The Operation Endgame 4.0 data breach exposed 153,527 records including Email addresses, Passwords. This breach has been verified by HaveIBeenPwned. Affected users should check HaveIBeenPwned.com and take immediate steps to protect their accounts.
What Happened
On 18 June 2026, the latest phase of Operation Endgame targeted the SocGholish malware operation, a prolific malware distribution network used to compromise systems and facilitate further cybercrime. Coordinated by international law enforcement agencies with support from Europol and Eurojust, the operation remediated almost 15,000 compromised websites and disrupted more than 100 servers and domains used to distribute malware. Authorities also provided HIBP with 154k impacted email addresses and more than half a million previously unseen passwords.
- Breach date
- 2026-06-18
- Records affected
- 153,527
- Verified
- Yes
What Was Exposed
The following data types were included in the breach:
- Email addresses
- Passwords
What You Should Do
If you had an account with Operation Endgame 4.0, take these steps immediately:
- Check if your account was affected at HaveIBeenPwned.com
- Change your password immediately on the affected service and any other account where you used the same password
- Watch for phishing emails that reference the breach or impersonate the affected company
- Be alert for social engineering attempts using your exposed personal information
- Enable two-factor authentication on the affected service if available
- Consider using a password manager to generate unique passwords for each service
FAQ
Was my data in the Operation Endgame 4.0 breach?
What should I do if my data was exposed in the Operation Endgame 4.0 breach?
When did the Operation Endgame 4.0 data breach happen?
Need Incident Response?
Sherlock Forensics investigates data breaches for organizations. We determine scope of exposure, identify attack vectors, preserve evidence for legal proceedings and help you meet notification requirements.
Get Incident Response Help