What's happening in cyber, in plain English
We pull from NCSC, CISA, Have I Been Pwned and the NVD every six hours, then summarise each item into what it is, who it affects, and what you can do about it.
- HighBreachHave I Been Pwned — public breach catalog· 16 Apr 2026· summary pending
McGraw Hill — 13.5M accounts
In April 2026, education company McGraw Hill confirmed a data breach following an extortion attempt . Attributed to a Salesforce misconfiguration, the company stated the incident exposed "a limited set of data from a webpage hosted by Salesforce on its platfor
- HighBreachHave I Been Pwned — public breach catalog· 8 Apr 2026· summary pending
My Lovely AI — 106K accounts
In April 2026, the NSFW AI girlfriend platform My Lovely AI suffered a data breach that exposed over 100k users . The data included user-created prompts and links to the resulting AI-generated images, along with a small number of Discord and X usernames.
- HighBreachHave I Been Pwned — public breach catalog· 31 Mar 2026· summary pending
Cuties AI — 144K accounts
In March 2026, the NSFW AI companion platform Cuties AI suffered a data breach that was subsequently published to a public hacking forum . The incident exposed 144k unique email addresses along with display names, avatars, prompts and descriptions used to gene
- HighBreachHave I Been Pwned — public breach catalog· 2 Mar 2026· summary pending
Quitbro — 23K accounts
In February 2026, the porn addiction app Quitbro allegedly suffered a data breach that exposed 23k unique email addresses. The data also included users’ years of birth, responses to questions within the app and their last recorded relapse time. The app’s maker
- HighBreachHave I Been Pwned — public breach catalog· 25 Feb 2026· summary pending
Canadian Tire — 38.3M accounts
In October 2025, retailer Canadian Tire was the victim of a data breach that exposed almost 42M records. The data contained 38M unique email addresses along with names, phone numbers and physical addresses. Passwords were stored as PBKDF2 hashes and for a subs
- HighBreachHave I Been Pwned — public breach catalog· 22 Feb 2026· summary pending
CarGurus — 12.5M accounts
In February 2026, the automotive marketplace CarGurus was the target of a data breach attributed to the threat actor ShinyHunters . Following an attempted extortion, the data was published publicly and contained more than 12M email addresses across multiple fi
- HighBreachHave I Been Pwned — public breach catalog· 27 Jan 2026· summary pending
SoundCloud — 29.8M accounts
In December 2025, SoundCloud announced it had discovered unauthorised activity on its platform . The incident allowed an attacker to map publicly available SoundCloud profile data to email addresses for approximately 20% of its users. The impacted data include
- HighBreachHave I Been Pwned — public breach catalog· 21 Jan 2026· summary pending
Under Armour — 72.7M accounts
In November 2025, the Everest ransomware group claimed Under Armour as a victim and attempted to extort a ransom , alleging they had obtained access to 343GB of data. In January 2026, customer data from the incident was published publicly on a popular hacking
- HighBreachHave I Been Pwned — public breach catalog· 19 Jan 2026· summary pending
Raaga — 10.2M accounts
In December 2025, data allegedly breached from the Indian streaming music service "Raaga" was posted for sale to a popular hacking forum . The data contained 10M unique email addresses along with names, genders, ages (in some cases, full date of birth), postco
- HighBreachHave I Been Pwned — public breach catalog· 6 Jan 2026· summary pending
WhiteDate — 20K accounts
In December 2025, the dating website "for a Europid vision" WhiteDate suffered a data breach that was subsequently leaked online , initially exposing 6.1k unique email addresses. The leaked data included extensive personal information such as physical appearan
- HighBreachHave I Been Pwned — public breach catalog· 24 Dec 2025· summary pending
Медицинская лаборатория Гемотест (Gemotest) — 6.3M accounts
In April 2022, Russian pharmaceutical company Gemotest suffered a data breach that exposed 31 million patients . The data contained 6.3 million unique email addresses along with names, physical addresses, dates of birth, passport and insurance numbers. Gemotes
- HighBreachHave I Been Pwned — public breach catalog· 8 Nov 2025· summary pending
TISZA Világ — 199K accounts
In late October 2025, data breached from the Hungarian political party TISZA was published online before being extensively redistributed . Stemming from a compromise of the TISZA Világ service earlier in the month, the breach exposed 200k records of personal d
- HighBreachHave I Been Pwned — public breach catalog· 16 Oct 2025· summary pending
Prosper — 17.6M accounts
In September 2025, Prosper announced that it had detected unauthorised access to their systems, which resulted in the exposure of customer and applicant information . The data breach impacted 17.6M unique email addresses, along with other customer information,
- HighBreachHave I Been Pwned — public breach catalog· 15 Oct 2025· summary pending
Hello Cake — 23K accounts
In July 2025, the sexual healthcare product maker Hello Cake suffered a data breach . The data was subsequently posted on a public hacking forum and included 23k unique email addresses along with names, phone numbers, physical addresses, dates of birth and pur
- HighBreachHave I Been Pwned — public breach catalog· 18 Sept 2025· summary pending
FreeOnes — 960K accounts
In February 2017, the forum for the adult website FreeOnes suffered a data breach that was later redistributed as part of a larger corpus of data . The data included 960k unique email addresses alongside usernames, IP addresses and salted MD5 password hashes.
- HighBreachHave I Been Pwned — public breach catalog· 3 Jul 2025· summary pending
Catwatchful — 62K accounts
In June 2025, spyware maker Catwatchful suffered a data breach that exposed over 60k customer records . The breach was due to a SQL injection vulnerability that enabled email addresses and plain text passwords to be extracted from the system.
- HighBreachHave I Been Pwned — public breach catalog· 27 May 2025· summary pending
Free — 13.9M accounts
In October 2024, French ISP "Free" suffered a data breach which was subsequently posted for sale and later, leaked publicly. The data included 14M unique email addresses along with names, physical addresses, phone numbers, genders, dates of birth and for many
- HighBreachHave I Been Pwned — public breach catalog· 23 May 2025· summary pending
Operation Endgame 2.0 — 15.4M accounts
In May 2025, a coalition of law enforcement agencies took down the criminal infrastructure behind the malware used to launch ransomware attacks in a new phase of "Operation Endgame". This followed the first Operation Endgame exercise a year earlier , with the
- HighBreachHave I Been Pwned — public breach catalog· 19 Mar 2025· summary pending
SpyX — 2.0M accounts
In June 2024, spyware maker SpyX suffered a data breach that exposed almost 2M unique email addresses . The breach also exposed IP addresses, countries of residence, device information and 6-digit PINs in the password field. Further, a collection of iCloud cre
- HighBreachHave I Been Pwned — public breach catalog· 19 Mar 2025· summary pending
Lexipol — 673K accounts
In February 2025, the public safety policy management systems company Lexipol suffered a data breach . Attributed to the self-proclaimed "Puppygirl Hacker Polycule", the breach exposed an extensive number of documents and user records which were subsequently p
- HighBreachHave I Been Pwned — public breach catalog· 3 Mar 2025· summary pending
Color Dating — 221K accounts
In September 2018, the dating app to match people with different ethnicities Color Dating suffered a data breach that was later redistributed as part of a larger corpus of data . The breach exposed 220k unique email addresses along with bios, names, profile ph
- HighBreachHave I Been Pwned — public breach catalog· 27 Feb 2025· summary pending
Spyzie — 519K accounts
In February 2025, the spyware service Spyzie suffered a data breach along with sibling spyware services, Spyic and Cocospy . The Spyzie breach alone exposed almost 519k customer email addresses which were provided to HIBP, and reportedly also enabled unauthori
- HighBreachHave I Been Pwned — public breach catalog· 20 Feb 2025· summary pending
Spyic — 876K accounts
In February 2025, the spyware service Spyic suffered a data breach along with sibling spyware service, Cocospy . The Spyic breach alone exposed almost 876k customer email addresses which were provided to HIBP, and reportedly also enabled unauthorised access to
- HighBreachHave I Been Pwned — public breach catalog· 20 Feb 2025· summary pending
Cocospy — 1.8M accounts
In February 2025, the spyware service Cocospy suffered a data breach along with sibling spyware service, Spyic . The Cocospy breach alone exposed almost 1.8M customer email addresses which were provided to HIBP, and reportedly also enabled unauthorised access
- HighBreachHave I Been Pwned — public breach catalog· 16 Feb 2025· summary pending
Storenvy — 11.1M accounts
In mid-2019, the e-commerce website Storenvy suffered a data breach that exposed millions of customer records . A portion of the breached records were subsequently posted to a hacking forum with cracked password hashes, whilst the entire corpus of 23M rows was
- HighBreachHave I Been Pwned — public breach catalog· 13 Feb 2025· summary pending
Doxbin (TOoDA) — 136K accounts
In February 2025, the "doxing" website Doxbin was compromised by a group calling themselves "TOoDA" and the data dumped publicly . Included in the breach were 336k unique email addresses alongside usernames.
- HighBreachHave I Been Pwned — public breach catalog· 12 Feb 2025· summary pending
Zacks (2024) — 12.0M accounts
In June 2024, the investment research company Zacks was allegedly breached, and data was later published to a popular hacking forum . This comes after a separate Zacks data breach confirmed by the organisation in 2023 with the subsequent breach disclosing mill
- HighBreachHave I Been Pwned — public breach catalog· 3 Feb 2025· summary pending
1win — 96.2M accounts
In November 2024, the online betting platform 1win suffered a data breach that exposed 96M users . The exposed data included email and IP addresses, phone numbers, dates of birth, country and SHA-256 password hashes.
- HighBreachHave I Been Pwned — public breach catalog· 30 Jan 2025· summary pending
Speedio — 27.5M accounts
In December 2024, data alleged to have been taken from the Brazilian lead generation platform Speedio was posted for sale to a popular hacking forum . The data was allegedly obtained from an unsecured Elasticsearch instance and contained over 62M records of la
- HighBreachHave I Been Pwned — public breach catalog· 28 Jan 2025· summary pending
Doxbin Scrape — 436K accounts
In January 2025, 435k email addresses were scraped from the "doxing" service Doxbin . Posts to the service are usually intended to disclose the personal information of non-consensually third parties.
Sources are pulled directly from each provider's public feed and never modified. AI summaries are produced for plain-English readability and are clearly labelled — always follow the source link for the authoritative advisory.