Breached sites

Here's an overview of the various breaches that have been consolidated into this site. Each of these has been dumped publicly and is readily available via various sites on the web.

169,281,985 breached accounts
4,008,114 :
3,743,470 :
3,662,043 :
790,592 :
568,332 :
68,680,869 :
194,705 :
28,060,355 :
1,746,906 :
4,753,861 :
2,493,714 :
846,289 :
38,828,044 :
455,294 :
1,826,078 :
453,424 :
2,893,779 :
417,889 :
3,536,570 :
29 breached websites

17 Media

In April 2016, customer data obtained from the streaming app known as "17" appeared listed for sale on a Tor hidden service marketplace. The data contains over 28 million unique email addresses along with IP addresses, usernames and passwords stored as unsalted MD5 hashes.

Compromised data: Device information, Email addresses, IP addresses, Passwords, Usernames

Adobe

In October 2013, 153 million Adobe accounts were breached with each containing an internal ID, username, email, encrypted password and a password hint in plain text. The password cryptography was poorly done and many were quickly resolved back to plain text. The unencrypted hints also disclosed much about the passwords adding further to the risk that hundreds of millions of Adobe customers already faced.

Compromised data: Email addresses, Password hints, Passwords, Usernames

Adult Friend Finder

In May 2015, the adult hookup site Adult Friend Finder was hacked and nearly 4 million records dumped publicly. The data dump included extremely sensitive personal information about individuals and their relationship statuses and sexual preferences combined with personally identifiable information.

Compromised data: Dates of birth, Email addresses, Genders, Geographic locations, IP addresses, Races, Relationship statuses, Sexual orientations, Spoken languages, Usernames

Anti Public

In December 2016, a huge list of email address and password pairs appeared in a "combo list" referred to as "Anti Public". The list contained 458 million unique email addresses, many with multiple different passwords hacked from various online systems. The list was broadly circulated and used for "credential stuffing", that is attackers employ it in an attempt to identify other online systems where the account owner had reused their password.

Compromised data: Email Addresses, Passwords

Ashley Madison

In July 2015, the infidelity website Ashley Madison suffered a serious data breach. The attackers threatened Ashley Madison with the full disclosure of the breach unless the service was shut down. One month later, the database was dumped including more than 30M unique email addresses.

Compromised data: Dates of birth, Email addresses, Ethnicities, Genders, Names, Passwords, Payment histories, Phone numbers, Physical addresses, Security questions and answers, Sexual orientations, Usernames, Website activity

Badoo

In June 2016, a data breach allegedly originating from the social website Badoo was found to be circulating amongst traders. Likely obtained several years earlier, the data contained 112 million unique email addresses with personal data including names, birthdates and passwords stored as MD5 hashes.

Compromised data: Dates of birth, Email addresses, Genders, Names, Passwords, Usernames

Black Hat World

In June 2014, the search engine optimisation forum Black Hat World had three quarters of a million accounts breached from their system. The breach included various personally identifiable attributes which were publicly released in a MySQL database script.

Compromised data: Dates of birth, Email addresses, Instant messenger identities, IP addresses, Passwords, Usernames, Website activity

Brazzers

In April 2013, the adult website known as Brazzers was hacked and 790k accounts were exposed publicly. Each record included a username, email address and password stored in plain text. The breach was brought to light by the Vigilante.pw data breach reporting site in September 2016.

Compromised data: Email addresses, Passwords, Usernames

BTC-E

In October 2014, the Bitcoin exchange BTC-E was hacked and 568k accounts were exposed. The data included email and IP addresses, wallet balances and hashed passwords.

Compromised data: Account balances, Email addresses, IP addresses, Passwords, Usernames, Website activity

Dropbox

In mid-2012, Dropbox suffered a data breach which exposed the stored credentials of tens of millions of their customers. In August 2016, they forced password resets for customers they believed may be at risk. A large volume of data totalling over 68 million records was subsequently traded online and included email addresses and salted hashes of passwords (half of them SHA1, half of them bcrypt).

Compromised data: Email addresses, Passwords

Exploit.in

In late 2016, a huge list of email address and password pairs appeared in a "combo list" referred to as "Exploit.In". The list contained 593 million unique email addresses, many with multiple different passwords hacked from various online systems. The list was broadly circulated and used for "credential stuffing", that is attackers employ it in an attempt to identify other online systems where the account owner had reused their password.

Compromised data: Email Addresses, Passwords

Hackforums

In June 2011, the hacktivist group known as "LulzSec" leaked one final large data breach they titled "50 days of lulz". The compromised data came from sources such as AT&T, Battlefield Heroes and the hackforums.net website. The leaked Hack Forums data included credentials and personal information of nearly 200,000 registered forum users.

Compromised data: Dates of birth, Email addresses, Instant messenger identities, IP addresses, Passwords, Social connections, Spoken languages, Time zones, User website URLs, Usernames, Website activity

imesh

In September 2013, the media and file sharing client known as iMesh was hacked and approximately 50M accounts were exposed. The data was later put up for sale on a dark market website in mid-2016 and included email and IP addresses, usernames and salted MD5 hashes.

Compromised data: Email addresses, IP addresses, Passwords, Usernames

Linkedin

In May 2016, LinkedIn had 164 million email addresses and passwords exposed. Originally hacked in 2012, the data remained out of sight until being offered for sale on a dark market site 4 years later. The passwords in the breach were stored as SHA1 hashes without salt, the vast majority of which were quickly cracked in the days following the release of the data.

Compromised data: Email addresses, Passwords

Modern Business Solutions

In October 2016, a large Mongo DB file containing tens of millions of accounts was shared publicly on Twitter (the file has since been removed). The database contained over 58M unique email addresses along with IP addresses, names, home addresses, genders, job titles, dates of birth and phone numbers. The data was subsequently attributed to "Modern Business Solutions", a company that provides data storage and database hosting solutions. They've yet to acknowledge the incident or explain how they came to be in possession of the data.

Compromised data: Dates of birth, Email addresses, Genders, IP addresses, Job titles, Names, Phone numbers, Physical addresses

Myspace

In approximately 2008, MySpace suffered a data breach that exposed almost 360 million accounts. In May 2016 the data was offered up for sale on the "Real Deal" dark market website and included email addresses, usernames and SHA1 hashes of the first 10 characters of the password converted to lowercase and stored without a salt. The exact breach date is unknown, but analysis of the data suggests it was 8 years before being made public.

Compromised data: Email addresses, Passwords, Usernames

NetEase

In October 2015, the Chinese site known as NetEase (located at 163.com and 126.com) was reported as having suffered a data breach that impacted hundreds of millions of subscribers. The data in the breach contains email addresses and plain text passwords. The 288,584,667 entries from the database were leaked in plain text and MD5 hashing algorithm making the user's passwords very easy to dehash.

Compromised data: Email addresses, Passwords

Rambler

In February of 2012 the website known as rambler.ru (Рамблер) or also known as the "Russian Yahoo" had a data breach of 91 Millions Users all in plaintext. The data was also assumed to be leaked in 2014 but it was really leaked in 2012 and RaidForums is the first site to provide free download to it. Rambler is considered an Email Provider.

Compromised data: Email addresses, Passwords, Usernames

Shadi Dating

In 2016 Shadi.com's Database was breached containing 2 million of their user's information containing private information about their sexual lives or fantasies along with their addresses, names and email/passwords.

|Compromised Data|
Emails, Plaintext Passwords, Hashed Passwords, Religion, Address, Gender, Phone Number, Complexion, Children, Wedding Plan, Family Status, Marital Status

Snapchat

In January 2014 just one week after Gibson Security detailed vulnerabilities in the service, Snapchat had 4.6 million usernames and phone number exposed. The attack involved brute force enumeration of a large number of phone numbers against the Snapchat API in what appears to be a response to Snapchat's assertion that such an attack was "theoretical". Consequently, the breach enabled individual usernames (which are often used across other services) to be resolved to phone numbers which users usually wish to keep private.

Compromised data: Phone numbers, Usernames

Tumblr

In early 2013, tumblr suffered a data breach which resulted in the exposure of over 65 million accounts. The data was later put up for sale on a dark market website and included email addresses and passwords stored as salted SHA1 hashes.

Compromised data: Email addresses, Passwords

Twitter

In 2016 the Social Media website twitter had a lot of it's users data leaked, 71,644,773 user's data was breached that contained plaintext passwords and usernames. The data was obtained various ways such as a spyware that was released caught 40m of those 70m accounts data and breached it.

Compromised data: Email addresses, Passwords, Usernames

VK

In approximately 2012, the Russian social media site known as VK was hacked and almost 100 million accounts were exposed. The data emerged in June 2016 where it was being sold via a dark market website and included names, phone numbers email addresses and plain text passwords.

Compromised data: Email addresses, Names, Passwords, Phone numbers

Xbox-Scene

In February 2015, the Xbox forum known as Xbox-Scene was hacked and more than 432k accounts were exposed. The forum breach data included IP addresses and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.

Compromised data: Email addresses, IP addresses, Passwords, Usernames

Xsplit

In November 2013, the makers of gaming live streaming and recording software XSplit was compromised in an online attack. The data breach leaked almost 3M names, email addresses, usernames and hashed passwords.

Compromised data: Email addresses, Names, Passwords, Usernames

Yahoo

In July 2012, Yahoo! had their online publishing service "Voices" compromised via a SQL injection attack. The breach resulted in the disclosure of 453,492 usernames and passwords stored in plain text. The breach showed that of the compromised accounts, a staggering 59% of people who also had accounts in the Sony breach reused their passwords across both services.

Compromised data: Email addresses, Passwords

Youku

In late 2016, the online Chinese video service Youku suffered a data breach. The incident exposed 92 million unique user accounts and corresponding MD5 password hashes. (58% of passwords are numeric only)

Compromised data: Email addresses, Passwords

Youporn

In February 2012, the adult website YouPorn had over 1.3M user accounts exposed in a data breach. The publicly released data included both email addresses and plain text passwords.

Compromised data: Email addresses, Passwords

Zoosk

In approximately 2011, an alleged breach of the dating website Zoosk began circulating. Comprised of almost 53 million records, the data contained email addresses and plain text passwords.
Compromised data: Email addresses, Passwords