Phone Combos 2020 Data Breach

Phone Combos Credential List: 69M Phone Numbers & Passwords Exposed for Account Takeover | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

UnknownScraping / CollectionBreach CompilationPasswordPhone Number
Moderate SeverityWebsite / service breach

Phone Combos Credential List: 69M Phone Numbers & Passwords Exposed for Account Takeover

Aggregated stolen credentials and password pairs.

Verified by ObscureIQ Intelligence
45/100Breach Risk Index
17Data Value
25Market Recency
584dSince Breach

Breach Intelligence Summary

Entity: Phone Combos · Actor: Unknown (aggregator) · Sources: 2 references
Attack: Scraping / Collection
Profile: Breach Compilation · Aggregated stolen credentials and password pairs · Phone-number-linked combo list corpus · Global
Timeline: Breach (2020-01-01) · Year (2020)
Exposure: 69.1M records · 2 fields: Password, Phone Number
Status: Compilation

Executive Summary

"Phone Combos" is a compilation of about 69.1 million phone-number and password pairs that surfaced around 2020. Like other combolists, it aggregates credentials from various sources into a single resource for account-takeover attempts against services that use phone numbers as logins.

ObscureIQ assessment: Severe risk because the records combine authentication data with phone-linked identity. This supports account takeover, SIM swap targeting, and broader compromise of phone-based recovery channels.

Breach Impact

The phone/password pairing supports credential stuffing on phone-login services and SIM-swap or smishing reconnaissance; presence indicates a credential is circulating, not that a specific company was breached.

About Phone Combos

This record is a compilation of phone-number and password pairs assembled by unknown parties, not a breach of any single organization.

Why They Hold Your Data

Phone-number-linked combo lists aggregate phone numbers, usernames, and password pairs into a credential corpus keyed to mobile identity.

Recent Developments

The dataset circulated within the hacking community as a credential-stuffing resource.

Data Points Exposed

2 verified field types
Password Critical
Phone Number

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:Moderate
Primary downstream threats:
  • Credential stuffing against reused passwords across other platforms
  • SIM swap attacks where phone numbers are present
Threat vectors:
  • Credential stuffing & account takeover
  • SIM swapping, vishing & SMS phishing

Threat Actor: Unknown (aggregator)

Unknown (aggregator)
Scraping / Collection

Attribution and method are based on available breach intelligence. Reported attack vector: Scraping / Collection.

Recommended Actions

If you believe your information may be included:

Change Reused Passwords
Update this account and anywhere you reused the password; use a manager.
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.

Frequently Asked Questions

What happened in the Phone Combos breach?

"Phone Combos" is a compilation of about 69.1 million phone-number and password pairs that surfaced around 2020. Like other combolists, it aggregates credentials from various sources into a single resource for account-takeover attempts against services that use phone numbers as logins.

What data was exposed?

Verified fields include Password, Phone Number.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation