What happened
According to public breach records, the Evite data breach on August 11, 2013 is reported to have exposed the personal information of 100,985,047 accounts.
In April 2019, the social planning website for managing online invitations Evite identified a data breach of their systems. Upon investigation, they found unauthorised access to a database archive dating back to 2013. The exposed data included a total of 101 million unique email addresses, most belonging to recipients of invitations. Members of the service also had names, phone numbers, physical addresses, dates of birth, genders and passwords stored in plain text exposed.
Passwords in this breach were reportedly stored in plaintext.
Evite, an online social-invitation service, disclosed in 2019 that an unauthorized party had accessed an inactive data-storage archive dating back to 2013 and earlier; the company said unauthorized access began around February 22, 2019 and was identified that April. A dataset of 100,985,047 unique users surfaced after a seller using the alias "gnosticplayers" listed an initial batch on a dark-web marketplace, with the full set later provided to Have I Been Pwned. The notable detail was that the exposed account passwords were stored in plaintext rather than hashed, and the breached archive sat undiscovered for roughly six years. ["Change your Evite password immediately, and change it anywhere else you reused the same password, since the exposed passwords were stored in plaintext.", "Enable two-factor authentication on your email and any accounts that shared the breached password.", "Treat unsolicited emails, texts, or calls referencing your name, birth date, or address as potential phishing — the exposed contact details make targeted scams easier.", "Be cautious of messages impersonating Evite or party/event services and never enter credentials via links in such messages."]
What data was exposed
The following types of personal data were compromised:
- Dates of birth
- Email addresses
- Genders
- Names
- Passwords
- Phone numbers
- Physical addresses
Breach details
| Detail | Value |
|---|---|
| Breach name | Evite |
| Date | August 11, 2013 |
| Accounts affected | 100,985,047 |
| Domain | evite.com |
This summary is compiled from public breach-notification data and known leak databases. Figures reflect what those sources report and may be revised as more is learned. If something here looks wrong or you think your information is involved, contact our support team.
We report breaches as a factual record to help people check their exposure. Inclusion here is not an allegation of wrongdoing or negligence by Evite; it reflects a publicly reported security incident.
What to do now
Based on the data exposed in this breach, here are the steps you should take:
- Change your Evite password immediately, and change it anywhere you reused the same password, since the exposed passwords were stored in plaintext.
- Enable two-factor authentication on your email and any accounts that shared the breached password.
- Treat unsolicited emails, texts, or calls referencing your name, birth date, or address as potential phishing, since the exposed contact details make targeted scams easier.
- Be wary of messages impersonating Evite or event/party services and never enter credentials via links in such messages.
Check your exposure
Data breaches are one of the ways your personal information ends up on data broker sites. Run a free scan to see which sites are exposing your personal data — and take action to remove it.
Sources
- Evite Invites Over 100 Million People to Their Data Breach (BleepingComputer)
- Have I Been Pwned: Evite Data Breach
Find out what data brokers know about you
Run a free scan to see which sites are exposing your personal information — name, phone, address, email, and more.
Start your free scan →