Instant Checkmate Data Breach
Instant Checkmate People-Search Background Check Service Breach (2019): 20 Million User Accounts Including Passwords Exposed
People search and background check service.
Risk Interpretation
Extremely high risk because the data is already normalized for person lookup. Exposure enables stalking, doxxing, identity theft, executive targeting, and cross-dataset identity linkage.
Impact & Downstream Threats
In January 2023 a corpus of data from Instant Checkmate and its sister service TruthFinder surfaced on a hacking forum. The dataset originated from 2019 backup files and contained records for approximately 20 million accounts including names, email addresses, phone numbers, and passwords. PeopleConnect acknowledged the breach and confirmed the data was authentic. The company notified affected users and prompted password resets. No major settlement or regulatory enforcement action specific to thi
- Credential stuffing against reused passwords across other platforms
- SIM swap attacks where phone numbers are present
- Targeted phishing campaigns using exposed email addresses
Threat Vectors
Breach Intelligence
Executive Summary
Instant Checkmate, a people-search and background check service operated by PeopleConnect, suffered a data breach traced to a 2019 backup file. The data surfaced on a hacking forum in January 2023. PeopleConnect confirmed the exposed data was authentic and affected customer accounts created between 2011 and 2019. The breach stemmed from a misconfiguration or inadvertent exposure of the backup, with no evidence of a direct intrusion into active systems. Approximately 20.2 million records were compromised. The exposed data included full names, email addresses, phone numbers, and passwords stored as scrypt hashes. While scrypt is a hardened encryption format, cracking remains possible with sufficient resources, meaning passwords should be considered at risk. The breach carries heightened concern given the nature of the platform. Instant Checkmate aggregates detailed personal records on millions of individuals. A breach of its own customer database compounds that risk, exposing the identities and contact details of people who were researching others, in some cases for sensitive personal or professional reasons. PeopleConnect notified affected users and prompted password resets following discovery. No major regulatory enforcement action or settlement specific to this breach has been publicly documented. Affected individuals face real risks including phishing attacks, account takeover attempts on other services where the same password was reused, and potential targeting for stalking or doxxing. Anyone who held an Instant Checkmate account between 2011 and 2019 should treat their credentials as compromised and audit any accounts sharing the same password.
About Instant Checkmate
Instant Checkmate is a consumer-facing people search and background check service that aggregates public records — criminal histories, court filings, addresses, relatives, and contact information — into searchable personal profiles. The platform is operated by PeopleConnect, which also runs the related service TruthFinder. Both are marketed for personal use in researching individuals, though critics have raised concerns about their use in surveillance and stalking contexts.
Why They Hold Your Data
People-search and background-report services aggregate identity, address, phone, criminal-record, relative, and public-record data into searchable consumer profiles.
Recent Developments
Instant Checkmate continues to operate under PeopleConnect alongside TruthFinder. The people search and data broker industry faces ongoing scrutiny under state privacy laws — particularly the California Consumer Privacy Act and similar legislation — requiring opt-out mechanisms and data deletion processes. No major organizational changes have been prominently reported beyond the regulatory environment context.
Data Points Exposed
Canonical Fields
email_address, full_name, password, phone_number
Dark Web Verification
- Dataset containing ~20.2M records identified in breach intelligence sources
- Data indexed and searchable across breach notification platforms
- Source: instant-checkmate-2019;Instant Checkmate Data Breach
Recommended Actions
⚠️ Do not assume this is low sensitivity.
Protect Yourself
Check If You’re Affected
Enter your email to check if your data appears in this breach.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed.
High-Risk? Get an Exposure Audit
Full-spectrum exposure audits for executives and public figures.
ObscureIQ Advisory
We combine proprietary dark web access with commercial and restricted breach intelligence to verify exposure and assess real-world risk.
- A public-facing individual
- A high-profile executive
- A customer of Instant Checkmate
- Or concerned about credential reuse
Powered by the ObscureIQ Breach Intelligence Database
© 2026 ObscureIQ · All Rights Reserved · Data Licensing
Latest from ObscureIQ
What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.
Sextortion Spam