Recent data breaches you could have been pawned in

Read Time:3 Minute, 9 Seconds

A data “breach” is an incident where private and secured data has been intentionally or unintentionally exposed, leaked, or spilled to the public or untrusted environment. Data breaches are very common even in Zambia where database owners have failed to secure or intentionally leak users’ information.

There are several websites that keep a record of where data breaches have occurred and collect facts relating to email addresses affected. A similar feature also exists in Google Chrome version 79 and above where the system automatically scans a password to see if it’s been breached anywhere.

Here below is the list of recent data breaches you could have been pawned in. Note that most data breaches go on unnoticed for years and or unreported. The time data breach is coming to public attention usually years would have passed from when the breach first occurred.

The best place to check if you have been pawned is here; Have I Been Pawned,

Appen – 2020

Appen: In June 2020, the AI training data company Appen suffered a data breach exposing the details of almost 5.9 million users which were subsequently sold online. Included in the breach were names, email addresses and passwords stored as bcrypt hashes. Some records also contained phone numbers, employers and IP addresses. The data was provided to HIBP by dehashed.com.

Compromised data: Email addresses, Employers, IP addresses, Names, Passwords, Phone numbers.

Lead Hunter – 2020

Lead Hunter: In March 2020, a massive trove of personal information referred to as “Lead Hunter” was provided to HIBP after being found left exposed on a publicly facing Elasticsearch server. The data contained 69 million unique email addresses across 110 million rows of data accompanied by additional personal information including names, phone numbers, genders and physical addresses. At the time of publishing, the breach could not be attributed to those responsible for obtaining and exposing it. The data was provided to HIBP by dehashed.com.

Compromised data: Email addresses, Genders, IP addresses, Names, Phone numbers, Physical addresses.

LinkedIn – 2016

LinkedIn: In May 2016, LinkedIn had 164 million email addresses and passwords exposed. Originally hacked in 2012, the data remained out of sight until being offered for sale on a dark market site 4 years later. The passwords in the breach were stored as SHA1 hashes without salt, the vast majority of which were quickly cracked in the days following the release of the data.

Compromised data: Email addresses, Passwords

Pemiblanc – 2018

Pemiblanc (unverified): In April 2018, a credential stuffing list containing 111 million email addresses and passwords known as Pemiblanc was discovered on a French server. The list contained email addresses and passwords collated from different data breaches and used to mount account takeover attacks against other services. Read more about the incident.

Compromised data: Email addresses, Passwords

Apollo – 2018

Apollo: In July 2018, the sales engagement startup Apollo left a database containing billions of data points publicly exposed without a password. The data was discovered by security researcher Vinny Troia who subsequently sent a subset of the data containing 126 million unique email addresses to Have I Been Pwned. The data left exposed by Apollo was used in their “revenue acceleration platform” and included personal information such as names and email addresses as well as professional information including places of employment, the roles people hold and where they’re located. Apollo stressed that the exposed data did not include sensitive information such as passwords, social security numbers or financial data. The Apollo website has a contact form for those looking to get in touch with the organisation.

Compromised data: Email addresses, Employers, Geographic locations, Job titles, Names, Phone numbers, Salutations, Social media profiles