ShellCodeX
Tools • Events • News • Insights
ShellCodeX Breach Report

1win Data Breach

1win.com
Major exposure
Verified breach Passwords exposed
Accounts exposed 96,166,543
Breach date 02 Nov 2024
Added to tracker 03 Feb 2025
Data classes 6

What happened

In November 2024, the online betting platform 1win suffered a data breach that exposed 96M users. The exposed data included email and IP addresses, phone numbers, dates of birth, country and SHA-256 password hashes.

Exposed data

Dates of birth Email addresses Geographic locations IP addresses Passwords Phone numbers

Recommended actions

  • Change your 1win password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing 1win — attackers weaponise breach data quickly.
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
  • Exposed identity data raises identity-theft risk — consider credit monitoring or a credit freeze.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP