What Happened
The Zeeroq data breach timeline is complex and involves conflicting dates across sources. In 2019, the subdomain demo.zeeroq.com exposed over 200 million records containing email addresses and passwords as combolists (compiled stolen credentials from various breaches). In 2023, the dark web monitoring service InsecureWeb reported that Zeeroq data appeared on leakbase.io, though researchers treated this as a dump of credentials from previous breaches rather than a unique incident. The more significant breach occurred in January 2024 (not 2023), when Zeeroq.com, a now-defunct cloud services provider, experienced a security incident that compromised approximately 50,000 user accounts. The breach exposed sensitive personal information including names, email addresses, dates of birth, and payment details. A hacker operating under the alias “Chucky” published the stolen data on dark web platforms. The company publicly announced the breach on February 10, 2024, and the incident was later linked to the “Mother of All Breaches” (MOAB), a massive leak containing 26 billion records from multiple organizations. The specific methods used to infiltrate Zeeroq’s systems remain unclear, though cybersecurity experts attributed potential causes to weak security measures, phishing attacks, or outdated software.
