Latest Breach Articles
My Lovely AI - 106,271 breached accounts
In April 2026, the NSFW AI girlfriend platform My Lovely AI suffered a data breach that exposed over 100k users. The data included user-created prompts and links to the resulting AI-generated images, along with a small number of Discord and X usernames.
Crunchyroll - 1,195,684 breached accounts
In March 2026, the anime streaming service Crunchyroll suffered a data breach alleged to have impacted 6.8M users. The exposed data is reported to have originated from the company's Zendesk support system where "name, login name, email address, IP address, general geographic location and the contents of the support...
SongTrivia2 - 291,739 breached accounts
In April 2026, the music trivia platform SongTrivia2 suffered a data breach that was subsequently published to a public hacking forum. The data contained a total of 291k unique email addresses sourced from either Google OAuth logins or accounts created on the site, the latter also containing bcrypt password hashes....
Shared Enemy: Inside a Chinese Dark Web Monitoring Database | UpGuard
An exposed database of dark web threat intel reveals how China responds to the common threat of the cyber-criminal underground.
SUCCESS - 253,510 breached accounts
In March 2026, the personal development and achievement media brand SUCCESS suffered a data breach. The incident exposed 250k unique email addresses along with names, IP addresses, phone numbers and, for a limited number of staff members, bcrypt password hashes. The data also included orders containing physical...
Cuties AI - 144,250 breached accounts
In March 2026, the NSFW AI companion platform Cuties AI suffered a data breach that was subsequently published to a public hacking forum. The incident exposed 144k unique email addresses along with display names, avatars, prompts and descriptions used to generate AI adult images, as well as URLs to the generated...
Social Insecurity: Billions of Social Security Number and Passwords | UpGuard
UpGuard research found a trove of sensitive information in an exposed Elastic database. Getting to the bottom of what it meant led us down an interesting path.
Streamlit: The Tip of The Shadow AI Iceberg | UpGuard
Tens of thousands of AI-enabled web applications using the Streamlit framework are publicly available, exposing PII and other confidential data.
Identifying Companies Affected by the Shai-Hulud NPM Supply Chain Attack | UpGuard
Using Github event archives, UpGuard Research identifies companies with indicators of compromise of the Shai-Hulud attacks, even after the repos have been deleted.
Unclaimed Property: How an Unknown Entity Exposed Indian Banking Information | UpGuard
UpGuard discovered a rapidly growing data leak of bank accounts in Indiaβ and no one to take responsibility for it.
Snowflake
In the spring of 2024, a number of Snowflake customers suffered data breaches when cybercriminals announced they had data sets from high-profile customers like TicketMaster, LendingTree, Neiman Marcus, and Santander. While Snowflake & Mandiant found no evidence their cloud offering was compromised, these incidents...
Football Australia
Football Australia, the national governing authority for the sport, embedded an AWS Access Key in their website that granted access to 126 S3 Buckets containing sensitive information for players and fans.
Microsoft (Midnight Blizzard)
Leveraging an unused account, the Russian APT Midnight Blizzard was able to pivot into Microsoftβs corporate Office 365 to access the emails of key executives and cyber-security employees. Midnight Blizzard was searching for what information Microsoft knew about themselves.
First Republic Bank
In March 2020, a cloud engineer was terminated from First Republic Bank and subsequently accessed their AWS & GitHub environment to cause damage.
Retool MFA
An engineer at Retool fell victim to a social engineering attack that led to the compromise of an engineerβs MFA tokens and the account takeover of a small number of Retool customers.