Back to Blog
high severity July 06, 2026 · scope unconfirmed

Mercado Libre Listed by thegentlemen Ransomware Group

***.com.ar zoominfo.com/c/mercadolibre-srl/425378760 Argentine platform of MercadoLibre, the undisputed leader in Latin American e-commerce and fintech, founded in 1999 by Marcos Galperin. It operates a massive online marketplace integrated with a powerful ecosystem of services, including Mercado Pago for digital payments and Mercado Envíos for logistics. As a cornerstone of Argentina's digital economy, it connects millions of buyers and sellers, driving both retail innovation and financial inclusion across the nation

⚠ Were you affected?
Free email scanner — we check your address against 15.4B+ leaked records in 15 seconds.
Run free scan →
Severity High
Disclosed July 06, 2026
Affected Unconfirmed
Data exposed Internal files exfiltrated in ransomware attack

On July 6, 2026, the ransomware group known as thegentlemen added Mercado Libre to its leak site, confirming that internal files had been exfiltrated from the Latin American e-commerce and fintech giant.

Confirmed Facts from Public Reporting

Public reporting indicates that Mercado Libre, founded in 1999 and headquartered in Argentina, suffered a ransomware incident in which attackers extracted internal company files. The platform, which operates the dominant online marketplace across Latin America along with Mercado Pago payments and Mercado Envíos logistics, has not yet disclosed the exact number of records involved or the specific data types contained in the stolen files. Available reporting describes the listing on the group’s leak site but provides no confirmed victim count or detailed inventory of exposed information such as customer names, emails, payment details, or employee records. The incident remains under active extortion pressure typical of ransomware operations.

Why This Matters for You and Your Family

If you or anyone in your household has ever bought or sold on Mercado Libre, used Mercado Pago, or created an account tied to your email, phone number, or home address, your information could be inside the stolen files. Credential leaks from large marketplaces frequently cascade into other services where the same password or personal details are reused. For families this means children’s accounts, shared email addresses, or linked gaming profiles can quickly become targets once one piece of data surfaces. The breach affects ordinary users across Latin America who rely on the platform for daily purchases, bill payments, and small-business activity.

The Doxxing and Identity-Chain Implications

Stolen internal files often contain more than simple passwords. They can include customer databases, support tickets, shipping addresses, and employee contact lists that attackers combine with information from other breaches. This creates identity chains — linked handles, emails, phones, and real-world identities — that enable doxxing, targeted phishing, account takeovers, and eventual extortion. Public reporting on similar incidents shows that once initial data appears on a ransomware leak site, it spreads rapidly across underground forums, increasing the chance that someone will use it against you or your family members.

Thegentlemen’s Publicly Known Track Record

Public reporting attributes thegentlemen with emerging in late 2024 as a ransomware operation that specializes in targeting mid-to-large organizations and then listing stolen data when victims refuse payment. Notable prior victims listed on their leak site have included companies in technology, logistics, and retail sectors. Their typical playbook involves initial access through compromised credentials or phishing, followed by exfiltration of internal documents, and finally public extortion with countdown deadlines on their leak portal. The group’s name appears consistently in ransomware trackers, allowing ongoing monitoring of their activity.

What to do

  • Run a DoxxScan to map every link between your handles, emails, phone numbers, and real identity, then complete the no-subscription cleanup of exposed data.
  • Rotate the password you used on Mercado Libre anywhere it is reused and immediately enable 2FA through an authenticator app rather than SMS.
  • Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next leak exposing you or your family is caught in hours, not months.
  • Cover the household with DoxxScan family coverage that extends to dependents and children’s gaming accounts, which often chain back to the same addresses and emails used on marketplaces like Mercado Libre.
  • Let remediation specialists handle takedown requests across data brokers and exposed profiles that surface after this incident.

The incident underscores that even large, well-known platforms can become gateways to personal exposure when internal files leave the company’s control. One short forward-looking step can limit the damage: treat every credential leak as the start of a potential chain rather than an isolated event. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4 billion breach records and more than 100 platforms, AI-powered identity-chain mapping, hands-on remediation by specialists, and full household coverage that includes children’s gaming accounts — capabilities that directly address the cascading risks shown in breaches like this one.

Share this Post on X Reddit Email
Why this isn’t just another breach checker

A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.

Free checker Tells you the breach happened. End of story. You’re still on 800+ broker sites.
$129+/yr Broker-removal services scrub the address but don’t see the breach — next leak re-exposes you.
GalaxyWarden Maps the chain. Cleans both halves. $19 one-shot. Closed loop.

⚠ Were you in this breach?

Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.

Check my email — free →
Close the chain attack

Both halves of the chain, cleaned once.

A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.

Clean both halves — $19 →
Free breach scan + 800+ broker letters + 30-day proof · one payment, no subscription
W Warden Plus — ongoing monitoring $9.99/mo
Warden Plus ($9.99/mo or $99/yr): weekly re-scans, breach alerts, AI Concierge, auto re-files on relisted brokers.