What Happened
In September or November 2022, the Moroccan classified ads and e-commerce platform Avito.ma (avito.ma) suffered a major data breach exposing the personal information of approximately 2.7 million users, including full names, email addresses, phone numbers, IP addresses, physical addresses, and geographic locations. Security researcher Bob Diachenko discovered the leaked data—totaling around 2.72 million records in a 179.71 MB file—on a misconfigured Amazon Web Services (AWS) server, after which it rapidly spread online and was exploited for phishing and identity theft. The incident, added to breach databases like Have I Been Pwned and Mozilla Monitor in November 2023, damaged Avito’s reputation and prompted the company to enhance security measures and offer users credit monitoring, though sources vary slightly on the exact month of occurrence.
