ShellCodeX Breach Report
Wanelo Data Breach
wanelo.com
Verified breach
Passwords exposed
Accounts exposed
23,165,793
Breach date
13 Dec 2018
Added to tracker
30 Sep 2019
Data classes
5
What happened
In approximately December 2018, the digital mall Wanelo suffered a data breach. The data was later placed up for sale on a dark web marketplace along with a collection of other data breaches in April 2019. A total of 23 million unique email addresses were included in the breach alongside passwords stored as either MD5 or bcrypt hashes. After the initial HIBP load, further data containing names, shipping addresses and IP addresses were also provided to HIBP, albeit without direct association to the email addresses and passwords.
Exposed data
Email addresses
IP addresses
Names
Passwords
Physical addresses
Recommended actions
- Change your Wanelo password immediately, and update it anywhere you reused the same password.
- Enable two-factor authentication on the affected account and on your critical services (email, banking).
- Watch for targeted phishing emails referencing Wanelo โ attackers weaponise breach data quickly.
- Exposed identity data raises identity-theft risk โ consider credit monitoring or a credit freeze.
- Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP