Wattpad reveals more details about data breach incident

It confirms that malicious actors have stolen "limited customer data"

Wattpad reveals more details about data breach incident


By Lyle Adriano

Wattpad – a website developed in Toronto to host user-generated books and other written material – has unveiled more details about the data breach incident it recently suffered.

The company initially outlined, on July 14, that it had been the target of a data breach, and that no financial information, private messages, or phone numbers were stolen.

But Wattpad has now revealed an update on the incident on a support webpage, detailing the exact type of data that the malicious actors behind the breach could have obtained. The data potentially stolen included users’ email addresses, birthdates, gender information, IP addresses, Wattpad profile display names, account names, responses to website surveys distributed in 2015 or earlier, lists of paid stories and chapter titles purchased by a user, and any third-party IDs, such as Google or Facebook.

IT World Canada warned that the types of data exposed by the breach could be used for phishing and impersonation.

Wattpad added in a statement that the passwords associated with third-party accounts are not stored on its systems, and thus those third-party accounts are unaffected. The company also noted that account passwords were also exposed by the breach, but the data was “salted and cryptographically hashed.”

“We want to stress that Wattpad does not store plain text passwords; all Wattpad passwords are encrypted,” the company. It also confirmed that since the encrypted passwords were potentially accessed by malicious actors, it had reset users’ current passwords as a precaution.

Wattpad gave assurances that no financial information was stolen from the affected systems, since it does not store such information. The company also explained that purchases made on its website are processed through third-party vendors, which remain unaffected by the data breach.

Although Wattpad believes the breach is “unlikely” to affect its users, the company announced that it would enhance its password requirements for all accounts. Wattpad has also urged all users to change their passwords “out of an abundance of caution.”

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!