Flywell Bowling, a Pakistan-based manufacturer and exporter whose public site lists bowling accessories, bowling bags, bowling gloves, golf products, and mechanic gloves, is tied to a small leak indexed by leaksear.ch (www.flywellbowling.com.pk). The dataset contains 14 records and includes names, usernames, email addresses, phone data, addresses, countries, and hashed passwords, with a listed breach date of December 31, 2024 (leaksear.ch metadata).
What happened
leaksear.ch metadata identifies a Flywell Bowling breach dataset indexed on May 24, 2026, with 14 records and a breach date of December 31, 2024 (leaksear.ch metadata). The metadata does not identify an intrusion method, threat actor, vulnerable system, or whether the records originated from an account system, contact form, inquiry workflow, or another source.
Public pages reviewed for this article confirm Flywell Bowling's web presence, product categories, and contact page, including a Sialkot, Pakistan address and company contact information (www.flywellbowling.com.pk, www.flywellbowling.com.pk). No public incident report or breach notice was found during verification, so the exposure mechanism should be treated as unconfirmed.
What data was exposed
The indexed records contain account and contact data: names, usernames, email addresses, phone numbers, mobile numbers, physical addresses, countries, and hashed passwords (leaksear.ch metadata). The metadata also includes a source_table field as record context, but it is not listed as a searchable pivot (leaksear.ch metadata).
The searchable fields for this leak are address, country, email, hashedPassword, name, phone, and username (leaksear.ch metadata). The presence of hashed passwords does not mean raw passwords were exposed in the index, but password hashes can still create risk if they are weakly protected or reused across accounts.
Why this matters
Even at 14 records, the combination of names, emails, usernames, phone numbers, and addresses can support targeted phishing, impersonation, and account-recovery abuse. Affected individuals should change any reused passwords associated with the exposed email or username and enable multi-factor authentication where available. Security teams should treat the hashed password field as a credential-risk signal and review related accounts for reuse, suspicious login activity, or contact-data misuse.
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include address, country, email, hashed password, name, phone, and username.