A threat actor is advertising the alleged sale of what they claim is a database belonging to OfferUp, the U.S.-based online marketplace for buying and selling goods locally. The seller claims the dataset contains between 20 million and 25 million user records spanning the platform’s history through 2025.
The listing was posted on June 6, 2026, by a newly registered forum account with limited posting history. While the samples provided appear extensive and structured, BreachNews has not independently verified the authenticity of the data and OfferUp had not issued any public statement at time of publication.
The seller describes the dataset as a complete user database and claims it contains account information, profile records, device data, and authentication-related information. The listing is being offered for sale for $550.
Samples suggest extensive user information
According to the threat actor, the alleged database includes multiple datasets containing account and profile information. Sample records provided in the listing appear to reference user account identifiers, email addresses, phone numbers, usernames, account status information, signup metadata, and activity timestamps.
Additional samples allegedly contain user profile information such as display names, ratings, follower counts, business account details, and marketplace activity metrics.
The most concerning portion of the alleged dataset appears to involve authentication and device-related records. Sample data references password hashes, authentication providers, login metadata, IP addresses, device identifiers, operating system information, application versions, and account recovery fields.
BreachNews is not reproducing the sample data due to the presence of personal information and authentication-related records.
Questions remain about authenticity
While the dataset structure appears detailed and internally consistent, several factors make independent verification difficult.
The threat actor behind the listing has little established reputation, and another forum user publicly questioned the legitimacy of the sale, suggesting similarities to previous alleged scam listings. BreachNews has not been able to determine whether the data originates from a recent compromise, an older breach, multiple combined datasets, or fabricated records.
The listing itself contains conflicting figures regarding the total number of affected users, with references to both 20 million and 25 million records.
No public breach notification, regulatory disclosure, security advisory, or independent researcher validation relating to the alleged dataset could be located at the time of publication.
Potential impact if claims are accurate
If authentic, the alleged dataset could present significant privacy and security risks to affected users. Exposure of email addresses, phone numbers, account metadata, device information, and authentication records could facilitate phishing campaigns, account takeover attempts, credential stuffing attacks, and identity-based fraud.
The inclusion of historical account information and login metadata could also provide threat actors with valuable intelligence for targeted social engineering campaigns.
Users concerned about potential exposure should ensure they are using unique passwords, enable multi-factor authentication where available, and remain cautious of unsolicited messages referencing marketplace transactions or account activity.
BreachNews will continue monitoring for independent validation, company statements, or additional evidence regarding the alleged dataset.
