Breach catalogue

In July 2, 2020, 825 sets of large variety of data from Thai Massage Gruppen were leaked online. The platform served as a directory of Thai massage saloons, owners of which can individually register. According to the investigation of BreachReport, it is the first time the website being mentioned in a data theft news. The publisher, who claims to be the hacker himself, allegedly made use of an SQLi vulnerability for extracting users database. Detailed analysis on the file disclosed 5 fake logins and different passwords associated with the same e-mail address, they likely imply password changes. An exhaustive list of the stolen data includes user IDs, email addresses, names, mobile numbers, business roles, account creation times, account update times, bcrypt hashed passwords, "Remember me" tokens and e-mail verification method. Despite that bcrypt hashing algorithm is one of the strongest ever known, it is not impossible to break and moreover the data leak might facilitate other hacking attempts. The users are recommended to stay alert against social engineering and phishing attacks, and ideally to change their login credentials.

In June 30, 2020, 1,896,314 accounts from GigaSize file hosting platform were detected in a hacker forum. The hacker who re-shared this already public database did not give further information; however, the data theft allegedly took place in October 2019 according to other sources. The database consists of e-mails and plain text passwords, which undoubtedly poses great danger to the users. BreachReport highly recommends users of the platform to check their status in our database and take action against further unauthorised access to their private files.

In November 2019, 41,480 login credentials stolen from The Safe House gaming forum. BreachReport analysed and found the file to involve usernames, emails and passwords. There is only one mention to the event by a competitor, which only identifies the domain. The breach date is marked as alleged by the sender while analysis has not reached a conclusion regarding the exploits used for stealing data. The nature of the forum, which is usually used by minors and sometimes might include personal data, raises concerns over the threat of cyber bullying and identity theft. We strongly advise the users of the forum and guards to take action against danger by checking their status on BreachReport.

In 2020, login credentials and security questions of 25,629 accounts from Paparazzi Revista Argentinian paparazzi magazine were leaked. The website has not been mentioned in data leaks news before. The hacker who published the database in a forum alleged that breach took place in 2020, without any further information regarding the techniques. Paparazzi Revista database is made of usernames, emails, dehashed passwords and security question. Although the leak is not expected to bring about further direct data theft, it might be stuffed into other databases. Hence, if the same credentials are used in other platforms, we advise you first to check your status in BreachReport. Then, change your logins including usernames and e-mails since security question might still be used.

In April 28, 2020, 436 credentials from Shaws Electrical Limited hardware shop were published as a part of a great collection of 200 databases. The website has not been mentioned in data leaks news and date of breach is unknown. The users database of the English commerce platform consists of emails and plain text passwords, though there are no financial data found. Hackers might use these credentials to hijack shipments, make new orders and for other abuses. Users are encouraged to check their status in BreachReport database and change their passwords.

In April 28, 2020, 8,934 credentials from NCERT Help, an archive of answers to Indian NCERT exams, were published as a part of a great collection of 200 databases. The website has not been mentioned in data leaks news and date of breach is unknown. The users database of the platform consists of emails and plaintext passwords. Due to the nature of the website, students who are possibly underage might face the threat of cyber bullying and personal data theft. Users and parents are highly advised to check their status in BreachReport database and change their passwords.

In April 28, 2020, 958 credentials from My Footage Research historical video sharing platform were published as a part of a great collection of 200 databases. The website has not been mentioned in data leaks news and date of breach is unknown. Contents of the website were transferred over YouTube, possibly after the attack. The users database of the platform consists of emails and plaintext passwords. Hackers might utilise the credentials in stuffing for further attacks on other accounts with same logins. Users are encouraged to check their status in BreachReport database and change their passwords for all accounts.

In April 28, 2020, 621 credentials from Torino National Cinema Museum were published as a part of a great collection of 200 databases. The website has not been mentioned in data leaks news and date of breach is unknown. The users database of the museum consists of emails and plaintext passwords. Hackers might use these credentials to commit personal data theft. Users are encouraged to check their status in BreachReport database and change their passwords.

