Please see below the details of 8 massive data breaches. Have you ever used any of these services?
InflateVids – 13,405 breached accounts
In December 2023, the inflatable and balloon fetish videos website InflateVids suffered a data breach. The incident exposed over 13k unique email addresses alongside usernames, IP addresses, genders and SHA-1 password hashes.
Kaneva – 3,901,179 breached accounts
In July 2016, now defunct website Kaneva, the service to “build and explore virtual worlds”, suffered a data breach that exposed 3.9M user records. The data included email addresses, usernames, dates of birth and salted MD5 password hashes.
Gemplex – 4,563,166 breached accounts
In February 2021, the Indian streaming platform Gemplex suffered a data breach that exposed 4.6M user accounts. The impacted data included device information, names, phone numbers, email addresses and bcrypt password hashes.
Movie Forums – 39,914 breached accounts
In December 2022, the Movie Forums website suffered a data breach that affected 40k users. The breach exposed email and IP addresses, usernames, dates of birth and passwords stored as easily crackable salted MD5 hashes. The data was subsequently posted a popular clear web hacking forum.
JoyGames – 4,461,787 breached accounts
In December 2019, the forum for the JoyGames website suffered a data breach that exposed 4.5M unique email addresses. The impacted data also included usernames, IP addresses and salted MD5 password hashes.
RailYatri – 23,209,732 breached accounts
In December 2022, India’s government-approved online travel agency RailYatri suffered a data breach. The incident impacted over 31M customers and exposed 23M unique email addresses. Also impacted were names, genders, phone numbers and tickets purchased, including travel information and fares.
SoarGames – 4,774,445 breached accounts
In December 2019, the now defunct gaming website SoarGames suffered a data breach that exposed 4.8M unique email addresses. The impacted data included usernames, email and IP addresses and salted MD5 password hashes.
Go Ninja – 4,999,001 breached accounts
In December 2019, the now defunct German gaming website Go Ninja suffered a data breach that exposed 5M unique email addresses. The impacted data included usernames, email and IP addresses and salted MD5 password hashes.
Please take the following actions if you have ever used one of these services.
* Change your password and make sure your new password is at least 10 characters long and contains an upper case, lower case, number and a symbol. You can even use a modified phrase or a line from a song if that helps you remember.
* Make sure you do not use the same password twice as this leaves you vulnerable to credential stuffing.
* Find a good password manager tool to help you remember all of your passwords. Some of our users say that 1Password is a good tool.
* Check out Incognito’s Email Hack Check tool. All you have to do is enter your email address and we will tell you instantly if it has been involved in one of the many data breaches that happen every day.
Please let me know if you need any help in relation to this.
All the best,
Incognito Privacy Care Team