Money Bookers Hack: 3.6 Million User Records Leaked

HEROIC's DarkHive intelligence system discovered the Money Bookers data breach, exposing 3,667,762 records. The breach occured in January 2009 when this e-wallet and payment platform, now known as Skrill, had its database compromised. The breach leaked email addresses, IP addresses, phone numbers, first names, last names, and birthdates, and went undetected for over six years until October 2015.

Why This Is Dangerous

Financial platform breaches that expose personal identity data create layered risks that go far beyond the original platform. With email addresses, phone numbers, full names, and birthdates all exposed together, attackers can build comprehensive identity profiles for each of the 3.6 million affected users. These profiles enable SIM swapping attacks using the victim's phone number, social engineering of financial institutions using thier personal details, and highly targeted phishing emails that reference the victim's real name and birthday. Since Money Bookers processed financial transactions, many affected users also have payment account histories that attackers can reference when impersonating them.

What Was Exposed

• Email Address
• IP Address
• Phone Number
• First Name
• Last Name
• Birthday

Why This Matters

A breach of nearly 3.7 million financial service users is among the most consequential types of data exposures. The combination of birthdates, full names, and phone numbers gives attackers the three key data points most commonly required to verify identity with banks, mobile carriers, and government agencies. SIM swapping attacks enabled by phone number data can bypass SMS-based two-factor authentication on banking and cryptocurrency accounts. Identity theft using full name and birthdate combinations allows criminals to open fraudulent credit accounts, file false tax returns, and impersonate victims in government systems. The six-year detection gap meant this data circulated freely for years before users were even aware of thier exposure.

How Database Breaches Work

Financial platform database breaches occur when attackers gain unauthorized access to production databases through SQL injection, insider threats, or exploitation of unpatched application vulnerabilities. Payment and e-wallet services store rich user profile data because identity verification is required for financial compliance purposes. Once attackers export this data, it becomes a permanent fixture in the dark web ecosystem, being sold and resold across criminal markets for years. The six-year gap between the Money Bookers breach in 2009 and its discovery in 2015 is a stark illustration of how inadequate breach detection capabilities were at the time, allowing attackers to exploit the data for years without affected users taking protective action.

Check If You Are Affected

HEROIC offers a free identity scanner that searches over 400 billion records, including data from breaches like Money Bookers. Visit heroic.com to scan your email address and find out if your information was exposed. If you had a Money Bookers or Skrill account before 2015, your name, email, phone number, and birthdate may be circulating in criminal databases. Consider placing a fraud alert with credit bureaus and contact your mobile carrier about additional account security measures to protect against SIM swapping attacks.