Email Address Breach Summary and Analysis
Use this free service to check if an email address is in any hacked data from known database breaches. Get a summary of what specific information may be at risk, critical personal identity alerts, a relative exposure rating and more. Results are shown immediately - no verification, upgrades or extra steps are required.breach data from: Have I Been pwned?
Recent Global Data Breaches
Facebook Marketplace - 77,267 breached accountsIn February 2024, 200k Facebook Marketplace records allegedly obtained from a Meta contractor in October 2023 were posted to a popular hacking forum. The data contained 77k unique email addresses alongside names, phone numbers, Facebook profile IDs and geographic locations. The data also contained bcrypt password hashes, although there is no indication these belong to the corresponding Facebook accounts.
Spoutible - 207,114 breached accountsIn January 2024, Spoutible had 207k records scraped from a misconfigured API that inadvertently returned excessive personal information. The data included names, usernames, email and IP addresses, phone numbers (where provided to the platform), genders and bcrypt password hashes. The incident also exposed 2FA secrets and backup codes along with password reset tokens.
MyPertamina - 5,970,416 breached accountsIn November 2022, the Indonesian oil and gas company Pertamina suffered a data breach of their MyPertamina service. The incident exposed 44M records with 6M unique email addresses along with names, dates of birth, genders, physical addresses and purchases.
Trello - 15,111,945 breached accountsIn January 2024, data was scraped from Trello and posted for sale on a popular hacking forum. Containing over 15M email addresses, names and usernames, the data was obtained by enumerating a publicly accessible resource using email addresses from previous breach corpuses. Trello advised that no unauthorised access had occurred.
Naz.API - 70,840,771 breached accountsIn September 2023, over 100GB of stealer logs and credential stuffing lists titled "Naz.API" was posted to a popular hacking forum. The incident contained a combination of email address and plain text password pairs alongside the service they were entered into, and standalone credential pairs obtained from unnamed sources. In total, the corpus of data included 71M unique email addresses and 100M unique passwords.
Hathway - 4,670,080 breached accountsIn December 2023, hundreds of gigabytes of data allegedly taken from Indian ISP and digital TV provider Hathway appeared on a popular hacking website. The incident exposed extensive personal information including 4.7M unique email addresses along with names, physical and IP addresses, phone numbers, password hashes and support ticket logs.
Legendas.TV - 3,869,181 breached accountsIn October 2017, the now defunct Brazilian service for retrieving subtitles in Portuguese Legendas.TV suffered a data breach that exposed nearly 4M customer records. The impacted data included names, usernames, email and IP addresses and unsalted SHA-1 hashes.
Kaneva - 3,901,179 breached accountsIn July 2016, now defunct website Kaneva, the service to "build and explore virtual worlds", suffered a data breach that exposed 3.9M user records. The data included email addresses, usernames, dates of birth and salted MD5 password hashes.
Gemplex - 4,563,166 breached accountsIn February 2021, the Indian streaming platform Gemplex suffered a data breach that exposed 4.6M user accounts. The impacted data included device information, names, phone numbers, email addresses and bcrypt password hashes.
Movie Forums - 39,914 breached accountsIn December 2022, the Movie Forums website suffered a data breach that affected 40k users. The breach exposed email and IP addresses, usernames, dates of birth and passwords stored as easily crackable salted MD5 hashes. The data was subsequently posted a popular clear web hacking forum.
JoyGames - 4,461,787 breached accountsIn December 2019, the forum for the JoyGames website suffered a data breach that exposed 4.5M unique email addresses. The impacted data also included usernames, IP addresses and salted MD5 password hashes.
RailYatri - 23,209,732 breached accountsIn December 2022, India’s government-approved online travel agency RailYatri suffered a data breach. The incident impacted over 31M customers and exposed 23M unique email addresses. Also impacted were names, genders, phone numbers and tickets purchased, including travel information and fares.
SoarGames - 4,774,445 breached accountsIn December 2019, the now defunct gaming website SoarGames suffered a data breach that exposed 4.8M unique email addresses. The impacted data included usernames, email and IP addresses and salted MD5 password hashes. A significant number of the email addresses appeared to have been generated as opposed to organically provided by the user.
Go Ninja - 4,999,001 breached accountsIn December 2019, the now defunct German gaming website Go Ninja suffered a data breach that exposed 5M unique email addresses. The impacted data included usernames, email and IP addresses and salted MD5 password hashes. More than 4M of the email addresses appeared to have been generated as opposed to organically provided by the user.
Estante Virtual - 5,412,603 breached accountsIn February 2019, the Brazilian book store Estante Virtual suffered a data breach that impacted 5.4M customers. The exposed data included names, usernames, email and physical addresses, phone numbers, dates of birth and unsalted SHA-1 password hashes.
Bleach Anime Forum - 143,711 breached accountsIn 2015, the now defunct independent forum for the Bleach Anime series suffered a data breach that exposed 144k user records. The impacted data included usernames, email addresses and salted MD5 password hashes.
IndiHome - 12,629,245 breached accountsIn mid-2021, reports emerged of a data breach of Indonesia's telecommunications company, IndiHome. Over 26M rows of data alleged to have been sourced from the company was posted to a popular hacking forum and contained 12.6M unique email addresses alongside names, IP addresses, genders and geographic locations. The most recent data was stamped as being recorded in November 2019.
breach data from: Have I Been pwned? (HIBP)
Identity Theft and Security Resources
Official US Government Sites
- FTC Complaint Assistant
- FBI Internet Crime Complaint Center
- US Postal Inspection Service ID Theft Complaint
- IRS Taxpayer Victim Assistance
- HHS Health Information Breach Portal
- National Do Not Call Registry
Identity Security Tips and Guidelines
- FDIC Cybersecurity Awareness Basics
- FTC Identity Theft Consumer Information
- Identity Theft: What To Do If It Happens To You
- Protect Yourself from Identity Theft
- Protecting Your Social Security
- Spam "Unsubscribe" Services are a Scam
Fraud Information and Assistance Organizations
- ID Theft Resource Center
- Better Business Bureau
- Privacy Rights Clearinghouse
- Charity Watch
Credit Bureaus and Reporting
- Free credit report from annualcreditreport.com