Aha! Data Breach Exposes Over 26,000 Customers: Here’s What We Know
Breach Date: October 1, 2024 Publish Date: March 1, 2025 Industry: eCommerce, IT Services...
Verticalscope.com and all of their domains were hacked in February of 2016
Preface Verticalscope.com and all of their domains were hacked in February of 2016....
Socialblade.com was hacked in August of 2016
Table of Contents Summary Passwords Leafyishere sub botting controversy Summary Socialblade.com...
WebHostingTalk.com, Mac-Forums.com, DbForums.com and ABestWeb.com all owned by Penton were hacked on July 4th, 2016
Preface WebHostingTalk.com, Mac-Forums.com, DbForums.com and ABestWeb.com all owned by Penton...
Shadi.com another dating site was hacked around July 10th, 2016
Preface Shortly after the hack of MuslimMatch.com, Shadi.com another dating site was hacked...
Dota2 official forums was hacked on July 10th, 2016
Table of Contents Summary Passwords Emails Summary Dota2 official forums was hacked on July...
Twitter credentials are being traded in the tens of millions on the dark web
Preface Twitter credentials are being traded in the tens of millions on the dark web....
Subdomains belonging to mail.ru were hacked in August of 2016
Table of Contents About Us Summary Passwords About us LeakedSource is already the best data...
LinkedIn.com was hacked in June 2012 and a copy of data for 167,370,910 accounts has been obtained by LeakedSource
Preface LinkedIn.com was hacked in June 2012 and a copy of data for 167,370,910 accounts has...
Two Bitcoin related websites were hacked, namely Btc-E.com and Bitcointalk.org
Summary Two Bitcoin related websites were hacked, namely Btc-E.com (a Bitcoin exchange acting...
Presidency University
In August 2018, Presidency University, a prestigious public state university in West Bengal, India, suffered a data breach that affected 38,046 users. The compromised data included email addresses and MD5 password hashes. Users should update passwords stored with outdated algorithms like MD5 and ensure they use services that adopt stronger, modern hashing standards.
Actu-Environnement
In June 2019, Actu-Environnement, a prominent French professional environmental news portal, launched in 2003 and based in Paris, and operated by Cogiterra, a privately held press company, suffered a data breach that affected 36,454 users. The compromised data included email addresses and plaintext passwords. Storing passwords in plaintext poses a serious security risk; users should change affected credentials immediately and prioritize platforms that use secure encryption and hashing methods.
Energizer Power Packs
In March 2019, Energizer Power Packs, a U.S.-based official online shop for Energizer PowerPacks, which are consumer-grade power banks, wireless chargers, power stations, and electronic accessories, suffered a data breach that affected 39,906 users. The compromised data included email addresses and plaintext passwords. Users should update reused passwords across accounts and choose services that enforce strong password protection standards.
Universite Marie & Louis Pasteur
In August 2018, the official portal for the Bibliothèques Universitaires (BU) at the Université de Franche‑Comté, now rebranded as Université Marie & Louis Pasteur, located in Besançon, France, suffered a data breach that affected 31,974 users. The compromised data included email addresses and MD5 password hashes. Users are encouraged to reset passwords and adopt secure authentication methods to reduce exposure in future breaches.
ROSprites
In August 2018, ROSprites, a German-based archival site for custom sprite art inspired by Ragnarok Online—shared by enthusiasts for creative and private fan use, suffered a data breach that affected 19,150 users. The compromised data included email addresses and MD5 password hashes. It's important to avoid password reuse and to choose platforms that use industry-standard encryption for stored credentials.
RebateMango
In August 2018, RebateMango, a Southeast Asia–focused digital rewards platform—specializing in cashback, air miles, and loyalty points—based in Malaysia & Singapore, suffered a data breach that affected 18,708 users. The compromised data included email addresses and MD5 password hashes. Users should monitor accounts for suspicious activity and consider enabling two-factor authentication wherever possible.
Pue7.ru
In August 2018, Pue7.ru, a now-defunct Russian information website on electrical installations and automation systems, suffered a data breach that affected 35,430 users. The compromised data included email addresses and MD5 password hashes. It is advisable to change passwords after such breaches and avoid reusing credentials across platforms.
RisingShare
In October 2017, RisingShare, a now-defunct Italian general forum, suffered a data breach that affected 18,675 users. The compromised data included email addresses and pHpass password hashes. Even when password hashes are present, users should change affected credentials and adopt secure password practices.
