- A bad actor is selling a purported database of YouNow user records from 2026, claiming it contains 22 million new accounts.
- The user data up for grabs on the dark web seems to have emails, names, IPs, and socials.
- If this is true, it’d be the third time the social platform had a big security problem; the same thing happened in 2017 and 2019.
A new data leak claim has surfaced involving the social streaming site YouNow. This is not the platform’s first security rodeo, not by a long shot.
The allegation points to a potential treasure trove of user data hitting the dark web. If true, it continues a worrying pattern for the company and its users.
Details of the Alleged Leaked Data Sample
A threat actor who goes by the pseudonym “victim” posted a database tagged YouNow U2026 for sale on some dark web forum on January 1.
The seller claims the dump contains 22 million user accounts. They say all records are new and were not part of previous leaks. The advertised data is extensive. It includes user email addresses and real names when linked to Google or Facebook.
Also listed are account creation dates, last logins, and country locations. IP addresses, connected social media IDs, and device information are reportedly for sale, too. The status of this leak is currently unverified. Cybersecurity analysts are reviewing the claim.
YouNow hasn’t said anything about this claim yet. But based on what’s happened before, people using the site might want to be careful.
Previous YouNow Security Stumbles
This recent mess is like YouNow’s past security slip-ups. Back in July 2017, they had a major whoopsie. Over 40 million user accounts were out in the open, including names, usernames, IP addresses, and emails. Good thing passwords aren’t among what was exposed. YouNow used third-party social media authentication at the time.
So, YouNow got hit again in 2019. This hacker, who was stealing like excited from tons of places, went after them. Tons of YouNow user records, like IP addresses, names, usernames, social media profiles, including 18.2 million email addresses, were compromised in this hack. It was just part of a bigger attack that hit 16 sites.
The YouNow people said that they didn’t keep any passwords stored. The exposed data was still highly sensitive for user privacy.
The failure to break this cycle of breaches is an industry-wide issue, starkly demonstrated by events like the massive Coupang data leak in South Korea, which showed how quickly stolen data can permeate the dark web and amplify threats for millions.
Implications for YouNow and Its User Base
Recurring breaches shake user trust to its core. People expect platforms to learn from past mistakes and bolster their defenses. For users, each leak increases long-term risk. Exposed data like emails and names never expires.
Crooks are using it to pull off those super-specific phishing scams and steal people’s identities. They’re mixing old info with fresh leaks to create really detailed profiles on people.
This cycle of data theft and extortion forms the core of the modern dark web economy, where everything from social media profiles to highly sensitive financial documents, such as the 80,000 Money Mart files recently threatened with leak by a ransomware gang, is commodified.
For YouNow, the reputational damage is mounting. The company now faces proving its security measures are truly robust. If you’ve ever used this platform, whether now or sometime in the past, keep your eyes out there, watch out for any weird emails asking for your info.
And now’s the time to get serious about passwords. Make sure they’re strong and different for every account you have online. This recent mess is a big wake-up call that what we do online sticks around forever.
