[{"Name":"Acuity","Title":"Acuity","Domain":"","BreachDate":"2020-06-18","AddedDate":"2023-11-15T07:16:23Z","ModifiedDate":"2023-11-15T07:16:23Z","PwnCount":14055729,"Description":"In mid-2020, <a href=\"https://www.troyhunt.com/acuity-who-attempts-and-failures-to-attribute-437gb-of-breached-data\" target=\"_blank\" rel=\"noopener\">a 437GB corpus of data attributed to an entity named \"Acuity\" was created and later extensively distributed</a>. However, the source could not be confidently verified as any known companies named Acuity. The data totalled over 14M unique email addresses with each row containing extensive personal information across more than 400 columns of data including names, phone numbers, physical addresses, genders and dates of birth.","LogoPath":"https://logos.haveibeenpwned.com/List.png","Attribution":null,"DisclosureUrl":null,"DataClasses":["Dates of birth","Email addresses","Genders","IP addresses","Names","Phone numbers","Physical addresses","Salutations"],"IsVerified":true,"IsFabricated":false,"IsSensitive":false,"IsRetired":false,"IsSpamList":true,"IsMalware":false,"IsSubscriptionFree":false,"IsStealerLog":false},{"Name":"ApexSMS","Title":"ApexSMS","Domain":"","BreachDate":"2019-04-15","AddedDate":"2023-09-21T14:57:43Z","ModifiedDate":"2023-09-21T14:57:43Z","PwnCount":23246481,"Description":"In May 2019, <a href=\"https://techcrunch.com/2019/05/09/sms-spammers-doxxed/?guccounter=1\" target=\"_blank\" rel=\"noopener\">news broke of a massive SMS spam operation known as \"ApexSMS\" which was discovered after a MongoDB instance of the same name was found exposed without a password</a>. The incident leaked over 80M records with 23M unique email addresses alongside names, phone numbers and carriers, geographic locations (state and country), genders and IP addresses.","LogoPath":"https://logos.haveibeenpwned.com/List.png","Attribution":null,"DisclosureUrl":null,"DataClasses":["Email addresses","Genders","Geographic locations","IP addresses","Names","Phone numbers","Telecommunications carrier"],"IsVerified":true,"IsFabricated":false,"IsSensitive":false,"IsRetired":false,"IsSpamList":true,"IsMalware":false,"IsSubscriptionFree":false,"IsStealerLog":false},{"Name":"B2BUSABusinesses","Title":"B2B USA Businesses","Domain":"","BreachDate":"2017-07-18","AddedDate":"2017-07-18T07:38:04Z","ModifiedDate":"2017-07-18T07:38:04Z","PwnCount":105059554,"Description":"In mid-2017, a spam list of over 105 million individuals in corporate America was discovered online. Referred to as \"B2B USA Businesses\", the list categorised email addresses by employer, providing information on individuals' job titles plus their work phone numbers and physical addresses. <a href=\"https://www.troyhunt.com/have-i-been-pwned-and-spam-lists-of-personal-information\" target=\"_blank\" rel=\"noopener\">Read more about spam lists in HIBP.</a>","LogoPath":"https://logos.haveibeenpwned.com/Email.png","Attribution":null,"DisclosureUrl":null,"DataClasses":["Email addresses","Employers","Job titles","Names","Phone numbers","Physical addresses"],"IsVerified":true,"IsFabricated":false,"IsSensitive":false,"IsRetired":false,"IsSpamList":true,"IsMalware":false,"IsSubscriptionFree":false,"IsStealerLog":false},{"Name":"Digimon","Title":"Digimon","Domain":"digimon.co.in","BreachDate":"2016-09-05","AddedDate":"2018-09-28T01:34:56Z","ModifiedDate":"2018-09-28T01:34:56Z","PwnCount":7687679,"Description":"In September 2016, over 16GB of logs from a service indicated to be digimon.co.in were obtained, most likely from an unprotected Mongo DB instance. The service ceased running shortly afterwards and no information remains about the precise nature of it. Based on <a href=\"https://twitter.com/troyhunt/status/1045178309926051840\" target=\"_blank\" rel=\"noopener\">enquiries made via Twitter</a>, it appears to have been a mail service possibly based on PowerMTA and used for delivering spam. The logs contained information including 7.7M unique email recipients (names and addresses), mail server IP addresses, email subjects and tracking information including mail opens and clicks.","LogoPath":"https://logos.haveibeenpwned.com/Email.png","Attribution":null,"DisclosureUrl":null,"DataClasses":["Email addresses","Email messages","IP addresses","Names"],"IsVerified":true,"IsFabricated":false,"IsSensitive":false,"IsRetired":false,"IsSpamList":true,"IsMalware":false,"IsSubscriptionFree":false,"IsStealerLog":false},{"Name":"Intelimost","Title":"Intelimost","Domain":"intelimost.com","BreachDate":"2019-03-10","AddedDate":"2019-04-02T20:52:19Z","ModifiedDate":"2019-04-02T20:52:19Z","PwnCount":3073409,"Description":"In March 2019, <a href=\"https://techcrunch.com/2019/04/02/inside-a-spam-operation/\" target=\"_blank\" rel=\"noopener\">a spam operation known as \"Intelimost\" sent millions of emails appearing to come from people the recipients knew</a>. Security researcher <a href=\"https://securitydiscovery.com/massive-spam-operation-uncovered-in-a-database-leak/\" target=\"_blank\" rel=\"noopener\">Bob Diachenko found over 3 million unique email addresses in an exposed Elasticsearch database</a>, alongside plain text passwords used to access the victim's mailbox and customise the spam.","LogoPath":"https://logos.haveibeenpwned.com/Email.png","Attribution":null,"DisclosureUrl":null,"DataClasses":["Email addresses","Passwords"],"IsVerified":true,"IsFabricated":false,"IsSensitive":false,"IsRetired":false,"IsSpamList":true,"IsMalware":false,"IsSubscriptionFree":false,"IsStealerLog":false},{"Name":"LinkedInScrape2023","Title":"LinkedIn Scraped and Faked Data (2023)","Domain":"linkedin.com","BreachDate":"2023-11-04","AddedDate":"2023-11-07T07:12:02Z","ModifiedDate":"2024-06-04T19:46:37Z","PwnCount":19788753,"Description":"In November 2023, <a href=\"https://troyhunt.com/hackers-scrapers-fakers-whats-really-inside-the-latest-linkedin-dataset\" target=\"_blank\" rel=\"noopener\">a post to a popular hacking forum alleged that millions of LinkedIn records had been scraped and leaked</a>. On investigation, the data turned out to be a combination of legitimate data scraped from LinkedIn and email addresses constructed from impacted individuals' names.","LogoPath":"https://logos.haveibeenpwned.com/LinkedIn.png","Attribution":null,"DisclosureUrl":null,"DataClasses":["Email addresses","Genders","Geographic locations","Job titles","Names","Professional skills","Social media profiles"],"IsVerified":true,"IsFabricated":false,"IsSensitive":false,"IsRetired":false,"IsSpamList":true,"IsMalware":false,"IsSubscriptionFree":false,"IsStealerLog":false},{"Name":"ManipulatedCaiman","Title":"Manipulated Caiman","Domain":"","BreachDate":"2023-07-16","AddedDate":"2023-08-15T07:06:49Z","ModifiedDate":"2023-08-15T07:06:49Z","PwnCount":39901389,"Description":"In July 2023, <a href=\"https://perception-point.io/blog/manipulated-caiman-the-sophisticated-snare-of-mexicos-banking-predators-technical-edition/\" target=\"_blank\" rel=\"noopener\">Perception Point reported on a phishing operation dubbed \"Manipulated Caiman\"</a>. Targeting primarily the citizens of Mexico, the campaign attempted to gain access to victims' bank accounts via spear phishing