Email Address Breach Detection and Analysis

Use this free service to check if an email address is in any hacked data from known breaches. Get a summary of what specific information may be at risk, critical personal identity alerts, a relative exposure rating and more. Results are shown immediately - no verification, upgrades or extra steps are required.


Check This Email Address:
 

 

breach data from: Have I Been pwned?  

Recent Global Data Breaches

  • Dueling Network - 6,486,626 breached accounts
    In March 2017, the Flash game based on the Yu-Gi-Oh trading card game Dueling Network suffered a data breach. The site itself was taken offline in 2016 due to a cease-and-desist order but the forum remained online for another year. The data breach exposed usernames, IP and email addresses and passwords stored as MD5 hashes. The data was provided to HIBP by a source who requested it be attributed to "burger vault".

     
  • Tamodo - 494,945 breached accounts
    In February 2020, the affiliate marketing network Tamodo suffered a data breach which was subsequently shared on a popular hacking forum. The incident exposed almost 500k accounts including names, email addresses, dates of birth and passwords stored as bcrypt hashes. Tamodo failed to respond to multiple attempts to report the breach via published communication channels.

     
  • PropTiger - 2,156,921 breached accounts
    In January 2018, the Indian property website PropTiger suffered a data breach which resulted in a 3.46GB database file being exposed and subsequently shared extensively on a popular hacking forum 2 years later. The exposed data contained both user records and login histories with over 2M unique customer email addresses. Exposed data also included additional personal attributes such as names, dates of birth, genders, IP addresses and passwords stored as MD5 hashes. PropTiger advised they believe the usability of the data is "limited" due to how certain data attributes were generated and stored. The data was provided to HIBP by dehashed.com.

     
  • The Halloween Spot - 10,653 breached accounts
    In September 2019, the Halloween costume store The Halloween Spot suffered a data breach. Originally misattributed to fancy dress store Smiffys, the breach contained 13GB of data with over 10k unique email addresses alongside names, physical and IP addresses, phone numbers and order histories. The Halloween Spot advised customers the breach was traced back to "an old shipping information database".

     
  • AnimeGame - 1,431,378 breached accounts
    In February 2020, the gaming website AnimeGame suffered a data breach. The incident affected 1.4M subscribers and exposed email addresses, usernames and passwords stored as salted MD5 hashes. The data was subsequently shared on a popular hacking forum and was provided to HIBP by dehashed.com.

     
  • Straffic - 48,580,249 breached accounts
    In February 2020, Israeli marketing company Straffic exposed a database with 140GB of personal data. The publicly accessible Elasticsearch database contained over 300M rows with 49M unique email addresses. Exposed data also included names, phone numbers, physical addresses and genders. In their breach disclosure message, Straffic stated that "it is impossible to create a totally immune system, and these things can occur".

     
  • Slickwraps - 857,611 breached accounts
    In February 2020, the online store for consumer electronics wraps Slickwraps suffered a data breach. The incident resulted in the exposure of 858k unique email addresses across customer records and newsletter subscribers. Additional impacted data included names, physical addresses, phone numbers and purchase histories.

     
  • MGM Resorts - 3,081,321 breached accounts
    In July 2019, MGM Resorts discovered a data breach of one of their cloud services. The breach included 10.6M guest records with 3.1M unique email addresses stemming back to 2017. The exposed data included email and physical addresses, names, phone numbers and dates of birth and was subsequently shared on a popular hacking forum in February 2020 where it was extensively redistributed. The data was provided to HIBP by Under The Breach.

     
  • DailyObjects - 464,260 breached accounts
    In approximately January 2018, a collection of more than 464k customer records from the Indian online retailer DailyObjects were leaked online. The data included names, physical and email addresses, phone numbers and "pincodes" stored in plain text. After multiple attempts to contact them, DailyObjects responded and received a copy of the data for verification, however failed to respond to multiple contact attempts following that.

     
  • Tout - 652,683 breached accounts
    In approximately September 2014, the now defunct social networking service Tout suffered a data breach. The breach subsequently appeared years later and included 653k unique email addresses, names, IP addresses, the location of the user, their bio and passwords stored as bcrypt hashes. The data was provided to HIBP by a source who requested it to be attributed to "nmapthis@protonmail.com".

     
  • europa.jobs - 226,095 breached accounts
    In August 2019, the now defunct European jobs website europa.jobs (Google cache link) suffered a data breach. The incident exposed 226k unique email addresses alongside extensive personal information including names, dates of birth, job applications and passwords. The data was subsequently redistributed on a popular hacking forum.

     
  • Planet Calypso - 62,261 breached accounts
    In approximately July 2019, the forums for the Planet Calypso game suffered a data breach. The breach of the vBulletin based forum exposed email and IP addresses, usernames and passwords stored as salted MD5 hashes.

     
  • BtoBet - 444,241 breached accounts
    In December 2019, a large collection of data from Nigerian gambling company Surebet247 was sent to HIBP. Alongside the Surebet247, database backups from gambling sites BetAlfa, BetWay, BongoBongo and TopBet was also included. Further investigation implicated betting platform provider BtoBet as being the common source of the data. Impacted data included user records and extensive information on gambling histories.

     
  • Go Games - 3,430,083 breached accounts
    In approximately October 2015, the manga website Go Games suffered a data breach. The exposed data included 3.4M customer records including email and IP addresses, usernames and passwords stored as salted MD5 hashes. Go Games did not respond when contacted about the incident. The data was provided to HIBP by dehashed.com.

     
  • Indian Railways - 583,377 breached accounts
    In November 2019, the website for Indian Rail left more than 2M records exposed on an unprotected Firebase database instance. The exposed data included 583k unique email addresses alongside usernames and passwords stored in plain text.

     
  • Universarium - 564,962 breached accounts
    In approximately November 2019, the Russian "Remote preparatory faculty for IT specialties" Universarium suffered a data breach. The incident exposed 565k email addresses and passwords in plain text. Universarium did not respond to multiple attempts to make contact over a period of many weeks. The data was provided to HIBP by dehashed.com.

     
  • Factual - 2,461,696 breached accounts
    In March 2017, a file containing 8M rows of data allegedly sourced from data aggregator Factual was compiled and later exchanged on the premise it was a "breach". The data contained 2.5M unique email addresses alongside business names, addresses and phone numbers. After consultation with Factual, they advised the data was "publicly available information about businesses and other points of interest that Factual makes available on its website and to customers".

     

  • Identity Theft and Security Resources

    © Loopbelt LLC
    HotSheet Web Directory