Email Address Breach Summary and Analysis
Use this free service to check if an email address is in any hacked data from known database breaches. Get a summary of what specific information may be at risk, critical personal identity alerts, a relative exposure rating and more. Results are shown immediately - no verification, upgrades or extra steps are required.
breach data from: Have I Been pwned?
Recent Global Data Breaches
ApexSMS - 23,246,481 breached accounts In May 2019, news broke of a massive SMS spam operation known as "ApexSMS" which was discovered after a MongoDB instance of the same name was found exposed without a password. The incident leaked over 80M records with 23M unique email addresses alongside names, phone numbers and carriers, geographic locations (state and country), genders and IP addresses.
dBforums - 363,468 breached accounts In July 2016, a data breach of the now defunct database forum "dBforums" appeared for sale alongside several others hacked from the parent company, Penton. The breach of the vBulletin based forum contained 363k unique email addresses alongside usernames, IP addresses, dates of birth and salted MD5 password hashes.
MalindoAir - 4,328,232 breached accounts In early 2019, the Malaysian airline Malindo Air suffered a data breach that exposed tens of millions of customer records. Containing 4.3M unique email addresses, the breach also exposed extensive personal information including names, dates of birth, genders, physical addresses, phone numbers and passport details. The data was later extensively shared on popular hacking forums.
Viva Air - 932,232 breached accounts In March 2022, the now defunct Columbian airline Viva Air suffered a data breach and subsequent ransomware attack. Among a trove of other ransomed data, the incident exposed a log of 2.6M transactions with 932k unique email addresses, physical and IP addresses, names, phone numbers and partial credit card data (last 4 digits).
Dymocks - 836,120 breached accounts In September 2023, the Australian book retailer Dymocks announced a data breach. The data dated back to June 2023 and contained 1.2M records with 836k unique email addresses. The breach also exposed names, dates of birth, genders, phone numbers and physical addresses.
Phished Data via CERT Poland - 67,943 breached accounts In August 2023, CERT Poland observed a phishing campaign that collected credentials from 68k victims. The campaign collected email addresses and passwords via a phishing email masquerading as a purchase order confirmation. CERT Poland identified a further 202 other phishing campaigns operating on the same C2 server, which has now been dismantled.
Pampling - 383,468 breached accounts In January 2020, the online clothing retailer Pampling suffered a data breach that exposed 383k unique customer email addresses. The data was later shared on a popular hacking forum and also included names, usernames and unsalted MD5 password hashes.
PlayCyberGames - 3,681,753 breached accounts In August 2023, PlayCyberGames which "allows users to play any games with LAN function or games using IP address" suffered a data breach which exposed 3.7M customer records. The data included email addresses, usernames and MD5 password hashes with a constant value in the "salt" field. PlayCyberGames did not respond to multiple attempts to disclose the breach.
SevenRooms - 1,205,385 breached accounts In December 2022, over 400GB of data belonging to restaurant customer management platform SevenRooms was posted for sale to a popular hacking forum. The data included 1.2M unique email addresses alongside names and purchases. SevenRooms advised that the breach was due to unauthorised access of "a file transfer interface of a third-party vendor".
Duolingo - 2,676,696 breached accounts In August 2023, 2.6M records of data scraped from Duolingo were broadly distributed on a popular hacking forum. Obtained by enumerating a vulnerable API, the data had earlier appeared for sale in January 2023 and contained email addresses, names, the languages being learned, XP (experience points), and other data related to learning progress on Duolingo. Whilst some of the data attributes are intentionally public, the ability to map private email addresses to them presents an ongoing risk to user privacy.
Atmeltomo - 580,177 breached accounts In April 2021, "Japan's largest e-mail friend search site" Atmeltomo suffered a data breach that was later sold on a popular hacking forum. The breach exposed 1.3M records with 580k unique email addresses along with usernames, IP addresses and unsalted MD5 password hashes.
iMenu360 - 3,425,860 breached accounts In approximately late 2022, 3.4M customer records from iMenu360 ("The world's #1 most trusted online ordering platform") were exposed. The data appeared to be from ordering systems using the platform and contained email and physical addresses, latitudes and longitudes, names and phone numbers. Numerous attempts were made to contact iMenu360 about the incident between April and August 2023, but no response was received.
Manipulated Caiman - 39,901,389 breached accounts In July 2023, Perception Point reported on a phishing operation dubbed "Manipulated Caiman". Targeting primarily the citizens of Mexico, the campaign attempted to gain access to victims' bank accounts via spear phishing attacks using malicious attachments. Researchers obtained almost 40M email addresses targeted in the campaign and provided the data to HIBP to alert potential victims.
Jobzone - 29,708 breached accounts In April 2023, data from the Israeli jobs website Jobzone was posted online. The data included 30k records of email addresses, names, social security numbers, genders, dates of birth, fathers' names and physical addresses.
Rightbiz - 65,376 breached accounts In June 2023, data belonging to the "UK's No.1 Business Marketplace" Rightbiz appeared on a popular hacking forum. Comprising of more than 18M rows of data, the breach included 65k unique email addresses along with names, phone numbers and physical address. Rightbiz didn't respond to mulitple attempts to disclose the incident. The data was provided to HIBP by a source who requested it be attributed to "https://discord.gg/gN9C9em".
CraftRise - 2,532,527 breached accounts In May 2023, news broke of a data breach of the Turkish Minecraft server known as CraftRise. The data of over 2.5M users was subsequently shared on a popular hacking forum and included email addresses, usernames, geographic locations and plain text passwords. The newest records indicate the data was obtained in March 2022.
MagicDuel - 138,443 breached accounts In August 2023, the MagicDuel Adventure website suffered a data breach that exposed 138k user records. The data included player names, email and IP addresses and bcrypt password hashes.
breach data from: Have I Been pwned? (HIBP)
Identity Theft and Security Resources
Official US Government Sites
- IdentityTheft.gov
- FTC Complaint Assistant
- FBI Internet Crime Complaint Center
- US Postal Inspection Service ID Theft Complaint
- IRS Taxpayer Victim Assistance
- HHS Health Information Breach Portal
- National Do Not Call Registry
Identity Security Tips and Guidelines
- FDIC Cybersecurity Awareness Basics
- FTC Identity Theft Consumer Information
- Identity Theft: What To Do If It Happens To You
- Protect Yourself from Identity Theft
- Protecting Your Social Security
- Spam "Unsubscribe" Services are a Scam
Fraud Information and Assistance Organizations
- ID Theft Resource Center
- Better Business Bureau
- Fraud.org
- Privacy Rights Clearinghouse
- Charity Watch
Credit Bureaus and Reporting
- Equifax
- Experian
- TransUnion
- Free credit report from annualcreditreport.com