, the American insurance holding company Kemper Corporation was named by the ShinyHunters ransomware group in a "pay or leak" extortion campaign. The attackers allegedly accessed Kemper's Salesforce environment via social engineering as part of a broader campaign targeting hundreds of organisations using the same method. The group later published tens of gigabytes of data they claimed included internal directory data, Salesforce records and Stripe payment logs. Among the 269k unique email addresses were names, phone numbers, physical addresses and partial payment card data includi
mytheresa.com
84,108 accounts · breach dated 2026-04-12
Data exposed: Email addresses, Names, Partial credit card data, Phone numbers, Physical addresses, Purchases, Salutations
In April 2026, the luxury fashion e-commerce platform Mytheresa was listed as a victim of the ShinyHunters "pay or leak" extortion group. After the ransom deadline passed, the group publicly released the data which contained 84k unique email addresses. The exposed data also included names, phone numbers, physical addresses, purchases and partial credit card data including card type, last 4 digits and expiry date.
ameriprise.com
502,597 accounts · breach dated 2026-03-02
Data exposed: Email addresses, Employers, Financial transactions, Job titles, Names, Phone numbers, Physical addresses
In March 2026, the financial services firm Ameriprise Financial was named by the ShinyHunters group in a "pay or leak" extortion campaign. The group claimed possession of more than 200GB of compressed data exfiltrated from Ameriprise's Salesforce environment and internal SharePoint infrastructure, and subsequently published the data after negotiations allegedly failed. The published data contained 500k unique email addresses as well as names, phone numbers, physical addresses and employer information. In their disclosure to state attorneys general, Ameriprise reported 47,876 affected people; t
7-eleven.com
185,256 accounts · breach dated 2026-04-08
Data exposed: Dates of birth, Email addresses, Names, Phone numbers, Physical addresses
In April 2026, 7-Eleven was the victim of a "pay or leak" extortion campaign by ShinyHunters, with the data later published that month. The incident exposed 185k unique email addresses, along with names, physical addresses, dates of birth and phone numbers. A small number of records also contained additional exposed data fields. The company later advised the breach was limited to "certain 7-Eleven systems used to store franchisee documents", a statement consistent with the exposed data.
playdragonica.eu
126,293 accounts · breach dated 2025-12-06
Data exposed: Dates of birth, Email addresses, Names, Passwords, Spoken languages, Usernames
In December 2025, the European Dragonica private server Dragonica Lunaris suffered a data breach. The incident exposed 126k email addresses, usernames, dates of birth and bcrypt password hashes. The service operator confirmed the breach and advised it has since been fixed.
windows93.net
46,105 accounts · breach dated 2021-01-01
Data exposed: Email addresses, IP addresses, Passwords, Usernames
In January 2021, the parody site Windows93 suffered a data breach of the Myspace93 sub-site after a beta application was exploited to download server files. The compromised data was later leaked in June and included 46k Myspace93 accounts containing email and IP addresses, usernames and passwords stored in plain text.
ctt.pt
468,124 accounts · breach dated 2026-04-26
Data exposed: Email addresses, Names, Phone numbers
In April 2026, data allegedly obtained from CTT, Portugal's national postal service, was posted to a public hacking forum. The data included 468k unique email addresses along with names, phone numbers and parcel tracking numbers which can be used to retrieve the tracking history of the parcel.
addi.com
34,532,941 accounts · breach dated 2026-03-25
Data exposed: Age groups, Credit scores, Device information, Email addresses, Government issued IDs, Income levels, IP addresses, Latitude and longitude pairs
In March 2026, the Colombian fintech company Addi identified unauthorised activity on its platform and advised customers that "it is possible that your personal information may have been compromised". The "pay or leak" extortion group ShinyHunters subsequently claimed responsibility and published a large trove of personal data allegedly obtained from Addi. The data included 34M unique email addresses from credit scoring requests, credit bureau records, customer identity records and email validation logs. It also contained government issued IDs (Cédula de Ciudadanía), estimated income, socioeco
abrigo.com
711,099 accounts · breach dated 2026-04-14
Data exposed: Email addresses, Employers, Job titles, Names, Phone numbers, Physical addresses
In April 2026, the fintech software company Abrigo was targeted in a "pay or leak" extortion attempt by the ShinyHunters group. Shortly after, data allegedly taken from the company's Salesforce instance was published publicly and contained over 700k unique email addresses belonging to both Abrigo staff and external contacts. Whilst separate from Abrigo's Salesforce compromise via the Drift application connector the previous year, the data fields described in that incident are consistent with the ShinyHunters data, namely that it was "business contact information" including "institution name, e
canadalife.com
237,810 accounts · breach dated 2026-04-20
Data exposed: Email addresses, Job titles, Names, Phone numbers, Physical addresses, Salutations, Support tickets
In April 2026, Canada Life was the victim of a "pay or leak" extortion campaign by the ShinyHunters group. The group subsequently published the data which contained over 200k unique email addresses along with names, phone numbers, physical addresses and, in some cases, customer support tickets. In their disclosure notice, Canada Life advised that "it is a small proportion of our customers who may have been impacted". In the wake of the incident, Canada Life also published an alert cautioning customers to be wary of phishing attacks, a pattern often seen after the public release of breached dat
cushmanwakefield.com
310,431 accounts · breach dated 2026-05-05
Data exposed: Email addresses, Job titles, Names, Phone numbers, Physical addresses, Salutations
In May 2026, the real estate services firm Cushman & Wakefield was the target of a "pay or leak" extortion campaign by the ShinyHunters group. Following the threat, the group publicly published data they alleged had been obtained from the firm, consisting mostly of C&W email addresses along with tens of thousands of external email addresses and corporate contact records. The exposed data was primarily business information, including names, job titles, company addresses and phone numbers.
zara.com
197,376 accounts · breach dated 2026-04-15
Data exposed: Email addresses, Geographic locations, Purchases, Support tickets
In April 2026, the fashion brand Zara was among a number of organisations targeted by the ShinyHunters extortion group as part of their "pay or leak" campaign. The group claimed the breach was related to a compromise of the Anodot analytics platform and subsequently published a terabyte of data allegedly including 95M support ticket records. The data contained 197k unique email addresses alongside product SKUs, order IDs and the market the support ticket originated in. Zara's parent company Inditex advised that the incident didn't affect passwords or payment information.
woflow.com
447,593 accounts · breach dated 2026-03-04
Data exposed: Email addresses, Names, Phone numbers, Physical addresses
In March 2026, the AI-driven merchant data platform Woflow was named as a victim by the ShinyHunters data extortion group. The group subsequently published tens of thousands of files allegedly obtained from the company, comprising more than 2TB of data. The trove included hundreds of thousands of email addresses, names, phone numbers and physical addresses, with the data indicating it related to Woflow customers and, in turn, the customers of merchants using their platform.
legionproxy.io
10,144 accounts · breach dated 2026-04-06
Data exposed: Email addresses, Names, Passwords, Purchases
In April 2026, the commercial residential and ISP proxy network LegionProxy suffered a data breach. The incident exposed 10k email addresses, bcrypt password hashes, names and purchases.
vimeo.com
119,167 accounts · breach dated 2026-04-28
Data exposed: Email addresses, Names
In April 2026, the ShinyHunters extortion group listed Vimeo on their extortion portal as part of their "pay or leak" campaign. They subsequently published hundreds of gigabytes of data, predominantly consisting of video titles, technical data and metadata. The data also included 119k unique email addresses, sometimes accompanied by names. Vimeo attributed the exposure to a breach of Anodot, a third-party analytics vendor, and advised the incident does not include "Vimeo video content, valid user login credentials, or payment card information".
reborngaming.net
126 accounts · breach dated 2026-04-30
Data exposed: Email addresses, IP addresses
In April 2026, the gaming community Reborn Gaming suffered a data breach due to a vulnerability in cPanel and WebHost Manager (WHM). The breach exposed 126 unique email addresses along with IP addresses and Steam IDs. Reborn Gaming self-submitted the data to Have I Been Pwned.
marcusmillichap.com
1,837,078 accounts · breach dated 2026-04-12
Data exposed: Email addresses, Employers, Job titles, Names, Phone numbers, Physical addresses
In April 2026, the commercial real estate brokerage firm Marcus & Millichap was named as one of multiple alleged victims of the ShinyHunters hacking and extortion group. Data alleged to have been obtained from the company was subsequently released publicly and included 1.8M unique email addresses, along with names, phone numbers and employment-related information including employer, job title and physical company address. In their disclosure notice, Marcus & Millichap advised that data which may have been accessed appeared limited to "company forms, templates, marketing materials, and general
zenbusiness.com
5,118,184 accounts · breach dated 2026-03-27
Data exposed: Email addresses, Names, Phone numbers
In March 2026, the hacker and extortion group "ShinyHunters" claimed to have obtained a substantial corpus of data from ZenBusiness, a business formation and compliance platform. The group claimed the data had been exfiltrated from platforms including Snowflake, Mixpanel and Salesforce, and threatened to publish it if a ransom was not paid. The following month, after claiming payment had not been made, ShinyHunters publicly released the data. The collection amounted to many terabytes across thousands of files that appeared to originate from multiple systems and business functions, including le
aman.com
215,563 accounts · breach dated 2026-04-20
Data exposed: Dates of birth, Email addresses, Genders, Language preferences, Names, Nationalities, Phone numbers, Physical addresses
In April 2026, the ultra-luxury hotel brand Aman was named by ShinyHunters as the target of a "pay or leak" extortion campaign, with the data allegedly obtained from their Salesforce CRM. The data was subsequently leaked publicly and contained over 200k unique email addresses. Whilst not present on all records, the data also included genders, physical addresses, phone numbers, nationalities, dates of birth, spouse names and VIP status codes.
pitneybowes.com
8,243,989 accounts · breach dated 2026-04-20
Data exposed: Email addresses, Job titles, Names, Phone numbers, Physical addresses
In April 2026, the hacking collective ShinyHunters claimed to have obtained data from Pitney Bowes as part of a broader extortion campaign that also named several other organisations. After negotiations allegedly failed, the group publicly released the data which included 8.2M unique email addresses, along with names, phone numbers and physical addresses. A subset of the data also included Pitney Bowes employee records with job titles.
adt.com
5,488,888 accounts · breach dated 2026-04-20
Data exposed: Dates of birth, Email addresses, Names, Partial government issued IDs, Phone numbers, Physical addresses
In April 2026, home security firm ADT confirmed a data breach by ShinyHunters, which listed the company on its website as part of a "pay or leak" extortion attempt. The breach impacted 5.5M unique email addresses along with names, phone numbers and physical addresses. ADT also advised that "in a small percentage of cases, dates of birth and the last four digits of Social Security numbers or Tax IDs were included" and that it had contacted all affected people.
udemy.com
1,401,259 accounts · breach dated 2026-04-24
Data exposed: Email addresses, Employers, Job titles, Names, Payment methods, Phone numbers, Physical addresses
In April 2026, online training company Udemy was the victim of a “pay or leak” extortion attempt perpetrated by the ShinyHunters group. The data was subsequently leaked publicly and contained 1.4M unique email addresses belonging to customers and instructors. The data also included names, physical addresses, phone numbers, employer information and instructor payout methods including PayPal, cheque and bank transfer.
carnivalcorp.com
7,531,359 accounts · breach dated 2026-04-18
Data exposed: Dates of birth, Email addresses, Genders, Geographic locations, Loyalty program details, Names, Salutations
In April 2026, the notorious hacking collective ShinyHunters claimed they had obtained a substantial volume of data belonging to the Carnival cruise operator and attempted to extort the organisation to prevent the data from being leaked. The following week, the group published the data publicly, which contained 8.7M records with 7.5M unique email addresses. The data contained fields indicating it related to the Mariner Society loyalty program run by Holland America, a cruise line brand under Carnival, and included names, dates of birth, genders and data relating to status within the loyalty pr
amtrak.com
2,147,679 accounts · breach dated 2026-04-03
Data exposed: Email addresses, Names, Physical addresses, Support tickets
In April 2026, the hacking group ShinyHunters claimed they had breached Amtrak. The group typically compromises organisations' Salesforce instances before demanding a ransom and later, if not paid, dumping the data publicly. They subsequently published the alleged data which contained over 2M unique email addresses along with names, physical addresses and customer support records.
mheducation.com
13,500,136 accounts · breach dated 2026-04-10
Data exposed: Email addresses, Names, Phone numbers, Physical addresses
In April 2026, education company McGraw Hill confirmed a data breach following an extortion attempt. Attributed to a Salesforce misconfiguration, the company stated the incident exposed "a limited set of data from a webpage hosted by Salesforce on its platform". More than 100GB of data was later publicly distributed, containing 13.5M unique email addresses across multiple files, with additional fields such as name, physical address and phone number appearing inconsistently across some records.
hallmark.com
1,736,520 accounts · breach dated 2026-03-31
Data exposed: Email addresses, Names, Phone numbers, Physical addresses, Support tickets
In March 2026, Hallmark suffered an alleged breach and subsequent extortion after attackers gained access to data stored within Salesforce. The data was later published after the extortion deadline passed, exposing 1.7M unique email addresses across both Hallmark and the Hallmark+ streaming service, along with names, phone numbers, physical addresses and support tickets.
mylovely.ai
106,271 accounts · breach dated 2026-04-07
Data exposed: Email addresses, Social media profiles
In April 2026, the NSFW AI girlfriend platform My Lovely AI suffered a data breach that exposed over 100k users. The data included user-created prompts and links to the resulting AI-generated images, along with a small number of Discord and X usernames.
crunchyroll.com
1,195,684 accounts · breach dated 2026-03-12
Data exposed: Email addresses
In March 2026, the anime streaming service Crunchyroll suffered a data breach alleged to have impacted 6.8M users. The exposed data is reported to have originated from the company's Zendesk support system where "name, login name, email address, IP address, general geographic location and the contents of the support tickets" were exposed. A subset of 1.2M email addresses from an alleged 2M record dataset being sold was later provided to HIBP.
songtrivia2.io
291,739 accounts · breach dated 2026-04-02
Data exposed: Auth tokens, Avatars, Email addresses, Names, Passwords, Usernames
In April 2026, the music trivia platform SongTrivia2 suffered a data breach that was subsequently published to a public hacking forum. The data contained a total of 291k unique email addresses sourced from either Google OAuth logins or accounts created on the site, the latter also containing bcrypt password hashes. The data also included names, usernames and avatars.
success.com
253,510 accounts · breach dated 2026-03-04
Data exposed: Device information, Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Purchases
In March 2026, the personal development and achievement media brand SUCCESS suffered a data breach. The incident exposed 250k unique email addresses along with names, IP addresses, phone numbers and, for a limited number of staff members, bcrypt password hashes. The data also included orders containing physical addresses and the payment method used. In SUCCESS' disclosure notice, they advised their system had also been abused to send offensive newsletters with quotes falsely attributed to contributors.
cuties.ai
144,250 accounts · breach dated 2025-03-21
Data exposed: Avatars, Display names, Email addresses
In March 2026, the NSFW AI companion platform Cuties AI suffered a data breach that was subsequently published to a public hacking forum. The incident exposed 144k unique email addresses along with display names, avatars, prompts and descriptions used to generate AI adult images, as well as URLs to the generated content. The data also included the account that created the content and a stated "preference" of either female or trans.
breachforums.bf
339,778 accounts · breach dated 2026-03-26
Data exposed: Email addresses, Passwords, Usernames
In March 2026, a breach of one of the many iterations of the BreachForums hacking forum known as "Version 5" was publicly disclosed. The incident exposed 340k unique email addresses along with usernames and argon2 password hashes.
scufgaming.com
128,683 accounts · breach dated 2015-06-05
Data exposed: Display names, Email addresses, IP addresses, Passwords, Usernames
In June 2015, custom gaming controller maker Scuf Gaming suffered a data breach. The incident exposed 129k unique email addresses along with usernames, display names, IP addresses and password hashes.
