Breach Database / ApexSMS
Yes — ApexSMS was breached.
- 23.2 million accounts affected
- Breach occurred 2019-04-15
- Verified entry in the Have I Been Pwned catalog
What happened
In May 2019, news broke of a massive SMS spam operation known as "ApexSMS" which was discovered after a MongoDB instance of the same name was found exposed without a password. The incident leaked over 80M records with 23M unique email addresses alongside names, phone numbers and carriers, geographic locations (state and country), genders and IP addresses.
What data was exposed
- Email addresses
- Genders
- Geographic locations
- IP addresses
- Names
- Phone numbers
- Telecommunications carrier
What to do right now
- Be alert for smishing and SIM-swap attempts. Treat unexpected texts and "carrier" calls with suspicion; add a PIN/port-freeze with your mobile carrier.
- Expect convincing phishing emails. Attackers use breached details to write personalized emails. Be suspicious of any message referencing this service.
- Check your other accounts on Have I Been Pwned. Your email address may appear in other breaches you don't know about yet.
- Monitor the apps you use going forward. Clearly watches the breach record for the companies behind your apps and alerts you the moment one appears.
Breach data from Have I Been Pwned. Listing here means the service appears in the public breach record — not that your personal data was affected.