At an unconfirmed date, the database known as xss.is has been dumped on the dark web. A massive file containing over 3 billion user accounts contained email-plaintext password combinations possibly from a large number of websites compromised due to the xss attack.
On January 7th 2019 a massive 595 GB packed database named "BigDB" was leaked on the internet. This database is comprised of a large number of websites which is the reason why the same email can be found multiple times. The file contained 5 collections: Collection #1 having 90GB of data, 773 million unique emails and 2.7 billion records, with Collection #2 through #5 having almost 850GB of data in total. The breach discovered on one of the biggest hacking forums surpassed the previous largest one, the Exploit.in combolist, by almost two times. The dump aggregated 252 previous breaches, such as Anti Public and Exploit.in, and decrypted passwords of the known sites such as LinkedIn, Bitcoin and Pastebin.
As a part of the January 7th 2019 BigDB database leak, Collection #2 to #5 exposed over 850GB of data, with Collection #2 alone leaking more than 800M unique email addresses and passwords. The BigDB database does not feature new breaches, it is an aggregate file old breaches with newly decrypted passwords which the infosec community couldn't crack before. The file consists of the breached site data of the most famous services such as quifax, Marriot, Yahoo, LinkedIn, and eBay.
In October 2016, a huge combo list called "Exploit.in" surfaced on the web. The combolist contained 360M unique email addresses and passwords pairs, many of them hacked from multiple systems. Many login and password matches in the file have been confirmed. The credentials were subsequently used by the attackers for credential stuffing attacks.
In May 2016, shortly before the Memorial Day weekend, the Myspace technical security team became aware that stolen Myspace user login data has been made available in an online hacker forum. The compromised data is limited to a portion of Myspace usernames, passwords and email addresses, from the old Myspace platform prior to June 11, 2013 when the site was relaunched with the enhanced account security.
In October 2015, a Chinese IT company that provides online services focusing on content, communications community and commerce NetEase was reported to have suffered a data breach that impacted hundreds of millions of subscribers. The compromised information contains email addresses and plain text passwords.
In December 2018 around 162 million accounts of Dubsmash were breached and breached information included unique emails, SHA256-hashed password, phone numbers, locations and usernames. Accounts were later found for sale on the dark web. Dubsmash immediately launched an investigation.
email, password, user id, username, phone number, location
services, technology, designDate of breach: 13 October 2013
In October 2013, Adobe officially confirmed the breach to their network. The compromised data included the source code for Adobe products, usernames and encrypted passwords of around 38M user accounts.
In February 2018, around 150 milion accounts were compromised and 3.5GB of data taken from MyFitnessPal.com. Compromised data included user IDs, usernames, email addresses, SHA1-hashed passwords, and IP addresses. This breach was acknowledged by MyFitnessPal and their spokeperson urged users to change their passwords if they have not done so already by the time of the breach announcement.
In May 2016 the news about the massive database circulating the dark web gained notion. The mentioned database allegedly holds 57M unique account information from various dating sites, as well as facebook accounts and cell phone numbers that could be found for thousands of users. The interesting story behind this breach is that no one can confirm the origin of the data with certainty. Around 88,000 accounts were from badoo.com domain, however the spokesperson from Badoo denied that the website experienced any breaches. Compromised data includes usernames, email addresses, and MD5 hashed passwords, Facebook accounts and cellphone numbers.
In May 2012, the social networking website LinkedIn experienced a breach resulting in 6.5M exposed accounts. The hack was executed by Russian cybercriminals. The compromised data included emails and passwords of users.
In June 2016, the VK user account info database has been publicly offered for sale on dark web. Compromised data consists of around 100M unique names, email addresses, plain-text passwords, location, phone numbers, and secondary email addresses. The hacker known as Peace_of_mind has reported that passwords were already in plain texts before the hack event occured. The VK hack has been believed to have taken the place between 2012 and 2013 when other viral sites experienced breaches as well.
In 2016, a popular Chinese video service Youku Inc. experienced a data breach. Around 1 billion accounts were stolen, but 100M were publicly displayed on the dark web. The file consists of email addresses and passwords decrypted with MD5 & SHA1 hashes.
Rambler.ru, also known as Russia's Yahoo, suffered a massive data breach in 2012 in which an unknown hacker or a group of hackers managed to steal nearly 100 Million user accounts, including their unencrypted plaintext passwords.
In 2013, Tumblr experienced a data breach which was publicly revealed in 2016. More than 65M users were affected in the attack on their personal information. Compromised data included emails and passwords salted by SHA1 algorithm which is difficult to crack.
In 2013, a virtual pets site Neopets suffered a data breach. Allegedly, around 70M accounts were affected by this attack which compromised user email addresses and passwords. The hack occured before Neopets was aquired by the game company JumpStart.
In March 2017, numerous high-profile Twitter accounts witnessed the unusual activities as a result of a vulnerability in the third-party app called Twitter Counter. The compromised data included emails and passwords.
In May 2016, a large amount of breached files surfaced on the web. Zoosk.com file consisted of 56,5M user accounts, compromising email addresses, usernames and passwords. The breach data contains data spanning three years between 2012 and 2015. The owners of the website have not given the official statement yet, nevertheless the database content has not been found in the previously leaked files.
In May 2019 the website Canva.com suffered a data breach. The breach compromised 53M user accounts containing email addresses, salted hashed passwords, full names, usernames, location, phone numbers and other user specific data. The owners of the website have not given the official statement yet, nevertheless the database content has not been found in the previously leaked files.
user id, email, phone number, username, name, address, salted hashed password, status, personal data, site activities
Remember, you can also lose your
bank details, social security numbers, business and personal records
in account takeovers.
Check your email through our database of breaches to be safe