ShellCodeX Breach Report
Operation Endgame 2.0 Data Breach
Verified breach
Malware sourced
Passwords exposed
Accounts exposed
15,436,844
Breach date
23 May 2025
Added to tracker
23 May 2025
Data classes
2
What happened
In May 2025, a coalition of law enforcement agencies took down the criminal infrastructure behind the malware used to launch ransomware attacks in a new phase of "Operation Endgame". This followed the first Operation Endgame exercise a year earlier, with the latest action resulting in 15.3M victim email addresses being provided to HIBP by law enforcement. A further 43.8M victim passwords were also provided for HIBP's Pwned Passwords service.
Exposed data
Email addresses
Passwords
Recommended actions
- Change your Operation Endgame 2.0 password immediately, and update it anywhere you reused the same password.
- Enable two-factor authentication on the affected account and on your critical services (email, banking).
- Watch for targeted phishing emails referencing Operation Endgame 2.0 โ attackers weaponise breach data quickly.
- Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP