Have I Been Pwned Adds Unverified Speedio and Pemiblanc Breach Listings
Have I Been Pwned added breach entries for Speedio and Pemiblanc and labeled both incidents as unverified, indicating that some of the exposed records may be legitimate but the full datasets could not be authenticated beyond reasonable doubt. The listings were nevertheless published because they may contain personal information that affected individuals would want to know is circulating online.
The disclosures reflect HIBP's practice of retaining alleged breaches when there is evidence of real personal data exposure even if the broader incident cannot be conclusively validated. For defenders and privacy teams, the entries signal potential exposure tied to the two services and warrant user notification, credential hygiene checks, and monitoring for follow-on abuse involving leaked personal data.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
Have I Been Pwned adds unverified Pemiblanc breach listing
Have I Been Pwned published a breach entry for Pemiblanc and marked it as unverified, stating that some alleged breach data may be legitimate but the overall incident could not be authenticated beyond reasonable doubt. The entry was still retained to inform people whose personal information may be circulating.
Have I Been Pwned adds unverified Speedio breach listing
Have I Been Pwned published a breach entry for Speedio and marked it as unverified, indicating that while some data may be legitimate, the breach could not be confirmed beyond reasonable doubt. The listing was retained because it may expose personal information relevant to affected individuals.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Massive Addition of Nearly 2 Billion Compromised Accounts to Have I Been Pwned
Have I Been Pwned (HIBP), the widely used data breach notification service, has indexed nearly 2 billion unique email addresses and 1.3 billion passwords from newly obtained datasets, marking the largest single update in the platform's history. The data, sourced in part from threat intelligence provider Synthient, includes both stealer log data—collected by malware from infected machines—and credential stuffing lists, which are typically compiled from previous breaches and used to facilitate unauthorized access to accounts across multiple services. This update brings the total number of accounts tracked by HIBP to over 15 billion, significantly expanding the visibility of exposed credentials for individuals and organizations. The newly indexed records include 183 million unique email addresses uploaded on October 21, as well as a much larger corpus totaling nearly 2 billion addresses and 1.3 billion passwords, 625 million of which were previously unseen. Users are encouraged to check their exposure using HIBP's free search tools and to take immediate action if their credentials are found, such as changing passwords and enabling multi-factor authentication. The scale and diversity of the data highlight the ongoing risks of password reuse and the importance of proactive credential management to mitigate the threat of account takeover attacks.
Mar 21, 2026
Have I Been Pwned Adds Synthient Credential Stuffing Dataset
Have I Been Pwned (HIBP) has incorporated a massive dataset containing 1.96 billion unique email addresses and approximately 1.3 billion passwords into its breach notification platform. This dataset, known as the Synthient Credential Stuffing Threat Data, was aggregated by the threat intelligence firm Synthient from previously compromised credentials circulating on both clear and dark web forums. The data was not sourced from a single breach but compiled from multiple prior incidents, highlighting the ongoing risk posed by credential reuse and large-scale aggregation of stolen credentials. HIBP's addition of this dataset aims to alert users whose information may be at risk, emphasizing the importance of changing passwords, enabling two-factor authentication, and avoiding password reuse across platforms. The incident underscores the persistent threat of credential stuffing attacks, where cybercriminals use automated tools to exploit reused credentials and gain unauthorized access to accounts. The inclusion of this data in HIBP's database serves as a critical reminder for organizations and individuals to maintain strong password hygiene and remain vigilant against evolving cyber threats.
Mar 21, 2026
Have I Been Pwned Adds Quitbro and Lovora Breaches Linked to Plantake
Have I Been Pwned (HIBP) added two alleged February 2026 breaches affecting *Plantake*-made mobile apps: porn addiction app **Quitbro** and couples/relationship app **Lovora**. Quitbro exposure is listed as **sensitive** and not publicly searchable on HIBP; it allegedly impacted **23k** unique email addresses and included years of birth, in-app questionnaire responses, and users’ last recorded relapse time. Lovora allegedly exposed **496k** unique email addresses along with display names, profile photos, and other personal information collected through app usage; in both cases, Plantake reportedly did not respond to multiple contact attempts. Separately, Canadian retailer **Canadian Tire** disclosed an **October 2025** breach of an e-commerce customer database affecting **38+ million** accounts, with exposed data including names, addresses, emails, year of birth, and **PBKDF2** password hashes; a smaller subset included full dates of birth and some records included truncated payment card data. The company stated in-store transactions and certain business units (e.g., Canadian Tire Bank and Triangle Rewards) were not impacted, and it reported remediation, regulatory notification, customer outreach, and credit monitoring; HIBP also added the Canadian Tire dataset, but it is a distinct incident from the Plantake app breaches.
Mar 27, 2026