Hi Guys,
Please see below details of five massive data breaches. Have you ever used any of these services?
Hurb – 20,727,771 breached accounts
In approximately March 2019, the online Brazilian travel agency Hurb (formerly Hotel Urbano) suffered a data breach. The data subsequently appeared online for download the following year and included over 20 million customer records with email and IP addresses, names, dates of birth, phone numbers and passwords stored as unsalted MD5 hashes. The data was provided to Incognito by HIBP via dehashed.com.
Drizly – 2,479,044 breached accounts
In approximately July 2020, the US-based online alcohol delivery service Drizly suffered a data breach. The data was sold online before being extensively redistributed and contained 2.5 million unique email addresses alongside names, physical and IP addresses, phone numbers, dates of birth and passwords stored as bcrypt hashes. The data was provided to Incognito by HIBP via dehashed.com.
Scentbird – 5,814,988 breached accounts
In June 2020, the online fragrance service Scentbird suffered a data breach that exposed the personal information of over 5.8 million customers. Personal information including names, email addresses, genders, dates of birth, passwords stored as bcrypt hashes and indicators of password strength were all exposed. The data was provided to Incognito by HIBP via dehashed.com.
Appen – 5,888,405 breached accounts
In June 2020, the AI training data company Appen suffered a data breach exposing the details of almost 5.9 million users which were subsequently sold online. Included in the breach were names, email addresses and passwords stored as bcrypt hashes. Some records also contained phone numbers, employers and IP addresses.
Chatbooks – 2,520,441 breached accounts
In March 2020, the photo print service Chatbooks suffered a data breach which was subsequently put up for sale on a dark web marketplace. The breach contained 15 million user records with 2.5 million unique email addresses alongside names, phone numbers, social media profiles and salted SHA-512 password hashes. The data was provided to Incognito by HIBP via dehashed.com.
Please take the following actions if you have ever used one of these services
- Change your password right away and never use the same password twice (see my article on credential stuffing below)
- Send an email to them and let them know that you are aware of the breach and ask them to provide you with Identity protection and credit Monitoring services.
Please let me know if you need any help in relation to this.
Max Roberts,
Incognito Privacy Care