An allegedly stolen Wattpad database containing 270 million records were being sold in private sales for over $100,000. Now it is being offered for free on hacker forums.
Watthpad is a web site that allows members to publish user-generated stories on a variety of different topics. The site is immensely popular and is ranked as the the 150th most visited site worldwide.
Since July 7th, BleepingComputer has been tracking the rumored private sale of a Wattpad database containing over 200 million records.
In an anonymous tip, BleepingComputer was told that this database was being sold by Shiny Hunters, a group known for selling company databases acquired in data breaches.
At the time, Cyber intelligence firm Cyble told BleepingComputer that this database was being sold for ten bitcoins, or almost $100,000 at the time.
BleepingComputer contacted Shiny Hunters about this breach, and at first, they were concerned about how we knew about the sale, and then later denied having anything to do with it.
A few sample records of this database seen by BleepingComputer contain user names, names, hashed passwords, email addresses, and general geographic location.
BleepingComputer contacted the users in this sample, and one user confirmed with BleepingComputer that the listed information was accurate.
BleepingComputer was told by Kiel Hume, Director of PR & Communications at Wattpad, that they are working with external security consultants to investigate the potential breach.
“We continue to investigate the information you’ve shared and its potential origins. At this time we’ve enlisted external security consultants to aid our investigation. We take the security of our users and their data extremely seriously, and our teams will be working around the clock to uncover any new information.”
Update 7/14/20 4:08 PM EST: Hume sent BleepingComputer an updated statement saying that Wattpad is working to contain and remediate the breach, but that no financial information, phone numbers, stories, or private messages were accessed during the incident.
We are aware of reports that some user data has been accessed without authorization. We are urgently working to investigate, contain, and remediate the issue with the assistance of external security consultants.
From our investigation, to date, we can confirm that no financial information, stories, private messages, or phone numbers were accessed during this incident. Wattpad does not process financial information through our impacted servers, and active Wattpad users’ passwords are salted and cryptographically hashed.
We are committed to maintaining the trust that our users have placed in us to ensure the safety and security of the Wattpad community.
Wattpad database now free on a hacker forum…
Schrems II Judgment Day
The Court of Justice of the European Union (“CJEU“) issued its judgment today in …
