ShellCodeX
Tools • Events • News • Insights
ShellCodeX Breach Report

Playbook Data Breach

playbook.vc
Limited exposure
Verified breach Passwords exposed
Accounts exposed 50,538
Breach date 19 Oct 2020
Added to tracker 11 Oct 2021
Data classes 6

What happened

In September 2021, a publicly accessible PostgresSQL database belonging to the Playbook service was identified. Run by VC firm Plug and Play Ventures, the database had been exposed since October 2020 and contained more than 50 thousand unique email addresses along with names, phone numbers, job titles and passwords stored as PBKDF2 hashes. It took more than 2 weeks after being notified of the exposed data to properly secure it. It's unknown whether Plug and Play Ventures notified impacted individuals as they ceased responding to queries from the press.

Exposed data

Email addresses Job titles Names Passwords Phone numbers Social media profiles

Recommended actions

  • Change your Playbook password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing Playbook — attackers weaponise breach data quickly.
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP