Kik.name, described in leaksear.ch metadata as a public Kik Messenger username-sharing site, was indexed from a leaked MySQL database dump containing 144,565 user profiles and carrying a breach date of February 14, 2018 (leaksear.ch metadata). The exposed records include usernames, email addresses, registration IP addresses, ages, genders, and location-related profile data (leaksear.ch metadata).
What happened
Leaksear.ch metadata identifies the incident as a leaked MySQL database dump from Kik.name, with no reporter or public reference links attached to the source record (leaksear.ch metadata). The metadata does not identify the exposure path beyond the dump itself, so ransomware, scraping, misconfigured storage, and threat-actor attribution should be treated as unconfirmed.
Public Kik documentation provides context for why usernames are sensitive in this dataset: Kik describes itself as an iOS and Android app for messaging, chatting, groups, and live streaming (help.kik.com). Kik also says usernames are unique, cannot be changed, and must be exact for another user to find an account in search (help.kik.com).
Kik warns that sharing a username or Kik Code publicly can make it visible to people the user does not know, who may then be able to message them (help.kik.com).
What data was exposed
According to leaksear.ch indexing metadata, the searchable fields for this leak are address, country, email, IP address, and username (leaksear.ch metadata). The records also include age, avatar, country name, dislikes, gender, internal ID, likes, post time, validated status, and view count as additional fields stored on records (leaksear.ch metadata).
That mix is notable because Kik says people a user has talked to in the app can see display name, username, and profile picture, but not email address, phone number, or birthday (help.kik.com). In this leak, email addresses and registration IP addresses appear alongside Kik-related profile data in the Kik.name records (leaksear.ch metadata).
Why this matters
Phishing risk is strongest where an attacker can pair a recognizable Kik username with an email address, age, gender, or location field and make a lure look personal. Registration IP addresses and location fields can also help correlate the profile with other leaked datasets or identify likely geography for social engineering. Individuals who used Kik.name or reused the same Kik username elsewhere should check this leak using the supported search fields, especially email, username, IP address, address, and country.
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include address, country, email, ip address, and username.