Call Now! (866) 666-4235 info@seronsecurity.com

Do you have accounts at any of the sites that have been compromised?

Enter your email address at Have I Been Pwned? to find out.

Then change your password, get 2 Factor Authentication, and call us!

Full Disclosure: Here is my report:

Oh no — pwned!

Pwned on 15 breached sites and found 3 pastes

Breaches you were pwned in

A “breach” is an incident where a site’s data has been illegally accessed by hackers and then released publicly. Review the types of data that were compromised (email addresses, passwords, credit cards etc.) and take appropriate action, such as changing passwords.


2,844 Separate Data Breaches(unverified): In February 2018, a massive collection of almost 3,000 alleged data breaches was found online. Whilst some of the data had previously been seen in Have I Been Pwned, 2,844 of the files consisting of more than 80 million unique email addresses had not previously been seen. Each file contained both an email address and plain text password and were consequently loaded as a single “unverified” data breach.

Compromised data: Email addresses, Passwords

Adobe logo Adobe: In October 2013, 153 million Adobe accounts were breached with each containing an internal ID, username, email, encrypted password and a password hint in plain text. The password cryptography was poorly done and many were quickly resolved back to plain text. The unencrypted hints also disclosed much about the passwords adding further to the risk that hundreds of millions of Adobe customers already faced.

Compromised data: Email addresses, Password hints, Passwords, Usernames

Anti Public Combo List logo Anti Public Combo List (unverified): In December 2016, a huge list of email address and password pairs appeared in a “combo list” referred to as “Anti Public”. The list contained 458 million unique email addresses, many with multiple different passwords hacked from various online systems. The list was broadly circulated and used for “credential stuffing”, that is attackers employ it in an attempt to identify other online systems where the account owner had reused their password. For detailed background on this incident, read Password reuse, credential stuffing and another billion records in Have I been pwned.

Compromised data: Email addresses, Passwords

B2B USA Businesses logo B2B USA Businesses (unverified): In mid-2017, a spam list of over 105 million individuals in corporate America was discovered online. Referred to as “B2B USA Businesses”, the list categorised email addresses by employer, providing information on individuals’ job titles plus their work phone numbers and physical addresses. Read more about spam lists in HIBP.

Compromised data: Email addresses, Employers, Job titles, Names, Phone numbers, Physical addresses

Dropbox logo

Dropbox: In mid-2012, Dropbox suffered a data breach which exposed the stored credentials of tens of millions of their customers. In August 2016, they forced password resets for customers they believed may be at risk. A large volume of data totalling over 68 million records was subsequently traded online and included email addresses and salted hashes of passwords (half of them SHA1, half of them bcrypt).

Compromised data: Email addresses, Passwords

Dungeons & Dragons Online: In April 2013, the interactive video game Dungeons & Dragons Online suffered a data breach that exposed almost 1.6M players’ accounts. The data was being actively traded on underground forums and included email addresses, birth dates and password hashes.

Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames, Website activity

Exploit.In (unverified): In late 2016, a huge list of email address and password pairs appeared in a “combo list” referred to as “Exploit.In”. The list contained 593 million unique email addresses, many with multiple different passwords hacked from various online systems. The list was broadly circulated and used for “credential stuffing”, that is attackers employ it in an attempt to identify other online systems where the account owner had reused their password. For detailed background on this incident, read Password reuse, credential stuffing and another billion records in Have I been pwned.

Compromised data: Email addresses, Passwords

GeekedIn: In August 2016, the technology recruitment site GeekedIn left a MongoDB database exposed and over 8M records were extracted by an unknown third party. The breached data was originally scraped from GitHub in violation of their terms of use and contained information exposed in public profiles, including over 1 million members’ email addresses. Full details on the incident (including how impacted members can see their leaked data) are covered in the blog post on 8 million GitHub profiles were leaked from GeekedIn’s MongoDB – here’s how to see yours.

Compromised data: Email addresses, Geographic locations, Names, Professional skills, Usernames, Years of professional experience

LinkedIn: In May 2016, LinkedIn had 164 million email addresses and passwords exposed. Originally hacked in 2012, the data remained out of sight until being offered for sale on a dark market site 4 years later. The passwords in the breach were stored as SHA1 hashes without salt, the vast majority of which were quickly cracked in the days following the release of the data.

Compromised data: Email addresses, Passwords

Lord of the Rings Online: In August 2013, the interactive video game Lord of the Rings Online suffered a data breach that exposed over 1.1M players’ accounts. The data was being actively traded on underground forums and included email addresses, birth dates and password hashes.

Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames, Website activity

Onliner Spambot (spam list): In August 2017, a spambot by the name of Onliner Spambot was identified by security researcher Benkow moʞuƎq. The malicious software contained a server-based component located on an IP address in the Netherlands which exposed a large number of files containing personal information. In total, there were 711 million unique email addresses, many of which were also accompanied by corresponding passwords. A full write-up on what data was found is in the blog post titled Inside the Massive 711 Million Record Onliner Spambot Dump.

Compromised data: Email addresses, Passwords

ReverbNation: In January 2014, the online service for assisting musicians to build their careers ReverbNation suffered a data breach which wasn’t identified until September the following year. The breach contained over 7 million accounts with unique email addresses and salted SHA1 passwords.

Compromised data: Email addresses, Passwords

River City Media Spam List (spam list): In January 2017, a massive trove of data from River City Media was found exposed online. The data was found to contain almost 1.4 billion records including email and IP addresses, names and physical addresses, all of which was used as part of an enormous spam operation. Once de-duplicated, there were 393 million unique email addresses within the exposed data.

Compromised data: Email addresses, IP addresses, Names, Physical addresses

Trillian: In December 2015, the instant messaging application Trillian suffered a data breach. The breach became known in July 2016 and exposed various personal data attributes including names, email addresses and passwords stored as salted MD5 hashes.

Compromised data: Dates of birth, Email addresses, IP addresses, Names, Passwords, Usernames

WildStar: In July 2015, the IP.Board forum for the gaming website WildStar suffered a data breach that exposed over 738k forum members’ accounts. The data was being actively traded on underground forums and included email addresses, birth dates and passwords.

Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames