ShellCodeX Breach Report
MEO Data Breach
meoair.com
Verified breach
Passwords exposed
Accounts exposed
8,227
Breach date
24 Dec 2020
Added to tracker
24 Apr 2023
Data classes
7
What happened
In early 2023, a corpus of data sourced from the New Zealand based face mask company MEO was discovered. Dating back to December 2020, the data contained over 8k customer records including names, addresses, phone numbers and passwords stored as MD5 Wordpress hashes. MEO did not respond to multiple attempts to report the breach.
Exposed data
Email addresses
Names
Passwords
Phone numbers
Physical addresses
Purchases
Usernames
Recommended actions
- Change your MEO password immediately, and update it anywhere you reused the same password.
- Enable two-factor authentication on the affected account and on your critical services (email, banking).
- Watch for targeted phishing emails referencing MEO โ attackers weaponise breach data quickly.
- Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
- Exposed identity data raises identity-theft risk โ consider credit monitoring or a credit freeze.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP