Woflow Data Breach: Almost 448,000 Accounts Exposed in ShinyHunters Leak
Published on May 7, 2026
Key Takeaways
- Compromised user data: HIBP said the breach impacted 447,600 Woflow accounts, exposing email addresses, names, phone numbers, and physical addresses.
- Extortion group claims: The ShinyHunters data extortion group published over 2TB of files allegedly obtained from Woflow in March.
- Class action litigation: A proposed lawsuit alleges that the company failed to implement reasonable cybersecurity measures to prevent the cyberattack.
The AI-driven merchant data platform Woflow was claimed by the ShinyHunters data extortion group in early March 2026, and the data breach notification service Have I Been Pwned (HIBP) added 447,600 accounts on May 7, 2026.
Following the initial compromise, the threat actors published tens of thousands of files allegedly obtained from the company's network, comprising a massive trove of more than 2 TB of data.
Data Exfiltration and Scope of Compromise
The Woflow leaked data indicated that it related directly to its customers, and, critically, extended to the downstream customers of merchants actively using the Woflow platform, HIBP noted. The added dataset includes 447,600 affected accounts’ related:
- Email addresses
- Names
- Phone numbers
- Physical addresses
In the immediate aftermath of the security failure, the AI-driven third-party SaaS provider with customers including Uber, DoorDash, and Walmart faced legal consequences. A proposed class action lawsuit filed on March 13 addressed alleged structural security failures of the organization.
Woflow Class Action Lawsuit
A formal complaint alleged the Woflow cyberattack had occurred on or before March 3, 2026. According to the document, the information involved in the cyberattack included full names, addresses, Social Security numbers, driver’s license numbers, financial account information, and payment card account details.
The litigation, which was later dismissed, alleged that Woflow failed to implement reasonable cybersecurity measures.
“As the result of maintaining its computer systems in a manner that required security upgrading, inadequate procedures for handling emails containing ransomware or other malignant computer code, and inadequately trained employees who opened files containing the ransomware virus, Defendant negligently and unlawfully failed to safeguard Plaintiff’s and Class Members’ Private Information,” the lawsuit said.
In other recent news, almost 120,000 Vimeo accounts were exposed in a ShinyHunters data breach. Other intrusions linked to the same threat actor last month are the Udemy learning platform, Rockstar Games, and Hallmark and Hallmark+.
In March, LiteLLM suffered a significant supply chain attack, which the company suspects originated from the Trivy dependency used in its CI/CD security scanning workflow.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular