Wattpad Data Breach
Table of Contents
- Published: Jun 25, 2024
- Last Updated: Jul 09, 2024
Reportedly, in the top 160 most visited websites in the world, Wattpad prides itself as the world's most loved storytelling platform. Based in Toronto, Wattpad works closely with publishing companies to identify emerging trends and promote new material. In June 2020, Wattpad suffered a data breach, exposing nearly 270 million records. The exposed records were sold for about $100,000 and later published on a public hacking forum. The precise method used to breach Wattpad's systems was not publicly disclosed. However, such incidents usually involve exploiting security vulnerabilities within a company's systems or infrastructure.
Wattpad claimed it was made aware in July 2020 that some customer data may have been improperly accessed. The company said it took immediate action to remediate and contain the issue. Its investigation into the breach indicated that the following types of information were exposed: email address, date of birth, gender, IP address at sign up (if sign up was before 2017), account name and salted and cryptographically hashed passwords, third-party account IDs, and profile display name and information that were made public in the "status" and "about" fields of the profile. Since financial information was not stored on the affected system, no financial information was accessed in the breach, according to Wattpad. Story purchases on the platform, per a Wattpad statement, are processed via third-party vendors.
A notorious threat actor, ShinyHunters, claimed responsibility for the breach. However, they claim not to be responsible for the publicly released database. Although Wattpad stated it does not store passwords as plain text, several files circulated in dark web forums with about 8 million decrypted Wattpad user passwords.
When Was the Wattpad Breach?
Wattpad stated the company was only made aware of a data breach in July 2020. However, it is believed that the database was initially breached in June 2020, with personally identifiable information and user account credentials exposed.
How to Check If Your Data Was Breached
Although Wattpad stated the company posted a statement on its Help center and Corporate Site, sent emails directly to users, and posted alerts on social media, notifications were not targeted at affected individuals. Hence, if you have an account with Wattpad at the time of the breach, it is safe to assume that your data may have been compromised. To check whether your email address was exposed to known data breaches like the Wattpad data leak, you may use the website HaveIBeenPwned.com to verify your status.
What to Do If Your Data Was Breached
If you have not changed your password on Wattpad's website since July 2020, the company recommends that you do so immediately. Wattpad also suggests that you change your password on any accounts where you may have used the same password as the one used on its website.
Are There Any Lawsuits Because of the Data Breach?
No, there are no known lawsuits against Wattpad for the 2020 data breach.
Can My Wattpad Information Be Used for Identity Theft?
A cybersecurity intelligence firm, Cyble, said in a July 15, 2024, post that, when assessing forum posts, 271 million users' data, including login credentials, contact numbers, full names, and dates and births, leaked in the breach. Consequently, this leaked information can be used by nefarious actors to perpetrate identity theft.
What Can You Do to Protect Yourself Online?
Protecting yourself online involves a combination of best practices and tools designed to safeguard your personal information and privacy. Consider taking the following steps to protect yourself online:
- Do not share personal information, such as financial information, over the phone or by SMS or email
- Use strong and unique passwords and enforce multi-factor authentication, such as 2FA, where possible
- Monitor your financial transactions regularly. If you notice suspicious activity or a transaction, contact your financial institution immediately.
- Turn on the automatic software update feature on your antivirus, operating system, and other applications that access the Internet.
- Use a reputable anti-virus or other internet security software package on your internet-enabled devices.
- Use the AmIBreached.com online site to verify if your data has been leaked in a breach previously.
- Check your credit reports and consider investing in credit monitoring services.
- Be wary of phishing emails. Do not click on links from unknown or suspicious sources.
- Do not provide private personal or financial information to unknown requesters.
