HIBP Notifies 23 Million Users of Mysterious “Hopamedia” Data Exposure

Have I Been Pwned (HIBP), the prominent data breach notification service managed by Troy Hunt, has added a new dataset to its database, affecting nearly 24 million records. The breach, tied to an obscure entity called “Hopamedia,” exposed sensitive user information such as email addresses, names, phone numbers, geographic locations, and telecommunications carrier details.

The breach reportedly occurred on August 30, 2020, but the data only surfaced publicly this year. The compromised dataset, added to HIBP earlier today, comprises 23,835,870 user accounts. The exposure raises significant concerns due to the absence of clarity about Hopamedia’s identity and purpose, as well as the volume of sensitive information leaked.

Hopamedia’s origin and operations remain shrouded in mystery. Speculation online, fueled by digital forensics and community discussions, suggests it may have been an Israeli marketing or advertising company that is no longer operational. Traces of its activity point to its Hebrew name, “הופה מדיה,” and a now-defunct Facebook page linked to the company. A subdomain connected to Israeli hosting provider SPD also appeared in historical DNS records but is no longer active.

HIBP’s founder, Troy Hunt, noted the lack of conclusive evidence about Hopamedia’s operations. While some users speculated that the company may have been a data broker or telemarketing service, others pointed to potential ties with phishing campaigns or data resale linked to advertising networks. Historical DNS records examined by online investigators revealed a pattern of frequent name server changes and shared hosting behavior, further deepening the ambiguity around the entity.

Victims of the breach have reported receiving phishing emails and spam tied to their leaked information, adding weight to theories that Hopamedia’s data may have circulated among bad actors in underground markets. Some users theorized potential connections to NFT-related platforms, as 2020 marked a boom in the digital asset market, but this link remains speculative.

The data that has been exposed include the following:

• Email addresses
• Names
• Phone numbers
• Geographic locations
• Telecommunications carriers

Such a trove of personal data is a goldmine for threat actors engaged in phishing, smishing (SMS phishing), or targeted advertising scams. Additionally, the inclusion of phone numbers and telecom carrier details could facilitate SIM-swapping attacks, further heightening the risks for affected users.

If you have received a notice from HIBP today warning you about the Hopamedia exposure, you should maintain vigilance against unsolicited communications, check telecom and online service accounts for unauthorized activity, and protect all online accounts with multi-factor authentication.