What Happened
In August 2025, CrumplePop (crumplepop.com), a U.S.-based provider of AI-powered audio editing and enhancement software, suffered a data breach when an unauthorized third party accessed its database, leading to the exposure of approximately 23,522 to 26,460 user records that surfaced on hacking forums around August 25, 2025, and were publicly reported in September 2025 and February 2026. The compromised data primarily included email addresses, full names (first and last), unique user IDs, order details, and dates, but no passwords were leaked, posing medium-severity risks such as targeted phishing, credential stuffing, spam, and identity theft for affected users. The exact method of intrusion remains unknown, with no specific threat actor identified, and the incident highlights vulnerabilities in the company’s data security practices.
