A dataset indexed by leaksear.ch exposes 89,889 Click.org user account records, including contact details, IP addresses, plaintext passwords, and MD5-hashed passwords (leaksear.ch metadata). Click.org describes itself as a click tracking, URL shortening, redirection, and marketing optimization service for online marketers (click.org, click.org).
What happened
leaksear.ch metadata lists the breach date as April 16, 2021 and identifies the exposed dataset as Click.org user account records (leaksear.ch metadata). Public Click.org pages reviewed for this article describe the service and its hosted account model, but do not establish how the dataset became exposed (click.org).
No public source reviewed for this article confirms whether the exposure resulted from ransomware, scraping, a misconfigured system, a third-party compromise, or another incident type. The exposure mechanism should therefore be treated as unconfirmed.
What data was exposed
The indexed records include email addresses, usernames, names, IP addresses, postal addresses, phone numbers, countries, plaintext passwords, and MD5-hashed passwords (leaksear.ch metadata). The dataset also contains account, subscription, profile, payment, and integration-related fields, including company and role details, plan and subscription attributes, PayPal email/payment method labels, Stripe subscription identifiers, transaction/payment attributes, account-status flags, verification-related fields, API key fields, token fields, and profile metadata (leaksear.ch metadata).
Click.org publicly describes features that involve tracking links, clicks, conversions, email opens, campaign data, IP addresses, country of origin, browser type, operating system, and real-time reporting for marketing campaigns (click.org, click.org). That context matters because exposed account and subscription data may identify marketers, affiliates, businesses, and campaign operators tied to the service.
Why this matters
The presence of plaintext passwords means affected users should treat the listed credentials as fully exposed, especially if the same password was reused on email, advertising, affiliate, payment, or SaaS accounts. MD5-hashed passwords should also be treated as high risk, because password hashes in a leak can become a credential-reuse and account-takeover problem when paired with emails and usernames. Contact details, IP addresses, subscription records, and payment-related identifiers can support targeted phishing, support-desk impersonation, and fraud attempts against Click.org users or their businesses. If you used Click.org, check whether your email, username, phone number, address, IP address, or password appears in this leak and rotate any reused credentials immediately.
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include address, country, email, hashed password, ip address, name, password, phone, and username.