General

Data Breach Notice: Bukalapak – 13,369,666 breached accounts

In March 2019, the Indonesian e-commerce website Bukalapak discovered a data breach of the organisation's backups dating back to October 2017. The incident exposed approximately 13 million unique email addresses alongside IP addresses, names and passwords stored as bcrypt and salted SHA-512 hashes. Prefer to get this by email? Sign-up to Data Breach mailing list   Stay safe out there!

“Does anyone know the password?”

Don’t let minor interruptions stop your business in 2019: If we look back at the statistics from 2018, it’s alarming to see that power interruptions accounted for 35% of disaster events (45% from hardware failure) and as the Dunder Mifflin team discovered, a minor power interruption can cause the server to reset and not being able to login to the server prevented the whole office from working… Takeaways: Do you have adequate power, surge protection and UPS equipment? Do you have...

Data Breach Notice: DataCamp – 760,561 breached accounts

In January 2017, the data science website DataCamp suffered a data breach. The incident exposed 760k unique email and IP addresses along with names and passwords stored as bcrypt hashes. In 2019, the data appeared listed for sale on a dark web marketplace (along with several other large breaches) and subsequently began circulating more broadly. The data was provided to HIBP by a source who requested it to be attributed to "BenjaminBlue@exploit.im". Prefer to get this by email? Sign-up to...

Data Breach Notice: Knuddels – 808,330 breached accounts

In September 2018, the German social media website Knuddels suffered a data breach. The incident exposed 808k unique email addresses alongside usernames, real names, the city of the person and their password in plain text. Knuddels was subsequently fined €20k for the breach. Prefer to get this by email? Sign-up to Data Breach mailing list   Stay safe out there!

Data Breach Notice: Verifications.io – 763,117,241 breached accounts

In February 2019, the email address validation service verifications.io suffered a data breach. The breach was due to the data being stored in a MongoDB instance left publicly facing without a password and resulted in 763 million unique email addresses being exposed. Many records within the data also included additional personal attributes such as names, phone numbers, IP addresses, dates of birth and genders. No passwords were included in the data. The Verifications.io website went offline during the disclosure...

Data Breach Notice: ShareThis.com – 40,960,499 breached accounts

In July 2018, the social bookmarking and sharing service ShareThis suffered a data breach. The incident exposed 41 million unique email addresses alongside names and in some cases, dates of birth and password hashes. In 2019, the data appeared listed for sale on a dark web marketplace (along with several other large breaches) and subsequently began circulating more broadly.