Wattpad Corp. is providing more details about what data hackers might have gotten their hands on during a potential breach of the online storytelling platform.
The Toronto-based company warned users on Tuesday that hackers might have accessed their email address, date of birth and gender, profile display name, account name and cryptographically-hashed passwords.
Responses provided to surveys distributed in 2015 or earlier, lists of paid stories and chapter titles purchased by each user and IP addresses for those who signed up before 2017 could also have been accessed, Wattpad said.
It added that passwords associated with third-party accounts are not stored on its systems or believe to be affected, but hackers might have obtained third-party account IDs related to Google or Facebook.
The warning comes days after Wattpad first told users on July 14 that it is investigating a potential breach after it became aware of recent reports suggesting some user data has been accessed without authorization.
“We are urgently working to investigate, contain, and remediate the issue with the assistance of external security consultants,” the company said.
Wattpad refused to share with The Canadian Press how many of its more than 80 million users may be impacted.
“User stories, private messages, and phone numbers were not part of this incident. Financial or payment information are not stored on affected systems and, based on the investigation to date, were not affected in this incident,” Wattpad said in its Tuesday update.
“We want to stress that Wattpad does not store plain text passwords; all Wattpad passwords are encrypted.”
While it continues to investigate, the company urged users to reset their password on Wattpad and any other third-party site where they use the same login info.
Wattpad reminded users that it will never ask them for a password, except when signing in.
Benjamin Fung, the Canada research chair in data mining for cybersecurity and an associate professor at McGill University, said the data Wattpad identified as potentially accessed could be used to target users.
“The list of paid stories and chapter titles reveal a user’s interests, which may be private,” he wrote in an email to The Canadian Press.
“This information is useful for marketing and spamming.”
Your time is valuable. Have the Top Business Headlines newsletter conveniently delivered to your inbox in the morning or evening. Sign up today.