978 disclosed16.04 B records

BREACHBreach timeline

Disclosed breaches catalogued by Have I Been Pwned — aggregate metadata only, no PII. Refreshed weekly. Authored by Adam Lundqvist.

978

disclosed breaches

16.04 B

records compromised

68%

involve passwords

malware-linked

Disclosed breaches per year

Clear year filter (2022)

Click a bar to filter the table by year. Bar tooltip shows the year’s record total.

Top 10 of 10 matching (Geographic locations) (2022)

Clear data-class filter

Name	Domain	Records	Date	Data classes
Twitter	twitter.com	6.7 M	2022-01-01	Bios, Email addresses, Geographic locations +4
Avito	avito.ma	2.7 M	2022-11-18	Email addresses, Geographic locations, IP addresses +2
CraftRise	craftrise.com.tr	2.5 M	2022-03-05	Email addresses, Geographic locations, Passwords +1
Washington State Food Worker Card	foodworkercard.wa.gov	1.6 M	2022-11-17	Dates of birth, Driver's licenses, Email addresses +2
Disk Union	diskunion.net	690.7 K	2022-06-24	Email addresses, Geographic locations, Names +3
Misattributed Flipkart Data	—	552.1 K	2022-09-02	Email addresses, Geographic locations, Latitude and longitude pairs +2
DoorDash	doordash.com	367.5 K	2022-08-02	Email addresses, Geographic locations, Names +1
Vultr	vultr.com	187.9 K	2022-07-08	Email addresses, Geographic locations, IP addresses +1
GiveSendGo	givesendgo.com	90.0 K	2022-02-07	Email addresses, Geographic locations, Names +1
Activision	activision.com	16.0 K	2022-12-04	Email addresses, Geographic locations, Job titles +2

Scope note. This release ships a server-rendered SVG year-histogram + filterable table instead of the brief’s interactive d3 timeline with brush selector + per-circle hover. The d3-scale / d3-shape upgrade is tracked as a follow-up at squr-cs-graph#issues. The HIBP feed has no per-record “ransomware-linked” flag — the brief’s 184 ransomware count is approximated by is_malware (7 today).

Sourced from Have I Been Pwned. Aggregate metadata only — no PII. Curated by Adam Lundqvist, Founder at SQUR.