<div dir="ltr"><a href="https://www.bleepingcomputer.com/news/security/hacker-leaks-386-million-user-records-from-18-companies-for-free/">https://www.bleepingcomputer.com/news/security/hacker-leaks-386-million-user-records-from-18-companies-for-free/</a><br><br>A threat actor is flooding a hacker forum with databases exposing expose over 386 million user records that they claim were stolen from eighteen companies during data breaches.<br><br>Since July 21st, a seller of data breaches known as ShinyHunters has begun leaking the databases for free on a hacker forum known for selling and sharing stolen data.<br><br>A partial list of databases posted to the forum<br><br>Databases stolen in data breaches usually are privately sold first, with prices ranging between $500 (Zoosk) to $100,000 (Wattpad). Once they are no longer profitable, threat actors commonly release them on hacker forums to increase their community reputation.<br><br>Of the databases released since July 21st, nine of them were already disclosed in some manner in the past.<br><br>The other nine, including Havenly, Indaba Music, Ivoy, Proctoru, Rewards1, Scentbird, and Vakinha, have not been previously disclosed.<br><br>The full list of the 18 data breaches are listed below:<br><table align="center" border="1" cellpadding="5" cellspacing="5" style="border-spacing:0px;border-collapse:collapse;color:rgb(51,51,51);font-family:roboto,sans-serif;font-size:16px;width:833.6px"><tbody style="box-sizing:border-box"><tr style="box-sizing:border-box"><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)"><span style="box-sizing:border-box;font-weight:700">Company</span></td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)"><span style="box-sizing:border-box;font-weight:700">User Records</span></td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)"><span style="box-sizing:border-box;font-weight:700">Reported Breach Date</span></td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)"><span style="box-sizing:border-box;font-weight:700">Known?</span></td></tr><tr style="box-sizing:border-box"><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">Appen.com</td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">5.8 Million</td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">N/A</td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">No</td></tr><tr style="box-sizing:border-box"><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)"><a href="https://www.bleepingcomputer.com/news/security/chatbooks-discloses-data-breach-after-data-sold-on-dark-web/" target="_blank" style="box-sizing:border-box;background-color:transparent;color:rgb(66,139,202);text-decoration-line:none;outline:none">Chatbooks.com</a></td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">15.8 Million</td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">March 26th, 2020</td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)"><a href="https://www.bleepingcomputer.com/news/security/chatbooks-discloses-data-breach-after-data-sold-on-dark-web/" target="_blank" style="box-sizing:border-box;background-color:transparent;color:rgb(66,139,202);text-decoration-line:none;outline:none">Yes</a></td></tr><tr style="box-sizing:border-box"><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)"><a href="https://www.bleepingcomputer.com/news/security/dave-data-breach-affects-75-million-users-leaked-on-hacker-forum/" target="_blank" style="box-sizing:border-box;background-color:transparent;color:rgb(66,139,202);text-decoration-line:none;outline:none">Dave.com</a></td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">7 Million</td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">July 2020 <span style="box-sizing:border-box;line-height:0;vertical-align:baseline">*</span></td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)"><a href="https://www.bleepingcomputer.com/news/security/dave-data-breach-affects-75-million-users-leaked-on-hacker-forum/" target="_blank" style="box-sizing:border-box;background-color:transparent;color:rgb(66,139,202);text-decoration-line:none;outline:none">Yes</a></td></tr><tr style="box-sizing:border-box"><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">Drizly.com</td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">2.4 Million</td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">July 2020 <span style="box-sizing:border-box;line-height:0;vertical-align:baseline">*</span></td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">No</td></tr><tr style="box-sizing:border-box"><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)"><a href="https://www.bleepingcomputer.com/news/security/hacker-group-floods-dark-web-with-data-stolen-from-11-companies/" target="_blank" style="box-sizing:border-box;background-color:transparent;color:rgb(66,139,202);text-decoration-line:none;outline:none">GGumim.co.kr</a></td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">2.3 Million</td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">March 2020 <span style="box-sizing:border-box;line-height:0;vertical-align:baseline">*</span></td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)"><a href="https://www.bleepingcomputer.com/news/security/hacker-group-floods-dark-web-with-data-stolen-from-11-companies/" target="_blank" style="box-sizing:border-box;background-color:transparent;color:rgb(66,139,202);text-decoration-line:none;outline:none">Yes</a></td></tr><tr style="box-sizing:border-box"><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">Havenly.com </td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">1.3 Million</td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">June 2020 <span style="box-sizing:border-box;line-height:0;vertical-align:baseline">*</span></td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">No</td></tr><tr style="box-sizing:border-box"><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)"><a href="http://haveibeenpwned.com/PwnedWebsites#Hurb" rel="nofollow" target="_blank" style="box-sizing:border-box;background-color:transparent;color:rgb(66,139,202);text-decoration-line:none;outline:none">Hurb.com</a></td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">20 Million</td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">N/A</td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)"><a href="https://haveibeenpwned.com/PwnedWebsites#Hurb" rel="nofollow" target="_blank" style="box-sizing:border-box;background-color:transparent;color:rgb(66,139,202);text-decoration-line:none;outline:none">Yes</a></td></tr><tr style="box-sizing:border-box"><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">Indabamusic.com</td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">475 Thousand</td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">N/A</td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">No</td></tr><tr style="box-sizing:border-box"><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">Ivoy.mx</td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">127 Thousand</td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">N/A</td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">No</td></tr><tr style="box-sizing:border-box"><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)"><a href="https://www.bleepingcomputer.com/news/security/mathway-investigates-data-breach-after-25m-records-sold-on-dark-web/" target="_blank" style="box-sizing:border-box;background-color:transparent;color:rgb(66,139,202);text-decoration-line:none;outline:none">Mathway.com</a></td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">25.8 Million</td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">January 2020 <span style="box-sizing:border-box;line-height:0;vertical-align:baseline">*</span></td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)"><a href="https://www.bleepingcomputer.com/news/security/mathway-investigates-data-breach-after-25m-records-sold-on-dark-web/" target="_blank" style="box-sizing:border-box;background-color:transparent;color:rgb(66,139,202);text-decoration-line:none;outline:none">Yes</a></td></tr><tr style="box-sizing:border-box"><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">Proctoru.com</td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">444 Thousand</td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">N/A</td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">No</td></tr><tr style="box-sizing:border-box"><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)"><a href="https://www.bleepingcomputer.com/news/security/promocom-discloses-data-breach-after-22m-user-records-leaked-online/" target="_blank" style="box-sizing:border-box;background-color:transparent;color:rgb(66,139,202);text-decoration-line:none;outline:none">Promo.com</a></td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">22 Million</td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">July 2020</td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)"><a href="https://www.bleepingcomputer.com/news/security/promocom-discloses-data-breach-after-22m-user-records-leaked-online/" target="_blank" style="box-sizing:border-box;background-color:transparent;color:rgb(66,139,202);text-decoration-line:none;outline:none">Yes</a></td></tr><tr style="box-sizing:border-box"><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">Rewards1.com</td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">3 Million</td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">July 2020 <span style="box-sizing:border-box;line-height:0;vertical-align:baseline">*</span></td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">No</td></tr><tr style="box-sizing:border-box"><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">Scentbird.com</td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">5.8 Million</td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">N/A</td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">No</td></tr><tr style="box-sizing:border-box"><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)"><a href="https://portswigger.net/daily-swig/egyptian-bus-operator-swvl-hit-by-data-breach" rel="nofollow" target="_blank" style="box-sizing:border-box;background-color:transparent;color:rgb(66,139,202);text-decoration-line:none;outline:none">Swvl.com</a></td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">4 Million</td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">N/A</td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)"><a href="https://portswigger.net/daily-swig/egyptian-bus-operator-swvl-hit-by-data-breach" rel="nofollow" target="_blank" style="box-sizing:border-box;background-color:transparent;color:rgb(66,139,202);text-decoration-line:none;outline:none">Yes</a></td></tr><tr style="box-sizing:border-box"><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">TrueFire.com</td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">602 Thousand</td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">N/A</td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)"><a href="https://media.dojmt.gov/wp-content/uploads/Consumer-76.pdf" rel="nofollow" target="_blank" style="box-sizing:border-box;background-color:transparent;color:rgb(66,139,202);text-decoration-line:none;outline:none">Yes</a></td></tr><tr style="box-sizing:border-box"><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)"><a href="http://Vakinha.com.br">Vakinha.com.br</a></td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">4.8 Million</td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">N/A</td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">No</td></tr><tr style="box-sizing:border-box"><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)"><a href="https://www.bleepingcomputer.com/news/security/wattpad-data-breach-exposes-account-info-for-millions-of-users/" target="_blank" style="box-sizing:border-box;background-color:transparent;color:rgb(66,139,202);text-decoration-line:none;outline:none">Wattpad</a></td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">270 Million</td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">June 2020 <span style="box-sizing:border-box;line-height:0;vertical-align:baseline">*</span></td><td style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)"><a href="https://www.bleepingcomputer.com/news/security/wattpad-data-breach-exposes-account-info-for-millions-of-users/" target="_blank" style="box-sizing:border-box;background-color:transparent;color:rgb(66,139,202);text-decoration-line:none;outline:none">Yes</a></td></tr><tr style="box-sizing:border-box"><td colspan="4" style="box-sizing:border-box;padding:5px;vertical-align:top;border:1px solid rgb(29,54,82)">* Based on threat actor's statements</td></tr></tbody></table><br class="gmail-Apple-interchange-newline"><br><br>From the samples seen of these databases, BleepingComputer has confirmed that the exposed email addresses correspond to accounts on the services.<br><br>The combined databases expose over 386 million user records. While a password is not included in every record, for example, <a href="http://promo.com">promo.com</a>, there is still a massive amount of information being disclosed that threat actors can use.<br><br>When BleepingComputer asked ShinyHunters why they dumped all of these databases, we were told that they were leaked for everyone's benefit.<br><br>"I just thought: 'I've made enough money now' so I leaked for everyone's benefit."<br><br>"Obviously, some people are a little upset because they paid resellers a few days ago, but I don't care," ShinyHunters told BleepingComputer.<br><br>Are you a user of the listed services?<br><br>BleepingComputer has contacted each of the companies being offered for free by ShinyHunters, but have not heard back from any of them.<br><br>This lack of response is common when a data breach is reported, and usually weeks, if not months later, the company will report a data breach.<br><br>To be safe, if you are a user of one of the services listed above, I strongly advise you to change your password immediately on the site.<br><br>If you use the same password at other sites, you should also change the password at those sites to a unique and strong one that you only use for that site.<br><br>Using unique passwords prevents a data breach at one site from affecting you at other websites you use.<br><br>To assist you in keeping tracking of unique and strong passwords, I suggest you use a password manager application.<br><br></div>