Wanelo
  • Total Records23,188,882
  • Unique Emails22,972,255
  • Unique Email Providers336,722

Wanelo Data Breach: December 2018 Exposure of 23 Million User Records

In December 2018, Wanelo—a popular online shopping platform where users could discover and buy unique products—suffered a data breach that impacted more than 23 million registered accounts. Attackers gained unauthorized access to the service's database, extracting millions of unique email addresses and hashed passwords. Although details remained under wraps for several months, the incident surfaced publicly in April 2019, when the stolen Wanelo data was found for sale on a dark web marketplace. The breach affected a broad base of Wanelo users, raising serious concerns about the exposure of login credentials and the security of personal data stored on e-commerce sites.

What Happened in the Wanelo Breach?

The breach occurred in early December 2018 when malicious actors successfully accessed Wanelo’s backend database. The primary information taken included user email addresses and password hashes. Passwords were stored using a mix of hashing methods, such as MD5 and bcrypt. The breach went undetected by the public eye until the leaked records began circulating on underground forums and dark web marketplaces in April 2019.

Scope of the Breach: How Many Users Were Affected?

In total, the Wanelo breach exposed 23,188,883 unique records, making it one of the larger e-commerce data exposures of the year. Every affected record consisted of an email address alongside a hashed password.

What Data Was Exposed?

  • Email addresses registered with Wanelo
  • Password hashes (using MD5 and bcrypt algorithms)

No additional fields such as names, addresses, or payment data were reported as compromised in this incident.

Timeline: How Did the Wanelo Breach Unfold?

  • December 2018: Unauthorized access to Wanelo’s database occurred.
  • April 2019: Stolen data appears for sale on a dark web marketplace, bringing the breach to light.

The period between the breach and public discovery meant affected users may not have been aware that their credentials were compromised until several months later.

Frequently Asked Questions

What happened in the Wanelo data breach?

In December 2018, unauthorized actors accessed Wanelo’s database, stealing email addresses and hashed passwords for over 23 million users. The breach was publicly revealed months later, after the data was found for sale online.

How many users were affected by the Wanelo breach?

The breach compromised information from approximately 23.2 million unique Wanelo accounts.

What type of data was leaked in the Wanelo breach?

The exposed data included email addresses and password hashes, with passwords hashed using MD5 or bcrypt algorithms.

When did the Wanelo data breach happen?

The breach took place in December 2018, with the stolen data surfacing for sale around April 2019.

Who was responsible for the Wanelo breach?

The specific identity or group behind the breach hasn’t been officially disclosed.

How can I check if I'm in the Wanelo breach?

You can check if your information was part of the Wanelo breach by utilizing the DeHashed search engine.