1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

I have been pwned

Discussion in 'BlackHat Lounge' started by rafark, May 17, 2017.

?

Have you been pwned?

  1. Yes

  2. No

  3. I don't care

Results are only viewable after voting.
  1. rafark

    rafark Regular Member

    Joined:
    Jan 15, 2013
    Messages:
    409
    Likes Received:
    191
    Gender:
    Male
    Occupation:
    Moderador
    Location:
    Noble and Heroic MC
    So there's a site that checks emails that have been compromised with their associated password. There's more than 500 million leaked accounts I beileve.

    One of my account's credentials have been leaked from nothing more and nothing less than BlackHatWorld itself!

    Apparently in 2014.

    Here's the site:

    https://haveibeenpwned.com/
     
  2. littlewebdragon

    littlewebdragon Jr. VIP Jr. VIP

    Joined:
    Dec 30, 2007
    Messages:
    1,671
    Likes Received:
    827
    Occupation:
    Occupation
    Location:
    Location
    Naaah it's not only BHW. It's hundreds of sites who've got breaches.
    I've done a simple [email protected] email search and got this:


    A "breach" is an incident where a site's data has been illegally accessed by hackers and then released publicly. Review the types of data that were compromised (email addresses, passwords, credit cards etc.) and take appropriate action, such as changing passwords.

    Avast logo
    Avast: In May 2014, the Avast anti-virus forum was hacked and 423k member records were exposed. The Simple Machines Based forum included usernames, emails and password hashes.

    Compromised data: Email addresses, Passwords, Usernames
    Black Hat World logo
    Black Hat World: In June 2014, the search engine optimisation forum Black Hat World had three quarters of a million accounts breached from their system. The breach included various personally identifiable attributes which were publicly released in a MySQL database script.

    Compromised data: Dates of birth, Email addresses, Instant messenger identities, IP addresses, Passwords, Usernames, Website activity
    Dropbox logo
    Dropbox: In mid-2012, Dropbox suffered a data breach which exposed the stored credentials of tens of millions of their customers. In August 2016, they forced password resets for customers they believed may be at risk. A large volume of data totalling over 68 million records was subsequently traded online and included email addresses and salted hashes of passwords (half of them SHA1, half of them bcrypt).

    Compromised data: Email addresses, Passwords
    LinkedIn logo
    LinkedIn: In May 2016, LinkedIn had 164 million email addresses and passwords exposed. Originally hacked in 2012, the data remained out of sight until being offered for sale on a dark market site 4 years later. The passwords in the breach were stored as SHA1 hashes without salt, the vast majority of which were quickly cracked in the days following the release of the data.

    Compromised data: Email addresses, Passwords
    000webhost logo
    000webhost: In approximately March 2015, the free web hosting provider 000webhost suffered a major data breach that exposed over 13 million customer records. The data was sold and traded before 000webhost was alerted in October. The breach included names, email addresses and plain text passwords.

    Compromised data: Email addresses, IP addresses, Names, Passwords
    17 logo
    17: In April 2016, customer data obtained from the streaming app known as "17" appeared listed for sale on a Tor hidden service marketplace. The data contained over 4 million unique email addresses along with IP addresses, usernames and passwords stored as unsalted MD5 hashes.

    Compromised data: Device information, Email addresses, IP addresses, Passwords, Usernames
    Acne.org logo
    Acne.org: In November 2014, the acne website acne.org suffered a data breach that exposed over 430k forum members' accounts. The data was being actively traded on underground forums and included email addresses, birth dates and passwords.

    Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames
    Adobe logo
    Adobe: In October 2013, 153 million Adobe accounts were breached with each containing an internal ID, username, email, encrypted password and a password hint in plain text. The password cryptography was poorly done and many were quickly resolved back to plain text. The unencrypted hints also disclosed much about the passwords adding further to the risk that hundreds of millions of Adobe customers already faced.

    Compromised data: Email addresses, Password hints, Passwords, Usernames
    AhaShare.com logo
    AhaShare.com: In May 2013, the torrent site AhaShare.com suffered a breach which resulted in more than 180k user accounts being published publicly. The breach included a raft of personal information on registered users plus despite assertions of not distributing personally identifiable information, the site also leaked the IP addresses used by the registered identities.

    Compromised data: Email addresses, Genders, Geographic locations, IP addresses, Passwords, Usernames, Website activity, Years of birth
    Aipai.com logo
    Aipai.com (unverified): In September 2016, data allegedly obtained from the Chinese gaming website known as Aipai.com and containing 6.5M accounts was leaked online. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified". The data in the breach contains email addresses and MD5 password hashes. Read more about Chinese data breaches in Have I been pwned.

    Compromised data: Email addresses, Passwords
    Android Forums logo
    Android Forums: In October 2011, the Android Forums website was hacked and 745k user accounts were subsequently leaked publicly. The compromised data included email addresses, user birth dates and passwords stored as a salted MD5 hash.

    Compromised data: Dates of birth, Email addresses, Homepage URLs, Instant messenger identities, IP addresses, Passwords
    Anti Public Combo List logo
    Anti Public Combo List (unverified): In December 2016, a huge list of email address and password pairs appeared in a "combo list" referred to as "Anti Public". The list contained 458 million unique email addresses, many with multiple different passwords hacked from various online systems. The list was broadly circulated and used for "credential stuffing", that is attackers employ it in an attempt to identify other online systems where the account owner had reused their password. For detailed background on this incident, read Password reuse, credential stuffing and another billion records in Have I been pwned.

    Compromised data: Email addresses, Passwords
    Army Force Online logo
    Army Force Online: In May 2016, the the online gaming site Army Force Online suffered a data breach that exposed 1.5M accounts. The breached data was found being regularly traded online and included usernames, email and IP addresses and MD5 passwords.

    Compromised data: Avatars, Email addresses, Geographic locations, IP addresses, Names, Passwords, Usernames, Website activity
    Bell (2017 breach) logo
    Bell (2017 breach): In May 2017, the Bell telecommunications company in Canada suffered a data breach resulting in the exposure of millions of customer records. The data was consequently leaked online with a message from the attacker stating that they were "releasing a significant portion of Bell.ca's data due to the fact that they have failed to cooperate with us" and included a threat to leak more. The impacted data included over 2 million unique email addresses and 153k survey results dating back to 2011 and 2012. There were also 162 Bell employee records with more comprehensive personal data including names, phone numbers and plain text "passcodes". Bell suffered another breach in 2014 which exposed 40k records.

    Compromised data: Email addresses, Geographic locations, IP addresses, Job titles, Names, Passwords, Phone numbers, Spoken languages, Survey results, Usernames
    Bitcoin Talk logo
    Bitcoin Talk: In May 2015, the Bitcoin forum Bitcoin Talk was hacked and over 500k unique email addresses were exposed. The attack led to the exposure of a raft of personal data including usernames, email and IP addresses, genders, birth dates, security questions and MD5 hashes of their answers plus hashes of the passwords themselves.

    Compromised data: Dates of birth, Email addresses, Genders, IP addresses, Passwords, Security questions and answers, Usernames, Website activity
    BTC-E logo
    BTC-E: In October 2014, the Bitcoin exchange BTC-E was hacked and 568k accounts were exposed. The data included email and IP addresses, wallet balances and hashed passwords.

    Compromised data: Account balances, Email addresses, IP addresses, Passwords, Usernames, Website activity
    Cannabis.com logo
    Cannabis.com: In February 2014, the vBulletin forum for the Marijuana site cannabis.com was breached and leaked publicly. Whilst there has been no public attribution of the breach, the leaked data included over 227k accounts and nearly 10k private messages between users of the forum.

    Compromised data: Dates of birth, Email addresses, Geographic locations, Historical passwords, Instant messenger identities, IP addresses, Passwords, Private messages, Usernames, Website activity
    CD Projekt RED logo
    CD Projekt RED: In March 2016, Polish game developer CD Projekt RED suffered a data breach. The hack of their forum led to the exposure of almost 1.9 million accounts along with usernames, email addresses and salted SHA1 passwords.

    Compromised data: Email addresses, Passwords, Usernames
    CheapAssGamer.com logo
    CheapAssGamer.com: In approximately mid-2015, the forum for CheapAssGamer.com suffered a data breach. The database from the IP.Board based forum contained 445k accounts including usernames, email and IP addresses and salted MD5 password hashes.

    Compromised data: Email addresses, IP addresses, Passwords, Usernames
    Civil Online logo
    Civil Online (unverified): In mid-2011, data was allegedly obtained from the Chinese engineering website known as Civil Online and contained 7.8M accounts. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified". The data in the breach contains email and IP addresses, user names and MD5 password hashes. Read more about Chinese data breaches in Have I been pwned.

    Compromised data: Email addresses, IP addresses, Passwords, Usernames, Website activity
    ClixSense logo
    ClixSense: In September 2016, the paid-to-click site ClixSense suffered a data breach which exposed 2.4 million subscriber identities. The breached data was then posted online by the attackers who claimed it was a subset of a larger data breach totalling 6.6 million records. The leaked data was extensive and included names, physical, email and IP addresses, genders and birth dates, account balances and passwords stored as plain text.

    Compromised data: Account balances, Dates of birth, Email addresses, Genders, IP addresses, Names, Passwords, Payment histories, Payment methods, Physical addresses, Usernames, Website activity
    CloudPets logo
    CloudPets: In January, the maker of teddy bears that record children's voices and sends them to family and friends via the internet CloudPets left their database publicly exposed and it was subsequently downloaded by external parties (the data was also subject to 3 different ransom demands). 583k records were provided to HIBP via a data trader and included email addresses and bcrypt hashes, but the full extent of user data exposed by the system was over 821k records and also included children's names and references to portrait photos and voice recordings.

    Compromised data: Email addresses, Family members' names, Passwords
    COMELEC (Philippines Voters) logo
    COMELEC (Philippines Voters): In March 2016, the Philippines Commission of Elections website (COMELEC) was attacked and defaced, allegedly by Anonymous Philippines. Shortly after, data on 55 million Filipino voters was leaked publicly and included sensitive information such as genders, marital statuses, height and weight and biometric fingerprint data. The breach only included 228k email addresses.

    Compromised data: Biometric data, Dates of birth, Email addresses, Family members' names, Genders, Job titles, Marital statuses, Names, Passport numbers, Phone numbers, Physical addresses, Physical attributes
    Cross Fire logo
    Cross Fire: In August 2016, the Russian gaming forum known as Cross Fire (or cfire.mail.ru) was hacked along with a number of other forums on the Russian mail provider, mail.ru. The vBulletin forum contained 12.8 million accounts including usernames, email addresses and passwords stored as salted MD5 hashes.

    Compromised data: Email addresses, Passwords, Usernames
    DaniWeb logo
    DaniWeb: In late 2015, the technology and social site DaniWeb suffered a data breach. The attack resulted in the disclosure of 1.1 million accounts including email and IP addresses which were also accompanied by salted MD5 hashes of passwords. However, DaniWeb have advised that "the breached password hashes and salts are incorrect" and that they have since switched to new infrastructure and software.

    Compromised data: Email addresses, IP addresses, Passwords
    DLH.net logo
    DLH.net: In July 2016, the gaming news site DLH.net suffered a data breach which exposed 3.3M subscriber identities. Along with the keys used to redeem and activate games on the Steam platform, the breach also resulted in the exposure of email addresses, birth dates and salted MD5 password hashes. The data was donated to Have I been pwned by data breach monitoring service Vigilante.pw.

    Compromised data: Dates of birth, Email addresses, Names, Passwords, Usernames, Website activity
    Dodonew.com logo
    Dodonew.com (unverified): In late 2011, data was allegedly obtained from the Chinese website known as Dodonew.com and contained 8.7M accounts. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified". The data in the breach contains email addresses and user names. Read more about Chinese data breaches in Have I been pwned.

    Compromised data: Email addresses, Usernames
    Domino's logo
    Domino's: In June 2014, Domino's Pizza in France and Belgium was hacked by a group going by the name "Rex Mundi" and their customer data held to ransom. Domino's refused to pay the ransom and six months later, the attackers released the data along with troves of other hacked accounts. Amongst the customer data was passwords stored with a weak MD5 hashing algorithm and no salt.

    Compromised data: Email addresses, Names, Passwords, Phone numbers, Physical addresses
    Elance logo
    Elance: Sometime in 2009, staffing platform Elance suffered a data breach that impacted 1.3 million accounts. Appearing online 8 years later, the data contained usernames, email addresses, phone numbers and SHA1 hashes of passwords, amongst other personal data.

    Compromised data: Email addresses, Employers, Geographic locations, Passwords, Phone numbers, Usernames
    Epic Games logo
    Epic Games: In August 2016, the Epic Games forum suffered a data breach, allegedly due to a SQL injection vulnerability in vBulletin. The attack resulted in the exposure of 252k accounts including usernames, email addresses and salted MD5 hashes of passwords.

    Compromised data: Email addresses, Passwords, Usernames
    Evony logo
    Evony: In June 2016, the online multiplayer game Evony was hacked and over 29 million unique accounts were exposed. The attack led to the exposure of usernames, email and IP addresses and MD5 hashes of passwords (without salt).

    Compromised data: Email addresses, IP addresses, Passwords, Usernames
    Exploit.In logo
    Exploit.In (unverified): In late 2016, a huge list of email address and password pairs appeared in a "combo list" referred to as "Exploit.In". The list contained 593 million unique email addresses, many with multiple different passwords hacked from various online systems. The list was broadly circulated and used for "credential stuffing", that is attackers employ it in an attempt to identify other online systems where the account owner had reused their password. For detailed background on this incident, read Password reuse, credential stuffing and another billion records in Have I been pwned.

    Compromised data: Email addresses, Passwords
    FashionFantasyGame logo
    FashionFantasyGame: In late 2016, the fashion gaming website Fashion Fantasy Game suffered a data breach. The incident exposed 2.3 million unique user accounts and corresponding MD5 password hashes with no salt. The data was contributed to Have I been pwned courtesy of [email protected].

    Compromised data: Email addresses, Passwords
    Final Fantasy Shrine logo
    Final Fantasy Shrine: In September 2015, the Final Fantasy discussion forum known as FFShrine was breached and the data dumped publicly. Approximately 620k records were released containing email addresses, IP addresses and salted hashes of passwords.

    Compromised data: Email addresses, Passwords, Usernames, Website activity
    Flash Flash Revolution logo
    Flash Flash Revolution: In February 2016, the music-based rhythm game known as Flash Flash Revolution was hacked and 1.8M accounts were exposed. Along with email and IP addresses, the vBulletin forum also exposed salted MD5 password hashes.

    Compromised data: Email addresses, Passwords, Usernames
    Forbes logo
    Forbes: In February 2014, the Forbes website succumbed to an attack that leaked over 1 million user accounts. The attack was attributed to the Syrian Electronic Army, allegedly as retribution for a perceived "Hate of Syria". The attack not only leaked user credentials, but also resulted in the posting of fake news stories to forbes.com.

    Compromised data: Email addresses, Passwords, User website URLs, Usernames
    Funimation logo
    Funimation: In July 2016, the anime site Funimation suffered a data breach that impacted 2.5 million accounts. The data contained usernames, email addresses, dates of birth and salted SHA1 hashes of passwords.

    Compromised data: Dates of birth, Email addresses, Passwords, Usernames
    GameTuts logo
    GameTuts: Likely in early 2015, the video game website GameTuts suffered a data breach and over 2 million user accounts were exposed. The site later shut down in July 2016 but was identified as having been hosted on a vBulletin forum. The exposed data included usernames, email and IP addresses and salted MD5 hashes.

    Compromised data: Email addresses, IP addresses, Passwords, Usernames
    Gawker logo
    Gawker: In December 2010, Gawker was attacked by the hacker collective "Gnosis" in retaliation for what was reported to be a feud between Gawker and *****. Information about Gawkers 1.3M users was published along with the data from Gawker's other web presences including Gizmodo and Lifehacker. Due to the prevalence of password reuse, many victims of the breach then had their Twitter accounts compromised to send Acai berry spam.

    Compromised data: Email addresses, Passwords, Usernames
    GeekedIn logo
    GeekedIn: In August 2016, the technology recruitment site GeekedIn left a MongoDB database exposed and over 8M records were extracted by an unknown third party. The breached data was originally scraped from GitHub in violation of their terms of use and contained information exposed in public profiles, including over 1 million members' email addresses. Full details on the incident (including how impacted members can see their leaked data) are covered in the blog post on 8 million GitHub profiles were leaked from GeekedIn's MongoDB - here's how to see yours.

    Compromised data: Email addresses, Geographic locations, Names, Professional skills, Usernames, Years of professional experience
    GFAN logo
    GFAN (unverified): In October 2016, data surfaced that was allegedly obtained from the Chinese website known as GFAN and contained 22.5M accounts. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified". The data in the breach contains email and IP addresses, user names and salted and hashed passwords. Read more about Chinese data breaches in Have I been pwned.

    Compromised data: Email addresses, IP addresses, Passwords, Usernames
    gPotato logo
    gPotato: In July 2007, the multiplayer game portal known as gPotato (link to archive of the site at that time) suffered a data breach and over 2 million user accounts were exposed. The site later merged into the Webzen portal where the original accounts still exist today. The exposed data included usernames, email and IP addresses, MD5 hashes and personal attributes such as gender, birth date, physical address and security questions and answers stored in plain text.

    Compromised data: Dates of birth, Email addresses, Genders, IP addresses, Names, Passwords, Physical addresses, Security questions and answers, Usernames, Website activity
    GTAGaming logo
    GTAGaming: In August 2016, the Grand Theft Auto forum GTAGaming was hacked and nearly 200k user accounts were leaked. The vBulletin based forum included usernames, email addresses and password hashes.

    Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames, Website activity
    Health Now Networks logo
    Health Now Networks: In March 2017, the telemarketing service Health Now Networks left a database containing hundreds of thousands of medical records exposed. There were over 900,000 records in total containing significant volumes of personal information including names, dates of birth, various medical conditions and operator notes on the individuals' health. The data included over 320k unique email addresses.

    Compromised data: Dates of birth, Email addresses, Genders, Health insurance information, IP addresses, Names, Personal health data, Phone numbers, Physical addresses, Security questions and answers, Social connections
    Hemmakväll logo
    Hemmakväll: In July 2015, the Swedish video store chain Hemmakväll was hacked and nearly 50k records dumped publicly. The disclosed data included various attributes of their customers including email and physical addresses, names and phone numbers. Passwords were also leaked, stored with a weak MD5 hashing algorithm.

    Compromised data: Email addresses, Names, Passwords, Phone numbers, Physical addresses
    Heroes of Newerth logo
    Heroes of Newerth: In December 2012, the multiplayer online battle arena game known as Heroes of Newerth was hacked and over 8 million accounts extracted from the system. The compromised data included usernames, email addresses and passwords.

    Compromised data: Email addresses, Passwords, Usernames
    HLTV logo
    HLTV: In June 2016, the "home of competitive Counter Strike" website HLTV was hacked and 611k accounts were exposed. The attack led to the exposure of names, usernames, email addresses and bcrypt hashes of passwords.

    Compromised data: Email addresses, Names, Passwords, Usernames, Website activity
    iMesh logo
    iMesh: In September 2013, the media and file sharing client known as iMesh was hacked and approximately 50M accounts were exposed. The data was later put up for sale on a dark market website in mid-2016 and included email and IP addresses, usernames and salted MD5 hashes.

    Compromised data: Email addresses, IP addresses, Passwords, Usernames
    InterPals logo
    InterPals: In late 2015, the online penpal site InterPals had their website hacked and 3.4 million accounts exposed. The compromised data included email addresses, geographical locations, birthdates and salted hashes of passwords.

    Compromised data: Dates of birth, Email addresses, Geographic locations, Names, Passwords, Usernames
    iPmart logo
    iPmart: During 2015, the iPmart forum (now known as Mobi NUKE) was hacked and over 2 million forum members' details were exposed. The vBulletin forum included IP addresses, birth dates and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked. A further 368k accounts were added to "Have I been pwned" in March 2016 bringing the total to over 2.4M.

    Compromised data: Dates of birth, Email addresses, Passwords, Usernames
    Last.fm logo
    Last.fm: In March 2012, the music website Last.fm was hacked and 43 million user accounts were exposed. Whilst Last.fm knew of an incident back in 2012, the scale of the hack was not known until the data was released publicly in September 2016. The breach included 37 million unique email addresses, usernames and passwords stored as unsalted MD5 hashes.

    Compromised data: Email addresses, Passwords, Usernames, Website activity
    Leet logo
    Leet: In August 2016, the service for creating and running Pocket Minecraft edition servers known as Leet was reported as having suffered a data breach that impacted 6 million subscribers. The incident reported by Softpedia had allegedly taken place earlier in the year, although the data set sent to HIBP was dated as recently as early September but contained only 2 million subscribers. The data included usernames, email and IP addresses and SHA512 hashes. A further 3 million accounts were obtained and added to HIBP several days after the initial data was loaded bringing the total to over 5 million.

    Compromised data: Email addresses, IP addresses, Passwords, Usernames, Website activity
    Lifeboat logo
    Lifeboat: In January 2016, the Minecraft community known as Lifeboat was hacked and more than 7 million accounts leaked. Lifeboat knew of the incident for three months before the breach was made public but elected not to advise customers. The leaked data included usernames, email addresses and passwords stored as straight MD5 hashes.

    Compromised data: Email addresses, Passwords, Usernames
    Little Monsters logo
    Little Monsters: In approximately January 2017, the Lady Gaga fan site known as "Little Monsters" suffered a data breach that impacted 1 million accounts. The data contained usernames, email addresses, dates of birth and bcrypt hashes of passwords.

    Compromised data: Dates of birth, Email addresses, Passwords, Usernames
    Lizard Squad logo
    Lizard Squad: In January 2015, the hacker collective known as "Lizard Squad" created a DDoS service by the name of "Lizard Stresser" which could be procured to mount attacks against online targets. Shortly thereafter, the service suffered a data breach which resulted in the public disclosure of over 13k user accounts including passwords stored in plain text.

    Compromised data: Email addresses, Passwords, Usernames
    Lookbook logo
    Lookbook: In August 2012, the fashion site Lookbook suffered a data breach. The data later appeared listed for sale in June 2016 and included 1.1 million usernames, email and IP addresses, birth dates and plain text passwords.

    Compromised data: Dates of birth, Email addresses, IP addresses, Names, Passwords, Usernames, Website activity
    Lord of the Rings Online logo
    Lord of the Rings Online: In August 2013, the interactive video game Lord of the Rings Online suffered a data breach that exposed over 1.1M players' accounts. The data was being actively traded on underground forums and included email addresses, birth dates and password hashes.

    Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames, Website activity
    Lounge Board logo
    Lounge Board: At some point in 2013, 45k accounts were breached from the Lounge Board "General Discussion Forum" and then dumped publicly. Lounge Board was a MyBB forum launched in 2012 and discontinued in mid 2013 (the last activity in the logs was from August 2013).

    Compromised data: Email addresses, IP addresses, Names, Passwords, Private messages, Usernames, Website activity
    MajorGeeks logo
    MajorGeeks: In November 2015, almost 270k accounts from the MajorGeeks support forum were breached. The accounts were being actively sold and traded online and included email addresses, salted password hashes and IP addresses.

    Compromised data: Email addresses, IP addresses, Passwords, Usernames
    Manga Traders logo
    Manga Traders: In June 2014, the Manga trading website Mangatraders.com had the usernames and passwords of over 900k users leaked on the internet (approximately 855k of the emails were unique). The passwords were weakly hashed with a single iteration of MD5 leaving them vulnerable to being easily cracked.

