ShellCodeX Breach Report
Avvo Data Breach
avvo.com
Verified breach
Passwords exposed
Accounts exposed
4,101,101
Breach date
17 Dec 2019
Added to tracker
15 Apr 2022
Data classes
2
What happened
In approximately December 2019, an alleged data breach of the lawyer directory service Avvo was published to an online hacking forum and used in an extortion scam (it's possible the exposure dates back earlier than that). The data contained 4.1M unique email addresses alongside SHA-1 hashes, most likely representing user passwords. Multiple attempts at contacting Avvo over the course of a week were unsuccessful and the authenticity of the data was eventually verified with common Avvo and HIBP subscribers.
Exposed data
Email addresses
Passwords
Recommended actions
- Change your Avvo password immediately, and update it anywhere you reused the same password.
- Enable two-factor authentication on the affected account and on your critical services (email, banking).
- Watch for targeted phishing emails referencing Avvo โ attackers weaponise breach data quickly.
- Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP