Skip to content
Cyber Breaches
Search
Data breachResolved

ApexSMS data breach (2019)

In May 2019, news broke of a massive SMS spam operation known as "ApexSMS" which was discovered after a MongoDB instance of the same name was found exposed without a password.

Victim
ApexSMS
records
23.2M
SectorTelecom

Imported from Have I Been Pwned — pending editorial review and translation to French. The summary below is machine-extracted; consult the source for details.

In 2019-04-15, ApexSMS was affected by a data breach. Approximately 23,246,481 accounts were exposed. In May 2019, news broke of a massive SMS spam operation known as "ApexSMS" which was discovered after a MongoDB instance of the same name was found exposed without a password.

Sources

  1. haveibeenpwned.comhttps://haveibeenpwned.com/PwnedWebsites#ApexSMS

Related incidents

Data breachResolved

IndiHome data breach (2019)

In mid-2021, reports emerged of a data breach of Indonesia's telecommunications company, IndiHome. Over 26M rows of data alleged to have been sourced from the company was posted to a popular hacking forum and contained 12.6M unique email addresses alongside names, IP addresses, genders and…

Victim
IndiHome
Records
12.6M
Data breachResolved

Charter data breach (2026)

In May 2026, the telecommunications company Charter Communications (the parent company behind the consumer broadband and cable brand Spectrum) was named by the ShinyHunters group in a "pay or leak" extortion campaign.

Victim
Charter
Records
4.9M
Data breachOngoing

DB Telecom: a 40k-customer database put up for sale

Around 10 April 2026, a threat actor put DB Telecom (Service Telecom) — a Marseille-based IP-telephony operator on the Orange/Or-Tel network — up for sale, leaking a database of roughly 41,470 customers and 2,835,372 records including names, contacts, plaintext passwords and internal emails.

Victim
DB Telecom
Records
2.8M
Data breachResolved

LegionProxy data breach (2026)

In April 2026, the commercial residential and ISP proxy network LegionProxy suffered a data breach. The incident exposed 10k email addresses, bcrypt password hashes, names and purchases.

Victim
LegionProxy
Records
10.1K