    Compromised data: Email addresses, Passwords
    MoDaCo logo
    MoDaCo: In approximately January 2016, the UK based Android community known as MoDaCo suffered a data breach which exposed 880k subscriber identities. The data included email and IP addresses, usernames and passwords stored as salted MD5 hashes.

    Compromised data: Email addresses, IP addresses, Passwords, Usernames
    MPGH logo
    MPGH: In October 2015, the multiplayer game hacking website MPGH was hacked and 3.1 million user accounts disclosed. The vBulletin forum breach contained usernames, email addresses, IP addresses and salted hashes of passwords.

    Compromised data: Email addresses, IP addresses, Passwords, Usernames
    MrExcel logo
    MrExcel: In December 2016, the forum for the Microsoft Excel tips and solutions site Mr Excel suffered a data breach. The hack of the vBulletin forum led to the exposure of over 366k accounts along with email and IP addresses, dates of birth and salted passwords hashed with MD5. The owner of the MrExcel forum subsequently self-submitted the data to HIBP.

    Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Social connections, Usernames, Website activity
    mSpy logo
    mSpy: In May 2015, the "monitoring" software known as mSpy suffered a major data breach. The software (allegedly often used to spy on unsuspecting victims), stored extensive personal information within their online service which after being breached, was made freely available on the internet.

    Compromised data: Device usage tracking data
    Muslim Directory logo
    Muslim Directory: In February 2014, the UK guide to services and business known as the Muslim Directory was attacked by the hacker known as @th3inf1d3l. The data was consequently dumped publicly and included the web accounts of tens of thousands of users which contained data including their names, home address, age group, email, website activity and password in plain text.

    Compromised data: Age groups, Email addresses, Employers, Names, Passwords, Phone numbers, Physical addresses, Website activity
    MySpace logo
    MySpace: In approximately 2008, MySpace suffered a data breach that exposed almost 360 million accounts. In May 2016 the data was offered up for sale on the "Real Deal" dark market website and included email addresses, usernames and SHA1 hashes of the first 10 characters of the password converted to lowercase and stored without a salt. The exact breach date is unknown, but analysis of the data suggests it was 8 years before being made public.

    Compromised data: Email addresses, Passwords, Usernames
    Neopets logo
    Neopets: In May 2016, a set of breached data originating from the virtual pet website "Neopets" was found being traded online. Allegedly hacked "several years earlier", the data contains sensitive personal information including birthdates, genders and names as well as almost 27 million unique email addresses. Passwords were stored in plain text and IP addresses were also present in the breach.

    Compromised data: Dates of birth, Email addresses, Genders, Geographic locations, IP addresses, Names, Passwords, Usernames
    NetEase logo
    NetEase (unverified): In October 2015, the Chinese site known as NetEase (located at 163.com) was reported as having suffered a data breach that impacted hundreds of millions of subscribers. Whilst there is evidence that the data itself is legitimate (multiple HIBP subscribers confirmed a password they use is in the data), due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified". The data in the breach contains email addresses and plain text passwords. Read more about Chinese data breaches in Have I been pwned.

    Compromised data: Email addresses, Passwords
    Neteller logo
    Neteller: In May 2010, the e-wallet service known as Neteller suffered a data breach which exposed over 3.6M customers. The breach was not discovered until October 2015 and included names, email addresses, home addresses and account balances.

    Compromised data: Account balances, Dates of birth, Email addresses, Genders, IP addresses, Names, Phone numbers, Physical addresses, Security questions and answers, Website activity
    NextGenUpdate logo
    NextGenUpdate: Early in 2014, the video game website NextGenUpdate reportedly suffered a data breach that disclosed almost 1.2 million accounts. Amongst the data breach was usernames, email addresses, IP addresses and salted and hashed passwords.

    Compromised data: Email addresses, IP addresses, Passwords, Usernames
    Nexus Mods logo
    Nexus Mods: In December 2015, the game modding site Nexus Mods released a statement notifying users that they had been hacked. They subsequently dated the hack as having occurred in July 2013 although there is evidence to suggest the data was being traded months in advance of that. The breach contained usernames, email addresses and passwords stored as a salted hashes.

    Compromised data: Email addresses, Passwords, Usernames
    Nihonomaru logo
    Nihonomaru: In late 2015, the anime community known as Nihonomaru had their vBulletin forum hacked and 1.7 million accounts exposed. The compromised data included email and IP addresses, usernames and salted hashes of passwords.

    Compromised data: Email addresses, IP addresses, Passwords, Usernames
    Nival logo
    Nival: In February 2016, the Russian gaming company Nival was the target of an attack which was consequently detailed on Reddit. Allegedly protesting "the foreign policy of Russia in regards to Ukraine", Nival was one of several Russian sites in the breach and impacted over 1.5M accounts including sensitive personal information.

    Compromised data: Avatars, Dates of birth, Email addresses, Genders, Names, Spoken languages, Usernames, Website activity
    Nulled logo
    Nulled: In May 2016, the cracking community forum known as Nulled was hacked and 599k user accounts were leaked publicly. The compromised data included email and IP addresses, weak salted MD5 password hashes and hundreds of thousands of private messages between members.

    Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Private messages, Usernames, Website activity
    Onverse logo
    Onverse: In January 2016, the online virtual world known as Onverse was hacked and 800k accounts were exposed. Along with email and IP addresses, the site also exposed salted MD5 password hashes.

    Compromised data: Email addresses, IP addresses, Passwords, Usernames
    OVH logo
    OVH: In mid-2015, the forum for the hosting provider known as OVH suffered a data breach. The vBulletin forum contained 453k accounts including usernames, email and IP addresses and passwords stored as salted MD5 hashes.

    Compromised data: Email addresses, IP addresses, Passwords, Usernames
    OwnedCore logo
    OwnedCore: In approximately August 2013, the World of Warcraft exploits forum known as OwnedCore was hacked and more than 880k accounts were exposed. The vBulletin forum included IP addresses and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.

