Eye4Fraud 2023 Data Breach

Eye4Fraud E-Commerce Fraud-Prevention Platform Breach (2023): ~16M Records Including Partial Card Data & Passwords Exposed | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

Credit CardEmail AddressFull NameIP AddressPasswordPhone NumberPhysical Address
Low SeverityWebsite / service breach

Eye4Fraud E-Commerce Fraud-Prevention Platform Breach (2023): ~16M Records Including Partial Card Data & Passwords Exposed

E-commerce fraud screening and chargeback protection service.

Verified by ObscureIQ Intelligence
34/100Breach Risk Index
10Data Value
25Market Recency
518dSince Breach

Breach Intelligence Summary

Entity: Eye4Fraud · Actor: Unknown · Sources: 4 references
Attack: Unknown
Profile: Fraud Prevention Technology Company · E-commerce fraud screening and chargeback protection · E-commerce fraud prevention platform · USA
Timeline: Breach (2023-01-25) · Indexed (Feb 05, 2025) · Year (2023)
Exposure: 16.0M records · 7 fields: Credit Card, Email Address, Full Name, IP Address, Password, Phone Number, Physical Address
Status: Confirmed

Executive Summary

In January 2023, Eye4Fraud, an e-commerce fraud-prevention/order-verification service, suffered a data breach; the data was listed for sale on a hacking forum in February 2023 and added to Have I Been Pwned. It contained ~16 million unique email addresses across ~147 tables (~65GB), including names and bcrypt password hashes for users, and names, phone numbers, physical addresses, and partial credit-card data (card type and last four digits) for orders. Full card numbers were not exposed. Affected individuals are largely merchants' end customers who never directly used Eye4Fraud. (NOTE: display count corrected from 525K to ~16M per HIBP; prior "full credit card" corrected to partial.)

ObscureIQ assessment: High risk because the platform concentrates fraud, transaction, and merchant data in one place. Exposure enables merchant impersonation, transaction abuse, and reverse-engineering of fraud controls.

Breach Impact

The breach exposed identity, contact, and order data, including bcrypt-hashed passwords and partial credit-card details (card type + last four), for merchants' end customers who never directly interacted with Eye4Fraud. This enables targeted phishing, order/payment-themed scams, and credential-stuffing (password hashes), though full card numbers were not exposed. There is notable irony in a fraud-prevention vendor leaking customer data.

About Eye4Fraud

Eye4Fraud is a fraud-prevention / order-verification service for e-commerce merchants, screening online orders to reduce chargebacks and fraud. It processes merchant end-customer identity, contact, order, and payment-adjacent data.

Why They Hold Your Data

Fraud-prevention platforms collect customer identity, transaction records, device and behavioral signals, chargeback histories, merchant data, and risk-scoring inputs across e-commerce screening workflows.

Recent Developments

In February 2023, data attributed to Eye4Fraud was listed for sale on a hacking forum and added to Have I Been Pwned. The dataset spanned tens of millions of rows (147 tables, ~65GB), and Eye4Fraud (a fraud-prevention firm) faced criticism for the exposure.

Data Points Exposed

7 verified field types
Credit Card Critical
Email Address
Full Name High
IP Address
Password Critical
Phone Number
Physical Address High

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:Critical
Primary downstream threats:
  • Credential stuffing against reused passwords (bcrypt)
  • Order/payment-themed phishing referencing real purchases
  • Partial-card-enabled social engineering (last 4 + name)
  • SIM-swap targeting using phone numbers
  • Doxxing from exposed addresses
Threat vectors:
  • Credential stuffing & account takeover
  • Order/payment-themed phishing
  • SIM swapping & phone targeting
  • Home targeting & doxxing

Recommended Actions

If you believe your information may be included:

Change Reused Passwords
Update this account and anywhere you reused the password; use a manager.
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.

Frequently Asked Questions

What happened in the Eye4Fraud breach?

In January 2023, Eye4Fraud, an e-commerce fraud-prevention/order-verification service, suffered a data breach; the data was listed for sale on a hacking forum in February 2023 and added to Have I Been Pwned. It contained ~16 million unique email addresses across ~147 tables (~65GB), including names…

What data was exposed?

Verified fields include Credit Card, Email Address, Full Name, IP Address, Password, Phone Number, Physical Address.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
Breach Index
Have I Been Pwned
Record & field corroboration
Cross-source
BreachForums_Official_Index
Independent catalogue listing
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation