Published June 19, 2025 
read
Eye4Fraud data breach: what happened and what you should do to protect your information
Unlike many other security incidents we covered on our blog, the Eye4Fraud data breach won’t alarm many readers. This is simply because the company isn’t widely known, not because the breach is less serious.
Ironically, Eye4Brech is a business-to-business service that helps retailers fight off cybercrime. The company suffered a major data breach in 2023, and it affected approximately 16 million people without them even knowing it.
Today’s article will discuss what is Eye4Fraud data breach, which companies were affected, and what information was exposed. We will also break down what you can do to protect your personal and financial information moving forward.
What is Eye4Fraud and why may it have your data?
Many people affected by the Eye4Fraud breach have never even heard of it. This company, as the name suggests, is a fraud prevention service for e-commerce businesses. Then, how did Eye4Fraud get my information? you may ask.
Sharing your personal and financial information with an online platform might also disclose it to its third-party vendors. We’ve seen this in other breaches. Remember the third-party tracking technologies that collected patient information on Kaiser Permanente’s website?
Similarly, Eye4Fraud collects data on the checkout pages of various retail websites to verify that the transactions are legitimate. If you’ve made a purchase from a store that uses Eye4Fraud, your personal info may have been compromised.
What we know about the Eye4Fraud data breach
H3: When did the breach happen?
The Eye4Fraud hack happened in January 2023 and affected approximately 16 million people. The company learned about the incident in February 2023.
What data was exposed?
We provide fraud protection services for e-commerce merchants, who provide us with limited information about transactions. We do not collect sensitive personal information about individuals like account passwords or full payment card numbers in the course of providing our services.
So, what data did the Eye4Fraud data breach expose? Basically, the info you fill out to make an online purchase.
- Your email address, full name, street address, and phone number
- Partial credit card details (the last four digits and card type)
- Your IP address and bcrypt-hashed password
How did the data breach occur?
The security incident happened as cybercriminals gained access to an unprotected S3 bucket. The info, totaling 65 GB of information, was later posted on the dark web.
An S3 bucket is a virtual file storage unit hosted by Amazon Web Services (AWS). Although Amazon systems have never been breached, their customers are responsible for implementing appropriate security measures. Most likely, Eye4Fraud didn’t protect their S3 bucket with a strong password and failed to monitor it regularly.
How did Eye4Fraud respond?
Eye4Fraud collaborated with external cybersecurity experts and law enforcement to investigate the incident. They looked for weak points in its systems and worked on implementing stronger cybersecurity defenses.
The public handling of the situation wasn’t as successful. An ex (trial) user, Abstract Ocean, contacted them directly about the breach, asking for more information. Eye4Fraud didn’t respond to this request for clarification, or any other.
After a month-long period of complete silence, the company posted a brief statement on its website. The lack of transparent reporting brought Eye4Fraud a bunch of criticism.
What companies use Eye4Fraud and were you impacted?
You might be wondering what companies use Eye4Fraud, and if you’ve shopped on any of those platforms. Check out this list of affected businesses put together by Troy Hunt, the founder of HaveIBeenPwned.com.
If you’re still in doubt, visit the platform he created—HaveIBeenPwned.com—a free database compiled to check if an email address has been exposed in a past data breach, including the Eye4Fraud incident. You can also enable Google’s dark web alerts to get a notification if your personal information has been leaked, or find another dark web monitoring tool to your liking here.
What to do if you think your data was exposed in the Eye4fraud data breach
Let’s move on to the most prominent aspect of the Eye4fraud data breach: what to do if you think you might have been affected?
Change passwords immediately
The first step towards securing your accounts is changing your passwords, especially if you have a habit of reusing a password across different platforms. Obviously, you should change the password associated with the retail platform, but don’t forget about your email account and banking applications.
The new password should be complex and unique. You can make this process easier by using a password manager to come up with a strong password and memorize it for you.
