New breach: ShinyHunters claimed Pitney Bowes as an extortion victim last week before later dumping 8.2M email addresses publicly. Data also included name, physical address, phone number and employee job title. 53% were already in
@haveibeenpwned. More:
https://haveibeenpwned.com/Breach/PitneyBowes
Have I Been Pwned: Pitney Bowes Data Breach
In April 2026, the hacking collective ShinyHunters claimed to have obtained data from Pitney Bowes as part of a broader extortion campaign that also named several other organisations. After negotiations allegedly failed, the group publicly released the data which included 8.2M unique email addresses, along with names, phone numbers and physical addresses. A subset of the data also included Pitney Bowes employee records with job titles.
New breach: ADT suffered a "pay or leak" extortion that resulted in 5.5M unique email addresses being published today. Data also included name, address, phone and a small number of DoBs and partial SSNs. 71% were already in
@haveibeenpwned. Read more:
https://haveibeenpwned.com/Breach/ADT
Have I Been Pwned: ADT Data Breach
In April 2026, home security firm ADT confirmed a data breach by ShinyHunters, which listed the company on its website as part of a "pay or leak" extortion attempt. The breach impacted 5.5M unique email addresses along with names, phone numbers and physical addresses. ADT also advised that "in a small percentage of cases, dates of birth and the last four digits of Social Security numbers or Tax IDs were included" and that it had contacted all affected people.
New breach: Udemy had 1.4M email addresses leaked yesterday following an extortion attempt by ShinyHunters. Data included name, address, phone, employer info and instructor payout method. 56% were already in
@haveibeenpwned. Read more:
https://haveibeenpwned.com/Breach/Udemy
Have I Been Pwned: Udemy Data Breach
In April 2026, online training company Udemy was the victim of a “pay or leak” extortion attempt perpetrated by the ShinyHunters group. The data was subsequently leaked publicly and contained 1.4M unique email addresses belonging to customers and instructors. The data also included names, physical addresses, phone numbers, employer information and instructor payout methods including PayPal, cheque and bank transfer.
New breach: Cruise operator Carnival was targeted in a ShinyHunters “pay or leak” attack last week. 8.7M records with 7.5M email addresses and loyalty program data were published yesterday. 85% were already in
@haveibeenpwned. Read more:
https://haveibeenpwned.com/Breach/Carnival
Have I Been Pwned: Carnival Data Breach
In April 2026, the notorious hacking collective ShinyHunters claimed they had obtained a substantial volume of data belonging to the Carnival cruise operator and attempted to extort the organisation to prevent the data from being leaked. The following week, the group published the data publicly, which contained 8.7M records with 7.5M unique email addresses. The data contained fields indicating it related to the Mariner Society loyalty program run by Holland America, a cruise line brand under Carnival, and included names, dates of birth, genders and data relating to status within the loyalty program. Carnival acknowledged a phishing incident involving a single user account and advised they were working to better understand the scope of the unauthorised activity.
New breach: Amtrak was claimed as a victim of ShinyHunters earlier this month with over 2M email addresses then published this week. Data also included names, physical addresses and support tickets. 80% were already in
@haveibeenpwned. Read more:
https://haveibeenpwned.com/Breach/Amtrak
Have I Been Pwned: Amtrak Data Breach
In April 2026, the hacking group ShinyHunters claimed they had breached Amtrak. The group typically compromises organisations' Salesforce instances before demanding a ransom and later, if not paid, dumping the data publicly. They subsequently published the alleged data which contained over 2M unique email addresses along with names, physical addresses and customer support records.
New breach: McGraw Hill suffered a breach last week attributed to a Salesforce misconfiguration. Data leaked today included 13.5M email addresses. Some records included name, phone and physical address. 47% were already in
@haveibeenpwned. Read more:
https://haveibeenpwned.com/Breach/McGrawHill
Have I Been Pwned: McGraw Hill Data Breach
In April 2026, education company McGraw Hill confirmed a data breach following an extortion attempt. Attributed to a Salesforce misconfiguration, the company stated the incident exposed "a limited set of data from a webpage hosted by Salesforce on its platform". More than 100GB of data was later publicly distributed, containing 13.5M unique email addresses across multiple files, with additional fields such as name, physical address and phone number appearing inconsistently across some records.
New breach: Hallmark was allegedly breached in March with attackers accessing Salesforce and publishing data this week. It exposed 1.7M unique email addresses with name, phone, physical address & support tickets. 82% were already in
@haveibeenpwned. More:
https://haveibeenpwned.com/Breach/Hallmark
Have I Been Pwned: Hallmark Data Breach
In March 2026, Hallmark suffered an alleged breach and subsequent extortion after attackers gained access to data stored within Salesforce. The data was later published after the extortion deadline passed, exposing 1.7M unique email addresses across both Hallmark and the Hallmark+ streaming service, along with names, phone numbers, physical addresses and support tickets.
New breach: My Lovely AI, a NSFW AI girlfriend platform, suffered a breach earlier this week that exposed over 100k unique email addresses. The data also included AI prompts and links to the resulting images. 23% were already in
@haveibeenpwned. More:
https://haveibeenpwned.com/Breach/MyLovelyAI
Have I Been Pwned: My Lovely AI Data Breach
In April 2026, the NSFW AI girlfriend platform My Lovely AI suffered a data breach that exposed over 100k users. The data included user-created prompts and links to the resulting AI-generated images, along with a small number of Discord and X usernames.
New breach: Crunchyroll suffered a data breach last month which reportedly exposed data from its Zendesk support system. 1.2M unique email addresses attributed to the incident were provided to HIBP today. 82% were already in
@haveibeenpwned. Read more:
https://haveibeenpwned.com/Breach/Crunchyroll
Have I Been Pwned: Crunchyroll Data Breach
In March 2026, the anime streaming service Crunchyroll suffered a data breach alleged to have impacted 6.8M users. The exposed data is reported to have originated from the company's Zendesk support system where "name, login name, email address, IP address, general geographic location and the contents of the support tickets" were exposed. A subset of 1.2M email addresses from an alleged 2M record dataset being sold was later provided to HIBP.
New breach: SongTrivia2 had 291k unique email addresses breached this week. Data included name, username, avatar and, where Google auth wasn't used, bcrypt password hash. 45% were already in
@haveibeenpwned. Read more:
https://haveibeenpwned.com/Breach/SongTrivia2
Have I Been Pwned: SongTrivia2 Data Breach
In April 2026, the music trivia platform SongTrivia2 suffered a data breach that was subsequently published to a public hacking forum. The data contained a total of 291k unique email addresses sourced from either Google OAuth logins or accounts created on the site, the latter also containing bcrypt password hashes. The data also included names, usernames and avatars.
