What happened
According to public breach records, the Wattpad data breach on June 29, 2020 is reported to have exposed the personal information of 268,765,495 accounts.
In June 2020, the user-generated stories website Wattpad suffered a huge data breach that exposed almost 270 million records. The data was initially sold then published on a public hacking forum where it was broadly shared. The incident exposed extensive personal information including names and usernames, email and IP addresses, genders, birth dates and passwords stored as bcrypt hashes.
Passwords in this breach were reportedly stored as bcrypt hashes.
In June 2020, the storytelling platform Wattpad suffered a breach of its user database; the stolen data first surfaced when it was offered for private sale (reported by BleepingComputer beginning July 7, 2020) and was later published broadly on a public hacking forum, ultimately exposing roughly 268.8 million unique records. The trove was initially put up for sale by the threat group "ShinyHunters" for around $100,000 in bitcoin before being leaked freely. Wattpad disclosed that exposed data included usernames, names, email and IP addresses, birth dates, genders, geographic locations, and hashed passwords (a mix of bcrypt and SHA-256), and the company reset all user passwords on July 20, 2020 as a precaution. ["Change your Wattpad password immediately, and change it anywhere you reused the same password — credentials were exposed and, though hashed, weaker SHA-256 hashes can be cracked.", "Enable two-factor authentication on your Wattpad account and any other accounts that shared the password.", "Be alert for targeted phishing emails, since your email address, name, birth date, and location were exposed and can be used to craft convincing scam messages.", "Review and lock down the social media profiles and personal website URLs linked in your Wattpad bio, as these were part of the exposed data."]
What data was exposed
The following types of personal data were compromised:
- Bios
- Dates of birth
- Email addresses
- Genders
- Geographic locations
- IP addresses
- Names
- Passwords
- Social media profiles
- User website URLs
- Usernames
Breach details
| Detail | Value |
|---|---|
| Breach name | Wattpad |
| Date | June 29, 2020 |
| Accounts affected | 268,765,495 |
| Domain | wattpad.com |
This summary is compiled from public breach-notification data and known leak databases. Figures reflect what those sources report and may be revised as more is learned. If something here looks wrong or you think your information is involved, contact our support team.
We report breaches as a factual record to help people check their exposure. Inclusion here is not an allegation of wrongdoing or negligence by Wattpad; it reflects a publicly reported security incident.
What to do now
Based on the data exposed in this breach, here are the steps you should take:
- Change your Wattpad password immediately, and change it anywhere you reused the same credentials — passwords were exposed and weaker SHA-256 hashes can be cracked.
- Enable two-factor authentication on your Wattpad account and any other account that shared that password.
- Watch for targeted phishing, since your email, name, birth date, and location were exposed and can be used to craft convincing scam messages.
- Review the social media profiles and personal website URLs linked in your Wattpad bio, since those were part of the exposed data.
Check your exposure
Data breaches are one of the ways your personal information ends up on data broker sites. Run a free scan to see which sites are exposing your personal data — and take action to remove it.
Sources
- Wattpad data breach exposes account info for millions of users — BleepingComputer
- Have I Been Pwned: Wattpad Data Breach
Find out what data brokers know about you
Run a free scan to see which sites are exposing your personal information — name, phone, address, email, and more.
Start your free scan →