Disclaimer

We Leak Info did not take any part in this data breach. Furthermore all information that we have on this data breach has been published in this article.

We Leak Info does not sell or trade data. Please do not contact us about acquiring this data, we will ignore such requests.

Journalists, researchers, media outlets, law enforcements, and alike can contact us through the methods listed below.

Anyone may use and cite any information on this page as long as proper credit is given to We Leak Info and a link is provided to the website.

Contact Methods:


Introduction

Wirecard AG is a global internet technology and financial services provider based out of Germany. It was breached on April 2, 2019 and impacted 4,367,040 users.

This data breach only affects the Brazilian website. Unlike most companies, Wirecard has dedicated websites for different regions.

At the time of writing this article, Wirecard was not aware of this data breach.


What is We Leak Info?

We Leak Info is the industry leading data breach search engine. With over 10 billion records and 7,000 data breaches. Unlike similar sites such as Have I Been Pwned, We Leak Info allows the user to view what information was exactly leaked.

See if your information has been leaked for free at weleakinfo.com.


Leaked Information

The following information was leaked:

  • Username
  • Email
  • First Name
  • Last Name
  • Date of Birth
  • Hash
  • Company website & name
  • Security Number
  • User Balance

Hashes

To our surprise, Wirecard was still using SHA1. As this is a very weak hashing algorithm, we expect at least 90% of all hashes to be cracked successfully.


Emails

Only 37% of users, 1,602,131 users, had an email address associated to their account. Unfortunately we do not know the reasoning behind this.

We found a total of 59,922 unique email domains. We have posted the top 20 email domains below.

Top 20 Email Domains:

  • Gmail.com: 647,676
  • Hotmail.com: 568,995
  • Yahoo.com.br: 97,491
  • Outlook.com: 43,263
  • Bol.com.br: 32,955
  • Fake.com.br: 19,937
  • Ig.com.br: 16,089
  • Live.com: 14,500
  • Uol.com.br : 11,822
  • Yahoo.com: 11,168
  • Terra.com.br: 8,897
  • Hotmail.com.br: 6,017
  • Icloud.com: 5,306
  • Outlook.com.br: 4,589
  • Oi.com.br: 4,257
  • Globo.com: 3,623
  • Msn.com: 3,055
  • Ymail.com: 2,438
  • Gmail.com.br: 1,745
  • Ibest.com.br: 1,608

What can I do?

If you've been affected by this data breach we recommend changing your password and enabling two factor authentication for critical accounts.

Not sure you've been affected? See if your information has been leaked for free at weleakinfo.com.


Conclusion

We hope that Wirecard learns from this data breach and adopts better security practices in the future. No one, especially financial institutions, should be using SHA1 and promoting their platform as "secure".


Updated August 8th 2019: Added information about emails.