Data Breach Notices

Data Breach Notice: ShareThis.com – 40,960,499 breached accounts

In July 2018, the social bookmarking and sharing service ShareThis suffered a data breach. The incident exposed 41 million unique email addresses alongside names and in some cases, dates of birth and password hashes. In 2019, the data appeared listed for sale on a dark web marketplace (along with several other large breaches) and subsequently began circulating more broadly.

Data Breach Notice: MyFitnessPal – 143,606,147 breached accounts

In February 2018, the diet and exercise service MyFitnessPal suffered a data breach. The incident exposed 144 million unique email addresses alongside usernames, IP addresses and passwords stored as SHA-1 and bcrypt hashes (the former for earlier accounts, the latter for newer accounts). In 2019, the data appeared listed for sale on a dark web marketplace (along with several other large breaches) and subsequently began circulating more broadly. The data was provided to HIBP by a source who requested...

Data Breach Notice: MyHeritage – 91,991,358 breached accounts

In October 2017, the genealogy website MyHeritage suffered a data breach. The incident was reported 7 months later after a security researcher discovered the data and contacted MyHeritage. In total, more than 92M customer records were exposed and included email addresses and salted SHA-1 password hashes. In 2019, the data appeared listed for sale on a dark web marketplace (along with several other large breaches) and subsequently began circulating more broadly. The data was provided to HIBP by a...

Data Breach Notice: Dubsmash – 161,749,950 breached accounts

In December 2018, the video messaging service Dubsmash suffered a data breach. The incident exposed 162 million unique email addresses alongside usernames and PBKDF2 password hashes. In 2019, the data appeared listed for sale on a dark web marketplace (along with several other large breaches) and subsequently began circulating more broadly. The data was provided to HIBP by a source who requested it to be attributed to "BenjaminBlue@exploit.im".

Data Breach Notice: Symantec breach revealed client list, passwords

A February data breach at Symantec gave hackers access to account numbers, passwords, and a purported list of prominent Australian clients, according to a Guardian Australia report. The platform security vendor characterised the breach as a "minor incident" since it involved a self-enclosed demo lab in Australia that wasn't connected to Symantec's corporate network. Symantec told Guardian Australia it didn't report the breach since the demo lab didn't host or have any sensitive personal data extracted from it. The Australian Privacy Act requires...