Have I Been Pwned

@haveibeenpwned@infosec.exchange
17.2K Followers
1 Following
250 Posts
Check if you have an email address or password that has been compromised in a data breach. Created and maintained by @troyhunt
Websitehttps://haveibeenpwned.com
Have I Been PwnedJun 13
New breach: South American mobility services platform Ualabee had 472k records scraped last month. Data included email address, name, DoB, phone number and profile photo. 52% were already in @haveibeenpwned. Read more: https://news.ualabee.com/Aclaraci-n-sobre-datos-vinculados-a-Ualabee-20f75bdc4ce88041916bfeb5055087e8
Aclaración sobre datos vinculados a Ualabee | Notion

En Ualabee iniciamos una investigación tras identificar una publicación externa que contenía datos potencialmente asociados a usuarios de nuestra plataforma. Tras analizar el caso, confirmamos que no se trató de una brecha de seguridad, sino de un caso de acceso automatizado no autorizado (scraping) a información básica disponible a través de una interfaz de nuestra plataforma.

news.ualabee.com on Notion
Have I Been PwnedJun 10
New breach: Now defunct social media influencer platform WiredBucks was breached in 2022. Over 900k email and IP addresses, names, usernames and plain text passwords were exposed. 32% were already in @haveibeenpwned. Read more: https://cybernews.com/security/billions-passwords-credentials-leaked-mother-of-all-breaches/
Have I Been PwnedJun 7
New breach: Japanese record chain store Disk Union had 690k email addresses breached in June 2022. Data included name, post code, phone and plain text password. 40% were already in @haveibeenpwned. Read more: https://news.kaduu.io/blog/2022/07/04/the-worlds-best-record-shop-leaks-701k-user-records-and-personal-info/
Have I Been PwnedJun 3
New breach: ColoCrossing had 7k email addresses breached from their ColoCloud cloud/VPS service last month. Data also included name and MD5-Crypt password hash. 38% were already in @haveibeenpwned. Read more: https://lowendbox.com/blog/colocloud-breach-virtualizer-bugs-lead-to-wild-lowendtalk-thread/
ColoCloud Breach: Virtualizor Bugs Lead to Wild LowEndTalk Thread

ColoCrossing's ColoCloud brand suffered a serious breach today. The CC team is working hard to remediate the situation. Here's what we know so far.

LowEndBox
Have I Been PwnedMay 27
New breach: French ISP "Free" was breached in Oct and the data later published publicly. It contains 14M email addresses along with name, physical address, gender, DoB, phone and for many records, IBAN. 59% were already in @haveibeenpwned. Read more: https://www.bleepingcomputer.com/news/security/free-frances-second-largest-isp-confirms-data-breach-after-leak/
Free, France’s second largest ISP, confirms data breach after leak

Free, a major internet service provider (ISP) in France, confirmed over the weekend that hackers breached its systems and stole customer personal information.

BleepingComputer
Have I Been PwnedMay 23
New sensitive breach: The 2nd wave of Operation Endgame to disrupt criminal ransomware infrastructure has resulted in 15.4M email addresses and 43.8M passwords being provided to HIBP by law enforcement agencies. 83% were already in @haveibeenpwned. More: https://www.europol.europa.eu/media-press/newsroom/news/operation-endgame-strikes-again-ransomware-kill-chain-broken-its-source
Operation ENDGAME strikes again: the ransomware kill chain broken at its source | Europol

Cybercriminals around the world have suffered a major disruption after law enforcement and judicial authorities, coordinated by Europol and Eurojust, dismantled key infrastructure behind the malware used to launch ransomware attacks.

Europol
Have I Been PwnedMay 22
New breach: Fédération Francaise de Rugby had 282k email addresses breached in June 2023. Data also included name, DoB and phone number. 69% were already in @haveibeenpwned. Read more: https://www.lemonde.fr/sport/article/2023/06/22/des-pirates-informatiques-tentent-de-faire-chanter-la-federation-francaise-de-rugby-victime-d-une-attaque_6178763_3242.html
Des pirates informatiques tentent de faire chanter la Fédération française de rugby

Un groupe de pirates menace de publier des documents récupérés dans une attaque ayant eu lieu au début du mois. La FFR assure avoir rétabli les systèmes informatiques et ne pas avoir l’intention de payer de rançon.

Le Monde
Have I Been PwnedMay 8
New breach: OnRPG had 1M email addresses breached in 2016. Data also included IP address, username and salted MD5 password hash. 86% were already in @haveibeenpwned. Read more: https://cybernews.com/security/billions-passwords-credentials-leaked-mother-of-all-breaches/
Have I Been PwnedMay 1
New breach: Hungarian education office website TehetségKapu had almost 55k records breached in March. Data included email address, name and username. 32% were already in @haveibeenpwned. Read more: https://444.hu/2025/03/27/55-ezer-szemelyes-adat-magyar-diakok-tanarok-es-az-oktatasi-hivatal-dolgozoinak-informacioi-szivaroghattak-ki
55 ezer személyes adat, magyar diákok, tanárok és az Oktatási Hivatal dolgozóinak információi szivároghattak ki

Az iskolai kompetenciamérést is lebonyolító Tehetségkapu nevű rendszerhez fértek hozzá a hackerek és nyilvánosságra hozták, amit elloptak.

444
Have I Been PwnedApr 13
New breach: Samsung Germany had 216k unique email addresses exposed due to a compromise of their logistics provider, Spectos. Data included name, physical address, purchases and shipping tracking numbers. 49% were already in @haveibeenpwned. Read more: https://www.infostealers.com/article/samsung-tickets-data-leak-infostealers-strike-again-in-massive-free-dump/
Samsung Tickets Data Leak: Infostealers Strike Again in Massive Free Dump

Another colossal breach fueled by infostealer malware, and this time, it’s Samsung in the crosshairs.

InfoStealers