Whitepages
  • Total Records13,707,159
  • Unique Emails11,616,589
  • Unique Email Providers572,575
  • Unique Usernames1,099,465
  • Unique First Names3,200,056

The 2016 Whitepages Data Breach: What Happened and What Was Exposed

In June 2016, Whitepages, a widely-used online directory for phone numbers and addresses, suffered a major data breach that would later see its aftermath span several years. Unsanctioned access to the company’s database resulted in the records of over 13 million users being compromised. Malicious actors extracted information that included names, email addresses, and securely hashed passwords stored using SHA-1 or bcrypt algorithms. The incident remained largely under wraps until early 2019, when portions of the stolen data were sold on underground forums, raising concerns among users and highlighting the vast scope of the breach.

When Did the Whitepages Data Breach Occur?

The breach took place in mid-2016, specifically on June 1st. While the intrusion itself happened quickly, much of the sensitive data collected during the attack wasn't circulated until nearly three years later, in early 2019, when it surfaced for sale on illicit marketplaces.

What Information Was Leaked?

The breach led to the exposure of a variety of user data. The compromised records included:

  • Email addresses
  • First names
  • Last names
  • Passwords (protected with SHA-1 or bcrypt hashing)

With more than 13 million entries affected, this incident became one of the more significant data exposures involving directory services around that period.

How Many Users Were Affected?

In total, 13,707,160 user records were involved in the Whitepages breach. Each record typically contained the user’s email, name, and hashed password, making it a substantial breach both in terms of volume and the sensitivity of the data.

The Timeline of Events

The breach itself occurred in early June 2016. For a period, there was little public awareness as the information did not appear immediately online. However, in early 2019, the data set from the attack was put up for sale by bad actors. This delay between the breach and the public disclosure or sale is not uncommon, but it does emphasize the risks about latent breaches coming to light years after the original incident.

Frequently Asked Questions About the Whitepages Data Breach

What happened in the 2016 Whitepages data breach?

In June 2016, Whitepages suffered a data breach where attackers accessed the company’s database, extracting more than 13 million users’ names, email addresses, and hashed passwords. The data was later sold in 2019.

How many users were affected in the Whitepages breach?

The breach impacted 13,707,160 Whitepages users, exposing their names, email addresses, and hashed passwords.

What data fields were compromised in the Whitepages breach?

The data breach exposed first names, last names, email addresses, and SHA-1 or bcrypt-hashed passwords of the affected users.

When did the Whitepages breach take place?

The Whitepages data breach occurred on June 1, 2016, with the stolen data later making its way onto underground forums in early 2019.

Who was behind the Whitepages breach?

The exact identity of the perpetrators behind the Whitepages data breach has not been made public. The incident was the result of malicious actors gaining unauthorized access to the company’s user database.

How can I check if I'm in the Whitepages breach?

You can check if your information was part of the Whitepages breach by utilizing the DeHashed search engine.