Breach catalogue

In 17 September 2020, nearly 100 thousand dehashed stolen login credentials from Double Funs a game server were found leaked online. When searching online for the leak, our analysts found public information that the leak might be acquired in DataViper security breach. It is probably not a coincidence that a threat actor which has been mentioned many times with databases from DataViper dump is the publisher of this one too. In July 2020, DataViper, a BreachReport competitor, and its overarching entity Night Lion Cyber Security Company, trusted by Europol, FBI and Dubai Police along with many others were allegedly hacked by an actor with 'NightLion' nickname. He claimed that he has seized the whole database of DataViper and even the login credentials of intelligence officers, in a statement he made. The databases were put on sale and subsequently some sections were leaked for free. The DoubleFuns database is probably of that kind, 97,804 pairs of email addresses and plaintext passwords are found. DoubleFuns breach allegedly took place in December 2019. Due that it is not verifiable we put the day it has been indexed by BreachReport. The users are advised to check their status in world's greatest leaked credentials database (i.e. BreachReport) and secure their accounts against the threat of plaintext passwords. Also, for protection against future leaks we advise users to check the link #01 to learn if one of the websites they registered for might be breached too in DataViper dump.

In 14 September 2020, nearly 8 thousand email:password pairs from an American online cosmetology training platform Florida EDU were allegedly leaked. The publisher, who has been mentioned in Usability Score Card report with the same date, did not give further details on timeline and hacking technique. Despite the humble amount of records, the database proves to be legitimate with 7,968 unique accounts made of emails and MD5 hashed passwords whereas there are only 2 duplicates. The administrators of the website has not made a remark on the incident yet, in light of this, the users are invited to check their status and to secure their accounts themselves for now.

In 14 September 2020, login credentials from Usability Score Card a business solution for measuring UX performance were found leaked. They were dumped by a collector which recently has registered to that hacking forum. There are no indication regarding the true breach date and hacking technique. However, data form hints us of a brute force attack with a special configuration for certain domains. The database has been checked by BreachReport: 1,380 sets of phone numbers, email addresses and MySQL5 hashed passwords are unmatched with our cumulative database which is the largest of the world. MySQL5 hashing algorithm is one we rarely see, it is works like two SHA-1 hashing processes operating on different halves of the same text. Administration of the website decided to restrict new registrations and gradually discontinue the service. The users are advised to check their status in our database for free and change their passwords or preferably delete their accounts there.

In September 2020, Singapore Intimates an online erotic shop allegedly came under an attack exposing thousands of email addresses, MD5 hashed passwords and salts. The database has been shared exclusively in a hacker forum in 12 September 2020, in package of different versions of dumped data. Published by a reputable member of that hacker forum, SG Intimates database does not offer us traceable leads to understand hacking technique. BreachReport found the database to be legitimate with nearly 19,000 unique email addresses, 11,843 of which is coupled by hashed passwords. It is important to note that exposure of user accounts in such a site provokes further attacks on reputation of people. The users are strongly advised to check their status and change their passwords. Also the further attacks might include blackmailing, if you receive such messages or calls immediately contact law enforcement.

In 10 September 2020, databases made up of email:password pairs from 23 Swedish websites are shared in dark web. Tippa Mello a platform for competing in tipping the results of the Melody Festival was allegedly one of the breached websites. Recognised through doxxing work and country-wide database leaks, the publisher of the package has not provided breach dates and techniques he used. There are yet to be references to the incident online. Exposed information usually goes without matches from our database, which exacerbates the situation. In TippaMello database, 2,309 pairs of email addresses and SHA-1 hashed passwords were found to be unique. The users of the site should check their status in our database and secure their accounts immediately.

In 10 September 2020, databases made up of email:password pairs from 23 Swedish websites are shared in dark web. TastyCat a casting community for discussion on amateur adult photos was allegedly one of the breached websites. Recognised through doxxing work and country-wide database leaks, the publisher of the package has not provided breach dates and techniques he used. There are yet to be references to the incident online. Exposed information usually goes without matches from our database, which exacerbates the situation. In TastyCat database, 116,384 pairs of email addresses were found to be unique. Nature of the website obliges the users to be extremely careful about the emails they are receiving. They might be subject to phishing or extortion attacks, which might be remembered from reports on other adult-themed websites.

In 10 September 2020, databases made up of email:password pairs from 23 Swedish websites are shared in dark web. Net Doktor PRO a medicine blog and closed community of doctors was allegedly one of the breached websites. Recognised through doxxing work and country-wide database leaks, the publisher of the package has not provided breach dates and techniques he used. There are yet to be references to the incident online. Exposed information usually goes without matches from our database, which exacerbates the situation. In Net Doktor PRO database, 2837 pairs of email addresses and SHA-1 hashed passwords were found to be unique. The users of the site should check their status in our database and secure their accounts immediately.

In 10 September 2020, databases made up of email:password pairs from 23 Swedish websites are shared in dark web. Julradio (Christmas Radio) was allegedly one of the breached websites. Recognised through doxxing work and country-wide database leaks, the publisher of the package has not provided breach dates and techniques he used. There are yet to be references to the incident online. Exposed information usually goes without matches from our database, which exacerbates the situation. In Julradio database, 2153 pairs of email addresses and SHA-1 hashed passwords were found to be unique. The users of the site should check their status in our database and secure their accounts immediately.

