ShellCodeX
Tools • Events • News • Insights
ShellCodeX Breach Report

Spoutible Data Breach

spoutible.com
Limited exposure
Verified breach Passwords exposed
Accounts exposed 207,114
Breach date 31 Jan 2024
Added to tracker 05 Feb 2024
Data classes 7

What happened

In January 2024, Spoutible had 207k records scraped from a misconfigured API that inadvertently returned excessive personal information. The data included names, usernames, email and IP addresses, phone numbers (where provided to the platform), genders and bcrypt password hashes. The incident also exposed 2FA secrets and backup codes along with password reset tokens.

Exposed data

Email addresses Genders IP addresses Names Passwords Phone numbers Usernames

Recommended actions

  • Change your Spoutible password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing Spoutible — attackers weaponise breach data quickly.
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP