ShellCodeX Breach Report
MC2 Data Data Breach
Verified breach
Passwords exposed
Accounts exposed
2,122,280
Breach date
18 Aug 2024
Added to tracker
15 Dec 2024
Data classes
3
What happened
In August 2024, data aggregator MC2 Data left a database publicly accessible without a password which was subsequently discovered by a security researcher. The breach exposed the personal information of 2.1M subscribers to the service which was marketed under a series of different brand names. The data included email addresses, names and salted SHA-256 password hashes.
Exposed data
Email addresses
Names
Passwords
Recommended actions
- Change your MC2 Data password immediately, and update it anywhere you reused the same password.
- Enable two-factor authentication on the affected account and on your critical services (email, banking).
- Watch for targeted phishing emails referencing MC2 Data โ attackers weaponise breach data quickly.
- Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP