Estonian Citizens (via Estonian Cybercrime Bureau)

Data exposed in this breach

What happened in the Estonian Citizens (via Estonian Cybercrime Bureau) data breach?

In June 2018, the Cybercrime Bureau of the Estonian Central Criminal Police contacted HIBP and asked for assistance in making a data set of 655k email addresses searchable. The Estonian police suspected the email addresses and passwords they obtained were being used to access mailboxes, cryptocurrency exchanges, cloud service accounts and other similar online assets. They've requested that individuals who find themselves in the data set and also identify that cryptocurrency has been stolen contact them at [email protected].

The exposed data included 2 types of personal information. Because passwords were exposed, users who reused their password on other sites are at particular risk. Learn more about what a data breach means for you.

Why was the Estonian Citizens (via Estonian Cybercrime Bureau) breach so dangerous?

The Estonian Citizens (via Estonian Cybercrime Bureau) breach exposed 655,161 records — that is a large number of compromised accounts. The combination of email addresses, passwords makes this a high-risk breach that requires immediate action.

Because passwords were exposed, attackers can use credential stuffing to automatically test your Estonian Citizens (via Estonian Cybercrime Bureau) password against hundreds of other websites. If you reused your password anywhere, those accounts are now at risk. Read more about what happens to your data after a breach.

Don't wait to find out — check if your email was exposed in this breach now.

What data was stolen in the Estonian Citizens (via Estonian Cybercrime Bureau) breach?

Is the Estonian Citizens (via Estonian Cybercrime Bureau) breach still dangerous in 2026?

Yes. Stolen data from the Estonian Citizens (via Estonian Cybercrime Bureau) breach remains dangerous years after the incident. Research shows that over 65% of stolen credentials from older breaches have never been changed by the account holders. Attackers routinely compile data from multiple breaches to build complete profiles, and credentials from 2018 are still actively used in credential stuffing attacks today.

Personal information like email addresses, phone numbers, and dates of birth never expire. Even if you changed your Estonian Citizens (via Estonian Cybercrime Bureau) password, the other exposed data can be combined with information from other breaches to target you. Learn more about how long stolen data stays dangerous.

Frequently asked about the Estonian Citizens (via Estonian Cybercrime Bureau) breach

Who was affected by the Estonian Citizens (via Estonian Cybercrime Bureau) breach?

The Estonian Citizens (via Estonian Cybercrime Bureau) data breach affected approximately 655,161 users who had accounts with the service. While not the largest breach on record, it still represents a significant number of compromised accounts in our database of 970+ known breaches.

If you ever created an account with Estonian Citizens (via Estonian Cybercrime Bureau) or used their services, your data may have been included in this breach. Check your email now to find out. You can also read our guide on what to do immediately after a data breach.