IntelX WHOIS Data Breach
WHOIS Domain Registration Data Breach: 425M Records Including Names, Phone & Home Address
WHOIS domain registration data corpus scraped and indexed by Intelligence X
Risk Interpretation
Exposure enables infrastructure targeting, domain-owner profiling, spearphishing, and doxxing. WHOIS data is especially useful because it links people and organizations to internet assets.
Impact & Downstream Threats
The 2021 IntelX WHOIS dataset represents a scrape of historical WHOIS domain registration records compiled and released by an actor identified as Pompompurin — later unmasked as BreachForums operator Conor Brian Fitzpatrick, who was arrested in 2023. The dataset contained over 400 million unique email addresses extracted from domain registration records, along with names, phone numbers, and home addresses submitted by registrants before WHOIS privacy protections became standard. No breach of Int
- SIM swap attacks where phone numbers are present
- Targeted phishing campaigns using exposed email addresses
- Doxxing risk from physical address exposure
Threat Vectors
Breach Intelligence
Executive Summary
A threat actor identified as "pompompurin" scraped and publicly released a dataset of historical WHOIS domain registration records in 2021, compiled from the Intelligence X (intelx.io) platform. The scrape covered WHOIS records spanning 2012 to 2021 and resulted in over 425 million unique records being exposed. No intrusion into Intelligence X's own systems occurred. The data was extracted by exploiting access to the platform's indexed public records, then shared on hacking forums. Pompompurin was later identified as Conor Brian Fitzpatrick, the operator of BreachForums, who was arrested by U.S. authorities in 2023. The exposed data included email addresses, names, phone numbers, and home addresses submitted by individuals when registering internet domains. This information was originally collected through the WHOIS system, a public directory of domain ownership, before widespread adoption of privacy protection services that shield registrant details. Because the data links real people to specific websites and internet infrastructure, it is particularly useful for targeted attacks. Affected individuals face elevated risks of spearphishing, social engineering, and doxxing, as the dataset enables bad actors to build detailed profiles connecting identities to online assets. No regulatory enforcement actions or mandatory breach notifications have been publicly reported in connection with this dataset. The data subjects are third parties whose information was captured in WHOIS records and later aggregated by Intelligence X, meaning many individuals may be unaware their details were included. Anyone who registered a domain between 2012 and 2021 without privacy protection should treat their email address, phone number, and home address as potentially compromised and be alert to unsolicited contact or targeted scams.
About IntelX WHOIS
Intelligence X, operating at intelx.io, is a search engine and data archive service used by security researchers, journalists, and intelligence professionals to access historical records, leaked datasets, and WHOIS domain registration data. The platform indexes and makes searchable large corpora of data that are otherwise difficult to query systematically. It is operated as a private commercial and research tool.
Why They Hold Your Data
WHOIS corpora aggregate domain registration data, registrant names, contact details, organization records, and infrastructure-linked ownership information across internet registration systems.
Recent Developments
Intelligence X continues to operate as a threat intelligence and open-source research tool. No major organizational changes have been publicly reported. The platform's role in the security research ecosystem has remained consistent.
Data Points Exposed
Exposure Categories
Canonical Fields
email_address, full_name, phone_number, physical_address:home
Dark Web Verification
- Dataset containing ~425.3M records identified in breach intelligence sources
- Data indexed and searchable across breach notification platforms
- Source: intelx-whois-2021
Recommended Actions
⚠️ Do not assume this is low sensitivity.
Protect Yourself
Check If You’re Affected
Enter your email to check if your data appears in this breach.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed.
High-Risk? Get an Exposure Audit
Full-spectrum exposure audits for executives and public figures.
ObscureIQ Advisory
We combine proprietary dark web access with commercial and restricted breach intelligence to verify exposure and assess real-world risk.
- A public-facing individual
- A high-profile executive
- A customer of IntelX WHOIS
- Or concerned about credential reuse
Powered by the ObscureIQ Breach Intelligence Database
© 2026 ObscureIQ · All Rights Reserved · Data Licensing
Latest from ObscureIQ
What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.
Sextortion Spam