In September 2018, the dating app to match people with different ethnicities Color Dating suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 220k unique email addresses along with bios, names, profile photos and bcrypt password hashes. The data was provided to HIBP by a source who requested it be attributed to "ANK (Veles)".
If you haven't changed your Color Dating password since 2018, do so immediately.
Add an extra layer of security to your account.
If you used the same password elsewhere, change those too.
Watch for unusual login attempts or messages from your account.
Website
Affected Accounts
Until Added to HIBP
Breach Occurred
Added to HIBP
Some breaches may be flagged as "unverified". In these cases, whilst there is legitimate data within the alleged breach, it may not have been possible to establish legitimacy beyond reasonable doubt.
Unverified breaches are still included in the system because regardless of their legitimacy, they still contain personal information about individuals who want to understand their exposure on the web.
Some breaches may be flagged as "fabricated". In these cases, it is highly unlikely that the breach contains legitimate data sourced from the alleged site but it may still be sold or traded under the auspices of legitimacy.
Often these incidents are comprised of data aggregated from other locations (or may be entirely fabricated), yet still contain actual email addresses unbeknownst to the account holder.
After a security incident which results in the disclosure of account data, the breach may be loaded into HIBP where it then sends notifications to impacted subscribers and becomes searchable. In very rare circumstances, that breach may later be permanently remove from HIBP where it is then classed as a "retired breach".
A retired breach is typically one where the data does not appear in other locations on the web, that is it's not being traded or redistributed. There are presently 2 retired breaches in the system.
HIBP enables you to discover if your account was exposed in most of the data breaches by directly searching the system. However, certain breaches are particularly sensitive in that someone's presence in the breach may adversely impact them if others are able to find that they were a member of the site.
A sensitive data breach can only be searched by the verified owner of the email address being searched for. This is done via the notification system which involves sending a verification email to the address with a unique link.
There are presently 74 sensitive breaches in the system including Adult FriendFinder, Ashley Madison, and others.