In December 2024, data claimed to be breached from the multi-level marketing company Young Living Essential Oils was posted to a popular hacking forum. The data contained 1.1M unique email addresses alongside names, the country of the account and in many cases, their date of birth. The data was provided to HIBP by a source who requested it be attributed to “Threat Actor 888”. Young Living Essential Oils did not respond to multiple attempts to contact them about the data.
In September 2024, data from the online German gift store schenkYOU was put up for sale on a popular hacking forum. Obtained the month before, the data included 237k unique email addresses alongside names, dates of birth and salted SHA-256 password hashes. The standalone store was subsequently shut down with all traffic redirected to their Amazon store.
A public key certificate is a digitally signed document that serves to validate the sender’s authorization and name. It uses […]
In December 2024, the video sharing Community BitView suffered a data breach that exposed 63k customer records. Attributed to a backup taken by a previous administrator earlier in the year, the breach exposed email and IP addresses, bcrypt password hashes, usernames, bios, private messages, video comments and for some records, gender, date of birth and country of location.
A blog about the latest update to Siftgrab, including a new function that generates several preformatted Excel workbooks.
PKI (public key infrastructure) is the underlying framework that enables the secure exchange of information over the internet using digital […]
In 2024, data relating to an unknown service referred to as “Hopamedia” and dating back to 2020 appeared in a publicly exposed database. The data included almost 24M records of email address, name, phone number, the country of the individual and their telecommunications carrier.
In August 2024, data aggregator MC2 Data left a database publicly accessible without a password which was subsequently discovered by a security researcher. The breach exposed the personal information of 2.1M subscribers to the service which was marketed under a series of different brand names. The data included email addresses, names and salted SHA-256 password hashes.
In November 2024, data from the Senegalese payment platform Yonéma was posted to a popular hacking forum. The data included 36k unique email addresses alongside phone numbers, names and what appears to be encrypted passwords and dates of birth.
In November 2024, the German electricity provider Tibber suffered a data breach that exposed the personal information of 50k customers. The data included names, email addresses, geographic locations (city and postcode) and total spend on purchases. The data was provided to HIBP by a source who requested it be attributed to “Threat Actor 888”.