Synthient Stealer Log Threat Data
April 11, 2025
•[ hack, malware, technology ]
During 2025, Synthient aggregated billions of records of "threat data" from various internet sources. The data contained 183M unique email addresses alongside the websites they were entered into and the passwords used. After normalising and deduplicating the data, 183 million unique email addresses remained, each linked to the website where the credentials were captured, and the password used. This dataset is now searchable in HIBP by email address, password, domain, and the site on which the credentials were entered.
Synthient Credential Stuffing Threat Data
April 11, 2025
•[ hack, brute-force, technology ]
During 2025, the threat-intelligence firm Synthient aggregated 2 billion unique email addresses disclosed in credential-stuffing lists found across multiple malicious internet sources. Comprised of email addresses and passwords from previous data breaches, these lists are used by attackers to compromise other, unrelated accounts of victims who have reused their passwords. The data also included 1.3 billion unique passwords, which are now searchable in Pwned Passwords.
Samsung Germany Customer Tickets
March 30, 2025
•[ leak, malware, technology ]
In March 2025, data from Samsung Germany was compromised in a data breach of their logistics provider, Spectos. Allegedly due to credentials being obtained by malware running on a Spectos employee's machine, the breach included 216k unique email addresses along with names, physical addresses, items purchased from Samsung Germany and related support tickets and shipping tracking numbers.
Troy Hunt's Mailchimp List
March 25, 2025
•[ hack, phishing, technology ]
In March 2025, a phishing attack successfully gained access to Troy Hunt's Mailchimp account and automatically exported a list of people who had subscribed to the newsletter for his personal blog. The exported list contained 16k email addresses and other data automatically collected by Mailchimp including IP address and a derived latitude, longitude and time zone.
Apple Customers
March 9, 2025
•[ hack, malware, technology ]
The French government says Apple sent out threat notifications to customers alerting them to spyware attacks earlier in September.
Multiple U.S. Targets (Law Firms, SaaS, Tech Firms)
March 1, 2025
•[ espionage, malware, technology ]
Chinese APT UNC5221 deployed the BRICKSTORM backdoor to infiltrate U.S. law firms and SaaS providers for intelligence collection. Campaign active from March through September 2025.
Multiple U.K. Targets (Professional Services, Law Firms)
March 1, 2025
•[ espionage, technology ]
UNC5221 targeted British professional-services firms for espionage, part of the broader BRICKSTORM campaign observed globally in 2025.
Multiple Netherlands Targets (BPO, MSP Providers)
March 1, 2025
•[ espionage, technology ]
UNC5221 compromised Netherlands-based BPO and MSP providers to gain secondary access to client environments; activity attributed to Chinese cyber-espionage operations.
Multiple German Targets (Corporate Legal, Professional Services)
March 1, 2025
•[ espionage, technology ]
German professional-services and corporate-law entities were likely compromised by UNC5221 during the 2025 BRICKSTORM espionage campaign exploiting Ivanti edge devices.
Singapore Cloud / Hosting Providers
March 1, 2025
•[ espionage, technology ]
UNC5221 leveraged Singapore hosting infrastructure for staging and potential local access during the 2025 BRICKSTORM campaign; targeting aligns with Chinese state-linked espionage.
Multiple Japanese Targets (MSPs, Cloud Partners)
March 1, 2025
•[ espionage, technology ]
UNC5221 activity included compromises of Japanese managed-service providers as part of the BRICKSTORM espionage operation active in 2025.
Orange Romania
February 24, 2025
•[ financial, hack, leak ]
In February 2025, the Romanian arm of telecommunications company Orange suffered a data breach which was subsequently published to a popular hacking forum. The data included 556k email addresses (of which hundreds of thousands were in the form of [phone number]@as1.romtelecom.net), phone numbers, subscription details, partial credit card data (type, last 4 digits, expiration date and issuing bank). The breach also exposed an extensive number of internal documents.
Cocospy
February 14, 2025
•[ hack, malware, technology ]
In February 2025, the spyware service Cocospy suffered a data breach along with sibling spyware service, Spyic. The Cocospy breach alone exposed almost 1.8M customer email addresses which were provided to HIBP, and reportedly also enabled unauthorised access to captured messages, photos, call logs, and more. The data was provided to HIBP by a source who requested it be attributed to "zathienaephi@proton.me".
Tata Technologies
January 31, 2025
•[ ransomware, malware, technology ]
Tata Technologies Ltd. suspends some of its IT services following a ransomware attack that impacted the company network.
Smiths Group
January 28, 2025
•[ hack, technology ]
London-based engineering giant Smiths Group discloses a security breach after unknown attackers gained access to the company's systems.
DeepSeek
January 27, 2025
•[ hack, ddos, technology ]
Chinese AI platform DeepSeek disables registrations on its DeepSeek-V3 chat platform due to an ongoing "large-scale" cyberattack targeting its services.
Maagar-Tec
January 26, 2025
•[ hack, technology ]
The pro-Palestinian group called Handala reportedly breaches emergency systems used in Israeli schools, after compromising Maagar-Tec, and broadcasts rocket sirens and Arabic songs that Israels cyber agency called supportive of terrorism.
Doxbin Scrape
January 24, 2025
•[ leak, misconfiguration, technology ]
In January 2025, 435k email addresses were scraped from the "doxing" service Doxbin. Posts to the service are usually intended to disclose the personal information of non-consensually third parties. The data was provided to HIBP by a source who requested it be attributed to "oathnet.ru".
Centric.eu
January 24, 2025
•[ ransomware, technology ]
Ransomwaregroepering Clop claimt data van Centric in handen te hebben
ipany (VPN software developed by a South Korean company)
January 22, 2025
•[ espionage, technology ]
Researchers from ESET link a previously undocumented China-aligned advanced persistent threat (APT) group named PlushDaemon to a supply chain attack targeting ipany a South Korean virtual private network (VPN) provider.
