Elevation Church Data Breach Exposes 52K Congregation Member Records

HEROIC's DarkHive system discovered the Elevation Church breach, exposing 52,685 records in August 2018. This US-based evangelical megachurch headquartered in Charlotte, North Carolina suffered a database compromise on its resources portal that revealed member email addresses and MD5 password hashes belonging to congregation members and online ministry participants.

Why This Is Dangerous

Religious organization databases contain information about congregation members who share a high degree of trust with their community, making them prime targets for social engineering attacks that exploit that trust relationship. MD5 password hashing is considered cryptographically broken and passwords can be recovered from these hashes using widely available cracking tools and rainbow tables. Members who used the same email and password for their church account as for personal email, banking, or other accounts face cascading credential compromise risk.

What Was Exposed

• Email Address
• Password Hash (MD5)

Why This Matters

Church and religious organization breach victims are specifically targeted with social engineering attacks that impersonate religious leaders or ministry programs, exploiting the trust and community bonds that make congregations cohesive. Confirmed email addresses from religious organizations enable highly targeted charitable fraud schemes and impersonation of church leadership. Anyone who used the Elevation Church resources portal should change their password on all platforms where the same credentials were used.

How Database Breach Works

Church and religious organization websites often run digital ministry portals and resource libraries that accumulate member registration data over many years of active use. Attackers exploit vulnerabilities in content management systems or inadequately secured web applications to access user databases. The extracted credential data is traded on underground forums where phishing operators target religious community members with faith-based social engineering schemes designed to exploit community trust.

Check If You Are Affected

HEROIC offers a free identity scanner searching over 400 billion records including data from the Elevation Church breach. Visit heroic.com to check if your information was exposed.