Mar 5, 2026
248,235 accounts
Email addresses
Employers
Job titles
Names
Phone numbers
Physical addresses
Jun 14, 2026
56,278,397 accounts
In June 2026, a collection of accumulated stealer logs from various sources was added to HIBP. The corpus comprised 56M unique email addresses across hundreds of millions of stealer log records. The data also contained 124M unique passwords, which have been added to
Pwned Passwords and are now searchable. Individuals can view any records captured against their email address in
the stealer logs section of their dashboard. Organisations can see logs affecting their domain via
the stealer logs API.
Email addresses
Passwords
Mar 18, 2026
305,216 accounts
Email addresses
Employers
Names
Phone numbers
Physical addresses
Mar 17, 2026
137,123 accounts
Email addresses
Employers
Job titles
Names
Phone numbers
Physical addresses
Support tickets
Usernames
Jun 8, 2026
454,635 accounts
In June 2026,
the University of Nottingham was the target of a cyber attack, later linked to a ShinyHunters "pay or leak" extortion campaign. Tens of gigabytes of data were subsequently published online and included 455k unique email addresses along with extensive personal information including names, addresses, phone numbers, ethnicities, disabilities, passport numbers and information relating to academic enrolments and fee payments.
In a post about the incident, the university advised that the breach affected both "current students, and alumni".
Academic records
Citizenship statuses
Dates of birth
Disabilities
Email addresses
Ethnicities
Genders
IP addresses
Names
Passport numbers
Phone numbers
Physical addresses
Purchases
Salutations
Usernames
May 22, 2026
102,935 accounts
In May 2026, the HVAC/R wholesale distributor
Baker Distributing Company was added to the ShinyHunters data extortion group's "pay or leak" site. In early June, the group publicly published data they claimed had been obtained from Baker's SharePoint and Salesforce infrastructure including 103k unique email addresses along with names, physical addresses, phone numbers and tickets relating to the company's HVAC contractor customer base. The exposed data was largely corporate contact and support information with limited sensitivity.
Email addresses
Names
Phone numbers
Physical addresses
Support tickets
May 28, 2026
396,313 accounts
In May 2026, the corporate travel management company
BCD Travel was claimed as a victim of the ShinyHunters "pay or leak" extortion campaign. Data allegedly obtained from BCD was subsequently published publicly in early June and contained 396k unique email addresses. Other exposed data included names, addresses, phone numbers, job titles and employer names, spanning a variety of different data sets including leads, internal staff and support tickets.
Email addresses
Employers
Job titles
Names
Phone numbers
Physical addresses
Support tickets
May 22, 2026
2,553,599 accounts
Dates of birth
Email addresses
Genders
Government issued IDs
Health insurance information
Names
Phone numbers
Physical addresses
Jan 23, 2026
177,860 accounts
Device information
Email addresses
IP addresses
Passwords
Phone numbers
Usernames
May 29, 2026
63,926 accounts
In May 2026, the GTA V and CS2 cheat service
Atlas Menu suffered a data breach. An attacker claimed to have gained access to all Atlas systems and published the service's database to a public GitHub repository. The incident exposed 64k unique email addresses along with usernames, IP addresses, support tickets and passwords stored as bcrypt hashes.
Email addresses
IP addresses
Passwords
Support tickets
Usernames
May 22, 2026
4,851,517 accounts
Email addresses
Job titles
Names
Phone numbers
Physical addresses
Apr 14, 2026
269,299 accounts
In April 2026, the American insurance holding company
Kemper Corporation was named by the ShinyHunters ransomware group in a "pay or leak" extortion campaign. The attackers allegedly accessed Kemper's Salesforce environment via social engineering as part of a broader campaign targeting hundreds of organisations using the same method. The group later published tens of gigabytes of data they claimed included internal directory data, Salesforce records and Stripe payment logs. Among the 269k unique email addresses were names, phone numbers, physical addresses and partial payment card data including the last 4 digits, expiry dates and card brands. Kemper confirmed the incident and stated they had engaged third-party cybersecurity experts and notified law enforcement.
Email addresses
Names
Partial credit card data
Phone numbers
Physical addresses
Purchases
Apr 11, 2026
84,108 accounts
In April 2026, the luxury fashion e-commerce platform
Mytheresa was listed as a victim of the ShinyHunters "pay or leak" extortion group. After the ransom deadline passed, the group publicly released the data which contained 84k unique email addresses. The exposed data also included names, phone numbers, physical addresses, purchases and partial credit card data including card type, last 4 digits and expiry date.