soundradix.com
292,993 accounts · breach dated 2026-03-25
Data exposed: Email addresses, Names, Passwords
In March 2026, the audio production tools company Sound Radix disclosed a data breach that they subsequently self-submitted to HIBP. The incident impacted 293k unique email addresses and names. Sound Radix advised that it is possible that additional data including hashed passwords may have been exposed, and that no financial or credit card information was impacted.
rsboards.com
222,762 accounts · breach dated 2011-12-26
Data exposed: Email addresses, IP addresses, Passwords, Usernames
In around 2011, the now defunct RuneScape Boards forum (also known as RSBoards) suffered a data breach that was later redistributed as part of a larger corpus of data. The vBulletin-based service exposed 223k unique email addresses along with usernames, IP addresses and salted MD5 password hashes.
aura.com
903,080 accounts · breach dated 2026-03-06
Data exposed: Customer service records, Email addresses, IP addresses, Names, Phone numbers, Physical addresses
In March 2026, the online safety service Aura disclosed a data breach that exposed 900k unique email addresses. The data was primarily associated with a marketing tool from a previously acquired company, with fewer than 20k active Aura customers affected. Exposed data included names, phone numbers, physical and IP addresses, and customer service notes. Aura advised that no Social Security numbers, passwords or financial information were compromised.
divineskins.gg
105,814 accounts · breach dated 2026-03-13
Data exposed: Email addresses, Purchases, Usernames
In March 2026, the League of Legends custom skins service Divine Skins suffered a data breach. The incident was disclosed via the service's Discord server, where Divine Skins stated that an unauthorised third party accessed part of its systems, deleted all skins from the database and exposed email addresses and usernames. The data also contained a history of purchases made by users.
baydoner.com
1,266,822 accounts · breach dated 2026-03-08
Data exposed: Dates of birth, Email addresses, Genders, Geographic locations, Government issued IDs, Names, Passwords, Phone numbers
In March 2026, the Turkish restaurant chain Baydöner suffered a data breach which was subsequently published to a public hacking forum. The incident exposed over 1.2M unique email addresses along with names, phone numbers, cities of residence and plaintext passwords. A small number of records also included Turkish national ID number and date of birth. In their disclosure notice, Baydöner stated that payment and financial data was not affected.
provecho.bio
712,904 accounts · breach dated 2026-01-30
Data exposed: Email addresses, Usernames
In early 2026, data purportedly sourced from the recipe and meal planning service Provecho was alleged to have been obtained in a breach. The exposed data included 713k unique email address along with username and the creator account holders followed. Provecho has been notified and is aware of the claims surrounding the incident.
495,556 accounts · breach dated 2026-02-25
Data exposed: Display names, Email addresses, Profile photos
In February 2026, the couples and relationship app Lovora allegedly suffered a data breach that exposed 496k unique email addresses. The data also included users’ display names and profile photos, along with other personal information collected through use of the app. The app’s maker, Plantake, did not respond to multiple attempts to contact them about the incident.
quitbro.app
22,874 accounts · breach dated 2026-02-17
Data exposed: Email addresses, Partial dates of birth, Usernames
In February 2026, the porn addiction app Quitbro allegedly suffered a data breach that exposed 23k unique email addresses. The data also included users’ years of birth, responses to questions within the app and their last recorded relapse time. The app’s maker, Plantake, did not respond to multiple attempts to contact them about the incident.
komiko.app
1,060,191 accounts · breach dated 2026-02-25
Data exposed: AI prompts, Email addresses, Forum posts, Names
In February, the AI-powered comic generation platform KomikoAI suffered a data breach. The incident exposed 1M unique email addresses along with names, user posts and the AI prompts used to generate content. The exposed data enables the mapping of individual AI prompts to specific email addresses.
Breach data is aggregated with attribution from Have I Been Pwned; ScamEncyclopedia does not store or republish any leaked credentials. Check your own exposure and subscribe to alerts at haveibeenpwned.com.