Back To Breaches


In September 2018, security researcher Bob Diachenko discovered a massive collection of personal details exposed in an unprotected Mongo DB instance. The data appears to have been used in marketing campaigns (possibly for spam purposes) but had little identifying data about it other than a description of "Yahoo_090618_ SaverSpy". The data set provided to HIBP had almost 2.5M unique email addresses (all of which were from Yahoo!) alongside names, genders and physical addresses.

  • Domain: Unknown
  • Breach Count: 2,457,420
  • Breach Date: Sept. 18, 2018
  • Added: Sept. 25, 2018
  • Verified: True
  • Fabricated: False
  • Events: 0
  • Source: HaveIBeenPwned