QuestionPro Data Breach
QuestionPro Survey Platform Exposure (2022): 22 Million Email Addresses :: Disputed, Some May Be Platform-Generated
Survey and research platform.
Risk Interpretation
Exposure enables phishing, research impersonation, and leakage of sensitive survey content. Depending on the surveys hosted, the breach may also expose health, HR, political, or customer-sentiment data.
Impact & Downstream Threats
In May 2022 QuestionPro received an extortion demand from a threat actor claiming to have extracted over 100GB of data including 22 million unique email addresses, IP addresses, browser user agents, and survey response data tied to platform users. QuestionPro acknowledged the extortion attempt and engaged cybersecurity investigators. The nature of the exposed data included survey interest and preference data generated through platform activity — records that reflect research participation rather
- Targeted phishing campaigns using exposed email addresses
Threat Vectors
Breach Intelligence
Executive Summary
QuestionPro, a cloud-based survey and research platform serving businesses, academic institutions, and government organizations worldwide, was targeted in an extortion attempt in May 2022. A threat actor claimed to have extracted over 100GB of data from the platform and demanded payment. QuestionPro confirmed it received the extortion demand but did not confirm whether an actual breach had occurred. The dataset, which contained 22 million unique email addresses, was initially flagged as unverified. Subsequent verification by users who recognized their own data led analysts at Have I Been Pwned (HIBP), a service that tracks exposed credentials, to remove that flag. The exposed data includes email addresses, IP addresses, browser user agent strings (technical identifiers that describe a user's device and software), and survey response data generated through platform activity. Some email addresses appear to have been created by the platform itself rather than belonging to real individuals. The survey content is the most sensitive element. Depending on what research was hosted on the platform, responses could reflect health conditions, workplace opinions, political views, or customer sentiment, all tied back to identifiable users. This combination creates real risk for the people whose data appears in the dataset. No confirmed class-action litigation or regulatory enforcement specific to this incident has been documented publicly. Because the authenticity of the data remains disputed and some records may be platform-generated, affected individuals should treat this exposure with caution rather than certainty. Those whose email addresses appear in the dataset face elevated risk of targeted phishing and, if their survey responses were included, potential exposure of sensitive personal opinions or health-related information shared in a research context.
About QuestionPro
QuestionPro is a cloud-based survey and research platform used by businesses, academic institutions, and government organizations to design, distribute, and analyze surveys and data collection instruments. The company is headquartered in Austin, Texas, and serves customers globally across market research, customer experience, workforce analytics, and academic research use cases.
Why They Hold Your Data
Survey and research platforms collect account data, respondent information, survey responses, billing records, and project metadata across data-collection workflows.
Recent Developments
QuestionPro continues to operate as a private SaaS company in the survey and research tools market. No major organizational changes or significant business developments have been prominently reported in the period surrounding the breach.
Data Points Exposed
Canonical Fields
email_address, interest_and_preference_data, ip_address, user_agent
Dark Web Verification
- Dataset containing ~22.2M records identified in breach intelligence sources
- Data indexed and searchable across breach notification platforms
- Source: QuestionPro Data Breach
Recommended Actions
⚠️ Do not assume this is low sensitivity.
Protect Yourself
Check If You’re Affected
Enter your email to check if your data appears in this breach.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed.
High-Risk? Get an Exposure Audit
Full-spectrum exposure audits for executives and public figures.
ObscureIQ Advisory
We combine proprietary dark web access with commercial and restricted breach intelligence to verify exposure and assess real-world risk.
- A public-facing individual
- A high-profile executive
- A customer of QuestionPro
- Or concerned about credential reuse
Powered by the ObscureIQ Breach Intelligence Database
© 2026 ObscureIQ · All Rights Reserved · Data Licensing
Latest from ObscureIQ
What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.
Sextortion Spam