XPost: talk.politics.misc, alt.fan.rush-limbaugh, sac.politics
XPost: talk.politics.guns

NemoWeb
In September 2016, almost 21GB of data from the French website used for "standardised and decentralized means of exchange for publishing newsgroup articles" NemoWeb was leaked from what appears to have been an unprotected Mongo DB. The data consisted of a large volume of emails sent to the
service and included almost 3.5M unique addresses, albeit many of them auto-generated. Multiple attempts were made to contact the operators of
NemoWeb but no response was received.

Compromised data:
Email addresses

Exploit.In
In late 2016, a huge list of email address and password pairs appeared in
a "combo list" referred to as "Exploit.In". The list contained 593 million unique email addresses, many with multiple different passwords hacked from various online systems. The list was broadly circulated and used for "credential stuffing", that is attackers employ it in an attempt to
identify other online systems where the account owner had reused their password. For detailed background on this incident, read Password reuse, credential stuffing and another billion records in Have I Been Pwned.

Compromised data:
Email addresses
Password

Anti Public Combo List
In December 2016, a huge list of email address and password pairs appeared
in a "combo list" referred to as "Anti Public". The list contained 458
million unique email addresses, many with multiple different passwords
hacked from various online systems. The list was broadly circulated and
used for "credential stuffing", that is attackers employ it in an attempt
to identify other online systems where the account owner had reused their password. For detailed background on this incident, read Password reuse, credential stuffing and another billion records in Have I Been Pwned.

Compromised data:
Email addresses
Passwords


River City Media Spam List
In January 2017, a massive trove of data from River City Media was found exposed online. The data was found to contain almost 1.4 billion records including email and IP addresses, names and physical addresses, all of
which was used as part of an enormous spam operation. Once de-duplicated,
there were 393 million unique email addresses within the exposed data.

Compromised data:
Email addresses
IP addresses
Names
Physical addresses


Onliner Spambot
In August 2017, a spambot by the name of Onliner Spambot was identified by security researcher Benkow moʞuƎq. The malicious software contained a server-based component located on an IP address in the Netherlands which exposed a large number of files containing personal information. In total, there were 711 million unique email addresses, many of which were also accompanied by corresponding passwords. A full write-up on what data was
found is in the blog post titled Inside the Massive 711 Million Record
Onliner Spambot Dump.

Compromised data:
Email addresses
Passwords

Verifications.io
In February 2019, the email address validation service verifications.io suffered a data breach. Discovered by Bob Diachenko and Vinny Troia, the
breach was due to the data being stored in a MongoDB instance left
publicly facing without a password and resulted in 763 million unique
email addresses being exposed. Many records within the data also included additional personal attributes such as names, phone numbers, IP addresses, dates of birth and genders. No passwords were included in the data. The Verifications.io website went offline during the disclosure process,
although an archived copy remains viewable.

Compromised data:
Dates of birth
Email addresses
Employers
Genders
Geographic locations
IP addresses
Job titles
Names
Phone numbers
Physical addresses


Data Enrichment Exposure From PDL Customer
In October 2019, security researchers Vinny Troia and Bob Diachenko
identified an unprotected Elasticsearch server holding 1.2 billion records
of personal data. The exposed data included an index indicating it was
sourced from data enrichment company People Data Labs (PDL) and contained
622 million unique email addresses. The server was not owned by PDL and
it's believed a customer failed to properly secure the database. Exposed information included email addresses, phone numbers, social media profiles
and job history data.

Compromised data:
Email addresses
Employers
Geographic locations
Job titles
Names
Phone numbers
Social media profiles

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)