Hi Guys,

Please see below details of three massive data breaches. Have you ever used any of these services?

Lead Hunter – 68,693,853 breached accounts

In March 2020, a massive trove of personal information referred to as “Lead Hunter” was provided to HIBP after being found left exposed on a publicly facing Elasticsearch server. The data contained 69 million unique email addresses across 110 million rows of data accompanied by additional personal information including names, phone numbers, genders and physical addresses. At the time of publishing, the breach could not be attributed to those responsible for obtaining and exposing it. The data was provided to HIBP by dehashed.com.

Zoomcar – 3,589,795 breached accounts

In July 2018, the Indian self-drive car rental company Zoomcar suffered a data breach which was subsequently sold on a dark web marketplace in 2020. The breach exposed over 3.5M records including names, email and IP addresses, phone numbers and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.

Mathway – 25,692,862 breached accounts

In January 2020, the math solving website Mathway suffered a data breach that exposed over 25M records. The data was subsequently sold on a dark web marketplace and included names, Google and Facebook IDs, email addresses and salted password hashes.

Please take the following actions if you have ever used one of these services

  • Change your password right away and never use the same password twice (see my article on credential stuffing below)
  • Send an email to them and let them know that you are aware of the breach and ask them to provide you with Identity protection and credit Monitoring services.

Please let me know if you need any help in relation to this.

Max Roberts,
Incognito Privacy Care