International law enforcement, coordinated through Europol and Eurojust, disrupted the SocGholish malware network on 18 June 2026, providing HIBP with approximately 154,000 affected email addresses and over 500,000 previously unseen passwords.
What happened
According to HIBP, on 18 June 2026, international law enforcement agencies launched the latest phase of Operation Endgame, targeting the SocGholish malware operation. The action was coordinated with support from Europol and Eurojust. Authorities remediated nearly 15,000 compromised websites and disrupted more than 100 servers and domains used to distribute malware.
What was exposed
As reported by HIBP, law enforcement provided approximately 154,000 impacted email addresses and more than half a million previously unseen passwords collected from the SocGholish operation. The passwords had not appeared in prior breach datasets known to HIBP.
Who is affected
Individuals whose devices or accounts were compromised through the SocGholish malware distribution network may be affected. The roughly 153,500 accounts in the HIBP dataset represent those for whom email addresses were recovered during the operation.
What to do now
Check your email address on HIBP to see if it appears in this dataset. If it does, change your passwords on any accounts where you reuse the same credentials, prioritizing email, banking, and other sensitive services. Enable multi-factor authentication wherever possible. Consider running a reputable malware scanner on your devices, as SocGholish is designed to compromise systems directly.