Do you have accounts at any of the sites that have been compromised?
Enter your email address atHave I Been Pwned?to find out. Then change your password, get 2 Factor Authentication, and call us! Full Disclosure: Here is my report:
Oh no — pwned!
Pwned on 15breached sitesand found 3pastes
Breaches you were pwned in
A “breach” is an incident where a site’s data has been illegally accessed by hackers and then released publicly. Review the types of data that were compromised (email addresses, passwords, credit cards etc.) and take appropriate action, such as changing passwords.
2,844 Separate Data Breaches(unverified): In February 2018, a massive collection of almost 3,000 alleged data breaches was found online. Whilst some of the data had previously been seen in Have I Been Pwned, 2,844 of the files consisting of more than 80 million unique email addresses had not previously been seen. Each file contained both an email address and plain text password and were consequently loaded as a single “unverified” data breach.
Compromised data:Email addresses, Passwords |
|
Adobe: In October 2013, 153 million Adobe accounts were breached with each containing an internal ID, username, email,encryptedpassword and a password hint in plain text. The password cryptography was poorly done andmany were quickly resolved back to plain text. The unencrypted hints alsodisclosed much about the passwordsadding further to the risk that hundreds of millions of Adobe customers already faced.
Compromised data:Email addresses, Password hints, Passwords, Usernames |
|
Anti Public Combo List(unverified): In December 2016, a huge list of email address and password pairs appeared in a “combo list” referred to as “Anti Public”. The list contained 458 million unique email addresses, many with multiple different passwords hacked from various online systems. The list was broadly circulated and used for “credential stuffing”, that is attackers employ it in an attempt to identify other online systems where the account owner had reused their password. For detailed background on this incident, readPassword reuse, credential stuffing and another billion records in Have I been pwned.
Compromised data:Email addresses, Passwords |
|
B2B USA Businesses(unverified): In mid-2017, a spam list of over 105 million individuals in corporate America was discovered online. Referred to as “B2B USA Businesses”, the list categorised email addresses by employer, providing information on individuals’ job titles plus their work phone numbers and physical addresses.Read more about spam lists in HIBP.
Compromised data:Email addresses, Employers, Job titles, Names, Phone numbers, Physical addresses |
|
Dropbox: In mid-2012, Dropbox suffered a data breach which exposed the stored credentials of tens of millions of their customers. In August 2016,they forced password resets for customers they believed may be at risk. A large volume of data totalling over 68 million recordswas subsequently traded onlineand included email addresses and salted hashes of passwords (half of them SHA1, half of them bcrypt). Compromised data:Email addresses, Passwords |
|
Dungeons & Dragons Online: In April 2013, the interactive video gameDungeons & Dragons Onlinesuffered a data breach that exposed almost 1.6M players’ accounts. The data was being actively traded on underground forums and included email addresses, birth dates and password hashes. Compromised data:Dates of birth, Email addresses, IP addresses, Passwords, Usernames, Website activity |
|
Exploit.In(unverified): In late 2016, a huge list of email address and password pairs appeared in a “combo list” referred to as “Exploit.In”. The list contained 593 million unique email addresses, many with multiple different passwords hacked from various online systems. The list was broadly circulated and used for “credential stuffing”, that is attackers employ it in an attempt to identify other online systems where the account owner had reused their password. For detailed background on this incident, readPassword reuse, credential stuffing and another billion records in Have I been pwned. Compromised data:Email addresses, Passwords |
|
GeekedIn: In August 2016, the technology recruitment siteGeekedInleft a MongoDB database exposed and over 8M records were extracted by an unknown third party. The breached data was originally scraped from GitHub in violation of their terms of use and contained information exposed in public profiles, including over 1 million members’ email addresses. Full details on the incident (including how impacted members can see their leaked data) are covered in the blog post on8 million GitHub profiles were leaked from GeekedIn’s MongoDB – here’s how to see yours. Compromised data:Email addresses, Geographic locations, Names, Professional skills, Usernames, Years of professional experience |
|
LinkedIn: In May 2016,LinkedIn had 164 million email addresses and passwords exposed. Originally hacked in 2012, the data remained out of sight until being offered for sale on a dark market site 4 years later. The passwords in the breach were stored as SHA1 hashes without salt, the vast majority of which were quickly cracked in the days following the release of the data. Compromised data:Email addresses, Passwords |
|
Lord of the Rings Online: In August 2013, the interactive video gameLord of the Rings Onlinesuffered a data breach that exposed over 1.1M players’ accounts. The data was being actively traded on underground forums and included email addresses, birth dates and password hashes. Compromised data:Dates of birth, Email addresses, IP addresses, Passwords, Usernames, Website activity |
|
Onliner Spambot(spam list): In August 2017, a spambot by the name ofOnliner Spambot was identified by security researcher Benkow moʞuƎq. The malicious software contained a server-based component located on an IP address in the Netherlands which exposed a large number of files containing personal information. In total, there were 711 million unique email addresses, many of which were also accompanied by corresponding passwords. A full write-up on what data was found is in the blog post titledInside the Massive 711 Million Record Onliner Spambot Dump. Compromised data:Email addresses, Passwords |
|
ReverbNation: In January 2014, the online service for assisting musicians to build their careersReverbNation suffered a data breach which wasn’t identified until September the following year. The breach contained over 7 million accounts with unique email addresses and salted SHA1 passwords. Compromised data:Email addresses, Passwords |
|
River City Media Spam List(spam list): In January 2017,a massive trove of data from River City Media was found exposed online. The data was found to contain almost 1.4 billion records including email and IP addresses, names and physical addresses, all of which was used as part of an enormous spam operation. Once de-duplicated, there were 393 million unique email addresses within the exposed data. Compromised data:Email addresses, IP addresses, Names, Physical addresses |
|
Trillian: In December 2015, the instant messaging applicationTrillian suffered a data breach. The breach became known in July 2016 and exposed various personal data attributes including names, email addresses and passwords stored as salted MD5 hashes. Compromised data:Dates of birth, Email addresses, IP addresses, Names, Passwords, Usernames |
|
WildStar: In July 2015, the IP.Board forum for the gaming websiteWildStarsuffered a data breach that exposed over 738k forum members’ accounts. The data was being actively traded on underground forums and included email addresses, birth dates and passwords. Compromised data:Dates of birth, Email addresses, IP addresses, Passwords, Usernames |