What happened
According to public breach records, the Netlog data breach on November 1, 2012 is reported to have exposed the personal information of 49,038,354 accounts.
In July 2018, the Belgian social networking site Netlog identified a data breach of their systems dating back to November 2012 (PDF). Although the service was discontinued in 2015, the data breach still impacted 49 million subscribers for whom email addresses and plain text passwords were exposed.
Passwords in this breach were reportedly stored in plaintext.
Netlog, a Belgian social networking site that shut down in 2015, suffered a breach of subscriber data dating back to November 2012 that the company itself identified in July 2018 — roughly six years after the compromise — and disclosed to users and regulators. The exposed data covered about 49 million subscribers and consisted of email addresses and passwords. Notably, the passwords were stored in plain text, so the leaked credentials were immediately usable without any cracking effort.
What data was exposed
The following types of personal data were compromised:
- Email addresses
- Passwords
Breach details
| Detail | Value |
|---|---|
| Breach name | Netlog |
| Date | November 1, 2012 |
| Accounts affected | 49,038,354 |
| Domain | netlog.com |
This summary is compiled from public breach-notification data and known leak databases. Figures reflect what those sources report and may be revised as more is learned. If something here looks wrong or you think your information is involved, contact our support team.
We report breaches as a factual record to help people check their exposure. Inclusion here is not an allegation of wrongdoing or negligence by Netlog; it reflects a publicly reported security incident.
What to do now
Based on the data exposed in this breach, here are the steps you should take:
- If you reused your Netlog password anywhere else, change it on those accounts immediately — the plain-text storage means the exact password was exposed and directly usable.
- Enable two-factor authentication on your email and any accounts that shared the leaked credentials.
- Treat the exposed email address as a phishing and credential-stuffing target; be cautious of login-prompt or password-reset messages, especially those referencing old accounts.
Check your exposure
Data breaches are one of the ways your personal information ends up on data broker sites. Run a free scan to see which sites are exposing your personal data — and take action to remove it.
Sources
- Have I Been Pwned: Netlog Data Breach
- Netlog Security Incident — Communication to Users (California OAG)
Find out what data brokers know about you
Run a free scan to see which sites are exposing your personal information — name, phone, address, email, and more.
Start your free scan →