Breachreport logotype Breachreport logotype
Sign in

Breach catalogue

xss.is ? Date of breach: unknown
3,039,418,396 accounts
Encryption: plain text
At an unconfirmed date, the database known as xss.is has been dumped on the dark web. A massive file containing over 3 billion user accounts contained email-plaintext password combinations possibly from a large number of websites compromised due to the xss attack.
Data compromised: email, plaintext password
BigDB Combolist cryptocurrency, games, services Date of breach: 07 2019
2,680,349,475 accounts
Encryption: plain text, bcrypt, MD5
On January 7th 2019 a massive 595 GB packed database named "BigDB" was leaked on the internet. This database is comprised of a large number of websites which is the reason why the same email can be found multiple times. The file contained 5 collections: Collection #1 having 90GB of data, 773 million unique emails and 2.7 billion records, with Collection #2 through #5 having almost 850GB of data in total. The breach discovered on one of the biggest hacking forums surpassed the previous largest one, the Exploit.in combolist, by almost two times. The dump aggregated 252 previous breaches, such as Anti Public and Exploit.in, and decrypted passwords of the known sites such as LinkedIn, Bitcoin and Pastebin.
External links: https://medium.com/4iqdelvedeep/1-4-billion-clear-...
Data compromised: password, email, plaintext password
Collection #2 Date of breach: 2019
866,851,442 accounts
Encryption: plain text
As a part of the January 7th 2019 BigDB database leak, Collection #2 to #5 exposed over 850GB of data, with Collection #2 alone leaking more than 800M unique email addresses and passwords. The BigDB database does not feature new breaches, it is an aggregate file old breaches with newly decrypted passwords which the infosec community couldn't crack before. The file consists of the breached site data of the most famous services such as quifax, Marriot, Yahoo, LinkedIn, and eBay.
External links: https://metro.co.uk/2019/02/01/collection-2-5-2-2b... , https://www.softwaretestingnews.co.uk/19059-2-coll...
Data compromised: email, plaintext password
Exploit.in ? Date of breach: October 2016
360,000,000 accounts
Encryption: unknown
In October 2016, a huge combo list called "Exploit.in" surfaced on the web. The combolist contained 360M unique email addresses and passwords pairs, many of them hacked from multiple systems. Many login and password matches in the file have been confirmed. The credentials were subsequently used by the attackers for credential stuffing attacks.
Data compromised: email, password
Myspace.com social network Date of breach: 28 May 2016
353,178,633 accounts
Encryption: plain text
In May 2016, shortly before the Memorial Day weekend, the Myspace technical security team became aware that stolen Myspace user login data has been made available in an online hacker forum. The compromised data is limited to a portion of Myspace usernames, passwords and email addresses, from the old Myspace platform prior to June 11, 2013 when the site was relaunched with the enhanced account security.
External links: https://www.businesswire.com/news/home/20160531005... , https://www.usatoday.com/story/tech/2016/05/31/360...
Data compromised: email, password, username
Netease.com services, IT services Date of breach: October 2015
290,512,703 accounts
Encryption: unknown
In October 2015, a Chinese IT company that provides online services focusing on content, communications community and commerce NetEase was reported to have suffered a data breach that impacted hundreds of millions of subscribers. The compromised information contains email addresses and plain text passwords.
External links: http://tech.sina.com.cn/i/2015-10-19/doc-ifxivsce6... , https://www.hackread.com/hacker-selling-1-billion-...
Data compromised: email, plaintext password
Dubsmash.com video, application Date of breach: December 2018
161,549,213 accounts
Encryption: SHA-256
In December 2018 around 162 million accounts of Dubsmash were breached and breached information included unique emails, SHA256-hashed password, phone numbers, locations and usernames. Accounts were later found for sale on the dark web. Dubsmash immediately launched an investigation.
External links: https://www.theregister.co.uk/2019/02/11/620_milli...
Data compromised: email, password, user id, username, phone number, location
Adobe.com services, technology, design Date of breach: 13 October 2013
153,004,874 accounts
Encryption: plain text
In October 2013, Adobe officially confirmed the breach to their network. The compromised data included the source code for Adobe products, usernames and encrypted passwords of around 38M user accounts.
External links: https://helpx.adobe.com/x-productkb/policy-pricing...
Data compromised: email, password, product source code
MyFitnessPal.com lifestyle, health, application Date of breach: February 2018
143,497,313 accounts
Encryption: SHA-1 salted, bcrypt
In February 2018, around 150 milion accounts were compromised and 3.5GB of data taken from MyFitnessPal.com. Compromised data included user IDs, usernames, email addresses, SHA1-hashed passwords, and IP addresses. This breach was acknowledged by MyFitnessPal and their spokeperson urged users to change their passwords if they have not done so already by the time of the breach announcement.
External links: https://content.myfitnesspal.com/security-informat... , https://www.forbes.com/sites/paullamkin/2018/03/30...
Data compromised: username, user id, salted hashed password, ip address, email
Badoo.com social network Date of breach: May 2016
127,380,564 accounts
Encryption: plain text
In May 2016 the news about the massive database circulating the dark web gained notion. The mentioned database allegedly holds 57M unique account information from various dating sites, as well as facebook accounts and cell phone numbers that could be found for thousands of users. The interesting story behind this breach is that no one can confirm the origin of the data with certainty. Around 88,000 accounts were from badoo.com domain, however the spokesperson from Badoo denied that the website experienced any breaches. Compromised data includes usernames, email addresses, and MD5 hashed passwords, Facebook accounts and cellphone numbers.
External links: https://www.zdnet.com/article/after-mystery-hack-m...
Data compromised: email, hashed password, username, phone number
Linkedin.com social network Date of breach: May 2012
113,116,087 accounts
Encryption: MD5
In May 2012, the social networking website LinkedIn experienced a breach resulting in 6.5M exposed accounts. The hack was executed by Russian cybercriminals. The compromised data included emails and passwords of users.
External links: https://en.wikipedia.org/wiki/2012_LinkedIn_hack
Data compromised: email, password
VK.com social network Date of breach: June 2013
100,544,934 accounts
Encryption: plain text
In June 2016, the VK user account info database has been publicly offered for sale on dark web. Compromised data consists of around 100M unique names, email addresses, plain-text passwords, location, phone numbers, and secondary email addresses. The hacker known as Peace_of_mind has reported that passwords were already in plain texts before the hack event occured. The VK hack has been believed to have taken the place between 2012 and 2013 when other viral sites experienced breaches as well.
External links: https://thehackernews.com/2016/06/vk-com-data-brea...
Data compromised: name, email, plaintext password, location, phone number
Youku.com social network Date of breach: 2016
93,453,702 accounts
Encryption: MD5
In 2016, a popular Chinese video service Youku Inc. experienced a data breach. Around 1 billion accounts were stolen, but 100M were publicly displayed on the dark web. The file consists of email addresses and passwords decrypted with MD5 & SHA1 hashes.
External links: https://www.hackread.com/chinese-video-service-you...
Data compromised: email, hashed password
Rambler.ru social network Date of breach: February 2012
91,436,269 accounts
Encryption: plain text
Rambler.ru, also known as Russia's Yahoo, suffered a massive data breach in 2012 in which an unknown hacker or a group of hackers managed to steal nearly 100 Million user accounts, including their unencrypted plaintext passwords.
External links: https://thehackernews.com/2016/09/russias-largest-...
Data compromised: email, username, plaintext password
Edmodo.com social network Date of breach: May 2017
77,039,888 accounts
Encryption: bcrypt
In May 2017, the popular educational tech platform Edmodo experienced a breach. Compromised data included email addresses, usernames and hashed passwords of 77M accounts.
External links: https://www.the74million.org/article/77-million-ed...
Data compromised: email, username, hashed password
Tumblr.com adult Date of breach: 2013
73,369,245 accounts
Encryption: SHA-256
In 2013, Tumblr experienced a data breach which was publicly revealed in 2016. More than 65M users were affected in the attack on their personal information. Compromised data included emails and passwords salted by SHA1 algorithm which is difficult to crack.
External links: https://motherboard.vice.com/en_us/article/8q88k5/...
Data compromised: email, salted hashed password
Neopets.com games Date of breach: October 2013
68,743,269 accounts
Encryption: plain text
In 2013, a virtual pets site Neopets suffered a data breach. Allegedly, around 70M accounts were affected by this attack which compromised user email addresses and passwords. The hack occured before Neopets was aquired by the game company JumpStart.
External links: https://motherboard.vice.com/en_us/article/ezpvw7/...
Data compromised: password, email
Twitter.com social network Date of breach: March 2017
66,536,581 accounts
Encryption: MD5
In March 2017, numerous high-profile Twitter accounts witnessed the unusual activities as a result of a vulnerability in the third-party app called Twitter Counter. The compromised data included emails and passwords.
External links: https://www.computerworld.com/article/3180976/twit...
Data compromised: email, password
Zoosk.com adult Date of breach: May 2016
56,763,234 accounts
Encryption: MD5
In May 2016, a large amount of breached files surfaced on the web. Zoosk.com file consisted of 56,5M user accounts, compromising email addresses, usernames and passwords. The breach data contains data spanning three years between 2012 and 2015. The owners of the website have not given the official statement yet, nevertheless the database content has not been found in the previously leaked files.
External links: https://www.zdnet.com/article/after-mystery-hack-m...
Data compromised: email, username, hashed password
Canva.com website, design Date of breach: May 2019
53,066,995 accounts
Encryption: bcrypt
In May 2019 the website Canva.com suffered a data breach. The breach compromised 53M user accounts containing email addresses, salted hashed passwords, full names, usernames, location, phone numbers and other user specific data. The owners of the website have not given the official statement yet, nevertheless the database content has not been found in the previously leaked files.
Data compromised: user id, email, phone number, username, name, address, salted hashed password, status, personal data, site activities

Remember, you can also lose your bank details, social security numbers, business and personal records in account takeovers.

Check your email through our database of breaches to be safe

Searching,
please wait

Our website uses cookies to ensure the best website experience.
By clicking ‘Accept’ or navigating through the site you agree with our Cookie policy