leaksear.ch has indexed 11,086,214 records tied to Australian airline Qantas and a July 2, 2025 breach of a third-party Salesforce-based customer service platform, with names, contact details and loyalty data present in the dataset (leaksear.ch metadata). Qantas said its investigation found 5.7 million unique customers in the compromised system after duplicates were removed (www.qantasnewsroom.com.au).
What happened
Qantas said a cybercriminal targeted one of its contact centres and gained access to a third-party customer servicing platform. The airline said the affected system was contained, Qantas operations and airline safety were not affected, and roughly 6 million customers had service records in the platform while the investigation was still underway (www.qantasnewsroom.com.au).
The leak-source metadata identifies the incident as the July 2025 ShinyHunters attack on a third-party Salesforce-based customer service platform used by Qantas (leaksear.ch metadata). Public reporting is more cautious on the platform attribution: BleepingComputer reported that Qantas was among Salesforce-related data-theft attacks linked to the ShinyHunters brand, while Google Threat Intelligence Group described related UNC6040 and UNC6240 activity as Salesforce-focused vishing, data theft and extortion in which actors claimed to be ShinyHunters (www.bleepingcomputer.com, cloud.google.com). Salesforce has said these social-engineering attacks targeted customer environments and were not due to a known vulnerability in the Salesforce platform (www.salesforce.com).
On July 17, 2025, Qantas said it had obtained an interim injunction in the NSW Supreme Court intended to prevent the stolen data from being accessed, released or used (www.qantasnewsroom.com.au). Qantas later said data from the July incident had been released by cybercriminals and that it was investigating what was included in that release (www.qantasnewsroom.com.au).
What data was exposed
The searchable fields in the leaksear.ch index are country, date of birth, email, name and phone (leaksear.ch metadata). Other record fields indicate the dataset can also contain addresses, frequent flyer numbers, frequent flyer tier details, points balances, status credits, gender, meal and seat preferences, travel interests, business contact details and CRM account attributes (leaksear.ch metadata). Qantas said exposed fields varied by customer and reconfirmed that credit card details, personal financial information, passport details, Frequent Flyer account access, passwords, PINs and login details were not accessed in the compromised system (www.qantasnewsroom.com.au).
Why this matters
The main risk is targeted phishing, phone scams and customer-service impersonation. Names, emails, phone numbers, loyalty identifiers, tiers and travel preferences can make Qantas-themed lures more credible, while dates of birth and addresses raise identity-verification risk for the subset of customers whose records included them. Qantas warned customers to remain alert for emails, texts or calls claiming to be from Qantas and said it would not ask for passwords, booking reference details or sensitive login information (www.qantasnewsroom.com.au, www.qantasnewsroom.com.au). If you may have been affected, use the check below to search the indexed Qantas leak by email, name, phone, date of birth or country.
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include country, date of birth, email, name, and phone.
Sources
- Qantas Newsroom: Qantas Cyber Incident
- Qantas Newsroom: Update on Qantas Cyber Incident, Wednesday 9 July 2025
- Qantas Newsroom: Update on Qantas Cyber Incident, Thursday 17 July 2025
- Qantas Newsroom: Update on July Cyber Incident
- BleepingComputer: ShinyHunters behind Salesforce data theft attacks at Qantas, Allianz Life, and LVMH
- Google Cloud: The Cost of a Call: From Voice Phishing to Data Extortion
- Salesforce: Protect Your Salesforce Environment from Social Engineering Threats