Data Breach Notice: BlackSpigotMC – 140,029 breached accounts

In July 2019, the hacking website BlackSpigotMC suffered a data breach. The XenForo forum based site was allegedly compromised by a rival hacking website and resulted in 8.5GB of data being leaked including the database and website itself. The exposed data included 140k unique email addresses, usernames, IP addresses, genders, geographic locations and passwords stored as bcrypt hashes.

Data Breach Notice: SHEIN – 39,086,762 breached accounts

In June 2018, online fashion retailer SHEIN suffered a data breach. The company discovered the breach 2 months later in August then disclosed the incident another month after that. A total of 39 million unique email addresses were found in the breach alongside MD5 password hashes. The data was provided to HIBP by a source who requested it be attributed to "[email protected]".

Data Breach Notice: piZap – 41,817,893 breached accounts

In approximately December 2017, the online photo editing site piZap suffered a data breach. The data was later placed up for sale on a dark web marketplace along with a collection of other data breaches in February 2019. A total of 42 million unique email addresses were included in the breach alongside names, genders and links to Facebook profiles when the social media platform was used to authenticate to piZap. When accounts were created directly on piZap without using...

Data Breach Notice: Netlog – 49,038,354 breached accounts

In July 2018, the Belgian social networking site Netlog identified a data breach of their systems dating back to November 2012 (PDF). Although the service was discontinued in 2015, the data breach still impacted 49 million subscribers for whom email addresses and plain text passwords were exposed. The data was provided to HIBP by a source who requested it be attributed to "[email protected]".

Data Breach Notice: Evite – 100,985,047 breached accounts

In April 2019, the social planning website for managing online invitations Evite identified a data breach of their systems. Upon investigation, they found unauthorised access to a database archive dating back to 2013. The exposed data included a total of 101 million unique email addresses, most belonging to recipients of invitations. Members of the service also had names, phone numbers, physical addresses, dates of birth, genders and passwords stored in plain text exposed. The data was provided to HIBP...

Hackers being resilient

Why steal cookies when you can take the whole cookie jar? One of our Service Provider partners has just informed us that one of their clients (who is now going to undertaking an ICTAA accreditation) was hacked this morning, the service provider has confirm that their client was using weak passwords which were brute-forced or simply guessed, one of their Office 365 admin accounts was compromised, what was alarming was the hacker didn't send any fake emails or even try...

Data Breach Notice: Social Engineered – 89,392 breached accounts

In June 2019, the "Art of Human Hacking" site Social Engineered suffered a data breach. The breach of the XenForo forum was published on a rival hacking forum and included 89k unique email addresses spread across 55k forum users and other tables in the database. The exposed data also included usernames, IP addresses, private messages and passwords stored as salted MD5 hashes. Stay safe out there!