The Woflow data breach exposed 447,593 records including Email addresses, Names, Phone numbers, Physical addresses. This breach has been verified by HaveIBeenPwned. Affected users should check HaveIBeenPwned.com and take immediate steps to protect their accounts.
What Happened
In March 2026, the AI-driven merchant data platform Woflow was named as a victim by the ShinyHunters data extortion group. The group subsequently published tens of thousands of files allegedly obtained from the company, comprising more than 2TB of data. The trove included hundreds of thousands of email addresses, names, phone numbers and physical addresses, with the data indicating it related to Woflow customers and, in turn, the customers of merchants using their platform.
- Breach date
- 2026-03-04
- Records affected
- 447,593
- Verified
- Yes
- Domain
- woflow.com
What Was Exposed
The following data types were included in the breach:
- Email addresses
- Names
- Phone numbers
- Physical addresses
What You Should Do
If you had an account with Woflow, take these steps immediately:
- Check if your account was affected at HaveIBeenPwned.com
- Watch for phishing emails that reference the breach or impersonate the affected company
- Be alert for social engineering attempts using your exposed personal information
- Enable two-factor authentication on the affected service if available
- Consider using a password manager to generate unique passwords for each service
FAQ
Was my data in the Woflow breach?
What should I do if my data was exposed in the Woflow breach?
When did the Woflow data breach happen?
Need Incident Response?
Sherlock Forensics investigates data breaches for organizations. We determine scope of exposure, identify attack vectors, preserve evidence for legal proceedings and help you meet notification requirements.
Get Incident Response Help