// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRC-hibpDTG 0600Z
ColdRecon / Breach Radar / Operation Endgame 2.0
Breach Record

Operation Endgame 2.0

DISCLOSED 2025-05-23 · MALWARE · 15,436,844 RECORDS EXPOSED

In May 2025, a coalition of law enforcement agencies took down the criminal infrastructure behind the malware used to launch ransomware attacks in a new phase of "Operation Endgame". This followed the first Operation Endgame exercise a year earlier, with the latest action resulting in 15.3M victim email addresses being provided to HIBP by law enforcement. A further 43.8M...

The record

What we know

Disclosed
2025-05-23
Attack vector
Malware
Records exposed
15,436,844
Data classes exposed
Email addressesPasswords
ENDPOINT INVOLVED
Sources

Cited reporting

Similar vector · recent

Other malware breaches on file

This page is the permanent ColdRecon entry for the Operation Endgame 2.0 disclosure. It updates if new public reporting emerges. All tracked breaches →

Operation Endgame 2.0 just lived through this. Your next prospect doesn't have to.

ColdRecon turns every disclosed breach into a daily intelligence brief from the seller's seat — normalized to the factors that move a deal, written in the Handler's voice. Request clearance and the first lands tomorrow at 0600.

Request Clearance →