IntelX WHOIS 2021 Data Breach

WHOIS Domain Registration Data Breach: 425M Records Including Names, Phone & Home Address | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

pompompurinMisconfigurationData BrokerEmail AddressFull NamePhone NumberPhysical Address
Low SeverityWebsite / service breach

WHOIS Domain Registration Data Breach: 425M Records Including Names, Phone & Home Address

WHOIS domain registration data corpus scraped and indexed by Intelligence X

Verified by ObscureIQ Intelligence
23/100Breach Risk Index
5Data Value
25Market Recency
512dSince Breach

Breach Intelligence Summary

Entity: IntelX WHOIS · Actor: pompompurin · Sources: 2 references
Attack: Misconfiguration
Profile: Data Broker / Public Records Exposure · Domain registration and WHOIS records · WHOIS data corpus · Global
Timeline: Breach (2021-01-01) · Indexed (Dec 01, 2024) · Year (2021)
Exposure: 425.3M records · 4 fields: Email Address, Full Name, Phone Number, Physical Address
Status: Reported

Executive Summary

A threat actor identified as "pompompurin" scraped and publicly released a dataset of historical WHOIS domain registration records in 2021, compiled from the Intelligence X (intelx.io) platform. The scrape covered WHOIS records spanning 2012 to 2021 and resulted in over 425 million unique records being exposed. No intrusion into Intelligence X's own systems occurred. The data was extracted by exploiting access to the platform's indexed public records, then shared on hacking forums. Pompompurin was later identified as Conor Brian Fitzpatrick, the operator of BreachForums, who was arrested by U.S. authorities in 2023. The exposed data included email addresses, names, phone numbers, and home addresses submitted by individuals when registering internet domains. This information was originally collected through the WHOIS system, a public directory of domain ownership, before widespread adoption of privacy protection services that shield registrant details. Because the data links real people to specific websites and internet infrastructure, it is particularly useful for targeted attacks. Affected individuals face elevated risks of spearphishing, social engineering, and doxxing, as the dataset enables bad actors to build detailed profiles connecting identities to online assets. No regulatory enforcement actions or mandatory breach notifications have been publicly reported in connection with this dataset. The data subjects are third parties whose information was captured in WHOIS records and later aggregated by Intelligence X, meaning many individuals may be unaware their details were included. Anyone who registered a domain between 2012 and 2021 without privacy protection should treat their email address, phone number, and home address as potentially compromised and be alert to unsolicited contact or targeted scams.

ObscureIQ assessment: Exposure enables infrastructure targeting, domain-owner profiling, spearphishing, and doxxing. WHOIS data is especially useful because it links people and organizations to internet assets.

Breach Impact

The 2021 IntelX WHOIS dataset represents a scrape of historical WHOIS domain registration records compiled and released by an actor identified as Pompompurin — later unmasked as BreachForums operator Conor Brian Fitzpatrick, who was arrested in 2023. The dataset contained over 400 million unique email addresses extracted from domain registration records, along with names, phone numbers, and home addresses submitted by registrants before WHOIS privacy protections became standard. No breach of Intelligence X's own systems was involved. The significance is the scale of the aggregation: historical WHOIS data collected personal contact information that registrants had no expectation would be compiled into a searchable corpus and republished.

About IntelX WHOIS

Intelligence X, operating at intelx.io, is a search engine and data archive service used by security researchers, journalists, and intelligence professionals to access historical records, leaked datasets, and WHOIS domain registration data. The platform indexes and makes searchable large corpora of data that are otherwise difficult to query systematically. It is operated as a private commercial and research tool.

Why They Hold Your Data

WHOIS corpora aggregate domain registration data, registrant names, contact details, organization records, and infrastructure-linked ownership information across internet registration systems.

Recent Developments

Intelligence X continues to operate as a threat intelligence and open-source research tool. No major organizational changes have been publicly reported. The platform's role in the security research ecosystem has remained consistent.

Data Points Exposed

4 verified field types
Email Address
Full Name High
Phone Number
Physical Address High

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:High
Primary downstream threats:
  • SIM swap attacks where phone numbers are present
  • Targeted phishing campaigns using exposed email addresses
  • Doxxing risk from physical address exposure
Threat vectors:
  • Phishing, credential stuffing & account takeover
  • Name-based social engineering
  • SIM swapping, vishing & SMS phishing
  • Physical stalking, mail fraud & identity verification
  • Home targeting, stalking & physical threat

Threat Actor: pompompurin

pompompurin
Misconfiguration

Attribution and method are based on available breach intelligence. Reported attack vector: Misconfiguration.

Recommended Actions

If you believe your information may be included:

Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the IntelX WHOIS breach?

A threat actor identified as "pompompurin" scraped and publicly released a dataset of historical WHOIS domain registration records in 2021, compiled from the Intelligence X (intelx.io) platform. The scrape covered WHOIS records spanning 2012 to 2021 and resulted in over 425 million unique records…

What data was exposed?

Verified fields include Email Address, Full Name, Phone Number, Physical Address.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation