APOIA.se Breach: 451K Accounts Exposed

Overview

In December 2025, a database from the Brazilian crowdfunding platform APOIA.se was publicly posted on an online forum. The company confirmed the data breach in January 2026. This incident compromised the personal information of approximately 451,000 users. A data breach of this scale, involving direct identifiers and physical location data, is considered high severity. If you have ever supported a project or creator through APOIA.se, your information may be at risk.

What Was Exposed

The breached database contained several key pieces of personal information for each affected user:

• Email Addresses: The primary contact point and a common username for online accounts.
• Names: Both first and last names, which can be used to build a profile of an individual.
• Physical Addresses: The home or mailing addresses associated with user accounts.

While financial data like passwords or payment details were not listed in this exposure, the combination of data that was leaked is particularly sensitive and can facilitate targeted attacks.

Potential Impact

The exposure of this specific data combination significantly increases risks for affected individuals. Cybercriminals can use your name and email to craft highly convincing phishing emails or spam campaigns that appear legitimate. Knowing your physical address elevates the threat beyond the digital realm, potentially enabling targeted physical scams, identity theft, or harassment. This information can also be cross-referenced with data from other breaches to build comprehensive profiles for sale on the dark web, leading to an increase in unwanted communications and fraud attempts.

Recommendations

If you have an APOIA.se account, you should take the following steps to protect yourself:

1. Be Extremely Vigilant with Email: Treat all unsolicited emails with heightened suspicion, especially those asking for personal information, money, or login credentials. Do not click on links or open attachments from unknown senders.
2. Enable Two-Factor Authentication (2FA): Secure your email account and any other important accounts (especially financial) with 2FA. This adds a critical layer of security beyond just a password.
3. Monitor for Physical Scams: Be cautious of unexpected mail, doorstep scams, or verification attempts that reference your personal details.
4. Consider a Password Reset: Although passwords were not reported in this breach, it is a good security practice to use a strong, unique password for your APOIA.se account and for your primary email address.
5. Stay Informed: Monitor your accounts and personal information for any signs of suspicious activity.

How to Check If You’re Affected

The breach has been added to the widely respected service “Have I Been Pwned.” You can easily check if your email address was involved in this incident.

1. Visit the website: https://haveibeenpwned.com
2. Enter your email address in the search bar.
3. Review the results. If your email was compromised in the APOIA.se breach, it will be listed among any other breaches your data has appeared in. This service is safe to use and recommended by security professionals.