Brinztech Alert: The Alleged Database of Affirm is on Sale

Dark Web News Analysis

The dark web news reports a massive data breach involving Affirm, one of the leading “Buy Now, Pay Later” (BNPL) financial services. A threat actor on a hacker forum is selling a database allegedly containing 26,702,116 records.

The compromised data totals 1.9GB and includes Full Names, Phone Numbers, Street Addresses, Cities, States, Zip Codes, and unspecified “Identifiers” (potentially Account IDs). The breach date is listed as January 23, 2026—just days ago—indicating this is a fresh extraction. The asking price is $14,000 for the whole set, or broken down at $700 per million records, with the seller claiming the data is updated after each sale.

Key Cybersecurity Insights

Breaches of Fintech and BNPL providers are high-stakes events because they bridge the gap between retail shopping data and credit reporting:

• Synthetic Identity Fraud: The sheer volume (26 million) and nature of the data (Names + Physical Addresses) make this a goldmine for Synthetic Fraud. Attackers combine this real data with fake Social Security numbers to create “Frankenstein” identities, opening new lines of credit that go undetected for months.
• Targeted BNPL Phishing: Affirm users often manage multiple small loans simultaneously. Attackers can use the Phone Numbers and Names to send urgent texts: “Affirm: Your payment of $45.00 for your recent purchase has failed. Pay now to avoid late fees.” Because the user likely does have an active loan, the success rate of this “Smishing” is incredibly high.
• The “Identifier” Risk: The leak includes “Identifiers.” If these are internal Account IDs, attackers could use them to manipulate customer support or attempt to reset accounts by claiming they are the legitimate owner, citing the ID as proof of identity.
• Scraping vs. Breach: The low price ($14k for 26M records) might suggest this is “enriched” scraped data rather than a deep core banking hack. However, even scraped data facilitates massive fraud campaigns.

Mitigation Strategies

To protect financial health and credit scores, the following strategies are recommended:

• Credit Freeze: Given the scale of PII exposure, Affirm users should immediately Freeze their Credit with the three major bureaus (Experian, TransUnion, Equifax). This is the only way to stop synthetic accounts from being opened in their name.
• Scam Awareness: Users must be warned that Affirm will never ask for immediate payment via a text message link. All payments should be handled strictly through the official app.
• Account Audit: Users should log in to their Affirm account to check for any unauthorized loans or “pending” applications they did not initiate.
• MFA Enforcement: Ensure Multi-Factor Authentication is enabled on the Affirm account to prevent account takeovers using the leaked data.

Secure Your Business with Brinztech — Global Cybersecurity Solutions

Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback?

For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com