Optus (Australia 2026)
2.8M customer records stolen via API vulnerability in self-service portal
Technology & Software Data Breaches (1095 indexed)
Match Group (Hinge / OkCupid)
10M+ dating records stolen by ShinyHunters via Okta SSO social engineering
Zscaler Cloud Security
150K enterprise zero-trust configurations exposed — test environment breach spread to prod
Amazon Web Services (Customer Data)
2.8M customer billing records and account metadata exposed via misconfigured internal tool
Microsoft Windows
Microsoft Windows Information Disclosure Vulnerability — Microsoft Windows Desktop Windows Manager contains an information disclosure vulnerability that allows an authorized attacker to disclose information locally.
Gogs Gogs
Gogs Path Traversal Vulnerability — Gogs contains a path traversal vulnerability affecting improper Symbolic link handling in the PutContents API that could allow for code execution.
6,215,150 records exposed — Display names, Email addresses, Geographic locations, Phone numbers and 1 more
Tesla Inc.
75K employee records leaked by former staff to German newspaper — payroll, SSNs, complaints
Datadog Inc.
APM and logging data from 340 enterprise customers exposed via compromised CI/CD pipeline
ABB Ltd (Switzerland)
560K automation records exposed
NEC Corporation
560K corporate client records stolen
Spark New Zealand
450K customer records exposed in targeted attack
Instagram (Alleged Leak)
17.5M account records posted to BreachForums
Booking.com
2.3M guest records compromised in phishing campaign targeting hotels
BreachForums (2025)
672,247 records exposed — Email addresses, Forum posts, Passwords, Private messages and 1 more
Bosch Group
560K manufacturing and IoT device records exposed
Linear (Project Management)
120K workspace records exposed via OAuth misconfiguration
Microsoft Office
Microsoft Office PowerPoint Code Injection Vulnerability — Microsoft Office PowerPoint contains a code injection vulnerability that allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineT
Hewlett Packard Enterprise (HPE) OneView
Hewlett Packard Enterprise (HPE) OneView Code Injection Vulnerability — Hewlett Packard Enterprise (HPE) OneView contains a code injection vulnerability that allows a remote unauthenticated user to perform remote code ex
Bandai Namco (Japan)
340K gaming records exposed in ransomware
MongoDB MongoDB and MongoDB Server
MongoDB and MongoDB Server Improper Handling of Length Parameter Inconsistency Vulnerability — MongoDB Server contains an improper handling of length parameter inconsistency vulnerability in Zlib compressed protocol head
WIRED
2,364,431 records exposed — Dates of birth, Display names, Email addresses, Genders and 4 more
Digiever DS-2105 Pro
Digiever DS-2105 Pro Missing Authorization Vulnerability — Digiever DS-2105 Pro contains a missing authorization vulnerability which could allow for command injection via time_tzsetup.cgi.
WIRED / Conde Nast
2.3M subscriber records leaked on hacking forum