The email addresses alone were provided to HIBP to enable impacted users to assess their exposure.
Breach date: 5 December 2017 Date added to HIBP: 8 December 2017 Compromised accounts: 20,580,060 Compromised data: Address book contacts, Apps installed on devices, Cellular network names, Dates of birth, Device information, Email addresses, Genders, Geographic locations, IMEI numbers, IMSI numbers, IP addresses, Names, Phone numbers, Profile photos, Social media profiles In September 2016, data allegedly obtained from the Chinese gaming website known as and containing 6.5M accounts was leaked online.
Salted SHA-1 password hashes for users who sign up with either Google or Facebook authentication were also included.
The data was provided to HIBP by whitehat security researcher and data analyst Adam Davies and contained almost 8 million unique email addresses.
Breach date: Date added to HIBP: Compromised accounts: 3,867,997 Compromised data: Dates of birth, Email addresses, Genders, Geographic locations, IP addresses, Races, Relationship statuses, Sexual orientations, Spoken languages, Usernames In May 2013, the torrent site Aha suffered a breach which resulted in more than 180k user accounts being published publicly.
The breach included a raft of personal information on registered users plus despite assertions of not distributing personally identifiable information, the site also leaked the IP addresses used by the registered identities.
The data contained email and IP addresses, usernames and salted MD5 hashes of passwords.Breach date: 4 October 2013 Date added to HIBP: 4 December 2013 Compromised accounts: 152,445,165 Compromised data: Email addresses, Password hints, Passwords, Usernames In May 2015, the adult hookup site Adult Friend Finder was hacked and nearly 4 million records dumped publicly.The data dump included extremely sensitive personal information about individuals and their relationship statuses and sexual preferences combined with personally identifiable information.Whilst some of the data had previously been seen in Have I Been Pwned, 2,844 of the files consisting of more than 80 million unique email addresses had not previously been seen.Each file contained both an email address and plain text password and were consequently loaded as a single "unverified" data breach.