Email Address Breach Detection and Analysis

Use this free service to check if an email address is in any hacked data from known breaches. Get a summary of what specific information may be at risk, critical personal identity alerts, a relative exposure rating and more. Results are shown immediately - no verification, upgrades or extra steps are required.


Check This Email Address:
 

 

breach data from: Have I Been pwned?  

Recent Global Data Breaches

  • Data Enrichment Exposure From PDL Customer - 622,161,052 breached accounts
    In October 2019, security researchers Vinny Troia and Bob Diachenko identified an unprotected Elasticsearch server holding 1.2 billion records of personal data. The exposed data included an index indicating it was sourced from data enrichment company People Data Labs (PDL) and contained 622 million unique email addresses. The server was not owned by PDL and it's believed a customer failed to properly secure the database. Exposed information included email addresses, phone numbers, social media profiles and job history data.

     
  • GateHub - 1,408,078 breached accounts
    In October 2019, 1.4M accounts from the cryptocurrency wallet service GateHub were posted to a popular hacking forum. GateHub had previously acknowledged a data breach in June, albeit with a smaller number of impacted accounts. Data from the breach included email addresses, mnemonic phrases, wallet hashes and passwords stored as bcrypt hashes.

     
  • EpicBot - 816,662 breached accounts
    In September 2019, the RuneScape bot provider EpicBot suffered a data breach that impacted 817k subscribers. Data from the breach was subsequently shared on a popular hacking forum and included usernames, email and IP addresses and passwords stored as either salted MD5 or bcrypt hashes. EpicBot did not respond when contacted about the incident.

     
  • GPS Underground - 669,584 breached accounts
    In early 2017, GPS Underground was amongst a collection of compromised vBulletin websites that were found being sold online. The breach dated back to mid-2016 and included 670k records with usernames, email and IP addresses, dates of birth and salted MD5 password hashes.

     
  • ToonDoo - 6,002,694 breached accounts
    In August 2019, the comic strip creation website ToonDoo suffered a data breach. The data was subsequently redistributed on a popular hacking forum in November where the personal information of over 6M subscribers was shared. Impacted data included email and IP addresses, usernames, genders, the location of the individual and salted password hashes.

     
  • Vedantu - 686,899 breached accounts
    In mid-2019, the Indian interactive online tutoring platform Vedantu suffered a data breach which exposed the personal data of 687k users. The JSON formatted database dump exposed extensive personal information including email and IP address, names, phone numbers, genders and passwords stored as bcrypt hashes. When contacted about the incident, Vedantu advised that they were aware of the breach and were in the process of informing their customers.

     
  • StreetEasy - 988,230 breached accounts
    In approximately June 2016, the real estate website StreetEasy suffered a data breach. In total, 988k unique email addresses were included in the breach alongside names, usernames and SHA-1 hashes of passwords, all of which appeared for sale on a dark web marketplace in February 2019. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".

     
  • Sephora - 780,073 breached accounts
    In approximately January 2017, the beauty store Sephora suffered a data breach. Impacting customers in South East Asia, Australia and New Zealand, 780k unique email addresses were included in the breach alongside names, genders, dates of birth, ethnicities and other personal information. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".

     
  • Wanelo - 23,165,793 breached accounts
    In approximately December 2018, the digital mall Wanelo suffered a data breach. The data was later placed up for sale on a dark web marketplace along with a collection of other data breaches in April 2019. A total of 23 million unique email addresses were included in the breach alongside passwords stored as either MD5 or bcrypt hashes. After the initial HIBP load, further data containing names, shipping addresses and IP addresses were also provided to HIBP, albeit without direct association to the email addresses and passwords. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".

     
  • Lumin PDF - 15,453,048 breached accounts
    In April 2019, the PDF management service Lumin PDF suffered a data breach. The breach wasn't publicly disclosed until September when 15.5M records of user data appeared for download on a popular hacking forum. The data had been left publicly exposed in a MongoDB instance after which Lumin PDF was allegedly been "contacted multiple times, but ignored all the queries". The exposed data included names, email addresses, genders, spoken language and either a bcrypt password hash or Google auth token. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".

     
  • KiwiFarms - 4,606 breached accounts
    In September 2019, the forum for discussing "lolcows" (people who can be milked for laughs) Kiwi Farms suffered a data breach. The disclosure notice advised that email and IP addresses, dates of birth and content created by members were all exposed in the incident.

     
  • Minehut - 396,533 breached accounts
    In May 2019, the Minecraft server website Minehut suffered a data breach. The company advised a database backup had been obtained after which they subsequently notified all impacted users. 397k email addresses from the incident were provided to HIBP. A data set with both email addresses and bcrypt password hashes was also later provided to HIBP.

     
  • Void.to - 95,431 breached accounts
    In June 2019, the hacking website Void.to suffered a data breach. There were 95k unique email addresses spread across 86k forum users and other tables in the database. A rival hacking website claimed responsibility for breaching the MyBB based forum which disclosed email and IP addresses, usernames, private messages and passwords stored as either salted MD5 or bcrypt hashes.

     
  • Poshmark - 36,395,491 breached accounts
    In mid-2018, social commerce marketplace Poshmark suffered a data breach that exposed 36M user accounts. The compromised data included email addresses, names, usernames, genders, locations and passwords stored as bcrypt hashes. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".

     
  • Mastercard Priceless Specials - 89,388 breached accounts
    In August 2019, the German Mastercard bonus program "Priceless Specials" suffered a data breach. Personal data on almost 90k program members was subsequently extensively circulated online and included names, email and IP addresses, phone numbers and partial credit card data. Following the incident, the program was subsequently suspended.

     
  • XKCD - 561,991 breached accounts
    In July 2019, the forum for webcomic XKCD suffered a data breach that impacted 562k subscribers. The breached phpBB forum leaked usernames, email and IP addresses and passwords stored in MD5 phpBB3 format. The data was provided to HIBP by white hat security researcher and data analyst Adam Davies.

     
  • Coinmama - 478,824 breached accounts
    In August 2017, the crypto coin brokerage service Coinmama suffered a data breach that impacted 479k subscribers. The breach was discovered in February 2019 with exposed data including email addresses, usernames and passwords stored as MD5 WordPress hashes. The data was provided to HIBP by white hat security researcher and data analyst Adam Davies.

     

  • Identity Theft and Security Resources

    © Loopbelt LLC
    HotSheet Web Directory
    Inoitsu Public Pulse