HaveIBeenPwned has added a large data breach – involving popular writing website Wattpad – to its database of data breaches.
In June 2020, Wattpad – a website that allows users to publish their own literary content and critique the work of others – suffered a large data breach which exposed almost 270 million user records.
This data was reportedly sold to a private purchaser for $100,000, and has since reportedly been published to a public hacking forum – where it was shared broadly.
The data exposed in this breach includes names, usernames, email addresses, IP addresses, passwords, genders, and birth dates, HaveIBeenPwned said.
According to the post on the hacker website, included in the database are 145 million passwords hashed with bcrypt, and another 44 million hashed with SHA256.
“We are aware of reports that some user data has been accessed without authorization. We are urgently working to investigate, contain, and remediate the issue with the assistance of external security consultants,” said Wattpad director of PR and communications Kiel Hume.
“From our investigation, to date, we can confirm that no financial information, stories, private messages, or phone numbers were accessed during this incident. Wattpad does not process financial information through our impacted servers, and active Wattpad users’ passwords are salted and cryptographically hashed.”
Hume said Wattpad is committed to maintaining the trust of its users “to ensure the safety and security of the Wattpad community”.
How to check if you are affected
HaveIBeenPwned allows you to check if your data was affected by data breaches including the recent breach of Wattpad.
To do this, users need to navigate to HaveIBeenPwned’s homepage and enter their email address into the search bar.
To users who have had accounts using their email address exposed, HaveIBeenPwned offers three steps to better security:
- Protect yourself using 1Password to generate and save strong passwords for each website.
- Enable two-factor authentication and store the codes inside your 1Password account.
- Subscribe to notifications for any other breaches. Then just change that unique password.