In August 2024, data aggregator MC2 Data left a database publicly accessible without a password which was subsequently discovered by a security researcher. The breach exposed the personal information of 2.1M subscribers to the service which was marketed under a series of different brand names. The data included email addresses, names and salted SHA-256 password hashes.



Source: HaveIBeenpwned
Source Link: https://haveibeenpwned.com/PwnedWebsites#MC2Data