In April 28, 2020, 21,403 credentials from MobilHouse phone, consumer electronics and hardware shop were published as a part of a great collection of 200 databases. The website has not been mentioned in data leaks news and date of breach is unknown. The users database Czech e-commerce platform consists of emails and plaintext passwords, though there are no financial data found. Hackers might use these credentials to hijack shipments, make new orders and many other transactions. Users are encouraged to check their status in BreachReport database and change their passwords.

In May 12, 2020, 5 premium accounts from Evil Angel adult movies platform were given away in promotion of a data leaks shop in dark web. This is the first time Evil Angel is mentioned in our database and there are no records of leaks regarding the site. BreachReport data specialists detected a hacker who promotes his online shop by pasting accounts from adult video platforms. During the investigations great amount of login credentials and personal data were found. The database consists of email-password pairs which were not found to be matching previously leaked data. Due to the nature of the leak, the danger of blackmailing is relevant. Users are highly recommended to check their login credentials in BreachReport.

In May 12, 2020, 11 premium accounts from Bang adult movies platform were given away in promotion of a data leaks shop in dark web. This is the first time Bang is mentioned in our database and there are no records of leaks regarding the site. BreachReport data specialists detected a hacker who promotes his online shop by pasting accounts from adult video platforms. During the investigations great amount of login credentials and personal data were found. The database consists of email-password pairs which were not found to be matching previously leaked data. Due to the nature of the leak and emails purporting to belong to education/corporate entities, the danger of blackmailing is relevant. Users are highly recommended to check their login credentials in BreachReport.

In February 1st, 2020, 446 accounts from Spotify music streaming service were released in dark web. Yet another leak exposed Spotify premium accounts with Family, Student, Hulu and Individual subscription plans. According to the author which is known for account generation projects on adult sites, data theft is conducted via brute force. The database contains email addresses and non-hashed passwords, which leaves users at the face of immediate danger. Check your login credentials to be safe, now.

In June 2020, a file allegedly belonging to Northeast Florida Marlin Association, a fishing and outdoor sports community, surfaced on the web. The file consisted of 221 user accounts, compromising email addresses and passwords. The owners of the website have not given the official statement yet, nevertheless the database content has not been found in the previously leaked files.

In June 2020, a file allegedly belonging to Air Field Models, a community for model radio controlled aircraft builders, surfaced on the web. The file consisted of 3,872 user accounts, compromising email addresses and passwords. The owners of the website have not given the official statement yet, nevertheless the database content has not been found in the previously leaked files.

In June 2020, a file allegedly belonging to Willow and Wood music band surfaced on the web. The file consisted of 70,532 user accounts, compromising email addresses and passwords. The owners of the website have not given the official statement yet, nevertheless the database content has not been found in the previously leaked files.

In June 2020, a file allegedly belonging to MosuShop, a shop for magic decorations and tools, surfaced on the web. The file consisted of 5,036 user accounts, compromising email addresses and passwords. The owners of the website have not given the official statement yet, nevertheless the database content has not been found in the previously leaked files.

In June 2020, a file allegedly belonging to Let's Go Fishing, a calendar utility to plan fishing events, surfaced on the web. The file consisted of 3,721 user accounts, compromising email addresses and passwords. The owners of the website have not given the official statement yet, nevertheless the database content has not been found in the previously leaked files.

In November 2017, a file allegedly belonging to Kolesa, an aluminium performance discs shop, surfaced on the web as a part of notoriously known combo-list called Collection #1. The file consisted of 1,105 user accounts, compromising email addresses and passwords. The database content has not been found in the previously leaked files and BreachReport is investigating the whereabouts of allegedly stolen 2,282 accounts.

In June 2020, a file allegedly belonging to Spotify, music streaming service, surfaced on the web. The file, which was given away in promotion of an online data leaks shop, consisted of 21 user accounts, compromising email addresses and passwords. The owners of the website have not given the official statement yet, nevertheless the database content has not been found in the previously leaked files.

In June 13, 2017, a file allegedly belonging to Netflix, a streaming service, surfaced on the web. The file, which was given away in promotion of an online data leaks shop, consisted of 15 user accounts, compromising email addresses and passwords. The owners of the website have not given the official statement yet, nevertheless the database content has not been found in the previously leaked files.