Quitbro Data Breach

16/02/2026 · 22,874 records · low risk

0 /100

Gravity Score

Moderate

Calculated based on the types of data exposed (3 categories) and the volume of affected records (22,874).

Apps designed around personal habits and recovery can reveal sensitive parts of someone’s life, even without medical records. When that kind of service leaks user data, the harm often comes from stigma, harassment, or pressure tactics rather than financial fraud.

Quitbro was reportedly connected to a breach where user information became exposed without authorisation. It was also reported that the app maker, Plantake, did not respond to repeated outreach about the incident.

The exposed data included email addresses, usernames, and year of birth, which is a partial date of birth. Reports also referenced in app questionnaire responses and the last recorded relapse time, details that can be highly personal when linked to an identifiable account.

Around 23 thousand unique email addresses were affected. Even at that scale, the context of the app can amplify the real world impact by enabling targeted shaming, coercion, or highly tailored scam messages.

Exposed data

Email addresses Partial dates of birth Usernames

What to do based on this breach

Change your Quitbro username if possible to reduce the direct link to the exposed email address

Tighten privacy on your email and social accounts and remove public clues that connect your username to your real identity

Watch for emails that mention relapse, recovery, or “urgent help” and avoid clicking links or sharing personal details

Ask the service to delete sensitive in app responses and related records under GDPR principles, including partial birth data and activity history

What can we learn from this breach?

The key takeaway is that in app answers and activity logs can be as sensitive as health data when linked to an email and birth year. Services should minimise retention of delicate records and enforce strict access controls and auditing. Clear incident response and user support are also fundamental expectations under GDPR oriented security practices.

Was your data exposed?

Check now if your email appears in this breach. It's free, takes 30 seconds and requires no signup.

Check my email

Related breaches

SoundCloud

14/12/2025 29,815,722 records low risk

2 data types in common

Instagram

06/01/2026 6,215,150 records moderate risk

2 data types in common

← All breaches