Katherine Webster  |  July 29, 2020

Category: Data Breach

Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.

Wattpad app on screen

Toronto startup Wattpad has revealed more details about a recent data breach that compromised the information of as many as 270 million users.

Wattpad, which hosts user-generated writing, confirmed July 14 that the data breach had occurred, but that no financial information, phone numbers or messages were stolen, according to Insurance Business Canada.

More recently, though, Wattpad informed users that their email address, birth date, gender and encrypted passwords may have been stolen, CBC reported.

According to Wattpad, the following information may have been compromised:

  • Email addresses
  • Birth dates and gender (if provided)
  • IP address upon sign up (if the user signed up before 2017)
  • Profile name displayed
  • Account name
  • “Salted and cryptographically hashed passwords”
  • Responses to surveys distributed in or prior to 2015
  • List of user’s purchased stories and chapter titles
  • Third-party account IDs, such as Google or Facebook

The company said third-party account passwords “are not stored on our systems and are unaffected.” 

Wattpad says financial information is not processed through the servers that were potentially affected, and that active users’ passwords are cryptographically hashed, according to CBC.

“We have taken immediate action to contain and fix the issue, and we are continuing to investigate with assistance from external security experts,” Wattpad said in a statement.

IT World Canada warned that the stolen information could potentially be used in attempts at phishing or impersonation.

Cybersecurity firm Cyble said July 15 it had received information that about 270 million user records were initially being sold for 10 bitcoins — or $100,000 — but that the data was later offered for free, according to BetaKit.

Cyble believes the breach occurred in June and claims to have verified a sample of user accounts that had been leaked. 

Data breach graphic of man in hood, digital info background - Wattpad

According to BetaKit, a post on RaidForums claimed the Wattpad data breach contained more than 270 million users’ information. The post allegedly indicated the data includes information such as Facebook identifications and Tumblr passwords.

Kiel Hume, Wattpad Director of PR & Communications, told BleepingComputer the company is working with external security consultants as the breach is investigated.

“We continue to investigate the information you’ve shared and its potential origins,” Hume told BleepingComputer. “At this time we’ve enlisted external security consultants to aid our investigation. We take the security of our users and their data extremely seriously, and our teams will be working around the clock to uncover any new information.”

Wattpad users speaking with BetaKit said as of July 20 they had not received any communication on the breach from Wattpad, including guidance on whether they needed to change their password. The users said they had been notified through services such as Firefox that their passwords had potentially been compromised.

However, since that time, Wattpad has updated its website to include information on the data breach, including steps that users should take to safeguard their information, Insurance Business Canada reported.

Wattpad’s update encourages users to update their passwords not only on the Wattpad platform, but on any third-party accounts on which they use the same password.

The site goes on to recommend taking steps such as regularly changing passwords, not using the same one more than once and using a password manager, saying these measures make it “less likely that a bad actor could gain access to accounts across services that use the same password.”

Wattpad reiterates on the site that it uses encryption to store user passwords and is enhancing its password standards. The site also notes that the only time Wattpad asks for a password is when a user is signing into their account.

Wattpad users who have changed their password since July 21 do not need to do so again, Wattpad says. 

An anonymous source told BleepingComputer the Wattpad user information was being sold by a group called ShinyHunters.

When BleepingComputer reached out to ShinyHunters about the Wattpad breach, the group was at first concerned about how the site knew about the sale of the information, then later denied involvement.

ShinyHunters is the same group that claimed earlier this year to have stolen millions of records from at least 13 companies.

One of those companies, dating app Zoosk, faces a class action lawsuit related to the data breach.

Wattpad called the safety and security of its community and users’ data the company’s “highest priority.” 

“We are continuing to investigate this issue, and are assessing additional measures to enhance our security protocols and procedures,” Wattpad said.

Are you a Wattpad user? Do you worry that your information was compromised? Let us know in the comments.

We tell you about cash you can claim EVERY WEEK! Sign up for our free newsletter.


19 thoughts onWattpad Data Breach Potentially Exposes 270 Million Users’ Information

  1. Cheryl Collins says:

    I found out a few months ago my data in Wattpadd was breached. I’ve learned on the past 2 days my information was found in over 42 data breaches.

  2. Tammy says:

    I just found out on April 7, 2023 that my data was breached when my husband signed in to Life 360. This explains so many issues that I have been having with my email and hundreds of spam calls that my husband and I have received. My email is 18 years old and it has lots of important info saved in the files. I need more information on what is being done.

  3. Latheshia Lashawn Guillory says:

    My data was breached

  4. EJ says:

    I just found out this afternoon through CreditKarma that my information was breached on Wattpad. This explains two instances that accured this past year.

  5. Sosha says:

    My account was compromised and recorded through credit karma.

  6. Staci Vollendorff says:

    Yes I was included in the Waty pad data breach

  7. William McCafferty says:

    I was a victim of the Wattpad breach

  8. Carol Obermeyer says:

    Add me to this unfortunate situation of wattpad and exposing MY personal info to dark web, per CreditKarma!

  9. Shantel Holmes says:

    My information was leaked June 2020 per Credit Karma.

Leave a Reply

Your email address will not be published. By submitting your comment and contact information, you agree to receive marketing emails from Top Class Actions regarding this and/or similar lawsuits or settlements, and/or to be contacted by an attorney or law firm to discuss the details of your potential case at no charge to you if you qualify. Required fields are marked *

Please note: Top Class Actions is not a settlement administrator or law firm. Top Class Actions is a legal news source that reports on class action lawsuits, class action settlements, drug injury lawsuits and product liability lawsuits. Top Class Actions does not process claims and we cannot advise you on the status of any class action settlement claim. You must contact the settlement administrator or your attorney for any updates regarding your claim status, claim form or questions about when payments are expected to be mailed out.