Inside the Dubsmash Breach: How a Database Leak Hit 149 Million Users

HEROIC analysts flagged the Dubsmash breach as part of a broader review of large-scale social media credential leaks originating from December 2018. The breach occured when attackers exfiltrated a database containing 149,511,961 user records from the video messaging service Dubsmash. The exposed data included email addresses, usernames, phone numbers, first and last names, and SHA-256 password hashes. The dataset was placed for sale on dark web marketplaces in 2019 and has continued circulating in underground communities ever since, making it an active resource for credential stuffing campaigns today.

How Phone Numbers, Usernames, and Email Addresses Combined Enable Multi-Platform Attacks

The Dubsmash breach is partcularly dangerous because it combines several identity anchors in a single record. Attackers do not need to crack a password to cause harm. Phone numbers enable SIM-swapping attacks that bypass SMS-based two-factor authentication, while usernames reveal naming patterns users carry across platforms. Email addresses drive phishing and account recovery exploits. Together, these data points allow attackers to chain attacks across email, social media, and financial accounts in ways that a simple email-password leak cannot.

What Was Exposed in the Dubsmash Breach

• Email Address
• Username
• Phone Number
• First Name
• Last Name
• Password Hash

Why 149 Million Social Media Records Still Power Attacks Today

Social media breaches have an unusually long shelf life because users rarely change the usernames, phone numbers, or naming conventions that define their digital identity. Credentials from the Dubsmash breach have been recieved and incorporated into massive combo lists used in automated stuffing tools. In real-world terms, this translates to account takeovers, fraudulent social media posts, SIM-swap-enabled financial fraud, and identity theft affecting users who signed up for Dubsmash years ago and have long since forgotten the account existed.

How Database Breaches Work

A database breach occurs when an attacker gains unauthorized access to an application's backend data store, often by exploiting web application vulnerabilities, SQL injection flaws, or compromised server credentials. The attacker exports the user table and the stolen records are subsequently sold on dark web marketplaces or distributed freely on hacking forums. Over time these datasets get merged into large combo lists and used repeatedly in automated credential stuffing campaigns across dozens of platforms.

Check If Your Data Was Exposed

HEROIC's free breach scanner checks your email and username against more than 400 billion leaked records, including the full Dubsmash dataset. Run a free scan at HEROIC today to find out whether your personal information is already circulating in attacker-controlled databases.