Data Breach Extortion Scams via SMS
How text messages deliver sextortion, password extortion, or data exposure threats to mobile numbers, exploiting the personal nature of SMS to extract payments.
Part of: Data Breach Extortion Scams
Last reviewed: 9 June 2026
Data breach extortion scams that arrive via SMS are particularly alarming because text messages feel more intimate than email. A message on your personal mobile number claiming to have your passwords, browsing history, or personal photos commands attention differently from the same claim in an email. Scammers exploit this difference to generate fear responses that prompt faster compliance before recipients apply critical scrutiny.
SMS extortion campaigns typically use mass-harvested mobile numbers from data breaches or purchased lists. The claims are generalised — 'we have your data' — but recipients often assume the threat is specifically targeted at them because the medium feels personal. The brevity of SMS also limits the amount of counter-evidence a recipient can process before responding.
How this scam works on SMS
The text message arrives claiming the sender has intimate photos, browsing history, or password credentials obtained from a device compromise. Payment in cryptocurrency is demanded within a short window. Some messages include a partial password from a data breach to appear credible — even though this password may be years old and from a completely unrelated breach.
A second variant sends a text claiming the recipient's phone has been cloned or their SIM has been compromised and that account credentials will be published unless payment is received. The threat references mobile number-specific data such as call history or contact lists, adding apparent credibility. In both cases, no data was actually obtained — the claim is fabricated and sent to thousands of mobile numbers simultaneously.
Common red flags
- Unsolicited text demanding cryptocurrency payment with a threat of data exposure
- Message includes a partial password that you recognise but have since changed
- Urgent payment window creating pressure to act before the threat is carried out
- Return number or short code cannot be called back or belongs to an overseas dialling code
- Threat language is generic rather than containing specific recent details about your life
- Payment address is a cryptocurrency wallet — untraceable and non-reversible
How to protect yourself
- Do not pay — payment encourages further demands and there is no guarantee of follow-through even in genuine cases
- Do not respond to the text — any response confirms your number is active
- Change the exposed password if you recognise it, and enable two-factor authentication on that account
- Check your credentials on HaveIBeenPwned.com to understand what was leaked and when
- Report the text to your carrier by forwarding to 7726
How to report it
- Forward the SMS to 7726 (SPAM) to report to your carrier
- Report to Action Fraud (UK) or the FTC (US) with a screenshot of the message
- Report to the Internet Crime Complaint Center (IC3) in the US
Frequently asked questions
Should I be worried if the text message includes a real password?
The password is almost certainly from a historical data breach, not from an active device compromise. Change it immediately on any accounts where you still use it, but do not pay the extortion demand.
How do extortionists get my mobile number?
Mobile numbers are widely available in data breach databases, sold by data brokers, or harvested from social media profiles. Receiving this text does not mean your phone or accounts are currently compromised.