Company Date Discovered Breach Date Information Breached Total Records Notes

Blacklist Alliance

3 August 2020 30 July 2020
  • Names
  • Email Addresses
  • Phone numbers
  • API keys
  • Passwords (MD5 encrypted)
  • Contracts
TBC

Blacklist’s own Web site has leaked reams of data to
anyone with a Web browser. Thousands of documents, emails, spreadsheets,
images and the names tied to countless mobile phone numbers all could be
viewed or downloaded without authentication from the domain
theblacklist.click.
The directory also included all 388 Blacklist customer API keys, as well
as each customer’s phone number, employer, username and password
(scrambled with the relatively weak MD5 password hashing algorithm).

KreditPlus

3 August 2020 March 2020
  • Phone Numbers
  • Email Addresses
  • Usernames
768,890

In June 2020, the Indonesian credit service Kreditplus suffered a
data breach which exposed 896k records containing 769k unique email
addresses. The breach exposed extensive personal information
including names, family makeup, information on spouses, income and
expenses, religions and employment information.

집꾸미기

3 August 2020 March 2020
  • Phone Numbers
  • Email Addresses
  • Usernames
1,298,651 accounts

In March 2020, the Korean interior decoration website ???? (Decorating the House)
suffered a data breach which impacted almost 1.3 million members. Served via the
URL ggumim.co.kr, the exposed data included email addresses, names, usernames
and phone numbers, all of which was subsequently shared extensively throughout
online hacking communities.

TrueFire

3 August 2020 Feburary 2020
  • Names
  • Email addresses
  • Physical addresses
  • Account balances
  • Unsalted MD5 password hashes
599,667 accounts

In February 2020, the guitar tuition website TrueFire suffered a data breach which
impacted 600k members. The breach exposed extensive personal information including
names, email and physical addresses, account balances and unsalted MD5 password
hashes.

Vakinha

1 August 2020 25 June 2020
  • Passwords
  • Phone Numbers
  • Email Addresses
  • Dates of birth
4,775,203 accounts

In June 2020, the Brazilian fund raising service Vakinha suffered
a data breach which impacted almost 4.8 million members. The
exposed data included email addresses, names, phone numbers,
geographic locations and passwords stored as bcrypt hashes, all of
which was subsequently shared extensively throughout online
hacking communities.

Havenly

1 August 2020 25 June 2020
  • Passwords
  • Phone Numbers
  • Email Addresses
1,369,180 accounts

Swvl

31 July 2020 23 June 2020
  • Passwords
  • Phone Numbers
  • Email Addresses
4,195,918 accounts

Appen

30 July 2020 23 June 2020
  • Passwords
  • Phone Numbers
  • Email Addresses
  • IP Addresses
  • Names
  • Employers
5,888,405 accounts

ScentBird

30 July 2020 22 June 2020
  • Passwords
  • Date of Births
  • Email Addresses
  • Names
5,814,988 accounts

Dunzo

29 July 2020 19 June 2020
  • Names
  • Phone Numbers
  • Email Addresses
  • Location
  • Device Information
3,465,259 accounts

Dave

27 July 2020 28 June 2020
  • Names
  • Passwords
  • Date of Births
  • Email Addresses
  • Social security numbers
  • Date of Birth
  • Physcial Address
2,964,182 accounts

Chat Books

29 July 2020 26 March 2020
  • Names
  • Phone Numbers
  • Email Addresses
  • Social Media Profiles
2,520,259 accounts

Source haveibeenpwned.