What Happened
In January 2021, the quiz platform DailyQuiz.me suffered a major data breach that exposed approximately 12.8 million user records, with 8.3 million accounts having plaintext passwords compromised. The breach included email addresses, usernames, IP addresses, and passwords stored in plain text, which were subsequently sold on hacking forums and Telegram channels for $2,000 in cryptocurrency before eventually leaking into the public domain. The exposed plaintext passwords posed a significant risk for credential stuffing attacks, where attackers could use the stolen credentials to attempt unauthorized access to users’ other online accounts. DailyQuiz.me never publicly acknowledged the breach to its users and subsequently shut down its service, leaving millions of affected users unaware of the security incident until the data appeared on breach notification databases months later.
