ShellCodeX
Tools • Events • News • Insights
ShellCodeX Breach Report

Swvl Data Breach

swvl.com
Significant exposure
Verified breach Passwords exposed
Accounts exposed 4,195,918
Breach date 23 Jun 2020
Added to tracker 31 Jul 2020
Data classes 6

What happened

In June 2020, the Egyptian bus operator Swvl suffered a data breach which impacted over 4 million members of the service. The exposed data included names, email addresses, phone numbers, profile photos, partial credit card data (type and last 4 digits) and passwords stored as bcrypt hashes, all of which was subsequently shared extensively throughout online hacking communities. The data was provided to HIBP by breachbase.pw.

Exposed data

Email addresses Names Partial credit card data Passwords Phone numbers Profile photos

Recommended actions

  • Change your Swvl password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing Swvl — attackers weaponise breach data quickly.
  • Monitor your bank and card statements closely and consider requesting a card replacement.
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP