On July 14, 2019, a database dump has been added to Haveibeenpwned.com which contained data of almost 101 million Evite users who had their information exposed in a data breach earlier this year.
At that time, it was believed that approximately 10 million users had their information exposed, however, the number of exposed users is much larger.
In June 2019, Evite disclosed that it suffered a data breach in February and the stolen user data was put up for sale in the Dream Market marketplace by the infamous hacker ‘Gnosticplayers’.
The E-invitations platform stated that it became aware of the incident on April 15, 2019, after Gnosticplayers published almost 10 million Evite user data on the Dark Web which included users’ names, usernames, email addresses, passwords, dates of birth, and phone numbers.
However, the database received by Have I Been Pwned exposes over 100 million Evite users.
According to HIBP, the database they received consists of 100,985,047 unique Evite users.
“The exposed data included a total of 101 million unique email addresses, most belonging to recipients of invitations. Members of the service also had names, phone numbers, physical addresses, dates of birth, genders, and passwords stored in plain text exposed. The data was provided to HIBP by a source who requested it be attributed to JimScott.Sec@protonmail[.]com”.
Earlier, it was said that the leaked database was being sold on Dream Market. This marketplace has been shut down, so it is currently not known if this larger Evite database is being sold online or not.