DevaOnBreaches

Stay ahead of emerging threats with the @xposedornot CXO Dashboard 🚀 Get instant visibility into recent breaches targeting your company and respond quickly to prevent account takeovers.

@XposedOrNot += Aura Data Breach The Aura #databreach occurred in March 2026 when the online safety service disclosed a breach involving data linked to a marketing tool from an acquired company, exposing 922K unique email addresses and associated information.

Navia Benefit Solutions disclosed a #databreach affecting ~2.7M people: hackers accessed systems (Dec 22, 2025–Jan 15, 2026), exposing personal data like SSNs and emails. No financial/claims data leaked, but phishing risk remains. bleepingcomputer.com/news/security/…

@XposedOrNot += Thermomix owners’ recipe forum Data Breach The Rezeptwelt #databreach occurred in January 2025 and exposed details of 3.1M registered users of the Thermomix owners’ recipe forum. Exposed data: Names, Email addresses, Physical addresses, Phone numbers, Dates of birth

@XposedOrNot += Cal AI Data Breach The Cal AI #databreach occurred in March 2026 and exposed over 3M user records from the AI-powered calorie tracking app, including more than 2.8M unique email addresses and associated profile information. Exposed data: Email addresses, Names, Dates of birth, Genders, Usernames, Linked social media profiles

Telus confirmed a breach at its subsidiary, Telus Digital, after hackers infiltrated internal systems and allegedly stole up to 700TB–1PB of data. #databreach hackread.com/shinyhunters-1…

Starbucks disclosed a #databreach after attackers used phishing sites to access 889 employee Partner Central accounts, exposing data like SSNs, DOBs, and bank details. bleepingcomputer.com/news/security/…

Iran-linked hacktivist group Handala claims a massive data-wiping attack on medical tech giant Stryker, alleging 200K+ devices were erased across 79 countries. Offices reportedly disrupted, with staff sent home in Ireland. krebsonsecurity.com/2026/03/iran-b…

Bell Ambulance in Milwaukee disclosed a #databreach after unauthorized network access dating back to Feb 2025. Personal data of 114K people may be exposed, including SSNs and medical info. hackread.com/bell-ambulance…

Loblaw, Canada’s largest food & pharmacy retailer (2,500 stores), disclosed a #databreach where hackers accessed basic customer info (names, emails, phone numbers). bleepingcomputer.com/news/security/…

@XposedOrNot += APOIA.se Data Breach The APOIA.se #databreach occurred in December 2025 when the platform’s database was posted to an online forum, later confirmed in January 2026, exposing 451K unique email addresses and associated user information.

North Korean threat actor UNC4899 is suspected of a sophisticated 2025 attack on a crypto firm, using social engineering and a developer’s personal device to infiltrate Google Cloud, abuse DevOps workflows, escalate privileges, and ultimately steal millions in cryptocurrency, Google says. thehackernews.com/2026/03/unc489…

Ericsson Inc. says a breach at a third-party service provider exposed sensitive data of 15K employees and customers, including SSNs, IDs, financial and medical info. The intrusion occurred in April 2025, but affected individuals were only identified in Feb 2026. #databreach bleepingcomputer.com/news/security/…

ShinyHunters has warned ~400 organisations it hacked data from websites built on Salesforce Experience Cloud, threatening to leak the records unless ransom demands are met. #databreach hackread.com/shinyhunters-h…

Cal AI, the AI-powered calorie tracking app and new owner of MyFitnessPal, was allegedly breached by hacker “vibecodelegend,” who claims to have leaked 12GB of data from 3M+ users, including emails, personal details, and meal logs. #databreach hackread.com/cal-ai-myfitne…

TriZetto (under Cognizant) disclosed a #databreach exposing sensitive data of 3.4M+ people after hackers accessed an insurance verification portal from Nov 2024–Oct 2025. Exposed info may include names, DOBs, SSNs & insurance details. bleepingcomputer.com/news/security/…

@XposedOrNot February 2026 update. Here is what is new for you: ☑️ Risk scoring is smarter. It weighs what leaked, not just that it leaked. ☑️See your attack path and how your exposed data gets used against you. ☑️New heatmap shows which of your data appears most across breaches. ☑️ 21 new breaches, 138.8M records this month. ☑️Full UI refresh, works better on mobile. Verify your domain and see every breach tied to your business emails in one place. xposedornot.com

@XposedOrNot += Ggumim(Decorating the House) Data Breach The Ggumim #databreach occurred in March 2020, when the Korean interior decoration website ggumim.co.kr was compromised, affecting nearly 1.3M members, and the data was later widely shared online. Exposed data: Email addresses, Names, Usernames, Phone numbers Potential risks: Phishing, Identity theft, Targeted scams, Privacy breaches

@XposedOrNot += BitView Data Breach The BitView #databreach occurred in December 2024 and exposed 63K user records from the video-sharing community. Exposed data: Email addresses, IP addresses, Usernames, Passwords (bcrypt hashes), Gender, Dates of birth, Countries Potential risks: Account takeover, Credential stuffing, Phishing, Targeted scams, Privacy breaches

Hackers from FulcrumSec breached LexisNexis Legal & Professional via an unpatched React app, accessing legacy data from before 2020. About 2GB of files and info on 21k+ accounts were reportedly taken, including some .gov users. The company says no financial data, SSNs, or active passwords were exposed. #databreach bleepingcomputer.com/news/security/…

Hacktivist group “Department of Peace” claims it hacked the U.S. Department of Homeland Security and leaked contract data involving 6,000+ companies like Microsoft, Oracle, and Palantir Technologies. The group says it exposed firms working with immigration enforcement to protest government actions. Data was published by Distributed Denial of Secrets. #databreach techcrunch.com/2026/03/02/hac…