Public breach reports where usernames were listed among exposed data types.
JCPenney suffered a data breach in June 2026 when ShinyHunters exploited a zero-day vulnerability in Oracle PeopleSoft, exposing personal and HR data for approximately 368,000 current and former employees.
Infinite Campus, a student information system, had data on approximately 137,000 accounts stolen and published by the ShinyHunters group in March 2026 following an extortion campaign.
Edmunds, the automotive research and car-shopping platform, had data on approximately 178,000 accounts exposed after the ShinyHunters hacking group claimed a breach in January 2026.
Atlas Menu, a GTA V and CS2 cheat service, had its database published to a public GitHub repository in May 2026, exposing data for approximately 64,000 accounts.
In January 2021, the Windows93 parody site's Myspace93 sub-site was breached via an exploited beta application, exposing data from approximately 46,000 accounts.
Dragonica Lunaris, a European private game server, suffered a data breach in December 2025 that exposed account data for approximately 126,000 users.
SongTrivia2, a music trivia platform, suffered a data breach in April 2026 affecting approximately 292,000 accounts, with data subsequently published to a public hacking forum.
Scuf Gaming suffered a data breach in June 2015 that exposed approximately 129,000 user accounts including email addresses, usernames, display names, IP addresses, and password hashes.
RuneScape Boards, a vBulletin-based forum, suffered a data breach in 2011 that exposed approximately 223,000 user accounts.
Provecho, a recipe and meal planning service, suffered a data breach in early 2026 affecting approximately 713,000 users.
Divine Skins, a League of Legends custom skins service, disclosed a data breach affecting over 105,000 users in March 2026.
BreachForums Version 5, a hacking forum, suffered a breach in March 2026 exposing approximately 340,000 user accounts with email addresses, usernames, and password hashes.