Woflow, an AI-driven merchant data platform, had data on approximately 447,593 accounts exposed after the ShinyHunters extortion group published files allegedly stolen from the company in March 2026.
What happened
According to Have I Been Pwned, in March 2026 the ShinyHunters data extortion group named Woflow as a victim and subsequently published tens of thousands of files allegedly taken from the company. The leaked data reportedly exceeded 2TB in total size.
What was exposed
As reported by HIBP, the published files contained hundreds of thousands of records including email addresses, names, phone numbers, and physical addresses. The data appears to relate to Woflow's own customers as well as the customers of merchants using Woflow's platform.
Who is affected
Approximately 447,593 accounts are listed as affected. Those impacted may include direct Woflow customers and, indirectly, end customers of merchants who rely on Woflow's AI-driven merchant data services.
What to do now
If you have used Woflow or a merchant platform powered by Woflow, monitor your email and phone for phishing attempts or unsolicited contact. Be cautious of messages referencing your physical address, as that information may also be in circulation. Consider placing a fraud alert with the major credit bureaus if you are concerned about misuse of your personal details.