Civil Online
What Happened
In mid-2011, data was allegedly obtained from the Chinese engineering website known as Civil Online and contained 7.8M accounts. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified". The data in the breach contains email and IP addresses, user names and MD5 password hashes. Read more about Chinese data breaches in Have I Been Pwned.
Compromised Data
Recommended Actions
Change Your Password
If you haven't changed your password on this service since the breach, do so immediately.
Enable Two-Factor Authentication
If 2FA is supported, add an extra layer of security to your account.
Check Other Accounts
If you used the same password elsewhere, change those too.
Monitor for Suspicious Activity
Watch for unusual login attempts, spam and phishing emails.
Breach Overview
-
Affected Accounts:
7.8 million
-
Breach Occurred:
July 2011
-
Added to HIBP:
7 Nov 2016
Breach Classification
Some breaches may be flagged as "unverified". In these cases, whilst there is legitimate data within the alleged breach, it may not have been possible to establish legitimacy beyond reasonable doubt.
Unverified breaches are still included in the system because regardless of their legitimacy, they still contain personal information about individuals who want to understand their exposure on the web.
Recommended Actions
Change Your Password
If you haven't changed your Civil Online password since 2011, do so immediately.
Enable Two-Factor Authentication
Add an extra layer of security to your account.
Check Other Accounts
If you used the same password elsewhere, change those too.
Monitor for Suspicious Activity
Watch for unusual login attempts or messages from your account.
