ShellCodeX
Tools • Events • News • Insights
ShellCodeX Breach Report

ApexSMS Data Breach

Major exposure
Verified breach Spam list
Accounts exposed 23,246,481
Breach date 15 Apr 2019
Added to tracker 21 Sep 2023
Data classes 7

What happened

In May 2019, news broke of a massive SMS spam operation known as "ApexSMS" which was discovered after a MongoDB instance of the same name was found exposed without a password. The incident leaked over 80M records with 23M unique email addresses alongside names, phone numbers and carriers, geographic locations (state and country), genders and IP addresses.

Exposed data

Email addresses Genders Geographic locations IP addresses Names Phone numbers Telecommunications carrier

Recommended actions

  • Watch for targeted phishing emails referencing ApexSMS — attackers weaponise breach data quickly.
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP