LegionProxy, a commercial residential and ISP proxy network, suffered a data breach in April 2026 that exposed approximately 10,000 accounts including email addresses, names, bcrypt password hashes, and purchase records.
What happened
According to Have I Been Pwned, LegionProxy — a commercial residential and ISP proxy network — experienced a data breach in April 2026. The breach was disclosed publicly in May 2026.
What was exposed
According to HIBP, the incident exposed email addresses, names, bcrypt-hashed passwords, and purchase information for roughly 10,000 accounts. Passwords were stored as bcrypt hashes rather than plain text, which provides some protection.
Who is affected
Approximately 10,144 LegionProxy customers are affected. Anyone who held an account with the service at the time of the breach may have had their personal and purchase details exposed.
What to do now
If you had a LegionProxy account, change your password there immediately and on any other site where you used the same password. Although the passwords were hashed with bcrypt, hashed passwords can still be cracked over time. Review your purchase history for any unauthorized activity and be alert to phishing emails that may use your name or email address.