Latest Breaches

• KinoKong - 817,808 breached accounts December 6, 2025
  In March 2021, the Russian online streaming service KinoKong suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed over 800k unique email addresses along with names, usernames, IP addresses and MD5 password hashes.
• Zilvia.net - 287,863 breached accounts December 1, 2025
  In November 2025, data breached from the Zilvia.net Nissan 240SX Silvia and Z Fairlady car forum was leaked. The breach exposed 288k unique email addresses along with usernames, IP addresses and salted MD5 password hashes sourced from the vBulletin based platform. Attempts to contact Zilvia.net about the incident were unsuccessful.
• China Software Developer Network - 6,414,990 breached accounts November 27, 2025
  In 2011, the China Software Developer Network (CSDN) suffered a data breach that exposed over 6M user records. The data included email addresses alongside usernames and plain text passwords.
• CodeStepByStep - 103,077 breached accounts November 23, 2025
  In November 2025, the online coding practice tool CodeStepByStep suffered a data breach that exposed 17k records which were subsequently published online. The following month, a further corpus of data was released bringing the total to 103k. The impacted data included names, usernames and email addresses.
• ADDA - 1,829,314 breached accounts November 23, 2025
  In March 2025, data allegedly breached from the ADDA housing societies service was posted to a public hacking forum. The data contained over 1.8M unique email addresses along with names, phone numbers and MD5 password hashes.
• International Kiteboarding Organization - 340,349 breached accounts November 20, 2025
  In November 2025, the International Kiteboarding Organization suffered a data breach that exposed 340k user records. The data was subsequently listed for sale on a hacking forum and included email addresses, names, usernames and in many cases, the user's city and country.
• Beckett Collectibles - 1,041,238 breached accounts November 20, 2025
  In November 2025, Beckett Collectibles experienced a data breach accompanied by website content defacement. The stolen data was later advertised for sale on a prominent hacking forum, with portions subsequently released publicly. The publicly circulating data initially included more than 500k email addresses reportedly belonging to North American customers, before a larger corpus of over […]
• Eurofiber - 10,003 breached accounts November 20, 2025
  In November 2025, Eurofiber France disclosed a data breach of its ticket management platform. Data containing 10k unique email addresses and a smaller number of names and phone numbers was subsequently leaked. A threat actor claiming responsibility for the breach alleges to have additional, more sensitive data including screenshots, VPN configuration files, credentials, source code, […]
• Vultr - 187,872 breached accounts November 20, 2025
  In March 2023, the "AI-first global cloud platform" Vultr disclosed a security incident at a third-party vendor. Dating back to the previous year, the incident was attributed to the ActiveCampaign email marketing service provider and resulted in the exposure of 188k unique email addresses. A small number of records also included name, IP address and […]
• Operation Endgame 3.0 - 2,046,030 breached accounts November 13, 2025
  Between 10 and 13 November 2025, the latest phase of Operation Endgame was coordinated from Europol's headquarters in The Hague. The actions targeted one of the biggest infostealer Rhadamanthys, the Remote Access Trojan VenomRAT, and the botnet Elysium, all of which played a key role in international cybercrime. Authorities took down these three large cybercrime […]
• TISZA Világ - 198,520 breached accounts November 8, 2025
  In late October 2025, data breached from the Hungarian political party TISZA was published online before being extensively redistributed. Stemming from a compromise of the TISZA Világ service earlier in the month, the breach exposed 200k records of personal data including email addresses along with names, phone numbers and physical addresses.
• Synthient Credential Stuffing Threat Data - 1,957,476,021 breached accounts November 6, 2025
  During 2025, the threat-intelligence firm Synthient aggregated 2 billion unique email addresses disclosed in credential-stuffing lists found across multiple malicious internet sources. Comprised of email addresses and passwords from previous data breaches, these lists are used by attackers to compromise other, unrelated accounts of victims who have reused their passwords. The data also included 1.3 […]
• MyVidster (2025) - 3,864,364 breached accounts October 27, 2025
  In October 2025, the data of almost 4M MyVidster users was posted to a public hacking forum. Separate to the 2015 breach, this incident exposed usernames, email addresses and in a small number of cases, profile photos.
• Synthient Stealer Log Threat Data - 182,962,095 breached accounts October 21, 2025
  During 2025, Synthient aggregated billions of records of "threat data" from various internet sources. The data contained 183M unique email addresses alongside the websites they were entered into and the passwords used. After normalising and deduplicating the data, 183 million unique email addresses remained, each linked to the website where the credentials were captured, and […]
• Prosper - 17,605,276 breached accounts October 16, 2025
  In September 2025, Prosper announced that it had detected unauthorised access to their systems, which resulted in the exposure of customer and applicant information. The data breach impacted 17.6M unique email addresses, along with other customer information, including US Social Security numbers. Prosper advised that they did not find any evidence of unauthorised access to […]
• Hello Cake - 22,907 breached accounts October 15, 2025
  In July 2025, the sexual healthcare product maker Hello Cake suffered a data breach. The data was subsequently posted on a public hacking forum and included 23k unique email addresses along with names, phone numbers, physical addresses, dates of birth and purchases.
• Vietnam Airlines - 7,316,915 breached accounts October 11, 2025
  In October 2025, data stolen from the Salesforce instances of multiple companies by a hacking group calling itself "Scattered LAPSUS$ Hunters" was publicly released. Among the affected organisations was Vietnam Airlines, which had 7.3M unique customer email addresses exposed following a breach of its Salesforce environment in June of that year. The compromised data also […]
• Adpost - 3,339,512 breached accounts October 7, 2025
  In February 2025, data allegedly obtained from an earlier Adpost breach surfaced. The dataset contained 3.3M records including email addresses, usernames, and display names. Multiple attempts to contact Adpost regarding the incident received no response.
• Artists&Clients - 95,351 breached accounts October 4, 2025
  In August 2025, the "marketplace that connects artists to prospective clients" Artists&Clients, suffered a data breach and subsequent ransom demand of US$50k. The data was subsequently leaked publicly and included 95k unique email addresses alongside usernames, IP addresses and bcrypt password hashes.
• HomeRefill - 187,457 breached accounts October 3, 2025
  In April 2020, now defunct Brazilian e-commerce platform HomeRefill suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 187k unique email addresses along with names, phone numbers, dates of birth and salted password hashes.