BePrime
April 20, 2026
•[ unauthorized access, missing MFA, credential leak ]
BePrime, a managed cybersecurity services provider in Mexico, was breached in April 2026 after attackers accessed administrator accounts lacking MFA, exfiltrating 12.6 GB of data that included plaintext credentials, client penetration testing reports, Cisco Meraki API keys controlling 1,858 network devices, and live surveillance camera feeds from client offices.
BreachForums Version 5
March 26, 2026
•[ data leak, hacking forum, credential leak ]
In March 2026, a breach of one of the many iterations of the BreachForums hacking forum known as "Version 5" was publicly disclosed. The incident exposed 340k unique email addresses along with usernames and argon2 password hashes.
Sweden's BankID
March 17, 2026
•[ data leak, credential leak, source code leak ]
Biometric Update reported a hacker group calling itself ByteToBreach claimed a breach at CGIs Swedish division, leaking code and credentials tied to systems used by Swedish public authorities and linked in reporting to BankID authentication flows (including for the Swedish Tax Agency). The article said other databases containing personal data and electronic signature documents were allegedly being sold separately. The report is based on attacker claims and leak assertions and does not provide an official confirmation of full scope from CGI or BankID in the excerpt.
At least one Hungarian government ministries
March 1, 2026
•[ credential leak, infostealer, stealer logs ]
Bellingcat identified 795 Hungarian government email/password combinations circulating in breach data across 12 of 13 ministries, including defence, foreign affairs, interior, and finance; stealer logs indicated 97 machines across government departments may have been compromised, with some logs as recent as March 2026.
Edmunds
January 24, 2026
•[ data breach, ShinyHunters, PII ]
In January 2026, the automotive research and car-shopping platform Edmunds was listed by the ShinyHunters hacking group as having been breached. Data purportedly obtained in the incident was later published publicly and included 178k unique email addresses, usernames, passwords, IP addresses, phone numbers and vehicle-related records.
Erie Family Health Centers
December 10, 2025
•[ unauthorized access, data leak, medical records ]
Erie Family Health Centers detected unauthorized access in January 2026 and later determined that an unauthorized third party accessed its network between December 10, 2025 and January 27, 2026, exposing personal, financial, credential, medical, and health insurance information for approximately 570,000 individuals.
Undisclosed U.S. government agency (reported as “Department of Government Efficiency”)
May 8, 2025
•[ infostealer, malware, credential leak ]
Ars Technica reports a government software engineers workstation was infected with info-stealing malware, with login credentials appearing in multiple stealer-log dumps since 2023; investigation centers on credential exposure rather than confirmed enterprise compromise.
Santeda International B.V.
May 1, 2025
•[ data breach, credential leak, unencrypted data ]
Investigators reported a data breach affecting MyStake, a Curaao-licensed online casino operated by Santeda International B.V., tracing the exposure back to approximately May 2025. A PDF containing login credentials for 540 MyStake accounts was shared online, and specialists reportedly confirmed they could log into most accounts listed, indicating passwords were still valid long after the leak became known. Once logged in, auditors said they could view sensitive player details stored without encryption, including names, home addresses, phone numbers, dates of birth, and detailed transaction histories. Reporting alleged that users were not notified for more than eight months and that MyStake did not enforce password resets or suspend compromised accounts during that period, increasing risk of account takeover, fraud, and identity misuse.
Pearson plc
January 1, 2025
•[ data leak, source code leak, credential leak ]
Threat actors used an exposed GitLab PAT to access source code and cloud credentials, stealing terabytes of corporate and customer data over months.
RuneScape Boards
December 26, 2011
•[ data breach, credential leak, salted MD5 password hashes ]
In around 2011, the now defunct RuneScape Boards forum (also known as RSBoards) suffered a data breach that was later redistributed as part of a larger corpus of data. The vBulletin-based service exposed 223k unique email addresses along with usernames, IP addresses and salted MD5 password hashes.
