Wattpad users: change your Wattpad and Tumblr passwords

Posted on by Dissent

Wattpad‘s site claims

More than 40 million people have joined Wattpad, making it the world’s largest community of readers and writers. People use Wattpad to connect with each other while they discover and share millions of free stories. Wattpad stories are available in more than 50 languages and can be read or written from any phone, tablet, or computer. The company is proudly based in Toronto, Canada.

What the site doesn’t seem to tell us that an attack may have compromised user information. Here’s the text of Wattpad’s notification, as seen on the California Attorney General’s site:

August 6, 2015

We need to inform you of an important matter concerning your Wattpad account. On Friday, May 29, we identified an attack against our system. While we were able to block the attack within hours of identification, following a review of the incident, it’s possible that some of your information may have been accessed.

The information that may have been accessed includes your email address, Wattpad password, Tumblr username and password, last login IP, and other user profile information you provided. While your Wattpad password was encrypted, your Tumblr password was not stored in an encrypted form. To see the other user profile information you provided to us, please login to your account on the Web and go to ‘Settings’. If you are unable to gain access to your account, please go here. The information accessed does not include stories you read or created.

The security and safety of our community is of the highest importance. As a precaution, we recommend you promptly change your Wattpad password and your Tumblr password. If you used the same passwords for other accounts, you should also change the password for those accounts. As always, you should be suspicious of anyone who contacts you requesting personal information online.

We take your online security seriously. We have already implemented additional security measures and will continue to improve our systems to avoid future issues. Please accept our sincerest apologies.

If you have any questions please contact us at [email protected]. Kind regards,

Marc Shewchun
Head of Community Operations on behalf of The Wattpad Team

According to the submission to California, the breach occurred on May 29 and was discovered on July 6, so it’s not clear why their letter says the breach was identified on May 29.

WP Technology Inc. does business as Wattpad.

Category: Business SectorHackNon-U.S.