What Happened
In mid-2016, specifically around June 27, Whitepages, a Seattle-based online telephone and address directory service, suffered a data breach involving unauthorized access to its database, compromising information from approximately 11.7 million accounts, including unique email addresses, names, and passwords hashed with SHA-1 or bcrypt. The incident remained undetected until early 2019, when the stolen data—totaling about 2.9GB—was put up for sale on the dark web alongside breaches from other sites, as reported by The Register, and subsequently added to services like Have I Been Pwned after verification. Specific hacking methods were not publicly disclosed, and Whitepages did not immediately respond to inquiries at the time. Some sources cite slightly higher figures, such as 17.7 million accounts or over 13 million records, but 11.7 million is the most consistently reported number across authoritative trackers.
