ShellCodeX Breach Report
Exploit.In Data Breach
Unverified
Passwords exposed
Accounts exposed
593,427,119
Breach date
13 Oct 2016
Added to tracker
06 May 2017
Data classes
2
What happened
In late 2016, a huge list of email address and password pairs appeared in a "combo list" referred to as "Exploit.In". The list contained 593 million unique email addresses, many with multiple different passwords hacked from various online systems. The list was broadly circulated and used for "credential stuffing", that is attackers employ it in an attempt to identify other online systems where the account owner had reused their password. For detailed background on this incident, read Password reuse, credential stuffing and another billion records in Have I Been Pwned.
Exposed data
Email addresses
Passwords
Recommended actions
- Change your Exploit.In password immediately, and update it anywhere you reused the same password.
- Enable two-factor authentication on the affected account and on your critical services (email, banking).
- Watch for targeted phishing emails referencing Exploit.In โ attackers weaponise breach data quickly.
- Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP