Spoutible - 207,114 breached accounts

In January 2024, Spoutible had 207k records scraped from a misconfigured API that inadvertently returned excessive personal information. The data included names, usernames, email and IP addresses, phone numbers (where provided to the platform), genders and bcrypt password hashes. The incident also exposed 2FA secrets and backup codes along with password reset tokens.

2fa accounts addresses api backup backup codes bcrypt breached data email exposed hashes incident information ip addresses january january 2024 misconfigured names numbers password password reset personal personal information phone phone numbers platform records reset scraped secrets tokens usernames