Wattpad Data Breach
Wattpad Storytelling Platform Breach (2020): 268 Million User Records Including Passwords, DOB & Location Exposed
Online storytelling platform.
Risk Interpretation
Account takeover and password reuse risks are primary. User-generated content may introduce reputational or personal exposure risks.
Impact & Downstream Threats
In June 2020 an unauthorized party accessed Wattpad systems and exfiltrated nearly 270 million user records. The data was initially sold privately before being published broadly on a hacking forum. Exposed information included names, usernames, email addresses, IP addresses, dates of birth, genders, geographic locations, passwords stored as bcrypt hashes, profile bios, social media profile links, and website URLs. The scale — approaching the entire registered user base at the time — made this on
- Credential stuffing against reused passwords across other platforms
- Identity verification bypass using name + date of birth combination
- Targeted phishing campaigns using exposed email addresses
- Doxxing risk from physical address exposure
- Social media account targeting and impersonation
Threat Vectors
Breach Intelligence
Executive Summary
Wattpad, the Toronto-based storytelling platform popular with teens and young adults, suffered a data breach in June 2020 that exposed approximately 268.8 million user records. An unauthorized party accessed and exfiltrated the data through a misconfiguration. The stolen database was initially sold privately before being posted to a public hacking forum, where it was shared widely. The breach exposed an unusually broad set of personal information: names, usernames, email addresses, passwords, dates of birth, genders, geographic locations, IP addresses, profile bios, social media profiles, and personal website URLs. Passwords were stored as bcrypt hashes, a relatively strong encryption format, but the combination of birth dates, location data, and account credentials creates serious risk for younger users in particular. For a platform whose audience skews toward teenagers and young adults, the exposure of birthdates alongside identifying profile information is especially sensitive. Wattpad notified affected users and prompted password resets following the incident. No major regulatory enforcement or legal settlement specific to this breach has been publicly documented. Affected users face ongoing risks of account takeover, particularly if they reused their Wattpad password on other services. The richness of the exposed dataset also makes it useful for phishing and social engineering attacks, so users should treat any unsolicited contact referencing their Wattpad account or personal details with caution.
About Wattpad
Wattpad is a user-generated storytelling platform where writers publish and readers discover serialized fiction across genres. Founded in 2006 and headquartered in Toronto, the platform accumulated hundreds of millions of registered users and became a significant source of IP that has been adapted for film, television, and publishing. Wattpad was acquired by South Korean internet company Naver in 2021 for approximately $600 million.
Why They Hold Your Data
Online writing and reading communities store user accounts, emails, passwords, and user-generated content tied to identity and interests.
Recent Developments
Following Naver's 2021 acquisition, Wattpad has been integrated into a broader content and IP strategy alongside Naver's webtoon operations, reflecting the parent company's interest in global digital storytelling platforms. The company has continued developing its paid content and story monetization features. Wattpad Studios, the division that adapts platform stories into produced content, has remained active.
Data Points Exposed
Exposure Categories
Canonical Fields
date_of_birth, email_address, full_name, gender, geographic_locations, ip_address, password, profile_bio, social_media_profile, username, website_url:user_site
Dark Web Verification
- Dataset containing ~268.8M records identified in breach intelligence sources
- Data indexed and searchable across breach notification platforms
- Source: Wattpad Data Breach;wattpad.com-2020
Recommended Actions
⚠️ Do not assume this is low sensitivity.
Protect Yourself
Check If You’re Affected
Enter your email to check if your data appears in this breach.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed.
High-Risk? Get an Exposure Audit
Full-spectrum exposure audits for executives and public figures.
ObscureIQ Advisory
We combine proprietary dark web access with commercial and restricted breach intelligence to verify exposure and assess real-world risk.
- A public-facing individual
- A high-profile executive
- A customer of Wattpad
- Or concerned about credential reuse
Powered by the ObscureIQ Breach Intelligence Database
© 2026 ObscureIQ · All Rights Reserved · Data Licensing
Latest from ObscureIQ
What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.
Sextortion Spam