ShellCodeX
Tools • Events • News • Insights
ShellCodeX Breach Report

HomeRefill Data Breach

homerefill.com.br
Limited exposure
Verified breach Passwords exposed
Accounts exposed 187,457
Breach date 02 Apr 2020
Added to tracker 03 Oct 2025
Data classes 5

What happened

In April 2020, now defunct Brazilian e-commerce platform HomeRefill suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 187k unique email addresses along with names, phone numbers, dates of birth and salted password hashes.

Exposed data

Dates of birth Email addresses Names Passwords Phone numbers

Recommended actions

  • Change your HomeRefill password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing HomeRefill — attackers weaponise breach data quickly.
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
  • Exposed identity data raises identity-theft risk — consider credit monitoring or a credit freeze.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP