Cyber Incident Victim: Pizap.com

The Pizap.com data breach was disclosed on December 31, 2020, when a data breach broker advertised stolen user records from 26 companies on a hacker forum. Among these, Pizap.com's database of 60 million user records was listed for sale alongside other high-profile breaches like Netlog.com (53 million records) and Fotolog.com (33 million records). The broker's forum post indicated Pizap.com's breach was previously known, with a hyperlink referencing BleepingComputer's prior coverage of a separate incident where 550 million records were sold collectively. This placement within a larger 368.8 million-record dataset suggested the Pizap.com breach occurred before December 2020, though no exact compromise timeline was specified in the broker's listing. The data's inclusion in this bulk sale indicated it had been circulating among threat actors prior to public disclosure.

BleepingComputer's investigation confirmed Pizap.com's breach was part of a recurring pattern where stolen databases were monetized through intermediaries. The broker priced datasets based on perceived value, though Pizap.com's specific asking price wasn't disclosed—unlike Teespring.com ($3,800-$4,000) or MyON.com ($2,800). No statement from Pizap.com regarding the breach was included in the article, contrasting with responses from MyON (confirmed breach without student data exposure) and Chqbook (denied breach). Historical context from linked articles showed Pizap.com's data had been marketed in earlier forum posts alongside Netlog and ModaOperandi breaches. The 60 million compromised records exposed users to credential-stuffing attacks and phishing risks, evidenced by Teespring users receiving malicious emails post-breach. BleepingComputer advised affected users to reset passwords but noted no independent verification of Pizap.com's dataset authenticity beyond the broker's claims.