Full List

Search

Recent Breaches

• Nexus Mods July 22, 2013 • [ hack, technology ] In December 2015, the game modding site Nexus Mods released a statement notifying users that they had been hacked. They subsequently dated the hack as having occurred in July 2013 although there is evidence to suggest the data was being traded months in advance of that. The breach contained usernames, email addresses and passwords stored as a salted hashes.
• Yam June 2, 2013 • [ hack, misconfiguration, technology ] In June 2013, the Taiwanese website Yam.com suffered a data breach which was shared to a popular hacking forum in 2021. The data included 13 million unique email addresses alongside names, usernames, phone numbers, physical addresses, dates of birth and unsalted MD5 password hashes.
• Badoo June 1, 2013 • [ hack, technology ] In June 2016, a data breach allegedly originating from the social website Badoo was found to be circulating amongst traders. Likely obtained several years earlier, the data contained 112 million unique email addresses with personal data including names, birthdates and passwords stored as MD5 hashes. Whilst there are many indicators suggesting Badoo did indeed suffer a data breach, the legitimacy of the data could not be emphatically proven so this breach has been categorised as "unverified".
• AhaShare.com May 30, 2013 • [ leak, misconfiguration, technology ] In May 2013, the torrent site AhaShare.com suffered a breach which resulted in more than 180k user accounts being published publicly. The breach included a raft of personal information on registered users plus despite assertions of not distributing personally identifiable information, the site also leaked the IP addresses used by the registered identities.
• Non Nude Girls May 21, 2013 In May 2013, the non-consensual voyeurism site "Non Nude Girls" suffered a data breach. The hack of the vBulletin forum led to the exposure of over 75k accounts along with email and IP addresses, names and plain text passwords.
• Neopets May 5, 2013 In May 2016, a set of breached data originating from the virtual pet website "Neopets" was found being traded online. Allegedly hacked "several years earlier", the data contains sensitive personal information including birthdates, genders and names as well as almost 27 million unique email addresses. Passwords were stored in plain text and IP addresses were also present in the breach.
• Dungeons & Dragons Online April 2, 2013 • [ leak, technology ] In April 2013, the interactive video game Dungeons & Dragons Online suffered a data breach that exposed almost 1.6M players' accounts. The data was being actively traded on underground forums and included email addresses, birth dates and password hashes.
• Brazzers April 1, 2013 In April 2013, the adult website known as Brazzers was hacked and 790k accounts were exposed publicly. Each record included a username, email address and password stored in plain text. The breach was brought to light by the Vigilante.pw data breach reporting site in September 2016.
• tumblr February 28, 2013 • [ leak, misconfiguration, technology ] In early 2013, tumblr suffered a data breach which resulted in the exposure of over 65 million accounts. The data was later put up for sale on a dark market website and included email addresses and passwords stored as salted SHA1 hashes.
• Heroes of Gaia January 4, 2013 • [ leak, technology ] In early 2013, the online fantasy multiplayer game Heroes of Gaia suffered a data breach. The newest records in the data set indicate a breach date of 4 January 2013 and include usernames, IP and email addresses but no passwords.
• FaceUP January 1, 2013 • [ hack, sqlinjection, technology ] In 2013, the Danish social media site FaceUP suffered a data breach. The incident exposed 87k unique email addresses alongside genders, dates of birth, names, phone numbers and passwords stored as unsalted MD5 hashes. When notified of the incident, FaceUP advised they had identified a SQL injection vulnerability at the time and forced password resets on impacted customers.
• JD January 1, 2013 • [ leak, retail ] In 2013 (exact date unknown), the Chinese e-commerce service JD suffered a data breach that exposed 13GB of data containing 77 million unique email addresses. The data also included usernames, phone numbers and passwords stored as SHA-1 hashes. The data was provided to HIBP by a source who requested it be attributed to "white_peacock@riseup.net".
• OMGPOP January 1, 2013 • [ leak, misconfiguration, technology ] In approximately 2013, the maker of the Draw Something game OMGPOP suffered a data breach. Formerly known as i'minlikewithyou or iilwy and later purchased by Zynga, the breach exposed over 7M email address and plain text password pairs which were later leaked in 2019.
• Florida Department of Juvenile Justice January 1, 2013 • [ leak, government ] lost / stolen computer
• Kirkwood Community College January 1, 2013 • [ hack, education ] hacked
• South Africa police January 1, 2013 • [ hack, government ] hacked
• Various January 1, 2013 • [ insider ] Insider
• Washington State court system January 1, 2013 • [ hack, government ] hacked
• Adobe Systems Incorporated January 1, 2013 • [ hack, technology ] hacked
• Affinity Health Plan, Inc. January 1, 2013 • [ leak, healthcare ] lost / stolen media