A threat actor has claimed responsibility for an alleged breach involving ReferralRock, a U.S.-based referral marketing and ambassador platform used by businesses to manage customer referral programs, affiliate campaigns, and incentive systems.
The actor claims the incident exposed more than 11 million records spread across approximately 1,947 CSV files totaling roughly 5 GB of data.
According to the post, the allegedly compromised data includes customer names, email addresses, phone numbers, payout information, referral analytics, IP addresses, business metadata, and internal program tracking records tied to referral and ambassador campaigns.
Sample records reviewed by BreachNews appeared structurally consistent with referral marketing platform exports and included fields associated with referral URLs, ambassador programs, social sharing metrics, recruiter attribution, payout methods, and referral activity tracking.
The leaked data also allegedly contains payout-related fields referencing PayPal and Wise payment workflows alongside customer engagement metrics and marketing attribution data.
Healthcare and ambassador program data appeared in samples
Several sample entries referenced ambassador and influencer programs connected to healthcare and education-related campaigns, including student ambassador initiatives and referral tracking workflows.
Additional sample records appeared to contain visitor analytics data, referral source tracking, IP addresses, recruiter assignments, and customer engagement statistics typically associated with referral and affiliate management platforms.
The structure of the leaked files suggests the alleged dataset may include exports from multiple customer environments or referral campaigns managed through the platform.
While the actor framed the incident as a direct compromise of ReferralRock infrastructure, it remains unclear whether the data allegedly originated from the company itself, a connected customer environment, exposed backups, administrative access, or a third-party integration tied to the platform.
Potential downstream customer exposure raises concerns
The alleged breach could create downstream exposure risks for organizations using ReferralRock to manage ambassador, referral, and customer acquisition campaigns.
Because referral marketing platforms often centralize customer contact information, analytics, payment workflows, and campaign tracking data across multiple organizations, a compromise of that ecosystem could potentially affect numerous downstream businesses and users simultaneously.
Some records reviewed by BreachNews also appeared to contain recruiter attribution fields, campaign metadata, and referral URLs capable of revealing internal marketing structures and customer acquisition workflows.
The exposure of payout email addresses, customer contact data, and engagement analytics could additionally increase phishing and impersonation risks if the dataset is authentic.
The incident follows a broader wave of breaches and supply-chain style exposures affecting cloud platforms, SaaS providers, and centralized business tooling ecosystems.
BreachNews recently covered another platform-related exposure involving Lightning AI internal repositories allegedly leaked online as attackers increasingly target services with downstream customer access.
The alleged ReferralRock dataset also reflects growing concerns around centralized business platforms that aggregate large volumes of customer, operational, and analytics data across many organizations.
At time of publication, ReferralRock had not issued any public statement regarding the alleged breach.
BreachNews has not independently verified the full dataset or confirmed whether ReferralRock systems were directly compromised.