Turn on two-factor authentication
Fraudsters will get creative in finding ways to breach a poorly secured account, but it’s a lot more difficult when two-factor authentication (2FA) is on. 2FA is an additional login step that requires a code sent to you as a text or email.
For extra safety, use a 2FA app such as Google Authenticator. These apps minimize the risk of hacking through a compromised email account or SIM hijacking.
Watch for fraud and phishing attempts
Victims of a data breach often see an increase in phishing and fraud attempts after the incident. These might come in the form of emails, messages, and calls. Always take a pause and think before clicking on any links or revealing your sensitive information.
Remember, hackers can make phishing attempts appear completely legitimate. But your bank and other service providers will never ask you to disclose sensitive information over a phone call or email. If you receive an offer that seems too good to be true, it probably is.
Monitor financial activity
It’s easy for small charges to go unnoticed. Fraudsters sometimes make tiny test purchases before attempting to drain your account or open credit in your name. Being extra vigilant with your finances may give you the advantage of time.
Make it a habit to carefully go over your bank and credit card statements every week or so. Take note of any charges that you don’t recognize and report them to your financial institution. If you don’t already use banking push notifications or texts, enable them right away.
How Onerep helps protect your privacy after a breach
Why breached data + public data is a dangerous combo?
Having your personal information exposed in the Eye4Fraud data breach poses enough of a security risk already. Why would public data be a problem?
The more details bad actors can dig out about you, the more vulnerable you become to targeted phishing attacks, elaborate social engineering scams, and even ID theft. Hackers often combine leaked data with publicly available information to build a detailed profile or their target, allowing them to convincingly trick the unsuspecting victims into handing over funds, take loans in their name, open new lines of credit or hijack existing accounts.
What Onerep does
Onerep specializes in detecting your info on data broker websites that expose it on the public web for a small fee, and getting it removed. We know you can do all this by yourself, but Onerep makes the entire process easier and quicker.
We also ensure your data stays off data brokers and search engines like Google. What often happens with data broker websites is that they take down your information when you send the opt-out request, but post it again after some time. Onerep regularly scans these sites and removes your data if it reappears.
How this helps Eye4Fraud breach victims
People who maintain their online privacy are more likely to stay under the scammers’ radar. Keeping your data away from data broker websites after the Eye4Fraud hack may protect you from future profiling, impersonation, and other forms of exploitation.
Frequently asked questions
What companies use Eye4Fraud?
Many online shopping platforms have used Eye4Fraud services, both large and small boutique shops. The list includes retailers in the automotive, camera, electronics, outdoor, baby equipment, home décor, cosmetics, and firearms industries. For example, Beach Camera, Outdoor Limited, and NatashaDenona. The list goes on and on. You can view it here.
Was Eye4Fraud hacked?
Yes, the Eye4Fraud breach was a result of a cyberattack. Hackers accessed a poorly secured AWS S3 bucket that the company was using and exposed sensitive information of approximately 16 million people.
What should I do if I get a breach alert?
If you get a breach alert, make sure to calm down and take steps to secure your accounts: change your passwords, enable 2FA, keep track of your financial reports, and don’t fall for phishing attempts.
Final thoughts
The Eye4Fraud data breach showcases what we’ve already known: anyone can fall victim to cybercrime, even those who specialize in cybersecurity. Still, we can learn a couple of things from this situation:
- Organizations should focus on proper access management and encrypt their data.
- After a breach, companies need to be transparent in communication and notify the affected users without delay.
Shopping online, just like sharing any other personal information on the internet, may bring about certain risks. You cannot control what happens with your information online, but you can take proactive steps to protect your privacy and finances.
Mikalai is a Chief Technical Officer at Onerep. With a degree in Computer Science, he headed the developer team that automated the previously manual process of removing personal information from data brokers, making Onerep the industry’s first fully automated tool to bulk-remove unauthorized profiles from the internet.