Have I Been Pwned latest breachesThe latest publicly leaked data breaches to hit Have I Been Pwnedhttps://haveibeenpwned.com/AllegedATThttps://haveibeenpwned.com/PwnedWebsites#AllegedATTAlleged A&TT (unverified) - 49,102,176 breached accountsIn March 2024, <a href="https://www.troyhunt.com/inside-the-massive-alleged-att-data-breach" target="_blank" rel="noopener">tens of millions of records allegedly breached from AT&T were posted to a popular hacking forum</a>. Dating back to August 2021, the data was originally posted for sale before later being freely released. AT&T maintains that there has not been a breach of their systems and that the data originated from elsewhere. The incident exposed names, email and physical addresses, dates of birth, phone numbers and US social security numbers.Tue, 19 Mar 2024 06:30:49 ZClickASnaphttps://haveibeenpwned.com/PwnedWebsites#ClickASnapClickASnap - 3,262,980 breached accountsIn September 2022, the online photo sharing platform <a href="https://blog.clickasnap.com/2022/10/14/clickasnap-website-breach-24-09-22/" target="_blank" rel="noopener">ClickASnap suffered a data breach</a>. The incident exposed almost 3.3M personal records including email addresses, usernames and passwords stored as SHA-512 hashes. Further, a collection of paid subscriptions were also included and contained names, physical addresses and amounts paid.Wed, 13 Mar 2024 03:47:22 ZFlipkarthttps://haveibeenpwned.com/PwnedWebsites#FlipkartFlipkart - 552,094 breached accountsIn September 2022, <a href="https://izoologic.com/region/central-asia/a-new-alleged-flipkart-data-breach-was-discovered-on-the-dark-web/" target="_blank" rel="noopener">over 500k customer records from the Indian e-commerce service Flipkart appeared on a popular hacking forum</a>. The breach exposed email addresses, latitudes and longitudes, names and phone numbers.Tue, 12 Mar 2024 05:09:11 ZHabibshttps://haveibeenpwned.com/PwnedWebsites#HabibsHabib's - 3,517,679 breached accountsIn August 2021, the Brazilian fast food company &quot;Habib's&quot; suffered a data breach <a href="https://cybernews.com/security/billions-passwords-credentials-leaked-mother-of-all-breaches/" target="_blank" rel="noopener">that was later redistributed as part of a larger corpus of data</a>. The breach exposed 3.5M unique email addresses along with IP addresses, names, phone numbers, dates of birth and links to social media profiles.Sun, 10 Mar 2024 03:31:15 ZAPKTWhttps://haveibeenpwned.com/PwnedWebsites#APKTWAPK.TW - 2,451,197 breached accountsIn September 2022, the Taiwanese Android forum APK.TW suffered a data breach <a href="https://cybernews.com/security/billions-passwords-credentials-leaked-mother-of-all-breaches/" target="_blank" rel="noopener">that was later redistributed as part of a larger corpus of data</a>. The breach exposed 2.5M unique email addresses along with IP addresses, usernames and salted MD5 password hashes.Sat, 09 Mar 2024 00:17:54 ZOnlineTradehttps://haveibeenpwned.com/PwnedWebsites#OnlineTradeOnline Trade (Онлайн Трейд) - 3,805,265 breached accountsIn September 2022, the Russian e-commerce website <a href="https://xakep.ru/2022/09/21/new-leaks/" target="_blank" rel="noopener">Online Trade (Онлайн Трейд) suffered a data breach</a> that exposed 3.8M customer records. The data included email and IP addresses, names, phone numbers, dates of birth and MD5 password hashes.Thu, 07 Mar 2024 06:51:12 ZWoTLabshttps://haveibeenpwned.com/PwnedWebsites#WoTLabsWoTLabs - 21,994 breached accountsIn March 2024, WoTLabs (World of Tanks Statistics and Resources) suffered a data breach and <a href="https://web.archive.org/web/20240303062156/http://forum.wotlabs.net/" target="_blank" rel="noopener">website defacement attributed to &quot;chromebook breachers&quot;</a>. The breach exposed 22k forum members' personal data including email and IP addresses, usernames, dates of birth and time zones.Thu, 07 Mar 2024 03:32:45 ZMrGreenGaminghttps://haveibeenpwned.com/PwnedWebsites#MrGreenGamingMr. Green Gaming - 27,123 breached accountsIn March 2024, the online games community Mr. Green Gaming suffered a data breach that exposed 27k user records. Acknowledged on their Discord server, the incident exposed email and IP addresses, usernames, geographic locations and dates of birth.Sun, 03 Mar 2024 06:28:42 ZCutoutProhttps://haveibeenpwned.com/PwnedWebsites#CutoutProCutout.Pro - 19,972,829 breached accountsIn February 2024, the AI-powered visual design platform <a href="https://twitter.com/H4ckManac/status/1762387053889675658" target="_blank" rel="noopener">Cutout.Pro suffered a data breach that exposed 20M records</a>. The data included email and IP addresses, names and salted MD5 password hashes which were subsequently broadly distributed on a popular hacking forum and Telegram channels.Wed, 28 Feb 2024 22:16:27 ZTangerinehttps://haveibeenpwned.com/PwnedWebsites#TangerineTangerine - 243,462 breached accountsIn February 2024, the Australian Telco <a href="https://www.itnews.com.au/news/tangerine-telecom-says-customer-data-of-232000-affected-by-cyber-incident-605337" target="_blank" rel="noopener">Tangerine suffered a data breach that exposed over 200k customer records</a>. Attributed to a legacy customer database, the data included physical and email addresses, names, phone numbers and dates of birth. Whilst the Tangerine login process involves sending a one-time password after entering an email address and phone number, it previously used a traditional password which was also exposed as a bcrypt hash.Wed, 28 Feb 2024 01:42:43 ZFacebookMarketplacehttps://haveibeenpwned.com/PwnedWebsites#FacebookMarketplaceFacebook Marketplace - 77,267 breached accountsIn February 2024, <a href="https://www.bleepingcomputer.com/news/security/200-000-facebook-marketplace-user-records-leaked-on-hacking-forum/" target="_blank" rel="noopener">200k Facebook Marketplace records allegedly obtained from a Meta contractor in October 2023 were posted to a popular hacking forum</a>. The data contained 77k unique email addresses alongside names, phone numbers, Facebook profile IDs and geographic locations. The data also contained bcrypt password hashes, although there is no indication these belong to the corresponding Facebook accounts.Thu, 22 Feb 2024 00:53:37 ZSpoutiblehttps://haveibeenpwned.com/PwnedWebsites#SpoutibleSpoutible - 207,114 breached accountsIn January 2024, <a href="https://www.troyhunt.com/how-spoutibles-leaky-api-spurted-out-a-deluge-of-personal-data/" target="_blank" rel="noopener">Spoutible had 207k records scraped from a misconfigured API that inadvertently returned excessive personal information</a>. The data included names, usernames, email and IP addresses, phone numbers (where provided to the platform), genders and bcrypt password hashes. The incident also exposed 2FA secrets and backup codes along with password reset tokens.Mon, 05 Feb 2024 07:33:00 ZMyPertaminahttps://haveibeenpwned.com/PwnedWebsites#MyPertaminaMyPertamina - 5,970,416 breached accountsIn November 2022, the Indonesian oil and gas company <a href="https://voi.id/en/technology/226367" target="_blank" rel="noopener">Pertamina suffered a data breach of their MyPertamina service</a>. The incident exposed 44M records with 6M unique email addresses along with names, dates of birth, genders, physical addresses and purchases.Sat, 27 Jan 2024 05:19:27 ZTrellohttps://haveibeenpwned.com/PwnedWebsites#TrelloTrello - 15,111,945 breached accountsIn January 2024, <a href="https://twitter.com/H4ckManac/status/1747527579559411959" target="_blank" rel="noopener">data was scraped from Trello and posted for sale on a popular hacking forum</a>. Containing over 15M email addresses, names and usernames, the data was obtained by enumerating a publicly accessible resource using email addresses from previous breach corpuses. Trello advised that no unauthorised access had occurred.Mon, 22 Jan 2024 19:41:05 ZNazApihttps://haveibeenpwned.com/PwnedWebsites#NazApiNaz.API - 70,840,771 breached accountsIn September 2023, <a href="https://www.troyhunt.com/inside-the-massive-naz-api-credential-stuffing-list/" target="_blank" rel="noopener">over 100GB of stealer logs and credential stuffing lists titled &quot;Naz.API&quot; was posted to a popular hacking forum</a>. The incident contained a combination of email address and plain text password pairs alongside the service they were entered into, and standalone credential pairs obtained from unnamed sources. In total, the corpus of data included 71M unique email addresses and 100M unique passwords.Wed, 17 Jan 2024 13:24:27 ZHathwayhttps://haveibeenpwned.com/PwnedWebsites#HathwayHathway - 4,670,080 breached accountsIn December 2023, <a href="https://restoreprivacy.com/hacker-allegedly-holds-data-of-41-million-hathway-customers/" target="_blank" rel="noopener">hundreds of gigabytes of data allegedly taken from Indian ISP and digital TV provider Hathway appeared on a popular hacking website</a>. The incident exposed extensive personal information including 4.7M unique email addresses along with names, physical and IP addresses, phone numbers, password hashes and support ticket logs.Fri, 12 Jan 2024 09:34:25 ZLegendasTVhttps://haveibeenpwned.com/PwnedWebsites#LegendasTVLegendas.TV - 3,869,181 breached accountsIn October 2017, the now defunct Brazilian service for retrieving subtitles in Portuguese <a href="https://www.hackread.com/dark-web-hacker-selling-accounts-on-dream-market/" target="_blank" rel="noopener">Legendas.TV suffered a data breach that exposed nearly 4M customer records</a>. The impacted data included names, usernames, email and IP addresses and unsalted SHA-1 hashes.Thu, 04 Jan 2024 17:10:04 ZKanevahttps://haveibeenpwned.com/PwnedWebsites#KanevaKaneva - 3,901,179 breached accountsIn July 2016, now defunct website Kaneva, the service to &quot;build and explore virtual worlds&quot;, suffered a data breach that exposed 3.9M user records. The data included email addresses, usernames, dates of birth and salted MD5 password hashes.Sat, 09 Dec 2023 07:00:29 ZGemplexhttps://haveibeenpwned.com/PwnedWebsites#GemplexGemplex - 4,563,166 breached accountsIn February 2021, the Indian streaming platform Gemplex suffered a data breach that exposed 4.6M user accounts. The impacted data included device information, names, phone numbers, email addresses and bcrypt password hashes.Sat, 09 Dec 2023 02:19:40 ZMovieForumshttps://haveibeenpwned.com/PwnedWebsites#MovieForumsMovie Forums - 39,914 breached accountsIn December 2022, <a href="https://www.movieforums.com/community/showthread.php?t=67897" target="_blank" rel="noopener">the Movie Forums website suffered a data breach</a> that affected 40k users. The breach exposed email and IP addresses, usernames, dates of birth and passwords stored as easily crackable salted MD5 hashes. The data was subsequently posted a popular clear web hacking forum.Fri, 08 Dec 2023 02:45:49 Z