ShellCodeX
Tools โ€ข Events โ€ข News โ€ข Insights
ShellCodeX Breach Report

Kayo.moe Credential Stuffing List Data Breach

Major exposure
Unverified Passwords exposed
Accounts exposed 41,826,763
Breach date 11 Sep 2018
Added to tracker 13 Sep 2018
Data classes 2

What happened

In September 2018, a collection of almost 42 million email address and plain text password pairs was uploaded to the anonymous file sharing service kayo.moe. The operator of the service contacted HIBP to report the data which, upon further investigation, turned out to be a large credential stuffing list. For more information, read about The 42M Record kayo.moe Credential Stuffing Data.

Exposed data

Email addresses Passwords

Recommended actions

  • Change your Kayo.moe Credential Stuffing List password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing Kayo.moe Credential Stuffing List โ€” attackers weaponise breach data quickly.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP