Quitbro Breach: 23K Accounts — Email Addresses Exposed

Overview

In February 2026, the personal wellness application Quitbro, developed by Plantake, allegedly suffered a data breach. The incident exposed information from approximately 22,874 user accounts. The company has not publicly acknowledged the breach or responded to inquiries regarding the incident. While no passwords or financial data were reported stolen, the exposed personal information is sensitive given the app’s purpose of supporting users with pornography addiction.

What Was Exposed

The breached data includes several types of personal information:

• Email Addresses: The primary contact point for each account.
• Years of Birth: This can be used to infer age.
• App Question Responses: Personal answers to questions within the Quitbro application.
• Last Recorded Relapse Time: A highly sensitive piece of behavioral data specific to the user’s journey.

Potential Impact

The overall severity of this breach is considered LOW in terms of immediate financial risk, as login credentials were not exposed. However, the nature of the exposed data creates significant privacy and personal security concerns.

The combination of an email address and year of birth can facilitate targeted phishing attacks or be used to attempt access to other accounts. The greatest risk stems from the exposure of deeply private information - the app responses and relapse data. This information could be misused for blackmail, targeted harassment, or could cause profound personal embarrassment and emotional distress if disclosed. Victims may face heightened anxiety over their private struggles being exposed.

Recommendations

If you have used the Quitbro app, you should take the following steps:

1. Be Vigilant Against Phishing: Treat all emails claiming to be from Quitbro, Plantake, or related wellness services with extreme caution. Do not click on links or open attachments in unsolicited messages. Legitimate companies will not ask for sensitive details via email.
2. Use a Unique Password: Even though passwords were not part of this breach, ensure your Quitbro account uses a password that is not reused anywhere else. Consider using a password manager.
3. Monitor for Harassment: Be aware that your email could receive unwanted, targeted communication due to the sensitive context of the breach. Do not engage with malicious messages.
4. Consider Account Deletion: Given the lack of response from Plantake, you may wish to contact the company to request account deletion, though their responsiveness is uncertain. You can also remove the app and its data from your devices.

How to Check If You’re Affected

You can check if your email address was involved in this breach by visiting the free service Have I Been Pwned. Navigate to their website and enter your email address in the search bar. The service will inform you if your data was found in the Quitbro breach, along with many others. You can access the specific breach entry directly here: https://haveibeenpwned.com/Breach/Quitbro.