ShellCodeX
Tools • Events • News • Insights
ShellCodeX Breach Report

Dubsmash Data Breach

dubsmash.com
Massive exposure
Verified breach Passwords exposed
Accounts exposed 161,749,950
Breach date 01 Dec 2018
Added to tracker 25 Feb 2019
Data classes 7

What happened

In December 2018, the video messaging service Dubsmash suffered a data breach. The incident exposed 162 million unique email addresses alongside usernames and PBKDF2 password hashes. In 2019, the data appeared listed for sale on a dark web marketplace (along with several other large breaches) and subsequently began circulating more broadly.

Exposed data

Email addresses Geographic locations Names Passwords Phone numbers Spoken languages Usernames

Recommended actions

  • Change your Dubsmash password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing Dubsmash — attackers weaponise breach data quickly.
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP