CloudSEK has discovered a data leak that contains sensitive information of 16.99 million users of couchsurfing.com. CouchSurfing is a global homestay and social networking service through which members avail and provide lodging, organize events, and socialize.
CloudSEK’s flagship digital risk monitoring platform XVigil discovered a post, on a surface web database marketplace, advertising the information of 16.99 million unique CouchSurfing users.
The post was published on 19 July 2020. The seller has shared 22 samples as proof and claims that the data is from July 2020.
The sample records contain 22 users’:
Based on the fields in the database, it appears to be from a marketing campaign. Many of the emails were not publicly available previously and were not found to be part of other documented breaches.
Even though passwords were not leaked, threat actors can use the email addresses to send spam, phishing emails, and launch other online scams.
So, as a rule of thumb: