Breach Database / WeLeakInfo
Yes — WeLeakInfo was breached.
- 11,788 accounts affected
- Breach occurred 2021-03-08 · weleakinfo.com
- Verified entry in the Have I Been Pwned catalog
What happened
In March 2021, the Stripe account of the now-defunct WeLeakInfo service was taken over by "pompompurin" after acquiring an expired domain name with an email address used to manage the account. Access to Stripe then exposed almost 12k unique email addresses from customers who'd made credit card payments in order to obtain breached data hosted by WeLeakInfo. The data was subsequently leaked publicly and also included names, payment histories, IP addresses, billing addresses, partial credit card data and the organisation making the purchase.
What data was exposed
- Browser user agent details
- Email addresses
- Employers
- IP addresses
- Names
- Partial credit card data
- Physical addresses
- Purchases
What to do right now
- Watch your card and bank statements. Set up transaction alerts, and consider a card freeze or replacement if the exposure included full card numbers.
- Watch for targeted phishing mail. A leaked home address makes postal and doorstep scams more convincing.
- Expect convincing phishing emails. Attackers use breached details to write personalized emails. Be suspicious of any message referencing this service.
- Check your other accounts on Have I Been Pwned. Your email address may appear in other breaches you don't know about yet.
- Monitor the apps you use going forward. Clearly watches the breach record for the companies behind your apps and alerts you the moment one appears.
Breach data from Have I Been Pwned. Listing here means the service appears in the public breach record — not that your personal data was affected.