Adelante Soluciones Financieras / Addi.com
Data Breach

Addi.com Data Breach | Adelante Soluciones Financieras ShinyHunters Leak
ObscureIQ Breach Intelligence
FINANCIAL IDENTITY DATA PUBLISHED

Addi.com Data Breach

Status: Confirmed / Data Published
34M+Unique Emails
67.9MRows Indexed
Mar 2026Detected
May 2026Data Posted
9/10Severity

Breach Intelligence Summary

Entity: Adelante Soluciones Financieras / Addi.com · Actor: ShinyHunters · Country: Colombia
Attack: Unauthorized access to Addi systems or connected data environment; exact intrusion path not publicly confirmed
Timeline: Unauthorized activity detected (Mar 2026) · ShinyHunters claim (May 5, 2026) · Dataset publication (May 2026)
Exposure: 34M+ unique email addresses · 67,979,172 rows reported by breach indexes · 518 GB claimed by threat reporting
Status: Confirmed / Data Published · Risk: High due to government ID, credit, KYC, phone, address, and financial-context data

Summary

In March 2026, Addi, operated by Adelante Soluciones Financieras, detected unauthorized activity on its platform and warned customers that personal information may have been compromised.

In early May 2026, ShinyHunters claimed responsibility for the breach and published a large dataset allegedly taken from Addi after extortion negotiations failed. Public breach indexes report approximately 67.9 million rows of exposed data. Have I Been Pwned and related breach intelligence reporting indicate more than 34 million unique email addresses associated with the breach.

The incident is unusually sensitive because Addi is not a simple retail platform. It is a financial services and credit platform. The exposed data is reported to include identity records, credit scoring data, credit bureau-derived records, KYC-related information, government identification numbers, transaction or purchase history, and other financial profile attributes.

That makes this breach structurally different from a basic contact-information leak. It appears to combine identity data, financial context, behavioral purchase data, and creditworthiness indicators.

This was not just a fintech breach. It was an identity-credit exposure event.

ObscureIQ assessment: The most dangerous data here is not the email address. It is the identity scaffolding around the email address: government ID, phone, address, credit signals, income estimates, and transaction context.

About Addi / Adelante Soluciones Financieras

Addi is a Colombian fintech and buy-now-pay-later / point-of-sale financing company operated by Adelante Soluciones Financieras. The platform supports consumer credit and merchant financing workflows.

Because Addi operates inside the consumer credit ecosystem, its data has higher exploitation value than ordinary e-commerce data.

  • Consumer financing for online and retail purchases
  • Buy-now-pay-later payment options
  • Merchant payment and credit integrations
  • Identity verification and credit eligibility checks
  • Credit scoring and risk evaluation
  • Customer account management and transaction history

If you applied for Addi financing, used Addi at checkout, created an Addi account, interacted with Addi customer support, or had your identity evaluated through an Addi credit workflow, your data may be included.

Threat Actor: ShinyHunters

ShinyHunters has become one of the most visible data-extortion groups operating across 2025 and 2026. Its model is not always traditional ransomware. In many incidents, the group focuses on stealing high-value data, pressuring the victim privately, then publishing or selling the data if negotiations fail.

Reported pattern includes:
  • Identify data-rich companies with centralized customer systems
  • Gain access through identity compromise, exposed credentials, social engineering, or connected data environments
  • Exfiltrate large structured datasets
  • Claim the breach publicly on leak channels
  • Attempt extortion or negotiation
  • Publish data if payment is not made
  • Allow third-party breach indexes to ingest or search the dataset

Breach Exploitation Status

Threat Activity:High
SignalStatus
Dataset publication / breach index circulationDetected
ShinyHunters extortion claimDetected
Financial identity fraud relevanceHigh
SIM-swap and account recovery riskHigh
Credit bureau / KYC field completenessReported
Exact intrusion vectorUnknown
Data Longevity:Years-long identity risk

Government IDs, phone numbers, addresses, credit attributes, income estimates, and transaction history can remain useful to fraud workflows for years.

Data Points Exposed

Reported fields in the exposed dataset include:
Email addresses
Phone numbers
Full names
Government-issued IDs
Colombian Cédula de Ciudadanía numbers
Physical addresses
Ages or age-related profile fields
Credit scoring records
Credit bureau-derived records
KYC-related records
Estimated income levels
Socioeconomic levels
Purchase or transaction history
Device information
IP addresses
Geolocation markers
Email validation records
Customer identity logs
Threat-actor statements claimed:
16M+ unique-person records
Financial and transaction records
Credit card-related records
KYC data
Data from TransUnion and Experian background checks
518 GB of exfiltrated material
Not confirmed in public reporting:
Plaintext passwords
Hashed passwords
Full payment card numbers
Bank account credentials
Account login tokens

Some threat-actor statements claimed exposure of financial transactions, credit cards, KYC data, and credit bureau records linked to TransUnion and Experian. Treat those claims as serious but not fully independently verified unless confirmed by Addi, regulators, or direct dataset analysis.

Dark Web Verification

Status: Confirmed / Data Published

  • DataBreach.com reported 67,979,172 rows tied to Adelante Soluciones Financieras / Addi.com.
  • Threat reporting attributed the incident to ShinyHunters and described a May 2026 pay-or-leak publication.
  • Breach intelligence reports more than 34 million unique email addresses and approximately 68 million relational rows.
  • The company reportedly detected unauthorized platform activity in March 2026 and notified customers of possible compromised personal information.

Impact

This breach carries elevated risk because the exposed data appears to sit at the intersection of identity, credit, consumer finance, and behavioral purchasing. A breach of this type does not age out quickly. Contact data changes. Government IDs often do not.

Primary downstream threats include:
  • Targeted phishing using Addi, loan, payment, refund, or account-verification themes
  • Impersonation of Addi customer support
  • Fraudulent credit applications
  • Synthetic identity construction
  • SIM swap and account recovery attacks using phone and ID data
  • Social engineering against banks, fintech apps, and lenders
  • Identity verification bypass attempts
  • Credential stuffing against Addi and related financial accounts
  • Doxing or personal exposure using name, phone, address, and ID combinations
  • Long-term resale of enriched identity profiles

Recommendations for Impacted Individuals

If you believe your information may be included:

Do Not Treat This as a Normal Email Breach
This appears to involve financial identity records. Assume the risk extends beyond spam or phishing.
Change Passwords
Change your Addi password, the email account tied to Addi, banking and fintech accounts sharing similar credentials, and any reused or similar passwords.
Enable Multi-Factor Authentication
Prioritize email, banking apps, fintech apps, credit monitoring portals, mobile carrier accounts, and Addi if available. Use app-based MFA or hardware keys where possible.
Watch for Addi-Themed Scams
Be alert for fake loan repayment notices, refunds, credit approvals, account verification, debt collection, WhatsApp impersonation, and requests to verify Cédula, phone, email, or payment details.
Protect Your Mobile Number
Add a carrier PIN, disable unauthorized port-outs where possible, ask about port protection, and treat unexpected SMS verification codes as a warning sign.
Monitor Credit and Financial Accounts
Review bank accounts, fintech accounts, credit bureau portals, loan applications, new credit inquiries, BNPL accounts, and merchant-financing accounts. Consider alerts or freezes where available.

Company Response / Statement Summary

Addi reportedly detected unauthorized activity on its platform in March 2026 and notified customers that personal information may have been compromised.

In May 2026, ShinyHunters claimed responsibility and published a large dataset allegedly obtained from Addi. Public reporting states that the group claimed the data included more than 16 million unique-person records and over 518 GB of compressed material.

Public breach indexes now report tens of millions of exposed email addresses and nearly 68 million rows of data associated with Adelante Soluciones Financieras / Addi.com.

As of this page draft, the precise intrusion vector, full field list, and final confirmed victim count remain subject to further confirmation.

Corporate Accountability

No major prior Addi breach of this scale was identified in the public reporting reviewed for this page.

This incident should be understood as part of a broader pattern: financial technology firms, credit platforms, and customer-data-rich service providers are increasingly targeted because their systems contain identity data that can be reused across fraud, impersonation, and credit abuse workflows.

Financial platforms should treat identity data, KYC records, credit bureau-derived records, transaction history, and device signals as high-value assets requiring strong segmentation, monitoring, and breach-response readiness.

Frequently Asked Questions

What happened in the Addi.com data breach?

Addi, operated by Adelante Soluciones Financieras, detected unauthorized activity in March 2026. In May 2026, ShinyHunters claimed responsibility and published a large dataset allegedly taken from Addi after failed extortion negotiations.

How many records were affected?

Breach indexes report approximately 67,979,172 rows and more than 34 million unique email addresses. ShinyHunters-linked reporting separately claimed 16M+ unique persons and over 518 GB of data.

What data was exposed?

Reported fields include email, phone, names, government IDs, addresses, credit scoring records, KYC-related records, income or socioeconomic attributes, transaction history, device data, IP addresses, and geolocation markers.

Is the Addi breach confirmed?

The incident is treated as confirmed with data published and indexed by breach intelligence sources. The exact intrusion vector and final confirmed field list remain subject to further confirmation.

Why is this breach high risk?

Addi is a financial services and credit platform. Identity data plus credit context, government IDs, phone numbers, addresses, and transaction signals can support fraud, impersonation, SIM swapping, and credit abuse.

What should affected users do?

Change reused passwords, enable MFA, protect your mobile number, monitor credit and financial accounts, watch for Addi-themed scams, and consider exposure monitoring if government ID or credit data may be involved.

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach or related breach indexes.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation

ObscureIQ Advisory

This was not just a contact-data breach. It was an identity and credit-context breach.

The Addi breach illustrates why financial platforms are high-value targets: they hold names and emails, but also the connective tissue of identity — government IDs, phone numbers, addresses, transaction context, risk signals, and credit-related records.

If you are:
  • An Addi customer or financing applicant
  • A person whose government ID, phone number, or address may be in the dataset
  • A high-risk individual, executive, journalist, activist, or public figure
  • Or a family concerned about long-term financial identity misuse

ObscureIQ can cross-reference breach exposure and evaluate whether breached identity attributes increase practical targeting risk.

Services
Breach ChecksIdentity Linkage ReviewCredit-Context ExposurePhone / Email / Address MonitoringSuppression Guidance
Contact
Phone855-763-7273Emailinfo@obscureiq.com

Financial identity data makes fraud scalable because it gives attackers the context needed to sound legitimate.

© 2026 ObscureIQ. All Rights Reserved.

Classification Tags

ShinyHuntersPay-or-LeakData ExfiltrationKYC ExposureFintechColombiaBuy Now Pay LaterEmailPhoneGovernment IDCredit ScoreCédulaTransaction DataIP Address
Credit

What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)

July 14, 2025
Every time there’s a major data breach, companies scramble to offer “free” credit monitoring. It sounds like a responsible move.…
breach economycredit freezecredit scoreequifaxexperian
Credible Threats

Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.

September 2, 2025
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars. Over 80% of security incidents now start in the browser. Chrome.…
brave browserbreachesbrowser exploitbrowserschrome
Analysis

Sextortion Spam

May 10, 2025
Sextortion scams aren’t new, but they remain one of the most effective forms of cyber-enabled fraud. These scams don’t rely…
bitcoindeadlinefeargoogle maps apiransom

Contact ObscureIQ for a free breach impact check.

If you believe your information may be part of this breach,or want confirmation across other datasets,

We use a multi-layered intelligence stack, combining public and restricted dark-web sources, to confirm whether your data is in circulation.