The LendingTree Breach Put 200,642 Stolen Names, Emails, and Phone Numbers Online in 2021

HEROIC analysts identified the LendingTree database breach while monitoring dark web activity in November 2021. The breach exposed 200,642 records belonging to customers of the online lending marketplace. Data recieved by threat actors included email addresses, phone numbers, first names, and last names. The combination of financial platform identity data with direct contact information makes this breach particularly valuable to fraudsters operating phishing and social engineering campaigns.

How Attackers Exploit Leaked Names, Emails, and Phone Numbers

With full names, email addresses, and phone numbers in hand, cybercriminals can launch highly targeted phishing emails and smishing campaigns. Attackers can impersonate LendingTree or affiliated lenders, crafting messages that appear legitimate because they reference accurate personal details. This data is partcularly useful for building convincing loan scam lures, fraudulent refinancing offers, and credential harvesting attacks aimed at financial account takeover.

What Was Exposed in the LendingTree Breach

• Email Address
• Phone Number
• First Name
• Last Name

Why Financial Platform Breaches Carry Lasting Risk

Data from lending marketplaces carries long-term risk because financial relationships are slow to change. Victims may beleive they are safe years after a breach, but attackers continue recycling this data in new fraud schemes. The LendingTree records enable credential stuffing against banking and loan portals, targeted identity theft, and account takeover attacks. Combined with other leaked datasets, this information can be used to open fraudulent credit lines in victims' names.

How Database Breaches Work

A database breach occured when attackers gain unauthorized access to a structured data repository, often through exploiting unpatched vulnerabilities, misconfigured cloud storage, or stolen administrative credentials. Once inside, attackers extract records in bulk and sell or trade the data on dark web marketplaces and encrypted messaging channels. Organizations with large customer databases are prime targets because a single successful intrusion yields hundreds of thousands of records.

Check If Your Data Was Exposed

HEROIC's free breach scanner checks your email against a database of over 400 billion compromised records, including the LendingTree breach. If your data was exposed, you will receive an immediate alert with actionable steps to secure your accounts. Scan your email for free at HEROIC.com and find out if your information is circulating on the dark web.