ShellCodeX Breach Report
HomeRefill Data Breach
homerefill.com.br
Verified breach
Passwords exposed
Accounts exposed
187,457
Breach date
02 Apr 2020
Added to tracker
03 Oct 2025
Data classes
5
What happened
In April 2020, now defunct Brazilian e-commerce platform HomeRefill suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 187k unique email addresses along with names, phone numbers, dates of birth and salted password hashes.
Exposed data
Dates of birth
Email addresses
Names
Passwords
Phone numbers
Recommended actions
- Change your HomeRefill password immediately, and update it anywhere you reused the same password.
- Enable two-factor authentication on the affected account and on your critical services (email, banking).
- Watch for targeted phishing emails referencing HomeRefill — attackers weaponise breach data quickly.
- Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
- Exposed identity data raises identity-theft risk — consider credit monitoring or a credit freeze.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP