Aha! Data Breach Exposes Over 26,000 Customers: Here’s What We Know
Breach Date: October 1, 2024 Publish Date: March 1, 2025 Industry: eCommerce, IT Services...
Verticalscope.com and all of their domains were hacked in February of 2016
Preface Verticalscope.com and all of their domains were hacked in February of 2016....
Socialblade.com was hacked in August of 2016
Table of Contents Summary Passwords Leafyishere sub botting controversy Summary Socialblade.com...
WebHostingTalk.com, Mac-Forums.com, DbForums.com and ABestWeb.com all owned by Penton were hacked on July 4th, 2016
Preface WebHostingTalk.com, Mac-Forums.com, DbForums.com and ABestWeb.com all owned by Penton...
Shadi.com another dating site was hacked around July 10th, 2016
Preface Shortly after the hack of MuslimMatch.com, Shadi.com another dating site was hacked...
Dota2 official forums was hacked on July 10th, 2016
Table of Contents Summary Passwords Emails Summary Dota2 official forums was hacked on July...
Twitter credentials are being traded in the tens of millions on the dark web
Preface Twitter credentials are being traded in the tens of millions on the dark web....
Subdomains belonging to mail.ru were hacked in August of 2016
Table of Contents About Us Summary Passwords About us LeakedSource is already the best data...
LinkedIn.com was hacked in June 2012 and a copy of data for 167,370,910 accounts has been obtained by LeakedSource
Preface LinkedIn.com was hacked in June 2012 and a copy of data for 167,370,910 accounts has...
Two Bitcoin related websites were hacked, namely Btc-E.com and Bitcointalk.org
Summary Two Bitcoin related websites were hacked, namely Btc-E.com (a Bitcoin exchange acting...
Mendoza Government Emails
In March 2025, the official website for the Government of Mendoza experienced a breach exposing approximately 7,000 emails linked to its accounts. The leaked data included email addresses, raising risks of phishing, social engineering, or unauthorized access to government communications. While sensitive content within the emails was not explicitly confirmed as exposed, the incident highlights vulnerabilities in public sector digital infrastructure.
Moneyman
In May 2022, Moneyman, the official website of Money Management International (MMI)—a nonprofit organization based in the United States that offers financial education and counseling services—suffered a data breach impacting 531,000 users. The compromised data included email addresses and plaintext passwords. The exposure of unencrypted credentials posed a significant security risk, potentially enabling account takeover attempts, phishing attacks, and wider compromise due to password reuse across platforms.
Remote Staff
In May 2019, Remote Staff, an Australian outsourcing platform, experienced a breach compromising approximately 73,000 records. Exposed data included email addresses and plaintext passwords, enabling immediate unauthorized account access and credential misuse. The breach underscores the necessity of robust cybersecurity practices like password hashing, salting, and multi-factor authentication.
Telegram InerealCloud ULP 4-14-25 P3 by Inereal Cloud
On April 14, 2025, a stealer log titled @InerealCloud (21) was shared on a Telegram channel, containing approximately 21 million records. The stealer log exposed 7.3 million unique email addresses, plaintext passwords, and homepage URLs. This incident underscores the risks posed by widespread credential theft and data trading in underground markets.
BuiltbyBit
In January 2021, BuiltByBit (formerly known as Mc-Market.org), a prominent Australian online marketplace and community platform catering to digital assets and services for gaming communities, suffered a data breach that impacted nearly 5,000 users. The compromised data included email addresses, usernames, and MD5 password hashes. The use of MD5, a deprecated hashing algorithm known for its vulnerabilities, heightened concerns about password security and the risk of cracking hashed credentials through brute-force or rainbow table attacks.
ДАКСИ БЪЛГАРИЯ ЕООД (Daxy)
In May 2021, Daxy, a Bulgarian business intelligence platform, suffered a breach compromising approximately 2,000 records. The leaked data included email addresses, phone numbers, usernames, IP addresses, and passwords stored in plain text. This incident highlights the necessity for organizations handling critical business data to enforce robust cybersecurity measures, including encryption and access restrictions.
BDSM Library
In July 2017, BDSM Library, an online community for BDSM-themed literature, experienced a breach exposing 60,000 records. The leak included email addresses and plaintext passwords, enabling direct account access. This incident underscores the importance of secure password storage, such as encryption, to protect vulnerable user data. Implementing rigorous cybersecurity measures is essential for platforms handling private information to prevent exploitation and uphold user trust in digital interactions.
Qhimm Forums
In July 2021, Qhimm Forums, a community platform for modding Final Fantasy games, disclosed a breach compromising approximately 190,000 records. The exposed data included email addresses, usernames, IP addresses, genders, birthdays, and MD5 hashed passwords with salting. A forum administrator acknowledged the incident. Despite its niche audience, the breach highlights vulnerabilities in managing user data across online communities. Robust cybersecurity measures, including modern encryption and user education, are vital to protect sensitive information and maintain trust in specialized digital ecosystems.
BIG M POS
In March 2025, BIG M POS, an Australian online point-of-sale platform for repair industries, suffered a breach compromising approximately 45,000 records. Exposed data included email addresses, full names, phone numbers, and bcrypt-hashed passwords. The incident highlights vulnerabilities in platforms managing client-facing operations, necessitating stringent safeguards like data encryption and access controls.
Hisense USA
In October 2024, Hisense USA, the official website of Hisense USA Corporation—an American subsidiary of the multinational electronics and appliance manufacturer Hisense Company Ltd.—suffered a data breach that impacted 688,000 users. The compromised data included email addresses, phone numbers, full names, and product details. This breach not only exposed sensitive contact information but also potentially revealed consumer purchase patterns, which could be exploited for phishing attacks or fraudulent warranty claims, emphasizing the critical need for strong cybersecurity controls in consumer electronics sectors.
MSME Global Mart
In May 2022, MSME Global Mart, the official B2B e-commerce portal operated by the National Small Industries Corporation (NSIC)—a Government of India enterprise under the Ministry of Micro, Small and Medium Enterprises (MSME)—suffered a data breach affecting 314,000 users. The compromised data included email addresses and plaintext passwords. The use of unencrypted credentials significantly increased the risk of unauthorized access, identity theft, and credential reuse attacks, particularly given the platform’s role in facilitating business transactions and services for India's small and medium enterprises.
WarcraftLoot
In May 2022, WarcraftLoot, a website associated with World of Warcraft (WoW)—possibly offering in-game items, services, or community features—suffered a data breach that impacted 400,000 users. The compromised data included email addresses and plaintext passwords, posing a significant security risk. The exposure of unencrypted credentials highlights poor data protection practices and leaves affected users vulnerable to account hijacking, credential stuffing, and phishing attacks, especially if they reused the same login details across multiple platforms.
LeakBase B3RL1N 14.9M ULP by B3RL1N4
On February 6, 2025, a stealer log named 14KK URL-LOG-PASS @B3RL1N appeared on a widely known hacking forum containing around 14.9 million records in total. The log disclosed around 4 million unique email addresses, plaintext passwords, and homepage URLs. This incident serves as a reminder of the importance of robust cybersecurity measures to protect user credentials from unauthorized access and exploitation.
DaFont (2022)
In May 2022, DaFont, a widely recognized French online archive known for its extensive collection of free downloadable fonts, suffered a data breach that impacted 660,000 users. The compromised data included email addresses and plaintext passwords. The storage of passwords in unencrypted form raised serious concerns about user privacy and security, especially given the potential for credential reuse on other sites, making affected users vulnerable to credential stuffing and phishing attacks.
Pirogi Domoi
In April 2024, Pirogi Domoi, a Russian online bakery specializing in delivering pies and baked goods, experienced a data breach affecting 223,000 users. The compromised data included usernames, physical addresses, and registration dates. This breach highlights the importance of strong cybersecurity measures to protect customer information and ensure the safety of online transactions.
Top Izbor
In March 2025, Top Izbor, a Bosnian ecommerce platform for home appliances and electronics, suffered a breach affecting approximately 21,000 records. Exposed data included email addresses, full names, phone numbers, ip addresses, and physical addresses, escalating risks of phishing, fraud, and physical security threats. This incident highlights vulnerabilities in managing customer data for platforms handling sensitive personal details. Robust cybersecurity measures like encryption, access controls, and audits are essential to mitigate such risks.
MarketDownload
In August 2023, MarketDownload, a U.S.-based general business platform, suffered a data breach that impacted nearly 60,000 users. The compromised data included email addresses and password hashes stored in an unknown format. While the use of password hashing provides some level of protection, the unspecified hashing method raises questions about the strength and security of the encryption. Without clear details, users affected by the breach remain at potential risk, especially if weak or outdated hashing algorithms were used. This incident underscores the importance of implementing transparent and modern cybersecurity standards.
Homevalue
In May 2022, Homevalue, an Irish online DIY and hardware store offering a comprehensive range of products for homeowners, builders, and DIY enthusiasts, suffered a data breach that impacted 377,500 users. The compromised data included email addresses and plaintext passwords. This exposure posed a security threat for users, especially with the direct access to login credentials.
AmazePromos
In May 2022, AmazePromos, a U.S.-based website that aggregates and shares Amazon promo codes and discount offers to help shoppers save money on their Amazon purchases, suffered a data breach that impacted 573,300 users. The compromised data included email addresses and plaintext passwords. This breach exposed users to significant security risks, especially given the sensitive nature of the compromised data.
Bluraymaesai
In May 2022, Bluraymaesai, a Thai-language website specializing in the sale of Blu-ray discs, including movies, TV series, and anime, suffered a data breach that impacted 688,400 users. The compromised data included email addresses and plaintext passwords. This breach exposed a significant number of users to potential security risks, particularly given the nature of the exposed data.
/qr-code.png)