leaksear.ch has indexed Bell Canada (2017), a 1,838,360-record dataset tied to the May 15, 2017 breach of Bell's notifications system and containing customer emails, usernames, and hashed passwords (leaksear.ch metadata). Bell Canada is Canada's largest communications company, and its May 15 notice said an anonymous hacker illegally accessed customer information including about 1.9 million active email addresses and about 1,700 names and active phone numbers (www.newswire.ca).
What happened
Bell publicly disclosed the incident on May 15, 2017, saying the accessed information contained email addresses, customer names and/or telephone numbers. The company said it had no indication that financial, password, or other sensitive personal information was accessed, that the incident was not connected to WannaCry, and that it was working with the RCMP cyber crime unit and had informed the Office of the Privacy Commissioner (www.newswire.ca).
Public reporting said an attacker posted some data online and threatened to release more if Bell did not cooperate. The Hacker News described the episode as an apparent extortion attempt, while noting the identity and requested cooperation were unconfirmed; iPhone in Canada later reported that Bell's spokesman told Reuters a payment demand had been made and not paid (thehackernews.com, www.iphoneincanada.ca).
The public sources reviewed do not establish the intrusion method. The leaksear.ch metadata identifies the indexed subset as from Bell's notifications system (leaksear.ch metadata).
What data was exposed
The indexed dataset contains email, username, and hashedPassword as searchable pivots (leaksear.ch metadata). It also stores alert settings and account-state context, including desktop and email alert flags, threshold flags, created and last modified timestamps, language, active status, IDs, and related notification fields (leaksear.ch metadata).
Have I Been Pwned's Bell breach page lists email addresses, usernames and passwords among compromised data in the broader 2017 Bell entry, while also describing more than 2 million unique email addresses and other categories such as survey results; that public breach view is broader than the 1,838,360-record leaksear.ch index described here (haveibeenpwned.com). Bell's contemporaneous statement reported about 1.9 million active email addresses and about 1,700 names and active phone numbers, but said at the time it had no indication passwords or financial data were accessed (www.newswire.ca).
Why this matters
Email addresses and usernames tied to a telecom provider are useful phishing pivots, and password hashes create credential risk if weak or reused passwords can be matched elsewhere. For security teams, this leak is a credential-exposure and user-awareness signal: reset any reused Bell-related passwords, watch for targeted Bell-themed messages, and do not share payment-card or account details in response to email requests. Bell's own notice reminded customers that Bell would not ask for credit-card or other personal information by email (www.newswire.ca). Readers who want to check whether they are in this leak should search the Bell Canada (2017) entry on leaksear.ch using an email address or username.
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include email, hashed password, and username.