ShellCodeX Breach Report
ApexSMS Data Breach
Verified breach
Spam list
Accounts exposed
23,246,481
Breach date
15 Apr 2019
Added to tracker
21 Sep 2023
Data classes
7
What happened
In May 2019, news broke of a massive SMS spam operation known as "ApexSMS" which was discovered after a MongoDB instance of the same name was found exposed without a password. The incident leaked over 80M records with 23M unique email addresses alongside names, phone numbers and carriers, geographic locations (state and country), genders and IP addresses.
Exposed data
Email addresses
Genders
Geographic locations
IP addresses
Names
Phone numbers
Telecommunications carrier
Recommended actions
- Watch for targeted phishing emails referencing ApexSMS — attackers weaponise breach data quickly.
- Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
- Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP