Evite 2013 Data Breach

Evite Event Invitation Platform Breach (2019): 36 Million User Accounts Including Passwords, DOB & Home Address Exposed | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

GnosticPlayersMisconfigurationEventDate of BirthEmail AddressFull NameGenderPasswordPhone NumberPhysical Address
Low SeverityWebsite / service breach

Evite Event Invitation Platform Breach (2019): 36 Million User Accounts Including Passwords, DOB & Home Address Exposed

Online invitation and event planning platform.

Verified by ObscureIQ Intelligence
34/100Breach Risk Index
10Data Value
25Market Recency
512dSince Breach

Breach Intelligence Summary

Entity: Evite · Actor: GnosticPlayers · Sources: 9 references
Attack: Misconfiguration
Profile: Platform · Digital invitations and event planning · Online event management platform · Global
Timeline: Breach (2013-08-11) · Indexed (Dec 01, 2024) · Year (2013)
Exposure: 36.2M records · 7 fields: Date of Birth, Email Address, Full Name, Gender, Password, Phone Number, Physical Address
Status: Confirmed

Executive Summary

Evite, an online invitation and event planning platform, suffered a breach when a threat actor known as GnosticPlayers accessed an inactive data storage file containing user records dating back to 2013. The breach was discovered in April 2019 after the stolen data appeared for sale on a dark web marketplace. A misconfiguration allowed direct access to the archived data. Over 100 million records were compromised, affecting both registered members and recipients of invitations sent through the platform. The exposed data included email addresses, names, passwords stored in plain text, dates of birth, phone numbers, physical addresses, and genders. Plain-text passwords are particularly serious because they can be used immediately without any additional effort to crack them. For affected users, the combination of personal identifiers and event participation data creates a detailed profile that can be used for phishing, social engineering, and identity-based fraud. Guest list data also exposes family relationships, home locations, and social connections. A security researcher discovered the dataset and alerted Evite, which then notified affected users and prompted password resets. No major regulatory enforcement action or class-action settlement has been publicly documented in connection with this incident. Anyone whose information was included should treat their email address as compromised, update passwords on any accounts where the same credentials were reused, and remain alert to targeted phishing attempts that may reference personal details like names, addresses, or event histories.

ObscureIQ assessment: Exposure enables phishing, social engineering, and identity linkage through guest lists and event participation. Event data can also reveal family relationships, locations, and future schedules.

Breach Impact

In 2019 Evite disclosed a data breach in which an unauthorized party accessed inactive user data stored since 2013. The exposed records covered over 100 million users and included email addresses, usernames, passwords, dates of birth, phone numbers, physical addresses, and genders. A security researcher discovered the dataset for sale on a dark web marketplace and notified Evite. The company notified affected users and prompted password resets. No class-action settlement or regulatory enforcement action specific to this incident has been prominently documented in public sources.

About Evite

Evite is an online invitation and event planning platform that allows users to create, send, and manage digital invitations for personal events, parties, and gatherings. Founded in 1998, it is one of the earliest consumer internet services still in operation. The platform operates on a freemium model with premium invitation designs and event management tools. It has changed ownership multiple times through its history and serves primarily the U.S. consumer market.

Why They Hold Your Data

Digital invitation platforms collect organizer and guest identity, emails, event details, contact lists, RSVP status, and event-planning records tied to social gatherings and celebrations.

Recent Developments

Evite continues to operate as a consumer event planning tool under private ownership. The platform has navigated competition from social media event features and specialized event management apps. No major organizational changes have been prominently reported in the recent period.

Data Points Exposed

7 verified field types
Date of Birth High
Email Address
Full Name High
Gender
Password Critical
Phone Number
Physical Address High

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:Critical
Primary downstream threats:
  • Credential stuffing against reused passwords across other platforms
  • Identity verification bypass using name + date of birth combination
  • SIM swap attacks where phone numbers are present
  • Targeted phishing campaigns using exposed email addresses
  • Doxxing risk from physical address exposure
Threat vectors:
  • Identity verification bypass
  • Phishing, credential stuffing & account takeover
  • Name-based social engineering
  • Profile enrichment
  • Credential stuffing & account takeover
  • SIM swapping, vishing & SMS phishing
  • Physical stalking, mail fraud & identity verification
  • Home targeting, stalking & physical threat

Threat Actor: GnosticPlayers

GnosticPlayers
Misconfiguration

Attribution and method are based on available breach intelligence. Reported attack vector: Misconfiguration.

Recommended Actions

If you believe your information may be included:

Change Reused Passwords
Update this account and anywhere you reused the password; use a manager.
Password manager guide
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the Evite breach?

Evite, an online invitation and event planning platform, suffered a breach when a threat actor known as GnosticPlayers accessed an inactive data storage file containing user records dating back to 2013. The breach was discovered in April 2019 after the stolen data appeared for sale on a dark web…

What data was exposed?

Verified fields include Date of Birth, Email Address, Full Name, Gender, Password, Phone Number, Physical Address.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
Breach Index
Have I Been Pwned
Record & field corroboration
Cross-source
9ghz
Independent catalogue listing
Cross-source
BreachForums_Official_Index
Independent catalogue listing
Cross-source
DataViper.io
Independent catalogue listing
Cross-source
Dehashed
Independent catalogue listing
Cross-source
Keeper
Independent catalogue listing
Cross-source
leakfind
Independent catalogue listing
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation