Most reported breaches are in North America, at least in part because of relatively strict disclosure laws in North American countries. It is estimated that the average cost of a data breach will be over $150 million by 2020, with the global annual cost forecast to be $2.1 trillion.[1][2] As a result of data breaches, it is estimated that in first half of 2018 alone, about 4.5 billion records were exposed.[3] In 2019, a collection of 2.7 billion identity records, consisting of 774 million unique email addresses and 21 million unique passwords, was posted on the web for sale.[4]

Ophcrack is a free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms.

Animal Jam password cracker.rar

March 4, 2020: Hackers successfully accessed online accounts of customers of the apparel retailer, J-Crew, through a credential stuffing attack. Using exposed emails and passwords, the hackers were able to login to an unknown number of J-Crew customer accounts and gain access to stored information including the last four digits of credit card numbers, expiration dates, card types, billing addresses, order numbers, shipping confirmation numbers and shipment status.

April 6, 2020: A digital wallet app, Key Ring, left stored customer data of 14 million users accessible in an unsecured database. The app allows its users to easily upload and store scans and photos of membership and loyalty cards to a digital folder in their mobile device. The exposed data includes names, full credit card details (including CVV numbers), email address, birth date, address, membership ID numbers, retail club and loyalty card memberships, government IDs, gift cards, medical insurance cards, medical marijuana IDs, IP address and encrypted passwords.

April 14, 2020: The credentials of over 500,000 Zoom teleconferencing accounts were found for sale on the dark web and hacker forums for as little as $.02. Email addresses, passwords, personal meeting URLs and host keys are said to be collected through a credential stuffing attack.

April 14, 2020: A collection of 4 million login records belonging to the online marketplace Quidd was breached through a hack then posted on the dark web forum for free. Once accessible, the usernames, email addresses and hashed account passwords were shared among members of the forum.

April 22, 2020: A card payments processor startup, Paay, left a database containing 2.5 million card transaction records accessible online without a password. The exposed payment transaction belonging to 15 to 20 merchants includes full plaintext credit card number, expiry date and the amount spent.

April 27, 2020: A credential stuffing attack using previously exposed user IDs and passwords of popular video game company, Nintendo, granted hackers access to over 160,000 player accounts. With unauthorized access to the accounts, the fraudsters may have purchased digital items using stored cards and viewed personal information including name, date of birth, gender, country/region and email address.

May 13, 2020: Magellan Health, a Fortune 500 healthcare company, has sent a notice to its patients that it had fallen victim to a phishing scam and ransomware attack. The information held for ransom includes names, contact information, employee ID numbers, W-2 or 1099 information, including Social Security numbers or taxpayer identification numbers, as well as login credentials and passwords for employees.

May 20, 2020: The information belonging to 8 million users of the home meal delivery service, Home Chef, was found for sale on the dark web after a data breach. The data found for sale includes names, email addresses, phone numbers, addresses, scrambled passwords and the last four digits of credit card numbers.

May 20, 2020: Over 40 million users of the mobile app, Wishbone, had their personal information up for sale on the dark web. Usernames, emails, phone numbers, location information and hashed passwords were exposed in a data breach before being advertised in a hacking forum.

June 2, 2020: In a notification to its users, the passenger railroad service Amtrak announced an unknown third party accessed an undisclosed number of Amtrak Guest Rewards accounts. The company claims only usernames, passwords and some personal information was exposed, and no Social Security numbers or financial data was accessed.

July 23, 2020: The personal details of over 17 million users of the free online lodging service, CouchSurfing, was found for sale on the dark web. The user information disclosed included names, email addresses, user IDs and CouchSurfing account settings but no passwords.

July 28, 2020: The online alcohol delivery startup Drizly disclosed to its customers that a hacker accessed the account details of 2.5 million Drizly accounts. The customer information exposed included email addresses, date-of-birth and hashed passwords.

July 28, 2020: The video creation platform, Promo.com, confirmed their 22 million customers have had their personal and account information exposed in a third-party data breach. The compromised data includes names, email addresses, IP addresses, user location, gender and encrypted passwords.

August 21, 2020: Freepik, a free image database, sent out a breach notification to 8.3 million users that their account login information was exposed through injected malware on their website. The malware collected emails of all users and hashed passwords of 3.77 million users.

September 21, 2020: Over 500,000 gamer accounts of Activision, the video game publisher, were targeted in a credential stuffing attack. It has been reported that login data, such as email and password, was published publicly online, granting hackers access the Call of Duty accounts, often locking the rightful owner out of their account.

November 11, 2020: Animal Jam, a popular online game for kids, was hacked and 46 million account records were compromised in a data breach. The databases belonging to WildWorks, the company behind Animal Jam, were posted to an online hacking forum on the dark web. The data included information related to children and parent accounts, including usernames, emails, passwords, birth dates and billing addresses connected to PayPal accounts. 2ff7e9595c