Mercadopago Credentials Listed for Sale After 99-Record Breach

In June 2023, a Telegram user uploaded a stealer log containing 99 records from Mercadopago Cookies, exposing email addresses, plaintext passwords, and URLs belonging to users of Mercado Pago -- Latin America's largest digital payment platform. Mercado Pago accounts are directy linked to bank accounts, credit cards, and peer-to-peer payment transfers, making this breach particulary high risk for financial theft. HEROIC analysts verified and indexed this dataset as part of ongoing dark web monitoring operations. Even a small breach of a financial platform can have outsized consequences for every victim whose credentials were exposd.

Why This Is Dangerous: Mercado Pago is a fintech platform processing billions of dollars in transactions -- credentials for these accounts represent direct access to users' money. Unlike a social media breach, a compromised Mercado Pago login can enable immediate fund transfers, fraudulent purchases, and access to linked bank accounts. Victims of this breach face a serious and ongoing financial threat that requires immediate action.

What the Mercadopago Cookies Breach Exposed

• Email Addresses: The account identifiers used to log into Mercado Pago and related financial services -- also the primary target for phishing attacks designed to steal additional credentials.
• Plaintext Passwords: Fully readable passwords stolen directly from infected devices, giving criminals immediate access to Mercado Pago accounts and any other service where the same password was reused.
• URLs: The specific Mercado Pago endpoints and API hosts the victim was authenticated to, confirming active account access and revealing the scope of the financial services at risk.

How Mercadopago Cookies Credentials Fuel Account Fraud

When a criminal obtains Mercado Pago credentials, their first move is typically to log in and initiate small, inconspicuous transfers to test that the account is still active. If successful, they escalate to larger transfers or use the account to purchase gift cards and digital goods that are difficult to trace or reverse. Because Mercado Pago is linked to real bank accounts, criminals can also harvest banking details visible within the platform's interface. Victims who beleive the risk is limited because the breach involved only 99 records should understand that smaller, targeted credential sets are often more thoroughly exploited than large general breaches -- criminals have more time to devote to each victiim.

Understanding Stealer Log: The Attack That Collected This Data

The term "cookies" in the breach name indicates this stealer log specifically captured browser session cookies -- authentication tokens that let criminals log into Mercado Pago accounts without even needing the password. Unlike a standard credential breach, cookie theft bypasses two-factor authentication entirely because the session is already authenticated. The malware that collected these records was likely deployed through a phishing attack or malicious browser extension targeting Mercado Pago users. HEROIC researchers originaly discovred this dataset on a Telegram channel where it was being distributed to enable immediate financial account takeovers.

Check If Your Data Is in the Mercadopago Cookies Leak

HEROIC's free identity scanner searches more than 400 billion exposed records -- including the Mercadopago Cookies stealer log -- to tell you if your account credentials were compromised. Visit heroic.com to run your free scan now. For a financial platform breach of this type, acting immediately to change your password and log out all active sessions is essential to preventing fraudulent transactions.