Email addresses
Names
Partial credit card data
Phone numbers
Physical addresses
Purchases
Salutations
Mar 1, 2026
502,597 accounts
In March 2026, the financial services firm
Ameriprise Financial was named by the ShinyHunters group in a "pay or leak" extortion campaign. The group claimed possession of more than 200GB of compressed data exfiltrated from Ameriprise's Salesforce environment and internal SharePoint infrastructure, and subsequently published the data after negotiations allegedly failed. The published data contained 500k unique email addresses as well as names, phone numbers, physical addresses and employer information.
In their disclosure to state attorneys general, Ameriprise reported 47,876 affected people; the larger email address population represents contacts from Ameriprise's broader operational systems, including internal staff. Ameriprise further advised that they have "implemented heightened monitoring of your account(s) to include enhanced identity verification procedures".
Email addresses
Employers
Financial transactions
Job titles
Names
Phone numbers
Physical addresses
Apr 7, 2026
185,256 accounts
In April 2026,
7-Eleven was the victim of a "pay or leak" extortion campaign by ShinyHunters, with the data later published that month. The incident exposed 185k unique email addresses, along with names, physical addresses, dates of birth and phone numbers. A small number of records also contained additional exposed data fields. The company later advised the breach was limited to "certain 7-Eleven systems used to store franchisee documents", a statement consistent with the exposed data.
Dates of birth
Email addresses
Names
Phone numbers
Physical addresses
Dec 5, 2025
126,293 accounts
Dates of birth
Email addresses
Names
Passwords
Spoken languages
Usernames
Dec 31, 2020
46,105 accounts
In January 2021, the parody site
Windows93 suffered a data breach of the Myspace93 sub-site after a beta application was exploited to download server files. The compromised data was later leaked in June and included 46k Myspace93 accounts containing email and IP addresses, usernames and passwords stored in plain text.
Email addresses
IP addresses
Passwords
Usernames
Apr 25, 2026
468,124 accounts
Email addresses
Names
Phone numbers
Mar 24, 2026
34,532,941 accounts
In March 2026, the Colombian fintech company
Addi identified unauthorised activity on its platform and advised customers that "it is possible that your personal information may have been compromised". The "pay or leak" extortion group
ShinyHunters subsequently claimed responsibility and published a large trove of personal data allegedly obtained from Addi. The data included 34M unique email addresses from credit scoring requests, credit bureau records, customer identity records and email validation logs. It also contained government issued IDs (Cédula de Ciudadanía), estimated income, socioeconomic levels, purchases and other credit-related data points.
Age groups
Credit scores
Device information
Email addresses
Government issued IDs
Income levels
IP addresses
Latitude and longitude pairs
Names
Phone numbers
Physical addresses
Purchases
Socioeconomic levels
Apr 13, 2026
711,099 accounts
Email addresses
Employers
Job titles
Names
Phone numbers
Physical addresses
Apr 19, 2026
237,810 accounts
Email addresses
Job titles
Names
Phone numbers
Physical addresses
Salutations
Support tickets
May 4, 2026
310,431 accounts
In May 2026, the real estate services firm
Cushman & Wakefield was the target of a "pay or leak" extortion campaign by the ShinyHunters group. Following the threat, the group publicly published data they alleged had been obtained from the firm, consisting mostly of C&W email addresses along with tens of thousands of external email addresses and corporate contact records. The exposed data was primarily business information, including names, job titles, company addresses and phone numbers.
Email addresses
Job titles
Names
Phone numbers
Physical addresses
Salutations
Apr 14, 2026
197,376 accounts
Email addresses
Geographic locations
Purchases
Support tickets
Mar 3, 2026
447,593 accounts
In March 2026, the AI-driven merchant data platform
Woflow was named as a victim by the ShinyHunters data extortion group. The group subsequently published tens of thousands of files allegedly obtained from the company, comprising more than 2TB of data. The trove included hundreds of thousands of email addresses, names, phone numbers and physical addresses, with the data indicating it related to Woflow customers and, in turn, the customers of merchants using their platform.
Email addresses
Names
Phone numbers
Physical addresses