In 10 September 2020, databases made up of email:password pairs from 23 Swedish websites are shared in dark web. DreamHack an eSports community was allegedly one of the breached websites. Recognised through doxxing work and country-wide database leaks, the publisher of the package has not provided breach dates and techniques he used. There are yet to be references to the incident online. Exposed information usually goes without matches from our database, which exacerbates the situation. In DreamHack database, 8516 pairs of email addresses and SHA-1 hashed passwords were found to be unique. The users of the site should check their status in our database and secure their accounts immediately.

In 21 December 2017, login credentials and other info from users of Y9SQ erotic photo sharing forum were shared online. Publisher of the database has added that the package was seized in 2016, and site was no longer available. Our search for further information for verification purposes returned no data; however, another member of the hacker forum has posted a mini-research under the thread. He claims that Y9SQ was a redirect to U9SQ and its snapshot was taken by Wayback Machine in 2014. Contents of the breached file can be verified even by only looking at usernames, UUIDs and registration dates there. In our research too this method proved to be legitimate but still the claim stands to be proven, since the site does not have login functionality anymore. If you have been breached in this incident, we kindly ask you to get in contact with us.

In 11 August 2020, more than 50 thousand sets of names, email addresses, hashed passwords, IP addresses from ForumPlay a forum of Polish movie-series fans were allegedly breached. Database has been put on a dark web forum in 7 September 2020. In BreachReport’s analysis on the file, names and hashed passwords could not be found. More details regarding the hacking technique are investigated. Administration of the site responded quickly, the whole platform was shut down within the matter of minutes after public exposure. The users of ForumPlay are highly advised to be alert against hacking techniques still available such as phishing and brute forcing. Quite possibly the administration would want to renew your passwords soon, we recommend you to wait for e-mails from official domain of the site. Do not give further information about you and avoid malicious links you might receive. You might want to check if you are breached, in our database.

In 8 September 2020, login credentials from a leading cryptocurrency and airdrop programme CryptoBharat were allegedly exposed in a dark web share. The database came from a well-known hacker, also publishing Boom-Cash and SLD.RU databases. It is the first time has been indexed with such an incident. BreachReport analysis on the file disclosed 9,053 unique accounts affected by the event, in form of email addresses and plaintext passwords. The users of the site are advised to take measures against further losses, potentially financial ones.

In 5 September 2020, collection of databases from 5 different platforms amounting more than 500 thousand lines were found leaked online. IT Home, a China-based technology shop were amongst the claimed victims. Currently being shut down, the website was indexed by BreachReport in 6 March 2019 on another leak affecting 140,106 accounts. There are some databases found to be matching earlier ones; however, IT Home database has not matched any in our knowledge. 90,131 unique email and plaintext password pairs are found post-cleanup procedure. There are rumours about the package to be part of recent DataViper breach compromising 262 thousand IT Home accounts, which is still investigated. The users of the website currently cannot make any amendments to their accounts; however, we advise them to contact support centre of IT Home.

In 5 September 2020, collection of databases from 5 different platforms amounting more than 500 thousand lines were found leaked online. aFaqs a India-based creative advertising/marketing network was amongst the claimed victims. The website has been associated similar breaches earlier where nearly 300 thousand and 5 thousand were compromised in different packages. 5,736 unique email and plaintext password pairs are found post-cleanup procedure. The users of the website are advised to secure their accounts immediately.

In 5 September 2020, collection of databases from 5 different platforms amounting more than 500 thousand lines were found leaked online. Bolexiang, a China-based shop were amongst the claimed victims. Currently being shut down, the website has not been associated with any breaches earlier. There are some databases found to be indexed earlier by BreachReport; however, Bolexiang database has not matched any previous leaks in our knowledge. 115,760 unique email and plaintext password pairs are found post-cleanup procedure. The users of the website currently cannot make any amendments to their accounts; however, we advise them to contact support centre of Bolexiang.

In 5 September 2020, collection of databases from 5 different platforms amounting more than 500 thousand lines were found leaked online. Windows Dating were amongst the claimed victims. The website has been associated a similar breach earlier where nearly 30 thousand accounts were compromised. 29,450 unique email and plaintext password pairs are found post-cleanup procedure. The users of the website are advised to secure their accounts immediately.

In 5 September 2020, collection of databases from 5 different platforms amounting more than 500 thousand lines were found leaked online. Paperary, a student papers archive were amongst the claimed victims. Currently being shut down, the website has not been associated with any breaches earlier. 251,303 unique email and plaintext password pairs are found post-cleanup procedure. The users of the website currently cannot make any amendments to their accounts; however, we advise them to contact support centre of Paperary.

In 8 September 2020, credentials allegedly belonging to users of a Madagascar-based job search engine JobMada became available to download in dark web. The package seized by BreachReport has been shared by the same hacker of Due Emme Antenne, we also indexed it. The database is a good quality and clean with 54,001 email and MD5 hashed passwords. Nature of the site complicates the issue for the safety of personal information. The users are strongly advised to change their login credentials before it is too late.

In 6 September 2020, phone numbers and login credentials from Future Smoking RU an e-cigarette shop with delivery to all Russian cities were found leaked online. Even though he has not provided other details, it is visible that the hacker brute-forced logins from the site. The database consists of 13,023 unique sets of phone numbers, email addresses and MD5 hashed passwords, which might be easily dehashed. Users of the shop are advised to check their status in BreachReport and change their passwords to secure their accounts.

In 8 September 2020, a database from Due Emme Antenne telecommunications shop was published online. The a publisher of the database is a rookie collectionner who has specific interest in ransomwares. The database is probably legitimate with 29,852 sets of emails and MD5 hashed passwords. Easily crackable hashing algorithm exacerbates safety of the users. Members of the shop are advised to change their login credentials immediately.