data-breachINFO

Mercado Libre Data Breach 2026: 300,000 Users Affected - What To Do

Mercado Libre confirmed a data breach after the ransomware group The Gentlemen accessed source code and the data of about 300,000 users. What was exposed, what the company says was not taken, and a step-by-step checklist to protect yourself.

By Eric Gerard · Editor · PwdFortress3 min readPhoto via Pexels

Mercado Libre, the largest e-commerce and fintech company in Latin America, has confirmed a data breach. According to reports from BleepingComputer, Infosecurity Magazine and SOCRadar, attackers accessed some source code and user data, and the incident is tied to a ransomware group called The Gentlemen. If you have an account, here is what it means and exactly what to do. For the general playbook, see our what to do after a data breach guide.

What happened

According to the reports, the ransomware group The Gentlemen listed Mercado Libre on its leak site around 6 July 2026. The company confirmed that attackers accessed some of its source code and user data.

Mercado Libre said the exposure touched about 300,000 users, out of nearly 140 million active users. That is a small slice of the base, but 300,000 is still a lot of people. The group behind it has been active since around September 2025 and, according to the coverage, has claimed hundreds of victims across retail, e-commerce and technology.

A dark screen shows green code and the message Data Transfer Complete, Connection Closed, above a keyboard
A dark screen shows green code and the message Data Transfer Complete, Connection Closed, above a keyboard

What was and was not exposed

Here is the reassuring part. According to Mercado Libre's initial analysis reported in the coverage, the company found no evidence that the following were obtained:

  • Passwords.
  • Account balances, investments or financial information.
  • Credit card details.

The company also said it found no evidence that its infrastructure systems were compromised. Treat this as the company's early finding, not a final forensic audit. Details in large breaches often shift as the investigation continues, so it is wise to act on the safe side now.

Why act even if passwords were not taken

Even when passwords stay safe, a breach like this feeds targeted phishing. Criminals who know you use Mercado Libre, and hold other leaked details, can craft messages that look real: a fake shipping problem, a fake refund, a fake security alert. The goal is to get you to click, log in on a fake page, or hand over a code. That is why the steps below focus on locking accounts and staying alert.

What to do if you have a Mercado Libre account

Work through this short checklist:

  • Change your password now, especially if you reused it anywhere else. A password manager creates a unique password per site, so one leak cannot spread to your other accounts.
  • Turn on two-factor authentication on your Mercado Libre account and your email. This blocks most account takeovers even if a password leaks later.
  • Expect phishing. Be wary of any email, text or call about Mercado Libre, an order, or your account that asks you to click, pay or confirm details. Open the official app or type the address yourself instead.
  • Watch your account and cards. Check recent orders and, if your card was ever saved there, watch your statements for anything odd.

The honest caveats

Two points keep this accurate. First, the figures and the attribution to The Gentlemen come from security reporting and Mercado Libre's own statements, not an independent audit. Second, the claim that passwords and payment data were not taken is the company's initial analysis, which can change as the investigation runs.

The honest takeaway: this breach looks limited so far, but the steps that protect you are the ordinary ones. A unique password in a manager plus two-factor authentication defends you here and against the next breach. If you only do one thing, do that.

Frequently asked questions

What happened in the Mercado Libre data breach?

According to reports from BleepingComputer, Infosecurity Magazine and SOCRadar, the Latin American e-commerce and fintech giant Mercado Libre confirmed a data breach. Attackers accessed some source code and user data. The intrusion is attributed to a ransomware group known as The Gentlemen, which listed the company around 6 July 2026.

How many people are affected by the Mercado Libre breach?

According to the reports, Mercado Libre said data belonging to about 300,000 users was affected, out of nearly 140 million active users. That is a small share of the user base, but 300,000 people is still a large number, so it is worth acting if you have an account.

Were passwords or payment details stolen in the breach?

According to Mercado Libre's initial analysis reported in the coverage, no. The company said it found no evidence that passwords, account balances, investments, financial information or credit card details were obtained, and no evidence that its infrastructure systems were compromised. Treat that as the company's early finding, not a final audit.

What should I do if I use Mercado Libre?

Change your password as a precaution, especially if you reused it elsewhere, and turn on two-factor authentication. Watch for phishing that references Mercado Libre or your orders, and verify any message through the official app or site. A password manager makes unique passwords and 2FA far easier to keep.