What happened
According to public breach records, the QIP data breach on June 1, 2011 is reported to have exposed the personal information of 26,183,992 accounts.
In mid-2011, the Russian instant messaging service known as QIP (Quiet Internet Pager) suffered a data breach. The attack resulted in the disclosure of over 26 million unique accounts including email addresses and passwords with the data eventually appearing in public years later.
In mid-2011, the Russian instant-messaging service QIP (Quiet Internet Pager) was breached, exposing user records covering 2009-2011 that included email addresses, usernames, website activity and passwords. The credentials were stored in plaintext with no hashing or encryption, so the exposed passwords were immediately usable. The data did not surface publicly until 2016, when it was provided to breach-notification services, and it became a notable example of how years-old stolen credentials remained valuable for password-reuse attacks against other accounts. true
What data was exposed
The following types of personal data were compromised:
- Email addresses
- Passwords
- Usernames
- Website activity
Breach details
| Detail | Value |
|---|---|
| Breach name | QIP |
| Date | June 1, 2011 |
| Accounts affected | 26,183,992 |
| Domain | qip.ru |
This summary is compiled from public breach-notification data and known leak databases. Figures reflect what those sources report and may be revised as more is learned. If something here looks wrong or you think your information is involved, contact our support team.
We report breaches as a factual record to help people check their exposure. Inclusion here is not an allegation of wrongdoing or negligence by QIP; it reflects a publicly reported security incident.
What to do now
Based on the data exposed in this breach, here are the steps you should take:
- Change your QIP password immediately, and change it anywhere you reused the same or a similar password, since the passwords were exposed in plaintext.
- Enable two-factor authentication on any account that shared this password, especially the email address tied to your QIP account.
- Be alert for phishing or spam targeting your exposed email address, and treat unexpected messages referencing old accounts with caution.
- Use a password manager to generate unique passwords so a single old leak can no longer unlock other services.
Check your exposure
Data breaches are one of the ways your personal information ends up on data broker sites. Run a free scan to see which sites are exposing your personal data — and take action to remove it.
Sources
- Have I Been Pwned: QIP Data Breach
- Details of 33 Million Users Stolen in Old QIP Breach - SecurityWeek
Find out what data brokers know about you
Run a free scan to see which sites are exposing your personal information — name, phone, address, email, and more.
Start your free scan →