Atmeltomo, a Japanese email-friend and pen-pal service at atmeltomo.com, has a 2021 data leak indexed by leaksear.ch with 579,885 records containing emails, usernames, IP addresses, profile details, optional birthdates, and unsalted MD5 password hashes (leaksear.ch metadata). The breach date in the index is April 16, 2021 (leaksear.ch metadata), the same date listed by Mozilla Monitor, which says the breach was added to its database on August 22, 2023 (monitor.mozilla.org).
What happened
Public reporting describes Atmeltomo as a Japanese e-mail friend search service. Have I Been Pwned says the data was later sold on a popular hacking forum and described the public breach set as 1.3 million records with about 580,000 unique email addresses, plus usernames, IP addresses, and unsalted MD5 password hashes (haveibeenpwned.com).
SOCRadar reported that on August 25, 2022, an announcement in a hacker forum it monitors advertised a leaked Atmeltomo database containing 1.3 million users' information, and RedPacket Security republished HIBP's August 2023 Atmeltomo breach notice (socradar.io, redpacketsecurity.com). None of the cited public sources or the supplied metadata identify the initial access path, so leaksear.ch is not attributing this to ransomware, scraping, a third-party compromise, or a misconfigured system (leaksear.ch metadata) (haveibeenpwned.com, socradar.io).
What data was exposed
leaksear.ch indexed the Atmeltomo leak with searchable fields for date of birth, email, hashed password, IP address, name, and username (leaksear.ch metadata). The records also include non-searchable context fields for bio text, registration date, stated location or from field, interests, and occupation (leaksear.ch metadata).
Have I Been Pwned and Mozilla Monitor publicly list email addresses, IP addresses, passwords, and usernames as compromised, while HIBP's description specifies unsalted MD5 password hashes (haveibeenpwned.com, monitor.mozilla.org). No raw leaked records or sample values are included here.
Why this matters
The exposed fields create practical risks rather than only account-reset risk: email and username pairs can help attackers target credential-reuse attempts, while IP addresses, locations, birthdates, and profile text can make phishing more credible. Unsalted MD5 hashes are especially sensitive because OWASP recommends unique salts and slow password hashing algorithms, and describes MD5 as a less secure legacy hash that should be upgraded (cheatsheetseries.owasp.org). Individuals who reused an Atmeltomo password elsewhere should change those passwords and enable MFA, and security teams should watch for targeted lures using Atmeltomo profile details. To check whether your data is in this leak, search your own identifiers, such as email or username, through the leaksear.ch exposure check.
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include date of birth, email, hashed password, ip address, name, and username.