Back to Blog
medium severity June 15, 2026 · 2.3M affected

Moody Bible Institute Data Breach (2026)

In June 2026, Moody Bible Institute was targeted by a ShinyHunters "pay or leak" extortion campaign. Over 2.3M unique email addresses and other personal data were later published publicly, including names, physical addresses, phone numbers, dates of birth and other information relating to donors, supporters, students and alumni. In their disclosure notice, Moody advised that they had "engaged both internal and external cybersecurity experts to thoroughly investigate the matter".

⚠ Were you affected?
Free email scanner — we check your address against 15.4B+ leaked records in 15 seconds.
Run free scan →
Severity Medium
Disclosed June 15, 2026
Affected 2.3M
Data exposed Dates of birthEmail addressesGendersMarital statusesNamesPhone numbersPhysical addresses

On June 15, 2026, Moody Bible Institute disclosed that attackers had stolen and later published records on 2.3 million people, exposing names, physical addresses, phone numbers, dates of birth, email addresses, genders, and marital statuses belonging to donors, supporters, students, and alumni.

Confirmed Facts from Public Reporting

Public reporting indicates the incident stemmed from a ShinyHunters “pay or leak” extortion campaign. The group ultimately released the dataset after the organization did not meet their demands. Moody Bible Institute stated it engaged both internal and external cybersecurity experts to investigate. The exposed information includes sensitive personal details that many people consider private, such as home addresses and dates of birth. Available reporting describes the breach as affecting a wide cross-section of individuals connected to the institute over the years.

Why This Matters for You and Your Family

When 2.3 million records containing your address, phone number, date of birth, and email appear on the open internet, the risk is no longer abstract. Criminals can combine this information with data from other breaches to impersonate you, open accounts in your name, or target your family members. Children’s records are sometimes included in such datasets through family donor or alumni connections. Once published, the information is difficult to remove completely and can circulate for years. For ordinary people, this means increased chances of identity theft, spam, phishing calls, and potential physical safety concerns when home addresses are exposed.

The Doxxing and Identity-Chain Implications

Leaked personal records like these rarely stay isolated. Attackers frequently link an email address or phone number to usernames on social media, gaming platforms, and other services. This creates an identity chain that can lead to doxxing, where someone’s full real-world identity is mapped to their online handles. Credential leaks of this nature often cascade into account takeovers on gaming platforms. Both your own accounts and your children’s gaming accounts become vulnerable when the same password or recovery email has been reused. Public reporting indicates that data of this type is quickly repackaged and sold on underground forums, extending the exposure far beyond the original incident.

ShinyHunters Track Record

Public reporting attributes ShinyHunters as a group that emerged several years ago and has targeted numerous organizations with similar “pay or leak” tactics. Notable prior victims have included large online services and educational institutions. Their typical playbook involves gaining initial access to databases, exfiltrating personal records, and then demanding payment to prevent public release. When payment is not made, the group publishes the data on leak sites or forums, as occurred with the Moody Bible Institute records. This pattern has repeated across multiple incidents according to available cybersecurity reporting.

What to do

  • Run a DoxxScan to map every link between your handles, emails, phone numbers, and real identity, with no-subscription cleanup handled by the service.
  • Rotate the password used at Moody Bible Institute anywhere it is reused, and switch to 2FA through an authenticator app rather than SMS.
  • Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next exposure is caught in hours, not months.
  • Cover the household with DoxxScan family coverage that extends to dependents and children’s gaming accounts that chain back to the same address or recovery details.
  • Let remediation specialists perform hands-on takedown requests across data brokers and leak sites on your behalf.

The Moody Bible Institute breach shows how quickly personal information can move from a single organization to public exposure. Taking concrete steps now limits how far attackers can build on this data. DoxxScan by GalaxyWarden provides continuous monitoring across 15.4 billion breach records and more than 100 platforms, AI-powered identity-chain mapping, hands-on remediation by specialists, and family coverage that includes children’s gaming accounts. Starting protective measures promptly helps safeguard you and your family against the cascading risks that follow incidents like this one.

Share this Post on X Reddit Email
Why this isn’t just another breach checker

A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.

Free checker Tells you the breach happened. End of story. You’re still on 800+ broker sites.
$129+/yr Broker-removal services scrub the address but don’t see the breach — next leak re-exposes you.
GalaxyWarden Maps the chain. Cleans both halves. $19 one-shot. Closed loop.

⚠ Were you in this breach?

Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.

Check my email — free →
Close the chain attack

Both halves of the chain, cleaned once.

A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.

Clean both halves — $19 →
Free breach scan + 800+ broker letters + 30-day proof · one payment, no subscription
W Warden Plus — ongoing monitoring $9.99/mo
Warden Plus ($9.99/mo or $99/yr): weekly re-scans, breach alerts, AI Concierge, auto re-files on relisted brokers.