ShellCodeX
Tools • Events • News • Insights
ShellCodeX Breach Report

ShopBack Data Breach

shopback.com
Major exposure
Verified breach Passwords exposed
Accounts exposed 20,529,819
Breach date 17 Sep 2020
Added to tracker 25 Apr 2021
Data classes 5

What happened

In September 2020, the cashback reward program ShopBack suffered a data breach. The incident exposed over 20 million unique email addresses along with names, phone numbers, country of residence and passwords stored as salted SHA-1 hashes. The data was provided to HIBP by dehashed.com.

Exposed data

Email addresses Geographic locations Names Passwords Phone numbers

Recommended actions

  • Change your ShopBack password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing ShopBack — attackers weaponise breach data quickly.
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP