Affirm Buy Now Pay Later Service Allegedly Breached, Exposing 26.7 Million User Records
🧩 Standalone API Access Now Available
Access high-volume threat-intelligence data, automated ingestion endpoints, ransomware feeds, IOC data, and more.
View API AccessUnlock Exclusive Cyber Threat Intelligence
Powered by DarkWebInformer.com
Foundational access to breach intelligence. Track breaches, leaks, and threats in real time with high quality screenshots and concise expert summaries.
Continuously updated breach reports and threat summaries.
Daily breach, leak, and DDoS alerts.
Live tracking with JSON export.
Direct access to claims and posts.
Concise summaries of DDoS, defacements, and breaches.
Verified index of dark web sites and services.
Live status of 500+ sites.
Integrated checks inside breach posts.
Uncompressed, watermark free evidence.
Browser alerts for tracked terms.
Quick Facts
Incident Overview
A threat actor operating under the handle "renn" claims to be selling a user database from Affirm, a US/CA buy-now, pay-later financial service. According to the post on the Exploit forum, the database contains 26,702,116 records with a total size of 1.9GB. The breach date is listed as January 23, 2026. The threat actor notes that some phone numbers may contain placeholders as shown in the sample data.
The listing offers the complete database for $14,000 USD or $700 USD per million records with a minimum purchase of 1 million lines. The seller emphasizes "ONLY SELLING ONCE!" and states that records are updated after any sale. The threat actor provides multiple contact methods.
This post is for subscribers on the Plus, Pro and Elite tiers
SubscribeAlready have an account? Sign In
Related
Latest