    Compromised data: Email addresses, IP addresses, Passwords, Usernames
    Paddy Power logo
    Paddy Power: In October 2010, the Irish bookmaker Paddy Power suffered a data breach that exposed 750,000 customer records with nearly 600,000 unique email addresses. The breach was not disclosed until July 2014 and contained extensive personal information including names, addresses, phone numbers and plain text security questions and answers.

    Compromised data: Account balances, Dates of birth, Email addresses, IP addresses, Names, Phone numbers, Physical addresses, Security questions and answers, Usernames, Website activity
    Patreon logo
    Patreon: In October 2015, the crowdfunding site Patreon was hacked and over 16GB of data was released publicly. The dump included almost 14GB of database records with more than 2.3M unique email addresses and millions of personal messages.

    Compromised data: Email addresses, Payment histories, Physical addresses, Private messages, Website activity
    PayAsUGym logo
    PayAsUGym: In December 2016, an attacker breached PayAsUGym's website exposing over 400k customers' personal data. The data was consequently leaked publicly and broadly distributed via Twitter. The leaked data contained personal information including email addresses and passwords hashed using MD5 without a salt.

    Compromised data: Browser user agent details, Email addresses, IP addresses, Names, Partial credit card data, Passwords, Phone numbers, Website activity
    PHP Freaks logo
    PHP Freaks: In October 2015, the PHP discussion board PHP Freaks was hacked and 173k user accounts were publicly leaked. The breach included multiple personal data attributes as well as salted and hashed passwords.

    Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames, Website activity
    Pokébip logo
    Pokébip: In July 2015, the French Pokémon site Pokébip suffered a data breach which exposed 657k subscriber identities. The data included email and IP addresses, usernames and passwords stored as unsalted MD5 hashes.

    Compromised data: Email addresses, IP addresses, Passwords, Time zones, Usernames, Website activity
    Pokémon Creed logo
    Pokémon Creed: In August 2014, the Pokémon RPG website Pokémon Creed was hacked after a dispute with rival site, Pokémon Dusk. In a post on Facebook, "Cruz Dusk" announced the hack then pasted the dumped MySQL database on pkmndusk.in. The breached data included over 116k usernames, email addresses and plain text passwords.

    Compromised data: Email addresses, Genders, IP addresses, Passwords, Usernames, Website activity
    PS3Hax logo
    PS3Hax: In approximately July 2015, the Sony Playstation hacks and mods forum known as PS3Hax was hacked and more than 447k accounts were exposed. The vBulletin forum included IP addresses and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.

    Compromised data: Email addresses, IP addresses, Passwords, Usernames
    PSX-Scene logo
    PSX-Scene: In approximately February 2015, the Sony Playstation forum known as PSX-Scene was hacked and more than 340k accounts were exposed. The vBulletin forum included IP addresses and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.

    Compromised data: Email addresses, IP addresses, Passwords, Usernames
    QIP logo
    QIP: In mid-2011, the Russian instant messaging service known as QIP (Quiet Internet Pager) suffered a data breach. The attack resulted in the disclosure of over 26 million unique accounts including email addresses and passwords with the data eventually appearing in public years later.

    Compromised data: Email addresses, Passwords, Usernames, Website activity
    Quantum Booter logo
    Quantum Booter: In March 2014, the booter service Quantum Booter (also referred to as Quantum Stresser) suffered a breach which lead to the disclosure of their internal database. The leaked data included private discussions relating to malicious activity Quantum Booter users were performing against online adversaries, including the IP addresses of those using the service to mount DDoS attacks.

    Compromised data: Email addresses, IP addresses, Passwords, Private messages, Usernames, Website activity
    QuinStreet logo
    QuinStreet: In approximately late 2015, the maker of "performance marketing products" QuinStreet had a number of their online assets compromised. The attack impacted 28 separate sites, predominantly technology forums such as flashkit.com, codeguru.com and webdeveloper.com (view a full list of sites). QuinStreet advised that impacted users have been notified and passwords reset. The data contained details on over 4.9 million people and included email addresses, dates of birth and salted MD5 hashes.

    Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames, Website activity
    R2Games logo
    R2Games: In late 2015, the gaming website R2Games was hacked and more than 2.1M personal records disclosed. The vBulletin forum included IP addresses and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked. A further 11M accounts were added to "Have I been pwned" in March 2016 and another 9M in July 2016 bringing the total to over 22M.

    Compromised data: Email addresses, IP addresses, Passwords, Usernames
    Retina-X logo
    Retina-X: In February 2017, the mobile device monitoring software developer Retina-X was hacked and customer data downloaded before being wiped from their servers. The incident was covered in the Motherboard article titled Inside the 'Stalkerware' Surveillance Market, Where Ordinary People Tap Each Other's Phones. The service, used to monitor mobile devices, had 71k email addresses and MD5 hashes with no salt exposed. Retina-X disclosed the incident in a blog post on April 27, 2017.

    Compromised data: Email addresses, Passwords
    River City Media Spam List logo
    River City Media Spam List (spam list): In January 2017, a massive trove of data from River City Media was found exposed online. The data was found to contain almost 1.4 billion records including email and IP addresses, names and physical addresses, all of which was used as part of an enormous spam operation. Once de-duplicated, there were 393 million unique email addresses within the exposed data.

    Compromised data: Email addresses, IP addresses, Names, Physical addresses
    Seedpeer logo
    Seedpeer: In July 2015, the torrent site Seedpeer was hacked and 282k member records were exposed. The data included usernames, email addresses and passwords stored as weak MD5 hashes.

    Compromised data: Email addresses, Passwords, Usernames
    Soundwave logo
    Soundwave: In approximately mid 2015, the music tracking app Soundwave suffered a data breach. The breach stemmed from an incident whereby "production data had been used to populate the test database" and was then inadvertently exposed in a MongoDB. The data contained 130k records and included email addresses, dates of birth, genders and MD5 hashes of passwords without a salt.

