Multiple Unrelated Data Breaches Disclosed in December 2025
Several organizations disclosed data breaches affecting user and customer information, with incidents spanning different industries and timeframes. The Botting Network, a now-defunct forum focused on botting, suffered a breach in August 2012 that exposed 96,000 user records, including email addresses, usernames, dates of birth, and salted MD5 password hashes. Web Hosting Talk, a vBulletin-based forum, experienced a breach in July 2016, resulting in the exposure of 515,000 user records containing usernames, email addresses, IP addresses, and salted MD5 password hashes. Both breaches were added to public breach notification services in December 2025.
In a separate incident, AUTOSUR, a French vehicle inspection company, reported a breach in March 2025 that compromised over 10 million customer records, with 487,000 unique email addresses exposed alongside names, phone numbers, physical addresses, and detailed vehicle information. Additionally, Vocatura, Spagnuolo & Company, a Massachusetts-based accounting firm, disclosed a breach involving unauthorized access to a single email account, potentially exposing sensitive personal information of over 980 individuals. The exact data types affected in the Vocatura breach have not been publicly specified as of the latest disclosure.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
6 events from the most recent confirmed update back to the earliest known activity.
Vocatura, Spagnuolo & Company breach investigation is publicly posted
A public data breach investigation notice concerning Vocatura, Spagnuolo & Company was published by Strauss Borrelli on December 18, 2025. No further incident details were provided in the reference content.
AUTOSUR publishes disclosure notice about the breach
After the March 2025 incident, AUTOSUR published a disclosure notice with additional details about the data breach. The notice acknowledged the exposure of customer contact and vehicle-related information.
AUTOSUR breach exposes over 10 million customer records
In March 2025, French vehicle inspection company AUTOSUR experienced a data breach involving more than 10 million customer records, including 487,000 unique email addresses. The exposed data included names, phone numbers, physical addresses, vehicle make and model, VINs, and registration plate information.
Web Hosting Talk forum breach compromises 515,000 accounts
In July 2016, the vBulletin-based Web Hosting Talk forum experienced a data breach that exposed approximately 515,000 user records. The compromised data included usernames, email addresses, IP addresses, and salted MD5 password hashes.
The Botting Network forum breach exposes 96,000 records
In August 2012, The Botting Network, a now-defunct vBulletin forum focused on botting, suffered a data breach affecting about 96,000 user records. Exposed data included email addresses, usernames, dates of birth, and salted MD5 password hashes.
Web Hosting Talk breach data is later listed for sale
Following the 2016 Web Hosting Talk breach, the stolen data was later offered for sale. The reference does not specify when the sale listing occurred.
Sources
1 reference tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Multiple High-Profile Data Breaches at SoundCloud, Pornhub, and 700Credit
SoundCloud, Pornhub, and 700Credit have each confirmed significant data breaches impacting millions of users. SoundCloud reported unauthorized access to an ancillary service dashboard, affecting approximately 20% of its 140 million users—about 28 million people. The exposed data included email addresses and information already visible on public profiles, with no passwords or financial details compromised. The incident also caused temporary connectivity issues for some users, particularly those using VPNs, due to configuration changes made during the response. Pornhub notified select Premium subscribers that some user data was exposed following a breach at Mixpanel, a third-party analytics provider, but emphasized that sensitive information such as passwords, payment details, and government IDs were not affected. Pornhub had ceased using Mixpanel in 2021 and was informed of the breach by the vendor. 700Credit, a US-based provider of credit and identity verification services, suffered a third-party supply-chain attack that compromised the personal information of approximately 5.6 million individuals. The breach, which occurred between May and October 2025, involved unauthorized access to names, addresses, dates of birth, and Social Security numbers through a compromised API used by one of 700Credit's integration partners. 700Credit has since shut down the affected API, notified federal authorities, and is offering credit monitoring to victims. These incidents highlight the ongoing risks posed by third-party service providers and the importance of timely breach notification and response.
Mar 21, 2026
January 2026 Data Breaches and Exposures Roundups
Two security-news roundups highlighted a broad set of **unrelated cyber incidents** rather than a single cohesive event. *Security Magazine* summarized seven January 2026 breach/exposure headlines and cited the Identity Theft Resource Center’s 2025 Data Breach Report, which reported **2025 as the highest year on record for breach counts** while **victim notices fell 79% year-over-year**, suggesting a shift away from 2024-style “mega-breaches” toward more frequent, targeted theft of high-value data. Among the incidents called out were the alleged theft and public release of roughly **860 GB of Target internal source code and developer documentation** (posted to *Gitea*), a breach of **BreachForums** that exposed metadata for about **324,000** associated individuals (e.g., usernames, emails, registration dates, IP addresses), and an **ICE data leak** involving an uploaded database that reportedly exposed sensitive information on personnel (including roughly **2,000 agents** and **150 supervisors**). Separately, *The Cyber Express* weekly roundup described a **cyberattack disrupting Spain’s Ministry of Science, Innovation, and Universities**, forcing a partial IT shutdown and temporary closure of its electronic headquarters, and also covered AI/policy items (e.g., OpenAI controlled access for cyber defense models), reinforcing that the reporting was a multi-topic digest rather than a single incident narrative.
Mar 21, 2026
Carding Mafia Forum Breached Twice, Exposing Nearly 600,000 Criminal Marketplace Accounts
The cybercrime forum **Carding Mafia**, which was used for the theft and trading of stolen credit cards, suffered two separate data breaches in 2021 that together exposed records tied to nearly **600,000 member accounts**. One breach in **March 2021** affected nearly 300,000 members, while a second breach in **December 2021** exposed more than 300,000 more, showing repeated compromise of the same criminal platform within nine months. Across the two incidents, the leaked data included **email addresses, usernames, IP addresses, and passwords hashed with salted `MD5`**. Both breaches were classified as **sensitive** and were not made publicly searchable by Have I Been Pwned, but the disclosures highlight that even illicit forums can become sources of credential exposure, infrastructure intelligence, and attribution data for defenders and investigators.
Mar 27, 2026