Hi Guys,

Please see below the details of three massive data breaches. Have you ever used any of these services?

PayHere – 1,580,249 breached accounts
In late March 2022, the Sri Lankan payment gateway PayHere suffered a data breach that exposed more than 65GB of payment records including over 1.5M unique email addresses. The data also included IP and physical addresses, names, phone numbers, purchase histories and partially obfuscated credit card data (card type, first 6 and last 4 digits plus expiry date).

Aimware – 305,470 breached accounts
In mid-2019, the video game cheats website “Aimware” suffered a data breach that exposed hundreds of thousands of subscribers’ personal information. Data included email and IP addresses, usernames, forum posts, private messages, website activity and passwords stored as salted MD5 hashes.

Devil-Torrents.pl – 63,451 breached accounts
In early 2021, the Polish torrents website Devil-Torrents.pl suffered a data breach. A subset of the data including 63k unique email addresses and cracked passwords were subsequently socialised on a popular data breach sharing service.

Please take the following actions if you have ever used one of these services

  • Change your password and make sure your new password is at least 10 characters long and contains an upper case, lower case, number and a symbol. You can even use a modified phrase or a line from a song if that helps you remember.
  • Make sure you do not use the same password twice as this leaves you vulnerable to credential stuffing.
  • Find a good password manager tool to help you remember all of your passwords. Some of our users say that 1Password is a good tool.
  • Check out Incognito’s Email Hack Check tool. All you have to do is enter your email address and we will tell you instantly if it has been involved in one of the many data breaches that happen every day.

Please let me know if you need any help in relation to this.

All the best,
Max Roberts,
Incognito Privacy Care Team