I created a table from their page, but here is the source!
| Award Name | Recipient | Breach Details | Date |
|---|---|---|---|
| Say Something Without Saying Anything | Mixpanel | Analytics SDK used by apps like Ring and PornHub; breached user data from many apps (exact scope unclear); OpenAI dropped them. eff | November 2025 |
| We Still Told You So | Discord | Age verification data via Zendesk (third-party support): names, selfies, IDs, emails, addresses, phone numbers, IP addresses, billing info; 200M+ users affected. eff | September 2025 |
| Tea for Two | Tea Dating Advice and TeaOnHer | Tea: 72K images (IDs/selfies), 1.1M private messages (phones, abortion/cheating discussions). TeaOnHer: emails, usernames, IDs/selfies publicly exposed. eff | July-August 2025 |
| Just Stop Using Tracking Tech | Blue Shield of California | Misconfigured Google Analytics shared 4.7M health records (names, plans, providers, finances) for ~3 years, possibly for ads. eff | April 2025 (disclosed) |
| Hacker’s Hall Pass | PowerSchool | 60M+ students/teachers’ data (SSNs, medical records, grades); weak support portal security; lawsuits filed. eff | December 2024 |
| Worst. Customer. Service. Ever. | TransUnion | 4.4M customers’ names, DOBs, SSNs via third-party support app. eff | August 2025 |
| Annual Microsoft Screwed Up Again | Microsoft | SharePoint zero-day exploited by Chinese groups; 400+ orgs (incl. nuclear agency); thousands of vulnerable servers lingered. eff | July 2025 |
| I Didn’t Even Know You Had My Information | Gravy Analytics | Millions’ location history (coords tied to ad IDs) from 1B phones/day via apps; sold to brokers/govt; revealed military/gay users in risky areas. eff | January 2025 |
| Keeping Up With My Cybertruck | Teslamate | 1,300+ self-hosted dashboards exposed Tesla locations, speeds, charging, trips. eff | August 2025 |
| Disorder in the Courts | PACER | Federal court system (CM/ECF) hacked; possible exposure of confidential informants; outdated/unsustainable tech. eff | August 2025 |
| Only Stalkers Allowed | Catwatchful | Stalkerware data: 26K victims’ photos, messages, locations + customer emails/passwords. eff | July 2025 |
| Why We’re Still Stuck on Unique Passwords | Plex | Emails, usernames, hashed passwords (repeat from 2022 affecting 15M users). eff | 2025 (recent) |
| Uh, Yes, Actually, I Have Been Pwned | Troy Hunt’s Mailing List | Phishing via Mailchimp stole blog mailing list credentials. eff | 2025 |
| Silver Globe | Flat Earth Sun, Moon & Zodiac | User gender, names, emails, DOB, location (lat/long). eff | March 2025 (confirmed) |
Discover more from Erkan's Field Diary
Subscribe to get the latest posts sent to your email.