Thingiverse Exposed Subscriber Data in Breach Affecting Hundreds of Thousands of Users
Thingiverse, the 3D-model sharing platform, suffered a data exposure that placed user information in the hands of hackers, with one report describing a 36GB cache of data taken from the service. Reporting indicates the leak involved subscriber records and other user-related information from the MakerBot-owned platform, raising concerns that exposed account data could be used for credential abuse, phishing, or broader identity-focused attacks.
Subsequent coverage said the incident affected 228,000 subscribers, underscoring the scale of the breach and the sensitivity of the compromised dataset. The exposure drew attention to the security risks facing online maker communities and subscription platforms, particularly where large stores of user account information are retained and insufficiently protected against unauthorized access or exfiltration.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
Report says Thingiverse leak affects 228,000 subscribers
DataBreachesToday reported that a Thingiverse data leak affected 228,000 subscribers. This appears to describe the same broader incident with an updated affected-user count, but the reference block does not provide an explicit date for when that impact was determined.
Thingiverse data leak exposes 36GB of user data
Tom's Hardware reported a Thingiverse data leak in which hackers obtained 36GB of user data. The reference does not provide a specific event date beyond the report itself.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Multiple Consumer Data Exposures: IDMerit Database Leak, youX Intrusion, and Substack User Data Access
Cybersecurity researchers reported a major exposure at **IDMerit**, an AI-driven identity verification provider, after discovering an unsecured, internet-accessible **MongoDB** instance containing **over 3 billion records** (over 1TB). Exposed data reportedly included full names, addresses, dates of birth, national ID numbers, phone numbers, and email addresses; researchers estimated roughly **~1 billion** records contained sensitive data (with duplicates likely inflating the total). The dataset was described as global in scope, affecting individuals across **26 countries**, with large volumes attributed to the **US, Mexico, and the Philippines**, creating downstream risk for **identity fraud, account takeover, phishing, and SIM-swap** activity. Separately, Australian finance technology platform **youX** confirmed an **unauthorized third-party access** incident, after which a hacker claimed theft of data tied to **444,528** Australian borrowers and additional loan-application and identity data (including driver’s licence numbers, addresses, and credit/banking-related information), plus customer/staff details associated with broker organizations. **Substack** also confirmed unauthorized access to **limited user data** (including email addresses, phone numbers, and internal account metadata) that occurred in **October 2025** but was only identified on **Feb. 3, 2026**; Substack stated **passwords and payment card/financial data were not accessed**, but the extended detection gap raised concerns about monitoring and dwell time.
Mar 21, 2026
Tumblr Breach Exposed More Than 65 Million Accounts
Tumblr suffered a major breach that exposed data from more than 65 million user accounts, according to breach tracking and reporting tied to the incident. The compromised records included email addresses and passwords, with the passwords stored as salted `SHA-1` hashes, indicating attackers obtained credential data that could still pose risk if reused elsewhere. Subsequent analysis and reporting said the stolen database was later circulated and offered for sale on a dark market site, turning the intrusion into a broader credential exposure event. The scale of the breach placed Tumblr among the larger consumer platform compromises, and the publication of the dataset increased the likelihood of credential stuffing and account takeover attempts against affected users.
Jun 8, 2026
BreachForums Breaches Expose User Data After MyBB Zero-Day Compromise
BreachForums suffered repeated compromises that exposed member data across multiple iterations of the cybercrime forum. An earlier breach leaked details on about **4,000 members**, while a later incident tied to the forum's reboot reportedly spilled data on roughly **325,000 users**, underscoring the scale of exposure affecting one of the most prominent underground marketplaces. Reporting on the more recent compromise said the forum was hit through a **MyBB `0-day`** affecting unpatched software, with forum administrators claiming the intrusion was also linked to a broader law-enforcement crackdown. The incident disrupted the platform, prompted leadership changes including the emergence of a new admin, and highlighted how even criminal forums remain vulnerable to the same software flaws, operational failures, and data-security lapses that they routinely exploit in others.
May 25, 2026