Hi Guys,

I hope you are well.

Spoutible – 207,114 breached accounts
In January 2024, Spoutible had 207k records scraped from a misconfigured API that inadvertently returned excessive personal information. The data included names, usernames, email and IP addresses, phone numbers (where provided to the platform), genders and bcrypt password hashes. The incident also exposed 2FA secrets and backup codes along with password reset tokens.

MyPertamina – 5,970,416 breached accounts
In November 2022, the Indonesian oil and gas company Pertamina suffered a data breach of their MyPertamina service. The incident exposed 44M records with 6M unique email addresses along with names, dates of birth, genders, physical addresses and purchases.

Hathway – 4,670,080 breached accounts
In December 2023, hundreds of gigabytes of data allegedly taken from Indian ISP and digital TV provider Hathway appeared on a popular hacking website. The incident exposed extensive personal information including 4.7M unique email addresses along with names, physical and IP addresses, phone numbers, password hashes and support ticket logs.

If you have an account with these three companies, please do the following:

* Change your password and make sure your new password is at least ten characters long and contains an upper case, lower case, number, and symbol. You can even use a modified phrase or a line from a song if that helps you remember
* Ensure you do not use the same password twice, leaving you vulnerable to credential stuffing.
* Find a good password manager tool to help you remember your passwords. Some of our users say that 1Password is a good tool.
* Check out Incognito’s Email Hack Check tool. All you have to do is enter your email address, and we will tell you instantly if it has been involved in one of the many data breaches that happen every day.

Please let me know if you need any help with this.

All the best,
Max Roberts,
Incognito Privacy Care Team