Questrade Data Breach Alleged: 186K Records for Sale

Friday, May 01, 2026

Questrade Data Breach Alleged: 186,000 User Records Reportedly Listed for Sale

May 1, 2026

A potential cybersecurity incident involving Canadian online brokerage Questrade is gaining attention after a threat intelligence post claimed that a large dataset of user information is being offered for sale on the dark web.

https://tradersunion.com/uploads/images/tu-news/6510/preview-with-watermark.jpg 

The claim comes from Dark Web Informer, a widely followed source that tracks cybercrime activity and underground marketplaces. According to the post, a threat actor is allegedly selling a dataset containing approximately 186,000 Questrade user records.

What Is Allegedly Included

The dataset has not been independently verified. However, early descriptions suggest it may include:

  • Full names
  • Email addresses
  • Phone numbers
  • Home addresses

At this time, there is no confirmed evidence that highly sensitive financial data — such as passwords, account balances, or Social Insurance Numbers — is part of the leak. Even so, basic personal data can still be exploited for fraud and targeted attacks.

Unconfirmed Status

As of publication, the situation remains unverified. Questrade has not publicly confirmed a breach, and no official statement or regulatory disclosure has been issued.

Posts originating from dark web monitoring accounts often reflect claims made by threat actors before they are independently validated. As a result, several scenarios remain possible:

  • The data is legitimate and originates from a real breach
  • The dataset is outdated or compiled from multiple sources
  • The claim is exaggerated or misleading

Why This Still Matters

Even limited personal information can create real risk. Datasets like this are commonly used for:

  • Phishing attacks targeting known users
  • SIM swapping attempts using exposed phone numbers
  • Credential stuffing across other platforms
  • Identity fraud when combined with other breaches

Cybercriminal marketplaces frequently trade this type of data, making early exposure particularly valuable.

What Questrade Users Should Do

Until more information is available, users should take precautionary steps:

  • Enable two-factor authentication (2FA)
  • Change your password, especially if reused elsewhere
  • Use a unique password for your account
  • Be cautious of emails or messages claiming to be from Questrade
  • Avoid clicking suspicious links or attachments

Final Takeaway

The reported dataset of 186,000 Questrade user records remains unconfirmed, but the situation highlights how quickly potential breaches surface through underground channels.

Even without official confirmation, users should treat the risk seriously and take basic security precautions. We will update this article if Questrade issues a statement or if the dataset is independently verified.

For more cybersecurity news and data breach coverage, explore our latest articles.