attacks using malicious attachments. Researchers obtained almost 40M email addresses targeted in the campaign and provided the data to HIBP to alert potential victims.","LogoPath":"https://logos.haveibeenpwned.com/List.png","Attribution":null,"DisclosureUrl":null,"DataClasses":["Email addresses"],"IsVerified":true,"IsFabricated":false,"IsSensitive":false,"IsRetired":false,"IsSpamList":true,"IsMalware":false,"IsSubscriptionFree":false,"IsStealerLog":false},{"Name":"NemoWeb","Title":"NemoWeb","Domain":"nemoweb.net","BreachDate":"2016-09-04","AddedDate":"2018-09-19T03:53:20Z","ModifiedDate":"2018-09-24T05:09:56Z","PwnCount":3472916,"Description":"In September 2016, almost 21GB of data from the French website used for \"standardised and decentralized means of exchange for publishing newsgroup articles\" <a href=\"http://www.nemoweb.net/\" target=\"_blank\" rel=\"noopener\">NemoWeb</a> was leaked from what appears to have been an unprotected Mongo DB. The data consisted of a large volume of emails sent to the service and included almost 3.5M unique addresses, albeit many of them auto-generated. Multiple attempts were made to contact the operators of NemoWeb but no response was received.","LogoPath":"https://logos.haveibeenpwned.com/NemoWeb.png","Attribution":null,"DisclosureUrl":null,"DataClasses":["Email addresses","Names"],"IsVerified":true,"IsFabricated":false,"IsSensitive":false,"IsRetired":false,"IsSpamList":true,"IsMalware":false,"IsSubscriptionFree":false,"IsStealerLog":false},{"Name":"NetProspex","Title":"NetProspex","Domain":"netprospex.com","BreachDate":"2016-09-01","AddedDate":"2017-03-15T01:57:04Z","ModifiedDate":"2017-03-15T01:57:04Z","PwnCount":33698126,"Description":"In 2016, a list of over 33 million individuals in corporate America sourced from Dun & Bradstreet's NetProspex service <a href=\"https://www.troyhunt.com/weve-lost-control-of-our-personal-data-including-33m-netprospex-records\" target=\"_blank\" rel=\"noopener\">was leaked online</a>. D&B believe the targeted marketing data was lost by a customer who purchased it from them. It contained extensive personal and corporate information including names, email addresses, job titles and general information about the employer.","LogoPath":"https://logos.haveibeenpwned.com/NetProspex.png","Attribution":null,"DisclosureUrl":null,"DataClasses":["Email addresses","Employers","Job titles","Names","Phone numbers","Physical addresses"],"IsVerified":true,"IsFabricated":false,"IsSensitive":false,"IsRetired":false,"IsSpamList":true,"IsMalware":false,"IsSubscriptionFree":false,"IsStealerLog":false},{"Name":"OnlinerSpambot","Title":"Onliner Spambot","Domain":"","BreachDate":"2017-08-28","AddedDate":"2017-08-29T19:25:56Z","ModifiedDate":"2017-08-29T19:25:56Z","PwnCount":711477622,"Description":"In August 2017, a spambot by the name of <a href=\"https://benkowlab.blogspot.com.au/2017/08/from-onliner-spambot-to-millions-of.html\" target=\"_blank\" rel=\"noopener\">Onliner Spambot was identified by security researcher Benkow moʞuƎq</a>. The malicious software contained a server-based component located on an IP address in the Netherlands which exposed a large number of files containing personal information. In total, there were 711 million unique email addresses, many of which were also accompanied by corresponding passwords. A full write-up on what data was found is in the blog post titled <a href=\"https://www.troyhunt.com/inside-the-massive-711-million-record-onliner-spambot-dump\" target=\"_blank\" rel=\"noopener\">Inside the Massive 711 Million Record Onliner Spambot Dump</a>.","LogoPath":"https://logos.haveibeenpwned.com/Email.png","Attribution":null,"DisclosureUrl":null,"DataClasses":["Email addresses","Passwords"],"IsVerified":true,"IsFabricated":false,"IsSensitive":false,"IsRetired":false,"IsSpamList":true,"IsMalware":false,"IsSubscriptionFree":false,"IsStealerLog":false},{"Name":"Rankwatch","Title":"RankWatch","Domain":"rankwatch.com","BreachDate":"2016-11-19","AddedDate":"2017-11-03T07:04:08Z","ModifiedDate":"2017-11-03T07:04:08Z","PwnCount":7445067,"Description":"In approximately November 2016, the search engine optimisation management company <a href=\"https://www.rankwatch.com/\" target=\"_blank\" rel=\"noopener\">RankWatch</a> exposed a Mongo DB with no password publicly whereupon their data was exfiltrated and posted to an online forum. The data contained 7.4 million unique email addresses along with names, employers, phone numbers and job titles in a table called \"us_emails\". When contacted and advised of the incident, RankWatch would not reveal the purpose of the data, where it had been acquired from and whether the data owners had consented to its collection. The forum which originally posted the data explained it as being \"in the same vein as the modbsolutions leak\", <a href=\"https://haveibeenpwned.com/PwnedWebsites#ModernBusinessSolutions\" target=\"_blank\" rel=\"noopener\">a large list of corporate data allegedly used for spam purposes</a>.","LogoPath":"https://logos.haveibeenpwned.com/Rankwatch.png","Attribution":null,"DisclosureUrl":null,"DataClasses":["Email addresses","Employers","Job titles","Names","Phone numbers"],"IsVerified":true,"IsFabricated":false,"IsSensitive":false,"IsRetired":false,"IsSpamList":true,"IsMalware":false,"IsSubscriptionFree":false,"IsStealerLog":false},{"Name":"RiverCityMedia","Title":"River City Media Spam List","Domain":"rivercitymediaonline.com","BreachDate":"2017-01-01","AddedDate":"2017-03-08T23:49:53Z","ModifiedDate":"2017-03-08T23:49:53Z","PwnCount":393430309,"Description":"In January 2017, <a href=\"https://web.archive.org/web/20170426084052/https://mackeeper.com/blog/post/339-spammergate-the-fall-of-an-empire\" target=\"_blank\" rel=\"noopener\">a massive trove of data from River City Media was found exposed online</a>. The data was found to contain almost 1.4 billion records including email and IP addresses, names and physical addresses, all of which was used as part of an enormous spam operation. Once de-duplicated, there were 393 million unique email addresses within the exposed data.","LogoPath":"https://logos.haveibeenpwned.com/Email.png","Attribution":null,"DisclosureUrl":null,"DataClasses":["Email addresses","IP addresses","Names","Physical addresses"],"IsVerified":true,"IsFabricated":false,"IsSensitive":false,"IsRetired":false,"IsSpamList":true,"IsMalware":false,"IsSubscriptionFree":false,"IsStealerLog":false},{"Name":"SaverSpy","Title":"SaverSpy","Domain":"","BreachDate":"2018-09-18","AddedDate":"2018-09-25T10:59:05Z","ModifiedDate":"2024-07-11T19:29:17Z","PwnCount":2457420,"Description":"In September 2018, <a href=\"https://www.linkedin.com/pulse/another-e-marketing-database-11-million-records-bob-diachenko/\" target=\"_blank\" rel=\"noopener\">security researcher Bob Diachenko discovered a massive collection of personal details exposed in an unprotected Mongo DB instance</a>. The data appears to have been used in marketing campaigns (possibly for spam purposes) but had little identifying data about it other than a description of \"Yahoo_090618_ SaverSpy\". The data set provided to HIBP had almost 2.5M unique email addresses (all of which were from Yahoo!) alongside names, genders and physical addresses.","LogoPath":"https://logos.haveibeenpwned.com/Email.png","Attribution":null,"DisclosureUrl":null,"DataClasses":["Email addresses","Genders","Names","Physical addresses"],"IsVerified":true,"IsFabricated":false,"IsSensitive":true,"IsRetired":false,"IsSpamList":true,"IsMalware":false,"IsSubscriptionFree":false,"IsStealerLog":false},{"Name":"SCDailyPhoneSpamList","Title":"SC Daily Phone Spam List","Domain":"data4marketers.com","BreachDate":"2015-04-14","AddedDate":"2016-11-24T06:04:34Z","ModifiedDate":"2016-11-24T06:04:34Z","PwnCount":32939105,"Description":"In early 2015, a spam list known as <a href=\"http://www.data4marketers.com/2015APRspecials.html\" target=\"_blank\" rel=\"noopener\">SC Daily Phone</a> emerged containing almost 33M identities. The data includes personal attributes such as names, physical and IP addresses, genders, birth dates and phone numbers. <a href=\"https://www.troyhunt.com/have-i-been-pwned-and-spam-lists-of-personal-information\" target=\"_blank\" rel=\"noopener\">Read more about spam lists in HIBP.</a>","LogoPath":"https://logos.haveibeenpwned.com/Email.png","Attribution":null,"DisclosureUrl":null,"DataClasses":["Dates of birth","Email addresses","Genders","IP addresses","Names","Physical addresses"],"IsVerified":true,"IsFabricated":false,"IsSensitive":false,"IsRetired":false,"IsSpamList":true,"IsMalware":false,"IsSubscriptionFree":false,"IsStealerLog":false},{"Name":"SpecialKSpamList","Title":"Special K Data Feed Spam List","Domain":"data4marketers.com","BreachDate":"2015-10-07","AddedDate":"2016-11-24T00:18:27Z","ModifiedDate":"2016-11-24T00:18:27Z","PwnCount":30741620,"Description":"In mid to late 2015, a spam list known as the <a href=\"http://www.data4marketers.com/d4m_SpecialKfeed2015.html\" target=\"_blank\" rel=\"noopener\">Special K Data Feed</a> was discovered containing almost 31M identities. The data includes personal attributes such as names, physical and IP addresses, genders, birth dates and phone numbers. <a href=\"https://www.troyhunt.com/have-i-been-pwned-and-spam-lists-of-personal-information\" target=\"_blank\" rel=\"noopener\">Read more about spam lists in HIBP.</a>","LogoPath":"https://logos.haveibeenpwned.com/Email.png","Attribution":null,"DisclosureUrl":null,"DataClasses":["Dates of birth","Email addresses","Genders","IP addresses","Names","Physical addresses"],"IsVerified":true,"IsFabricated":false,"IsSensitive":false,"IsRetired":false,"IsSpamList":true,"IsMalware":false,"IsSubscriptionFree":false,"IsStealerLog":false},{"Name":"TrikSpamBotnet","Title":"Trik Spam Botnet","Domain":"","BreachDate":"2018-06-12","AddedDate":"2018-06-14T08:05:50Z","ModifiedDate":"2022-01-05T04:11:30Z","PwnCount":43432346,"Description":"In June 2018, the command and control server of a malicious botnet known as the \"Trik Spam Botnet\" <a href=\"https://www.bleepingcomputer.com/news/security/trik-spam-botnet-leaks-43-million-email-addresses/\" target=\"_blank\" rel=\"noopener\">was misconfigured such that it exposed the email addresses of more than 43 million people</a>. The researchers who discovered the exposed Russian server believe the list of addresses was used to distribute various malware strains via malspam campaigns (emails designed to deliver malware).","LogoPath":"https://logos.haveibeenpwned.com/Email.png","Attribution":null,"DisclosureUrl":null,"DataClasses":["Email addresses"],"IsVerified":true,"IsFabricated":false,"IsSensitive":false,"IsRetired":false,"IsSpamList":true,"IsMalware":true,"IsSubscriptionFree":false,"IsStealerLog":false}]