ShellCodeX Breach Report
GFAN Data Breach
gfan.com
Unverified
Passwords exposed
Accounts exposed
22,526,334
Breach date
10 Oct 2016
Added to tracker
10 Oct 2016
Data classes
4
What happened
In October 2016, data surfaced that was allegedly obtained from the Chinese website known as GFAN and contained 22.5M accounts. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified". The data in the breach contains email and IP addresses, user names and salted and hashed passwords. Read more about Chinese data breaches in Have I Been Pwned.
Exposed data
Email addresses
IP addresses
Passwords
Usernames
Recommended actions
- Change your GFAN password immediately, and update it anywhere you reused the same password.
- Enable two-factor authentication on the affected account and on your critical services (email, banking).
- Watch for targeted phishing emails referencing GFAN โ attackers weaponise breach data quickly.
- Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP