Shopback
shopback.com
About This Breach
ShopBack is a Singapore-based online cashback platform that suffered a data breach in September 2020 exposing more than 20 million users. The breach resulted in the theft of customers' personal information, including names, email addresses, phone numbers, dates of birth, and encrypted passwords. The company stated that no credit card information or financial details were compromised in the breach. ShopBack initially reported the breach in November 2020, and it affected users in several countries, including Singapore, Malaysia, the Philippines, and Indonesia.
Data Exposed
Breach Details
| Breach Type | Data Breach |
| Searchable | Yes |
| Verified | Yes |
| Sensitive Data | No |
| Reference | https://www.businesstimes.com.sg/startups-tech/startups/millions-shopback-reddoorz-user-records-put-sale-hacker-forums-peatix (opens in new tab) |
Frequently Asked Questions
When did the Shopback data breach happen?
Shopback was breached in Sep 2020. The breach was added to the XposedOrNot index on November 8, 2023.
How many records were exposed in the Shopback breach?
20,653,700 records were exposed, making it the #83 largest of the 763 breaches in our index.
What data was exposed in the Shopback breach?
The exposed data includes: Email addresses, Passwords, Names, Phone numbers, Geographic locations, IP addresses.
What should I do if I was affected by the Shopback breach?
Change your password on the affected service (and anywhere you reused it), turn on two-factor authentication, and set up free breach alerts on XposedOrNot so you know the moment your email appears in a new breach.
What Should You Do?
Change Your Passwords
Update your password immediately, using 12+ characters with numbers and symbols.
Enable Two-Factor Authentication
Add 2FA on all supported accounts using an authenticator app like Google Authenticator or Authy.
Watch for Phishing Calls & SMS
Be cautious of unexpected calls or texts asking for personal information.
Review Device Security
Update your devices and browsers, and check for unauthorized logins.
Monitor Your Accounts
Set up login alerts and review account activity regularly for suspicious access.
Use a Password Manager
Never reuse passwords: use a password manager to generate unique ones for each account.