Breach Database / Descomplica
Yes — Descomplica was breached.
- 4.8 million accounts affected
- Breach occurred 2021-03-14 · descomplica.com.br
- Verified entry in the Have I Been Pwned catalog
What happened
In March 2021, the Brazilian EdTech company Descomplica suffered a data breach which was subsequently posted to a popular hacking forum. The data included almost 5 million email addresses, names, the first 6 and last 4 digits and the expiry date of credit cards, purchase histories and password hashes.
What data was exposed
- Email addresses
- Names
- Partial credit card data
- Passwords
- Purchases
What to do right now
- Change your password for this service now. And change it anywhere you reused the same password — attackers try leaked passwords on other sites within hours ("credential stuffing").
- Turn on two-factor authentication. Even a leaked password is useless against an account protected by a second factor. Prefer an authenticator app over SMS.
- Watch your card and bank statements. Set up transaction alerts, and consider a card freeze or replacement if the exposure included full card numbers.
- Expect convincing phishing emails. Attackers use breached details to write personalized emails. Be suspicious of any message referencing this service.
- Check your other accounts on Have I Been Pwned. Your email address may appear in other breaches you don't know about yet.
- Monitor the apps you use going forward. Clearly watches the breach record for the companies behind your apps and alerts you the moment one appears.
Breach data from Have I Been Pwned. Listing here means the service appears in the public breach record — not that your personal data was affected.