TrueFire

In 2020, TrueFire, a popular website offering online guitar lessons, suffered a data breach that exposed the personal information of 599,667 users. The leaked data included names, email addresses, physical addresses, phone numbers, and dates of birth. The breach was discovered on May 15, 2020, and TrueFire notified affected users on June 1, 2020.

The TrueFire leak was caused by a vulnerability in the companys website that allowed attackers to access the user database. The vulnerability was exploited using a SQL injection attack, which allowed attackers to execute arbitrary SQL queries on the TrueFire database. This allowed them to extract the user data and exfiltrate it from the system.