Rumble
In July 2025, Rumble, a video-sharing and cloud-services platform founded in 2013 by Canadian entrepreneur Chris Pavlovski, headquartered in Toronto, Canada, with significant operations and a corporate office in Longboat Key, Florida, USA, and branding itself as a free-speech–focused “alt-tech” alternative to YouTube, suffered a data breach that affected 189,011 users. The compromised data included email addresses and usernames. Even when passwords aren't leaked, users should remain cautious of phishing and impersonation attempts, and ensure their account settings are secured.
Ie_Cloud_Ie_Lgs. uploaded by Unknown
In October 2022, a telegram user uploaded a stealer log file that exposed 15 records of endpoints, email, API host and passwords.
B Wine Shop
In July 2022, B Wine Shop, an Italian ecommerce platform specializing in wine, suffered a data breach exposing nearly 12,000 unique records containing email addresses, full names, IP addresses, genders, birthdays, and bcrypt hashed passwords. The exposure of such sensitive information underscores the importance of implementing robust cybersecurity measures to protect personal data and prevent future breaches from escalating harm.
Imagewear
In June 2019, Imagewear, a now-defunct custom apparel company based in Macon, Georgia (USA), known for specializing in school spiritwear—designing and selling custom T‑shirts, hoodies, and accessories for schools and teams, suffered a data breach that affected 35,630 users. The compromised data included email addresses and plaintext passwords. Storing passwords in plaintext is a serious vulnerability; users should update their credentials and ensure the use of secure services that follow strong encryption standards.
Matroids Matheplanet
In October 2018, Matroids Matheplanet, a well-established, non-commercial German math community that offers peer-reviewed articles, active discussions, and valuable resources for math learners and enthusiasts, suffered a data breach that affected 34,100 users. The compromised data included email addresses and password hashes stored in an unknown format. Users should regularly update passwords and use services that employ modern, secure hashing algorithms.
DW infoServer
In August 2018, DW infoServer, an Australian mixed-content portal featuring stock information, online chat, forums, and virtual services, suffered a data breach affecting around 161 thousand records. The exposed data includes nearly 48,000 unique email addresses and plaintext passwords. Implementing strong encryption and cybersecurity measures is critical to protect sensitive information.
Vuilen Music
In August 2018, Vuilen Music, the subdomain music.vuilen.com and part of Vuilen.com—a Vietnamese entertainment portal offering a mix of online music streaming and casual gaming—suffered a data breach that affected 330,390 users. The compromised data included email addresses and MD5 password hashes. It is important to use complex, unique passwords and enable account alerts where possible.
DM Tools
In August 2018, DM Tools, a now defunct online platform that provided a suite of tools and information for dungeon masters of Dungeons and Dragons games, suffered a data breach affecting nearly 61 thousand unique records. The exposed data includes email addresses and passwords hashed with MD5 or PHPass. Maintaining strong cybersecurity practices is important to protect data, regardless of a platform’s current status.
MAXpci
In August 2018, MAXpci, a legitimate U.S.-oriented provider offering PCI compliance tools and support tailored to lower-tier merchants, suffered a data breach that affected 27,334 users. The compromised data included email addresses and MD5 password hashes. Given the weakness of MD5, users should reset affected passwords and ensure future storage uses stronger hashing methods like bcrypt or Argon2.
Do Sports Easy
In August 2018, Do Sports Easy, a US based recreation management system, suffered a data breach affecting nearly 55 thousand records. The exposed data includes around 53,500 unique email addresses and passwords hashed with either bcrypt or SHA1. Implementing consistent and modern encryption standards is essential to ensure strong cybersecurity and protect user data.
Dive Computer Training
In August 2018, Dive Computer Training, an online educational platform, suffered a data breach affecting around 213 thousand records. The exposed data includes over 94,000 unique email addresses and passwords hashed with PHPass or MD5. Strong cybersecurity practices are essential to ensure the safety of user information.
DreamCodes.biz
In August 2018, DreamCodes.biz, a German IT community news and forum, suffered a data breach affecting over 35 thousand records. The exposed data includes around 34,000 unique email addresses and passwords hashed with MD5. Upgrading encryption methods and enforcing strong cybersecurity practices are essential to protect user credentials.
/qr-code.png)