Affected users are advised to change the passwords on their breached accounts and enable two-factor authentication. — 123rf.com ShopBack users can now check if their accounts have been compromised as a result of a previously disclosed data breach incident. To find out, users simply need to key in the email address they used to register for the cashback reward service on the Have I Been Pwned website. The popular online cybersecurity tool said it has added more than 20 million accounts belonging to ShopBack users that have been exposed in a data breach incident, which the company had previously announced in September 2020.