Woflow Breach: 447K Records - Emails & Addresses Exposed (2026)

Overview

In March 2026, the AI-driven merchant data platform Woflow was targeted by the ShinyHunters data extortion group, which published tens of thousands of files totaling over 2TB of data. The leak exposed 447,593 records containing personally identifiable information (PII) such as email addresses, names, phone numbers, and physical addresses. The data appears to include both Woflow customers and, critically, the customers of merchants using Woflow’s platform. This breach was reported to Have I Been Pwned, allowing users to verify if their information was compromised.

What Was Exposed

The exposed data includes:

• Email Addresses: 447,593 unique email accounts, usable for phishing and credential stuffing attacks.
• Names: Full names associated with each record, enabling targeted social engineering.
• Phone Numbers: Direct contact lines, increasing risks of SMS-based scams (smishing).
• Physical Addresses: Street-level addresses, which could facilitate identity theft or physical threats.

No financial data or passwords were explicitly mentioned, but the combination of personal identifiers is enough for criminals to build detailed profiles.

Potential Impact

The severity is HIGH due to the sensitivity of exposed data combined with the scale. The immediate risks include:

• Phishing & Smishing: Attackers can use email addresses and phone numbers to send fraudulent messages impersonating Woflow or its merchant partners, tricking victims into revealing passwords or payment details.
• Identity Theft: Names and addresses are foundational for opening fraudulent accounts, applying for credit, or filing false tax returns.
• Physical Security: For high-profile individuals, leaked addresses can lead to stalking, harassment, or doxxing.
• Business Email Compromise (BEC): Breach data can be used to target employees of merchant companies, potentially leading to financial fraud.

Because Woflow processes data for merchants, the ripple effect means customers of restaurants, retail chains, and other businesses using Woflow’s platform are also at risk.

Recommendations

If you suspect your data was exposed, take these steps immediately:

1. Check Have I Been Pwned: Visit haveibeenpwned.com to see if your email appears in this breach.
2. Beware of Phishing: Treat unsolicited emails, texts, or calls claiming to be from Woflow or its merchants with extreme skepticism. Do not click links or provide personal info.
3. Enable Multi-Factor Authentication (MFA): If you use email or accounts linked to the exposed addresses, enable MFA to block unauthorized access.
4. Monitor Credit Reports: Check your credit reports at AnnualCreditReport.com for suspicious accounts opened in your name.
5. Freeze Your Credit: Consider freezing your credit with Equifax, Experian, and TransUnion to prevent identity theft.

How to Check If You’re Affected

The easiest way is to visit Have I Been Pwned and enter your email address. If your email appears, your name, phone, and address are likely also exposed. For broader safety, check with any merchants you know use Woflow’s platform.

Security Insight

This breach underscores a critical supply chain vulnerability: companies like Woflow that aggregate merchant customer data create attractive targets, as a single breach can expose millions of end consumers indirectly. The involvement of ShinyHunters, a group known for extortion, suggests Woflow may have lacked adequate security monitoring to detect or prevent the initial intrusion. Unlike payment card breaches that trigger regulatory notification, this leak of basic PII often goes undetected by victims until it is used in targeted attacks, highlighting a gap in consumer protection laws. For ongoing threats, follow our cybersecurity news coverage.

Further Reading

• All High Breaches
• Recent Data Breaches