What Happened
In December 2018, specifically on December 13, Wanelo, a digital shopping platform, suffered a data breach impacting approximately 23 million user accounts, with the stolen data—including 23.2 million email addresses, passwords stored as MD5 or bcrypt hashes, names, physical (home/shipping) addresses, and IP addresses—placed for sale on dark web marketplaces in April 2019 by hacker “Gnosticplayers,” who claimed responsibility alongside breaches of 44 other firms. The breach was discovered and verified later, added to Have I Been Pwned on September 30, 2019, with no financial data exposed but significant risks from the hashed passwords and personal details enabling phishing or credential stuffing. Users were advised to change passwords, enable two-factor authentication, and monitor accounts, as the data’s circulation persists.
