Evite Data Breach
Evite Event Invitation Platform Breach (2019): 36 Million User Accounts Including Passwords, DOB & Home Address Exposed
Online invitation and event planning platform.
Risk Interpretation
Exposure enables phishing, social engineering, and identity linkage through guest lists and event participation. Event data can also reveal family relationships, locations, and future schedules.
Impact & Downstream Threats
In 2019 Evite disclosed a data breach in which an unauthorized party accessed inactive user data stored since 2013. The exposed records covered over 100 million users and included email addresses, usernames, passwords, dates of birth, phone numbers, physical addresses, and genders. A security researcher discovered the dataset for sale on a dark web marketplace and notified Evite. The company notified affected users and prompted password resets. No class-action settlement or regulatory enforcemen
- Credential stuffing against reused passwords across other platforms
- Identity verification bypass using name + date of birth combination
- SIM swap attacks where phone numbers are present
- Targeted phishing campaigns using exposed email addresses
- Doxxing risk from physical address exposure
Threat Vectors
Breach Intelligence
Executive Summary
Evite, an online invitation and event planning platform, suffered a breach when a threat actor known as GnosticPlayers accessed an inactive data storage file containing user records dating back to 2013. The breach was discovered in April 2019 after the stolen data appeared for sale on a dark web marketplace. A misconfiguration allowed direct access to the archived data. Over 100 million records were compromised, affecting both registered members and recipients of invitations sent through the platform. The exposed data included email addresses, names, passwords stored in plain text, dates of birth, phone numbers, physical addresses, and genders. Plain-text passwords are particularly serious because they can be used immediately without any additional effort to crack them. For affected users, the combination of personal identifiers and event participation data creates a detailed profile that can be used for phishing, social engineering, and identity-based fraud. Guest list data also exposes family relationships, home locations, and social connections. A security researcher discovered the dataset and alerted Evite, which then notified affected users and prompted password resets. No major regulatory enforcement action or class-action settlement has been publicly documented in connection with this incident. Anyone whose information was included should treat their email address as compromised, update passwords on any accounts where the same credentials were reused, and remain alert to targeted phishing attempts that may reference personal details like names, addresses, or event histories.
About Evite
Evite is an online invitation and event planning platform that allows users to create, send, and manage digital invitations for personal events, parties, and gatherings. Founded in 1998, it is one of the earliest consumer internet services still in operation. The platform operates on a freemium model with premium invitation designs and event management tools. It has changed ownership multiple times through its history and serves primarily the U.S. consumer market.
Why They Hold Your Data
Digital invitation platforms collect organizer and guest identity, emails, event details, contact lists, RSVP status, and event-planning records tied to social gatherings and celebrations.
Recent Developments
Evite continues to operate as a consumer event planning tool under private ownership. The platform has navigated competition from social media event features and specialized event management apps. No major organizational changes have been prominently reported in the recent period.
Data Points Exposed
Exposure Categories
Canonical Fields
date_of_birth, email_address, full_name, gender, password, phone_number, physical_address, physical_address:home
Dark Web Verification
- Dataset containing ~36.2M records identified in breach intelligence sources
- Data indexed and searchable across breach notification platforms
- Source: evite.com-2013;Evite Data Breach
Recommended Actions
⚠️ Do not assume this is low sensitivity.
Protect Yourself
Check If You’re Affected
Enter your email to check if your data appears in this breach.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed.
High-Risk? Get an Exposure Audit
Full-spectrum exposure audits for executives and public figures.
ObscureIQ Advisory
We combine proprietary dark web access with commercial and restricted breach intelligence to verify exposure and assess real-world risk.
- A public-facing individual
- A high-profile executive
- A customer of Evite
- Or concerned about credential reuse
Powered by the ObscureIQ Breach Intelligence Database
© 2026 ObscureIQ · All Rights Reserved · Data Licensing
Latest from ObscureIQ
What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.
Sextortion Spam