leaksear.ch has indexed 1,852,880 Bonobos customer account records tied to an August 2020 breach of the US men’s apparel retailer (leaksear.ch metadata). The indexed data includes emails, names, phone numbers, postal addresses, IP addresses, usernames, and salted SHA-512 password hashes (leaksear.ch metadata).
What happened
Public reporting from January 2021 said a Bonobos database backup was downloaded by a threat actor from an external cloud environment, and that Bonobos stated it had not found evidence of unauthorized access to its internal corporate systems (www.bleepingcomputer.com). BleepingComputer reported that ShinyHunters later posted the full Bonobos database to a hacker forum, describing it as a roughly 70 GB SQL file containing internal website tables and customer-related data (www.bleepingcomputer.com).
Have I Been Pwned lists the Bonobos breach as occurring in August 2020 and says the broader breach corpus contained 2.8 million unique email addresses, along with names, physical and IP addresses, phone numbers, order histories, salted SHA-512 password hashes, historical passwords, and partial credit-card data (haveibeenpwned.com). The leaksear.ch index described here is scoped to 1,852,880 customer account records (leaksear.ch metadata).
What data was exposed
The leaksear.ch indexed Bonobos records include account and contact fields: email addresses, usernames, names, phone numbers, postal addresses, country values, IP addresses, and hashed passwords (leaksear.ch metadata). The password material in this indexed dataset is described as salted SHA-512 password hashes, not plaintext passwords (leaksear.ch metadata).
Additional stored fields in the indexed records include account activity and system metadata such as city, state, ZIP code, sign-in counts, sign-in timestamps, current and last sign-in IPs, password reset timestamps and tokens, remember tokens, salts, address IDs, store IDs, and related internal identifiers (leaksear.ch metadata). These fields provide context inside the stored records but are not all direct search pivots on leaksear.ch (leaksear.ch metadata).
Why this matters
The combination of contact details, IP addresses, account history, and password hashes can support targeted phishing, account-recovery scams, and credential-stuffing risk if affected users reused passwords elsewhere. Bonobos customers should be especially cautious with messages referencing past orders, address details, password resets, or payment issues, because public reporting said the broader database included order and partial card-related information (haveibeenpwned.com, www.bleepingcomputer.com). Anyone who created a Bonobos account should check whether their email address, username, phone number, name, or address appears in this leak.
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include address, country, email, hashed password, ip address, name, phone, and username.