ShareThis 2018 Data Breach

ShareThis Audience Data Platform Breach: 41M User Records Including Passwords & Date of Birth | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

MisconfigurationData BrokerDate of BirthEmail AddressFull NamePassword
Low SeverityWebsite / service breach

ShareThis Audience Data Platform Breach: 41M User Records Including Passwords & Date of Birth

Data and content sharing tools provider.

Verified by ObscureIQ Intelligence
12/100Breach Risk Index
5Data Value
10Market Recency
2612dSince Breach

Breach Intelligence Summary

Entity: ShareThis · Actor: Unknown · Sources: 7 references
Attack: Misconfiguration
Profile: Company · Data sharing and audience analytics · Marketing technology platform · Global
Timeline: Breach (2018-07-09) · Indexed (Mar 03, 2019) · Year (2018)
Exposure: 41.0M records · 4 fields: Date of Birth, Email Address, Full Name, Password
Status: Confirmed

Executive Summary

ShareThis, a data and marketing technology company whose sharing buttons appear on millions of websites, suffered a breach in July 2018 that exposed records on approximately 41 million individuals. The company operates not just as a social sharing tool but as an audience data platform, collecting and selling behavioral data gathered through its widespread web presence. The breach pathway involved a misconfiguration, and the exposed data surfaced for sale on dark web marketplaces in 2019 before circulating more broadly. The exposed records included email addresses, names, dates of birth, and in some cases password hashes. Because ShareThis functions as a data broker rather than a consumer-facing service, most affected individuals had no direct relationship with the company and likely had no knowledge their information was held there. This makes the breach particularly concerning: people cannot protect data they do not know has been collected about them. The combination of behavioral tracking data with personal identifiers creates real risk of cross-site profiling, phishing, and targeted manipulation. No prominent regulatory action or settlement specific to this breach has been documented. ShareThis notified relevant parties and brought in cybersecurity investigators following the incident. For affected individuals, the practical risks include credential stuffing attacks if password hashes are cracked, as well as phishing campaigns built on the detailed profiles this data can enable. Anyone who may have used a site featuring ShareThis widgets should consider changing passwords used around that period, particularly if the same credentials were reused elsewhere.

ObscureIQ assessment: Exposure enables large-scale behavioral profiling, re-identification, and cross-site tracking. Data can be used to build detailed user profiles for phishing, manipulation, or deanonymization.

Breach Impact

In July 2018 ShareThis suffered a breach exposing approximately 41 million unique email addresses along with names, dates of birth, and in some cases password hashes. The data was placed for sale on dark web marketplaces in 2019. ShareThis notified relevant parties and engaged cybersecurity investigators. Because the company operates as a data broker rather than a direct consumer service, many of the affected individuals had no direct relationship with ShareThis and no awareness their data was held there. No settlement or regulatory action specific to this breach has been prominently documented.

About ShareThis

ShareThis is a data and marketing technology company providing social sharing widgets, audience analytics, and consumer data services to publishers and advertisers. The company's sharing buttons appear on millions of websites globally, enabling users to share content to social networks while simultaneously collecting browsing and behavioral data. ShareThis generates revenue by selling audience data and analytics products derived from this web-scale tracking activity.

Why They Hold Your Data

Adtech and tracking platforms collect cross-site behavioral data, device identifiers, browsing activity, and engagement signals to enable targeted advertising and analytics across the web.

Recent Developments

ShareThis continues to operate as a marketing data company. The company has navigated increasing scrutiny of third-party tracking and cookie-based data collection as browsers and regulators have moved to restrict such practices. No major organizational changes beyond this industry context have been prominently reported.

Data Points Exposed

4 verified field types
Date of Birth High
Email Address
Full Name High
Password Critical

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:Critical
Primary downstream threats:
  • Credential stuffing against reused passwords across other platforms
  • Identity verification bypass using name + date of birth combination
  • Targeted phishing campaigns using exposed email addresses
Threat vectors:
  • Identity verification bypass
  • Phishing, credential stuffing & account takeover
  • Name-based social engineering
  • Credential stuffing & account takeover

Recommended Actions

If you believe your information may be included:

Change Reused Passwords
Update this account and anywhere you reused the password; use a manager.
Password manager guide
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the ShareThis breach?

ShareThis, a data and marketing technology company whose sharing buttons appear on millions of websites, suffered a breach in July 2018 that exposed records on approximately 41 million individuals. The company operates not just as a social sharing tool but as an audience data platform, collecting…

What data was exposed?

Verified fields include Date of Birth, Email Address, Full Name, Password.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
Have I Been Pwned
Record & field corroboration
Breach Index
DataBreach.com
Record & field corroboration
Cross-source
9ghz
Independent catalogue listing
Cross-source
BreachForums_Official_Index
Independent catalogue listing
Cross-source
Keeper
Independent catalogue listing
Cross-source
leakfind
Independent catalogue listing
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation