Last updated 1 month ago
The Brazilian crowdfunding platform APOIA.se suffered a data breach affecting 451,000 unique user accounts. The company confirmed the incident in January 2026 after a database containing user information appeared on an online forum in December 2025. The breach exposed email addresses, names, and physical addresses of platform users.
The attack involved unauthorized access to the company's database, though the specific initial access vector remains unconfirmed. Attackers exfiltrated plaintext email addresses, full names, and residential or business addresses from the platform's user records. No financial data, authentication credentials, or payment information was confirmed as compromised in this incident.
APOIA.se acknowledged the breach through public notification in January 2026. The company has not disclosed specific containment measures or remediation milestones following the incident confirmation.
The APOIA.se breach demonstrates that crowdfunding platforms handling user addresses require robust database access controls and monitoring. The exposure of physical addresses alongside email identifiers creates significant privacy risks beyond credential compromise. The two-month gap between forum appearance and company confirmation suggests inadequate external threat intelligence monitoring for data leaks.
Sign in to join the discussion.
Company
Industry
Location
Disclosed
Records Affected
Attack Vector