January 2022: Doxbin Breach - 370 Thousand Accounts
Flashpoint a leader in risk intelligence reported that a hacker posted data from Doxbin a popular paste site. The data breach included usernames, email addresses, passwords and user-agent strings according to Flashpoint.
Doxbin is a website where users post and share personally identifiable information.
According to HIBP, Flexbooker a SaaS scheduling solution suffered a data breach of 3.7 million records including email addresses, names, phone numbers and for a small number of accounts password hashes and partial credit card data.
This breach which was attributed to a compromised account within their AWS infrastructure was actively being traded on a popular hacking forum and the data is attributed to “firstname.lastname@example.org”.
According to HIBP 300 thousand member email addresses, IP addresses, usernames and MD5 salted passwords were exposed. Carding Mafia, the exposed website is a forum dedicated to stealing and trading credit cards.
This December 2021 breach of the popular India retailer was a result of ransomware to which the demand for ransom was rejected. The records which included email addresses, phone numbers, names, physical addresses, dates of birth, order histories and passwords stored as MD5 hashes.
The data provided by HIBP cites “email@example.com” as the attributed source.
Open Subtitles a website dedicated to sharing subtitles for movies and TV shows suffered a data breach in August 2021 of almost 7 million subscribers. This data included email addresses, IP addresses, usernames, country, and passwords stored as unsalted MD5 hashes.
Upstox is one of India’s largest discount stock brokerage firm and it suffered a data breach between March and April 2021.
Guns.com’s website was temporarily disabled and prevented from operating by a hacker and while Guns.com says there is “no indication” of any attempt to steal data we know that data was stolen and leaked. According to Gizmodo this data dump included “substantial gun buyer information” including user IDs, names, email addresses, phone numbers, hashed passwords and most alarmingly physical addresses.
Red Doorz a popular Southeast Asian hotel bookings platform suffered the most recent data breach occurred in September 2020 and included almost 5.9 million user records. The data breach included names, email addresses, pohne numbers, genders, dates of birth and passwords stored as bcrypt hashes.
The HIBP team cites a source that requested it be
The BTC-Alpha data breach included 362 thousand pieces of customer data including email addresses, IP addresses, usernames and passwords. The crypto exchange platform suffered a ransomware attack and this data is attributed to “firstname.lastname@example.org”.
The ShockGore website where users share videos and images of animal cruelty suffered a data breach in August 2020. This data breach included email addresses with usernames, IP addresses, genders and unsalted SHA-1 password hashes.
Included in this data were private messages between users that contained requests for depraved material. This data was provided to HBIP by “email@example.com”.