What data was exposed in the Addi breach?

The breach exposed Email Addresses affecting 34,532,941 accounts.

Am I affected by the Addi breach?

If you have an account with Addi, your data may be compromised. Check Have I Been Pwned (haveibeenpwned.com) to verify, and change your passwords immediately.

What should I do if I'm affected by the Addi breach?

Change your Addi password immediately. Enable two-factor authentication. Monitor your accounts for suspicious activity. If financial data was exposed, contact your bank and consider a credit freeze.

Addi Breach: 34M Emails & IDs Exposed by ShinyHunters (2026)

Overview

On March 30, 2026, the Colombian fintech company Addi detected unauthorised activity on its platform. In a notification to customers, Addi warned that “it is possible that your personal information may have been compromised.” The “pay or leak” extortion group ShinyHunters quickly claimed responsibility, publishing a massive trove of data that includes 34,532,941 unique email addresses, along with extensive credit and identity records. The breach was reported to Have I Been Pwned, making it one of the largest data leak events linked to a Latin American fintech company.

What Was Exposed

The leaked dataset is not limited to email addresses. According to the breach description, the exposed records include a wide range of sensitive information:

Email addresses (34 million unique entries)
Government-issued IDs (Cédula de Ciudadanía)
Estimated income and socioeconomic levels
Credit scoring requests and credit bureau records
Customer identity records
Email validation logs
Purchase history and other credit-related data points

The presence of government IDs and financial data elevates the severity of this breach far beyond a standard credential dump.

How the Breach Happened

Addi has not publicly detailed the initial attack vector, but the breach aligns with a common pattern among ShinyHunters attacks. The group typically gains access through compromised credentials, unsecured databases, or third-party vulnerabilities. Given the breadth of data - spanning credit scoring logs, identity records, and purchase data - the attacker likely obtained database-level access rather than exploiting a single application flaw. For related vulnerability trends in the region, see our cybersecurity news coverage.

The Attacker

ShinyHunters is a well-known “pay or leak” extortion group. The group does not deploy ransomware; instead, it exfiltrates data and demands payment to prevent public release. When victims do not pay, ShinyHunters publishes the entire dataset. In Addi’s case, the data was published in full, indicating the ransom was not met.

Identity Theft Risks

The exposure of government-issued IDs (Cédula de Ciudadanía) combined with income, socioeconomic data, and purchase history creates a severe identity theft risk. With a Colombian national ID number, a determined attacker can:

Apply for fraudulent loans or credit lines
Open accounts in the victim’s name
Exploit the socioeconomic data for targeted phishing or social engineering scams

Victims should monitor their credit reports with Colombian credit bureaus (such as Datacrédito and Procrédito) for any unauthorised inquiries or accounts.

How to Check If You’re Affected

Addi customers and Colombian residents who have interacted with the company should check if their email addresses appear in the breach. The dataset has been loaded into Have I Been Pwned. Visit haveibeenpwned.com and enter your email address. If your address appears, your identity data (including your Cédula de Ciudadanía) may be in the hands of attackers.

What to Do Right Now

If you are affected:

Place a fraud alert on your credit report with Datacrédito and Procrédito.
Review all recent financial statements and credit inquiries for unauthorised activity.
Enable two-factor authentication on your Addi account and any service using the same email address.
Be vigilant for phishing attempts referencing your income, credit score, or purchases - attackers have detailed personal data to make scams convincing.
Change your password on Addi and any other accounts using the same credentials.

Security Insight

This breach reveals a troubling gap in data governance at Addi. The inclusion of credit bureau records and email validation logs suggests that Addi retained more customer data - for longer - than necessary for its core business. Fintech companies handling government IDs and credit data must implement strict data minimisation policies and rigorous access controls. Breaches of this scale at a single fintech platform undermine consumer trust in the broader digital banking ecosystem in Latin America. For more on related vulnerabilities, see the CVE-2026-31944: LibreChat advisory and the Addi ransomware attack summary at Addi.com Ransomware Attack by ShinyHunters.

Addi Breach: 34M Emails & IDs Exposed by ShinyHunters (2026)

Overview

What Was Exposed

How the Breach Happened

The Attacker

Identity Theft Risks

How to Check If You’re Affected

What to Do Right Now

Security Insight

Further Reading

Investigate Breaches Safely with NordVPN

Never miss a data breach report

Related Breach Reports

Related Across Yazoul

Overview

What Was Exposed

How the Breach Happened

The Attacker

Identity Theft Risks

How to Check If You’re Affected

What to Do Right Now

Security Insight

Further Reading

Investigate Breaches Safely with NordVPN

Never miss a data breach report

Related Breach Reports

Related Across Yazoul

Never Miss a Critical Alert