    Compromised data: Dates of birth, Email addresses, Genders, Geographic locations, Names, Passwords, Social connections
    Ster-Kinekor logo
    Ster-Kinekor: In 2016, the South African cinema company Ster-Kinekor had a security flaw which leaked a large amount of customer data via an enumeration vulnerability in the API of their old website. Whilst more than 6 million accounts were leaked by the flaw, the exposed data only contained 1.6 million unique email addresses. The data also included extensive personal information such as names, addresses, birthdates, genders and plain text passwords.

    Compromised data: Dates of birth, Email addresses, Genders, Names, Passwords, Phone numbers, Physical addresses, Spoken languages
    Stratfor logo
    Stratfor: In December 2011, "Anonymous" attacked the global intelligence company known as "Stratfor" and consequently disclosed a veritable treasure trove of data including hundreds of gigabytes of email and tens of thousands of credit card details which were promptly used by the attackers to make charitable donations (among other uses). The breach also included 860,000 user accounts complete with email address, time zone, some internal system data and MD5 hashed passwords with no salt.

    Compromised data: Credit cards, Email addresses, Names, Passwords, Phone numbers, Physical addresses, Usernames
    Sumo Torrent logo
    Sumo Torrent: In June 2014, the torrent site Sumo Torrent was hacked and 285k member records were exposed. The data included IP addresses, email addresses and passwords stored as weak MD5 hashes.

    Compromised data: Email addresses, IP addresses, Passwords, Usernames, Website activity
    SweClockers.com logo
    SweClockers.com: In July 2015, the Swedish tech news site SweClockers was hacked and 255k accounts were exposed. The attack led to the exposure of usernames, email addresses and salted hashes of passwords stored with a combination of MD5 and SHA512.

    Compromised data: Email addresses, Passwords, Usernames
    Taobao logo
    Taobao (unverified): In approximately 2012, it's alleged that the Chinese shopping site known as Taobao suffered a data breach that impacted over 21 million subscribers. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified". The data in the breach contains email addresses and plain text passwords. Read more about Chinese data breaches in Have I been pwned.

    Compromised data: Email addresses, Passwords
    ThisHabbo Forum logo
    ThisHabbo Forum: In 2014, the ThisHabbo forum (a fan site for Habbo.com, a Finnish social networking site) appeared among a list of compromised sites which has subsequently been removed from the internet. Whilst the actual date of the exploit is not clear, the breached data includes usernames, email addresses, IP addresses and salted hashes of passwords. A further 584k records were added from a more comprehensive breach file provided in October 2016.

    Compromised data: Email addresses, IP addresses, Passwords, Usernames
    Tianya logo
    Tianya: In December 2011, China's largest online forum known as Tianya was hacked and tens of millions of accounts were obtained by the attacker. The leaked data included names, usernames and email addresses.

    Compromised data: Email addresses, Names, Usernames
    Trillian logo
    Trillian: In December 2015, the instant messaging application Trillian suffered a data breach. The breach became known in July 2016 and exposed various personal data attributes including names, email addresses and passwords stored as salted MD5 hashes.

    Compromised data: Dates of birth, Email addresses, IP addresses, Names, Passwords, Usernames
    tumblr logo
    tumblr: In early 2013, tumblr suffered a data breach which resulted in the exposure of over 65 million accounts. The data was later put up for sale on a dark market website and included email addresses and passwords stored as salted SHA1 hashes.

    Compromised data: Email addresses, Passwords
    uuu9 logo
    uuu9 (unverified): In September 2016, data was allegedly obtained from the Chinese website known as uuu9.com and contained 7.5M accounts. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified". The data in the breach contains email addresses and user names. Read more about Chinese data breaches in Have I been pwned.

    Compromised data: Email addresses, Passwords, Usernames
    vBulletin logo
    vBulletin: In November 2015, the forum software maker vBulletin suffered a serious data breach. The attack lead to the release of both forum user and customer accounts totalling almost 519k records. The breach included email addresses, birth dates, security questions and answers for customers and salted hashes of passwords for both sources.

    Compromised data: Dates of birth, Email addresses, Homepage URLs, Instant messenger identities, IP addresses, Passwords, Security questions and answers, Spoken languages, Website activity
    Verified logo
    Verified: In January 2014, one of the largest communities of Eastern Europe cybercriminals known as "Verified" was hacked. The breach exposed nearly 17k users of the vBulletin forum including their personal messages and other potentially personally identifiable information.

    Compromised data: Email addresses, Historical passwords, IP addresses, Passwords, Private messages, Usernames, Website activity
    VK logo
    VK: In approximately 2012, the Russian social media site known as VK was hacked and almost 100 million accounts were exposed. The data emerged in June 2016 where it was being sold via a dark market website and included names, phone numbers email addresses and plain text passwords.

    Compromised data: Email addresses, Names, Passwords, Phone numbers
    War Inc. logo
    War Inc.: In mid-2012, the real-time strategy game War Inc. suffered a data breach. The attack resulted in the exposure of over 1 million accounts including usernames, email addresses and salted MD5 hashes of passwords.

    Compromised data: Email addresses, Passwords, Usernames, Website activity
    WHMCS logo
    WHMCS: In May 2012, the web hosting, billing and automation company WHMCS suffered a data breach that exposed 134k email addresses. The breach included extensive information about customers and payment histories including partial credit card numbers.

    Compromised data: Email addresses, Email messages, Employers, IP addresses, Names, Partial credit card data, Passwords, Payment histories, Physical addresses, Website activity
    Win7Vista Forum logo
    Win7Vista Forum: In September 2013, the Win7Vista Windows forum (since renamed to the "Beyond Windows 9" forum) was hacked and later had its internal database dumped. The dump included over 200k members’ personal information and other internal data extracted from the forum.

    Compromised data: Email addresses, Instant messenger identities, IP addresses, Names, Passwords, Private messages, Usernames, Website activity
    Wishbone logo
    Wishbone: In August 2016, the mobile app to "compare anything" known as Wishbone suffered a data breach. The data contained 9.4 million records with 2.2 million unique email addresses and was allegedly a subset of the complete data set. The exposed data included genders, birthdates, email addresses and phone numbers for an audience predominantly composed of teenagers and young adults.

    Compromised data: Auth tokens, Dates of birth, Email addresses, Genders, Names, Phone numbers, Usernames
    Xbox-Scene logo
    Xbox-Scene: In approximately February 2015, the Xbox forum known as Xbox-Scene was hacked and more than 432k accounts were exposed. The IP.Board forum included IP addresses and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.

    Compromised data: Email addresses, IP addresses, Passwords, Usernames
    XSplit logo
    XSplit: In November 2013, the makers of gaming live streaming and recording software XSplit was compromised in an online attack. The data breach leaked almost 3M names, email addresses, usernames and hashed passwords.

    Compromised data: Email addresses, Names, Passwords, Usernames
    Yahoo logo
    Yahoo: In July 2012, Yahoo! had their online publishing service "Voices" compromised via a SQL injection attack. The breach resulted in the disclosure of nearly half a million usernames and passwords stored in plain text. The breach showed that of the compromised accounts, a staggering 59% of people who also had accounts in the Sony breach reused their passwords across both services.

    Compromised data: Email addresses, Passwords
    Youku logo
    Youku: In late 2016, the online Chinese video service Youku suffered a data breach. The incident exposed 92 million unique user accounts and corresponding MD5 password hashes. The data was contributed to Have I been pwned courtesy of [email protected].

    Compromised data: Email addresses, Passwords
    Пара Па logo
    Пара Па: In August 2016, the Russian gaming site known as Пара Па (or parapa.mail.ru) was hacked along with a number of other forums on the Russian mail provider, mail.ru. The vBulletin forum contained 4.9 million accounts including usernames, email addresses and passwords stored as salted MD5 hashes.

    Compromised data: Email addresses, Passwords, Usernames
     
    • Thanks Thanks x 3
    Last edited: May 17, 2017
  3. ZlatanTheGod

    ZlatanTheGod Jr. VIP Jr. VIP

    Joined:
    Jun 27, 2016
    Messages:
    970
    Likes Received:
    1,270
    Gender:
    Male
    Occupation:
    The God
    Use a spoiler or isn't that possible?
     
    • Thanks Thanks x 2
  4. back2form

    back2form Jr. VIP Jr. VIP

    Joined:
    Jul 15, 2012
    Messages:
    3,360
    Likes Received:
    1,719
    Gender:
    Male
    Occupation:
    Searching..
    Location:
    in front of BHW
    [​IMG]
    Scrolling.. scrolling.. Scrolling... Down,
    I Can't read 5000+ words article Imao! :D
     
  5. littlewebdragon

    littlewebdragon Jr. VIP Jr. VIP

    Joined:
    Dec 30, 2007
    Messages:
    1,671
    Likes Received:
    827
    Occupation:
    Occupation
    Location:
    Location
    :rolleyes: You've just took my spoiler virginity.
    I've done it for you for the first time.
     
  6. datsunguy

    datsunguy Supreme Member

    Joined:
    Sep 30, 2016
    Messages:
    1,459
    Likes Received:
    1,070
    Occupation:
    professional duck
    Location:
    a pond near you
    Home Page:
    all good accroding to the site my emails are safe.
     
  7. rafark

    rafark Regular Member

    Joined:
    Jan 15, 2013
    Messages:
    409
    Likes Received:
    191
    Gender:
    Male
    Occupation:
    Moderador
    Location:
    Noble and Heroic MC


    Yeah, I know, but I was surprised to find blackhatworld as one of the sites that got my credentials leaked. And it makes sense since the email I checked Is the same I use here.
     
  8. rafark

    rafark Regular Member

    Joined:
    Jan 15, 2013
    Messages:
    409
    Likes Received:
    191
    Gender:
    Male
    Occupation:
    Moderador
    Location:
    Noble and Heroic MC
    Come on, @ZlatanTheGod, how can you not care about your credentials being stolen and distributed by third parties.
     
  9. rafark

    rafark Regular Member

    Joined:
    Jan 15, 2013
    Messages:
    409
    Likes Received:
    191
    Gender:
    Male
    Occupation:
    Moderador
    Location:
    Noble and Heroic MC

    Quoting the entire thing ain't helping either. lol
     
  10. Skyebug77

    Skyebug77 Jr. VIP Jr. VIP

    Joined:
    Mar 22, 2012
    Messages:
    1,931
    Likes Received:
    1,354
    Occupation:
    Marketing
    Location:
    Portland,Or
    One of my emails as well was exposed by BHW :(
     
  11. Ste Fishkin

    Ste Fishkin Jr. VIP Jr. VIP Premium Member

    Joined:
    May 14, 2011
    Messages:
    2,047
    Likes Received:
    10,422
    In the last 2 months have you suffered a severe head injury?
     
    • Thanks Thanks x 1
  12. back2form

    back2form Jr. VIP Jr. VIP

    Joined:
    Jul 15, 2012
    Messages:
    3,360
    Likes Received:
    1,719
    Gender:
    Male
    Occupation:
    Searching..
    Location:
    in front of BHW
    I'm sure - No head injuries before,
    But, when i receive alert like " Ste Fishkin quoted your post in the thread" I get severe head injury before reading to it. :D
     
  13. Mikaelo

    Mikaelo Regular Member

    Joined:
    Nov 10, 2013
    Messages:
    443
    Likes Received:
    102
    Location:
    Australia
    This site is so funny. Useful when pitching hosting to clients - data breaches can happen to anyone!
     
  14. Ste Fishkin

    Ste Fishkin Jr. VIP Jr. VIP Premium Member

    Joined:
    May 14, 2011
    Messages:
    2,047
    Likes Received:
    10,422
    Ha Ha Ha....
     
    • Thanks Thanks x 3
  15. Kuldheep89

    Kuldheep89 BANNED BANNED

    Joined:
    Jan 26, 2016
    Messages:
    76
    Likes Received:
    66
    don't worry fishkin bro.... i still got your back....
     
  16. RightFootFanatic

    RightFootFanatic Regular Member

    Joined:
    May 31, 2015
    Messages:
    316
    Likes Received:
    180
    Occupation:
    DevOps
    Location:
    Whimsyshire
    I need to quote @Asif WILSON Khan