ShellCodeX
Tools • Events • News • Insights
ShellCodeX Breach Report

Locally Data Breach

locally.com
Limited exposure
Verified breach Passwords exposed
Accounts exposed 362,619
Breach date 01 Oct 2022
Added to tracker 10 Jul 2023
Data classes 6

What happened

In October 2022, "The Industry's Leading Online-to-Offline Shopping Solution" Locally suffered a data breach. Whilst Locally acknowledged the breach privately, it's unknown whether impacted customers were subsequently notified of the incident which exposed over 362k names, phone numbers, email and physical addresses, purchases, credit card type and last four digits and bcrypt password hashes.

Exposed data

Email addresses Partial credit card data Passwords Phone numbers Physical addresses Purchases

Recommended actions

  • Change your Locally password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing Locally — attackers weaponise breach data quickly.
  • Monitor your bank and card statements closely and consider requesting a card replacement.
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP