ShellCodeX
Tools โ€ข Events โ€ข News โ€ข Insights
ShellCodeX Breach Report

SaverSpy Data Breach

Significant exposure
Verified breach Sensitive Spam list
Accounts exposed 2,457,420
Breach date 18 Sep 2018
Added to tracker 25 Sep 2018
Data classes 4

What happened

In September 2018, security researcher Bob Diachenko discovered a massive collection of personal details exposed in an unprotected Mongo DB instance. The data appears to have been used in marketing campaigns (possibly for spam purposes) but had little identifying data about it other than a description of "Yahoo_090618_ SaverSpy". The data set provided to HIBP had almost 2.5M unique email addresses (all of which were from Yahoo!) alongside names, genders and physical addresses.

Exposed data

Email addresses Genders Names Physical addresses

Recommended actions

  • Watch for targeted phishing emails referencing SaverSpy โ€” attackers weaponise breach data quickly.
  • Exposed identity data raises identity-theft risk โ€” consider credit monitoring or a credit freeze.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP