Data Breach Notices

Data Breach Notice: Social Engineered – 89,392 breached accounts

In June 2019, the "Art of Human Hacking" site Social Engineered suffered a data breach. The breach of the XenForo forum was published on a rival hacking forum and included 89k unique email addresses spread across 55k forum users and other tables in the database. The exposed data also included usernames, IP addresses, private messages and passwords stored as salted MD5 hashes. Stay safe out there!

Data Breach Notice: OGUsers – 161,143 breached accounts

In May 2019, the account hijacking and SIM swapping forum OGusers suffered a data breach. The breach exposed a database backup from December 2018 which was published on a rival hacking forum. There were 161k unique email addresses spread across 113k forum users and other tables in the database. The exposed data also included usernames, IP addresses, private messages and passwords stored as salted MD5 hashes. Stay safe out there!

Data Breach Notice: Illawarra drivers licenses details

Illawarra drivers may have had their private details leaked to the media as part of a "political smear campaign", according to Wollongong MP Paul Scully. At the last election, a file containing names, addresses, ages and driving history - including those of then Labor leader Michael Daley - was leaked to the media by the office of Customer Service Minister Victor Dominello. The leak occurred after Revenue NSW advised Mr Dominello's office the file was a privacy breach and it must...

Data Breach Notice: Ordine Avvocati di Roma – 41,960 breached accounts

In May 2019, the Lawyers Order of Rome suffered a data breach by a group claiming to be Anonymous Italy. Data on tens of thousands of Roman lawyers was taken from the breached system and redistributed online. The data included contact information, email addresses and email messages themselves encompassing tens of thousands of unique email addresses. A total of 42k unique addresses appeared in the breach. Stay safe out there!

Data Breach Notice: Appartoo – 49,681 breached accounts

In March 2017, the French Flatsharing site known as Appartoo suffered a data breach. The incident exposed an extensive amount of personal information on almost 50k members including email addresses, genders, ages, private messages sent between users of the service and passwords stored as SHA-256 hashes. Appartoo advised that all subscribers were notified of the incident in early 2017. Stay safe out there!

Data Breach Notice: Club Penguin Rewritten – 1,688,176 breached accounts

In January 2018, the children's gaming site Club Penguin Rewritten (CPRewritten) suffered a data breach (note: CPRewritten is an independent recreation of Disney's Club Penguin game). The incident exposed almost 1.7 million unique email addresses alongside IP addresses, usernames and passwords stored as bcrypt hashes. When contacted, CPRewritten advised they were aware of the breach and had "contacted affected users". Stay safe out there!

Data Breach Notice: Bukalapak – 13,369,666 breached accounts

In March 2019, the Indonesian e-commerce website Bukalapak discovered a data breach of the organisation's backups dating back to October 2017. The incident exposed approximately 13 million unique email addresses alongside IP addresses, names and passwords stored as bcrypt and salted SHA-512 hashes. Prefer to get this by email? Sign-up to Data Breach mailing list   Stay safe out there!

Data Breach Notice: DataCamp – 760,561 breached accounts

In January 2017, the data science website DataCamp suffered a data breach. The incident exposed 760k unique email and IP addresses along with names and passwords stored as bcrypt hashes. In 2019, the data appeared listed for sale on a dark web marketplace (along with several other large breaches) and subsequently began circulating more broadly. The data was provided to HIBP by a source who requested it to be attributed to "BenjaminBlue@exploit.im". Prefer to get this by email? Sign-up to...