ShellCodeX Breach Report
Spoutible Data Breach
spoutible.com
Verified breach
Passwords exposed
Accounts exposed
207,114
Breach date
31 Jan 2024
Added to tracker
05 Feb 2024
Data classes
7
What happened
In January 2024, Spoutible had 207k records scraped from a misconfigured API that inadvertently returned excessive personal information. The data included names, usernames, email and IP addresses, phone numbers (where provided to the platform), genders and bcrypt password hashes. The incident also exposed 2FA secrets and backup codes along with password reset tokens.
Exposed data
Email addresses
Genders
IP addresses
Names
Passwords
Phone numbers
Usernames
Recommended actions
- Change your Spoutible password immediately, and update it anywhere you reused the same password.
- Enable two-factor authentication on the affected account and on your critical services (email, banking).
- Watch for targeted phishing emails referencing Spoutible — attackers weaponise breach data quickly.
- Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
- Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP