Pipl Data Breach
Pipl People-Search Platform Breach: 52M Records Including Phone Numbers & Religion
Identity resolution and people search platform.
Risk Interpretation
Extremely high risk because the data is already normalized for identity resolution. Exposure enables stalking, doxxing, profiling, executive targeting, and cross-dataset identity linkage at scale.
Impact & Downstream Threats
In June 2019 security researcher Bob Diachenko discovered an unsecured MongoDB database exposing approximately 188 million records attributed to Pipl data. The dataset included names, phone numbers, home addresses, and religion fields drawn from Pipl's aggregated profile corpus. Pipl maintained that its own systems had not been compromised, characterizing the exposed database as a third-party instance rather than its primary platform. No confirmed regulatory action or litigation specific to this
- SIM swap attacks where phone numbers are present
- Doxxing risk from physical address exposure
Threat Vectors
Breach Intelligence
Executive Summary
Pipl, a people-search platform that aggregates public records and contact data into searchable person profiles, was at the center of a 2019 data exposure that affected approximately 52 million records. Security researcher Bob Diachenko discovered an unsecured MongoDB database left publicly accessible without a password, meaning anyone on the internet could view or download its contents. Pipl stated that its own systems were not directly breached, attributing the exposure to a third-party instance of its aggregated data. The exposed records included names, phone numbers, home addresses, and religion. The inclusion of religious affiliation is notable: it is a protected category of personal information that individuals rarely share publicly and that carries real risk if misused. Because Pipl's core function is identity resolution, the database was already structured and normalized for profiling, making it far easier for bad actors to use than a raw data dump. The consolidated format enabled targeted phishing, doxxing, stalking, and cross-referencing with other leaked datasets. No confirmed regulatory action or litigation specific to this incident has been publicly documented. Affected individuals were not necessarily Pipl customers and may have had no awareness their information was part of the platform's index at all. For those whose data was exposed, the practical risks include unwanted contact, identity fraud, and targeted scams built on detailed personal profiles they never knowingly provided.
About Pipl
Pipl is an identity resolution and people-search data broker that aggregates public records, social media profiles, contact information, and other personally identifiable data into searchable person profiles. The platform is marketed to fraud investigators, law enforcement, financial institutions, and other professional verification use cases rather than the general public. Pipl operates as a private company and is used in due diligence and background research workflows.
Why They Hold Your Data
Identity-resolution and people-search providers aggregate names, contact data, aliases, employment records, social identifiers, and linked identity signals into searchable investigative profiles.
Recent Developments
Pipl continues to operate as a professional identity data service. The company has maintained a low public profile with limited publicly available information about organizational or financial developments. Its business model — aggregating public records for professional search use — has faced increasing scrutiny as privacy regulations have expanded globally.
Data Points Exposed
Exposure Categories
Canonical Fields
full_name, phone_number, physical_address:home, religion
Dark Web Verification
- Dataset containing ~52.1M records identified in breach intelligence sources
- Data indexed and searchable across breach notification platforms
- Source: pipl.com-2019
Recommended Actions
⚠️ Do not assume this is low sensitivity.
Protect Yourself
Check If You’re Affected
Enter your email to check if your data appears in this breach.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed.
High-Risk? Get an Exposure Audit
Full-spectrum exposure audits for executives and public figures.
ObscureIQ Advisory
We combine proprietary dark web access with commercial and restricted breach intelligence to verify exposure and assess real-world risk.
- A public-facing individual
- A high-profile executive
- A customer of Pipl
- Or concerned about credential reuse
Powered by the ObscureIQ Breach Intelligence Database
© 2026 ObscureIQ · All Rights Reserved · Data Licensing
Latest from ObscureIQ
What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.
Sextortion Spam