Email Address Breach Detection and Analysis
Use this free service to check if an email address is in any hacked data from known breaches. Get a summary of what specific information may be at risk, critical personal identity alerts, a relative exposure rating and more. Results are shown immediately - no verification, upgrades or extra steps are required.
breach data from: Have I Been pwned?
Recent Global Data Breaches
DailyObjects - 464,260 breached accountsIn approximately January 2018, a collection of more than 464k customer records from the Indian online retailer DailyObjects were leaked online. The data included names, physical and email addresses, phone numbers and "pincodes" stored in plain text. After multiple attempts to contact them, DailyObjects responded and received a copy of the data for verification, however failed to respond to multiple contact attempts following that.
Tout - 652,683 breached accountsIn approximately September 2014, the now defunct social networking service Tout suffered a data breach. The breach subsequently appeared years later and included 653k unique email addresses, names, IP addresses, the location of the user, their bio and passwords stored as bcrypt hashes. The data was provided to HIBP by a source who requested it to be attributed to "email@example.com".
europa.jobs - 226,095 breached accountsIn August 2019, the now defunct European jobs website europa.jobs (Google cache link) suffered a data breach. The incident exposed 226k unique email addresses alongside extensive personal information including names, dates of birth, job applications and passwords. The data was subsequently redistributed on a popular hacking forum.
Planet Calypso - 62,261 breached accountsIn approximately July 2019, the forums for the Planet Calypso game suffered a data breach. The breach of the vBulletin based forum exposed email and IP addresses, usernames and passwords stored as salted MD5 hashes.
BtoBet - 444,241 breached accountsIn December 2019, a large collection of data from Nigerian gambling company Surebet247 was sent to HIBP. Alongside the Surebet247, database backups from gambling sites BetAlfa, BetWay, BongoBongo and TopBet was also included. Further investigation implicated betting platform provider BtoBet as being the common source of the data. Impacted data included user records and extensive information on gambling histories.
Go Games - 3,430,083 breached accountsIn approximately October 2015, the manga website Go Games suffered a data breach. The exposed data included 3.4M customer records including email and IP addresses, usernames and passwords stored as salted MD5 hashes. Go Games did not respond when contacted about the incident. The data was provided to HIBP by dehashed.com.
Indian Railways - 583,377 breached accountsIn November 2019, the website for Indian Rail left more than 2M records exposed on an unprotected Firebase database instance. The exposed data included 583k unique email addresses alongside usernames and passwords stored in plain text.
Universarium - 564,962 breached accountsIn approximately November 2019, the Russian "Remote preparatory faculty for IT specialties" Universarium suffered a data breach. The incident exposed 565k email addresses and passwords in plain text. Universarium did not respond to multiple attempts to make contact over a period of many weeks. The data was provided to HIBP by dehashed.com.
Factual - 2,461,696 breached accountsIn March 2017, a file containing 8M rows of data allegedly sourced from data aggregator Factual was compiled and later exchanged on the premise it was a "breach". The data contained 2.5M unique email addresses alongside business names, addresses and phone numbers. After consultation with Factual, they advised the data was "publicly available information about businesses and other points of interest that Factual makes available on its website and to customers".
Zynga - 172,869,660 breached accountsIn September 2019, game developer Zynga (the creator of Words with Friends) suffered a data breach. The incident exposed 173M unique email addresses alongside usernames and passwords stored as salted SHA-1 hashes. The data was provided to HIBP by dehashed.com.
AgusiQ-Torrents.pl - 90,478 breached accountsIn September 2019, Polish torrent site AgusiQ-Torrents.pl suffered a data breach. The incident exposed 90k member records including email and IP addresses, usernames and passwords stored as MD5 hashes.
Data Enrichment Exposure From PDL Customer - 622,161,052 breached accountsIn October 2019, security researchers Vinny Troia and Bob Diachenko identified an unprotected Elasticsearch server holding 1.2 billion records of personal data. The exposed data included an index indicating it was sourced from data enrichment company People Data Labs (PDL) and contained 622 million unique email addresses. The server was not owned by PDL and it's believed a customer failed to properly secure the database. Exposed information included email addresses, phone numbers, social media profiles and job history data.
GateHub - 1,408,078 breached accountsIn October 2019, 1.4M accounts from the cryptocurrency wallet service GateHub were posted to a popular hacking forum. GateHub had previously acknowledged a data breach in June, albeit with a smaller number of impacted accounts. Data from the breach included email addresses, mnemonic phrases, encrypted master keys, encrypted recovery keys and passwords stored as bcrypt hashes.
EpicBot - 816,662 breached accountsIn September 2019, the RuneScape bot provider EpicBot suffered a data breach that impacted 817k subscribers. Data from the breach was subsequently shared on a popular hacking forum and included usernames, email and IP addresses and passwords stored as either salted MD5 or bcrypt hashes. EpicBot did not respond when contacted about the incident.
GPS Underground - 669,584 breached accountsIn early 2017, GPS Underground was amongst a collection of compromised vBulletin websites that were found being sold online. The breach dated back to mid-2016 and included 670k records with usernames, email and IP addresses, dates of birth and salted MD5 password hashes.
ToonDoo - 6,002,694 breached accountsIn August 2019, the comic strip creation website ToonDoo suffered a data breach. The data was subsequently redistributed on a popular hacking forum in November where the personal information of over 6M subscribers was shared. Impacted data included email and IP addresses, usernames, genders, the location of the individual and salted password hashes.
Vedantu - 686,899 breached accountsIn mid-2019, the Indian interactive online tutoring platform Vedantu suffered a data breach which exposed the personal data of 687k users. The JSON formatted database dump exposed extensive personal information including email and IP address, names, phone numbers, genders and passwords stored as bcrypt hashes. When contacted about the incident, Vedantu advised that they were aware of the breach and were in the process of informing their customers.
breach data from: Have I Been pwned? (HIBP)
Identity Theft and Security Resources
Official US Government Sites
- FTC Complaint Assistant
- FBI Internet Crime Complaint Center
- US Postal Inspection Service ID Theft Complaint
- IRS Taxpayer Victim Assistance
- HHS Health Information Breach Portal
- National Do Not Call Registry
Identity Security Tips and Guidelines
- FDIC Cybersecurity Awareness Basics
- FTC Identity Theft Consumer Information
- Identity Theft: What To Do If It Happens To You
- Protect Yourself from Identity Theft
- Protecting Your Social Security
- Spam "Unsubscribe" Services are a Scam
Fraud Information and Assistance Organizations
- ID Theft Resource Center
- Better Business Bureau
- Privacy Rights Clearinghouse
- Charity Watch
Credit Bureaus and Reporting
- Free credit report from annualcreditreport.com