What Happened
In April 2026, ipapi.is, an IP intelligence provider, suffered a significant data breach involving the leak of its 2.55 GB core production and intelligence database, identified by cybersecurity intelligence on April 8 and last updated April 4. The exfiltration likely stemmed from a breached administrative API, an unpatched Direct Object Reference (IDOR) vulnerability, or session hijacking of a high-privilege administrator, exposing critical evasion intelligence such as lists of VPNs, proxies, and Tor exit nodes; offensive reconnaissance data including IPv4/IPv6 geolocation, hosting provider details, and Autonomous System Numbers (ASNs); and reputation metadata on abusive IP addresses used for blocking attacks. This incident, part of a suspected coordinated campaign following the Service Telecom and Cisco Systems breaches, renders security systems relying on ipapi.is data transparent to threat actors, enabling evasion of WAFs, firewalls, and fraud detection while facilitating asset mapping and botnet testing. No specific number of records was disclosed, and the data became publicly available.
