Wattpad 2020 Data Breach

Wattpad Storytelling Platform Breach (2020): 268 Million User Records Including Passwords, DOB & Location Exposed | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

MisconfigurationSocialDate of BirthEmail AddressFull NameGenderGeographic LocationIP AddressPasswordProfile Bio
Low SeverityWebsite / service breach

Wattpad Storytelling Platform Breach (2020): 268 Million User Records Including Passwords, DOB & Location Exposed

Online storytelling platform.

Verified by ObscureIQ Intelligence
19/100Breach Risk Index
10Data Value
10Market Recency
2108dSince Breach

Breach Intelligence Summary

Entity: Wattpad · Actor: Unknown · Sources: 6 references
Attack: Misconfiguration
Profile: Platform · Story publishing and reading · USAer-generated content platform · Global
Timeline: Breach (2020-06-29) · Indexed (Jul 19, 2020) · Year (2020)
Exposure: 268.8M records · 11 fields: Date of Birth, Email Address, Full Name, Gender, Geographic Location, IP Address, Password, Profile Bio, Social Media Profile, Username, Website URL
Status: Confirmed

Executive Summary

Wattpad, the Toronto-based storytelling platform popular with teens and young adults, suffered a data breach in June 2020 that exposed approximately 268.8 million user records. An unauthorized party accessed and exfiltrated the data through a misconfiguration. The stolen database was initially sold privately before being posted to a public hacking forum, where it was shared widely. The breach exposed an unusually broad set of personal information: names, usernames, email addresses, passwords, dates of birth, genders, geographic locations, IP addresses, profile bios, social media profiles, and personal website URLs. Passwords were stored as bcrypt hashes, a relatively strong encryption format, but the combination of birth dates, location data, and account credentials creates serious risk for younger users in particular. For a platform whose audience skews toward teenagers and young adults, the exposure of birthdates alongside identifying profile information is especially sensitive. Wattpad notified affected users and prompted password resets following the incident. No major regulatory enforcement or legal settlement specific to this breach has been publicly documented. Affected users face ongoing risks of account takeover, particularly if they reused their Wattpad password on other services. The richness of the exposed dataset also makes it useful for phishing and social engineering attacks, so users should treat any unsolicited contact referencing their Wattpad account or personal details with caution.

ObscureIQ assessment: Account takeover and password reuse risks are primary. User-generated content may introduce reputational or personal exposure risks.

Breach Impact

In June 2020 an unauthorized party accessed Wattpad systems and exfiltrated nearly 270 million user records. The data was initially sold privately before being published broadly on a hacking forum. Exposed information included names, usernames, email addresses, IP addresses, dates of birth, genders, geographic locations, passwords stored as bcrypt hashes, profile bios, social media profile links, and website URLs. The scale — approaching the entire registered user base at the time — made this one of the larger social platform credential breaches of 2020. Wattpad notified users and initiated password resets. No major settlement or regulatory enforcement specific to this breach has been prominently documented in public sources.

About Wattpad

Wattpad is a user-generated storytelling platform where writers publish and readers discover serialized fiction across genres. Founded in 2006 and headquartered in Toronto, the platform accumulated hundreds of millions of registered users and became a significant source of IP that has been adapted for film, television, and publishing. Wattpad was acquired by South Korean internet company Naver in 2021 for approximately $600 million.

Why They Hold Your Data

Online writing and reading communities store user accounts, emails, passwords, and user-generated content tied to identity and interests.

Recent Developments

Following Naver's 2021 acquisition, Wattpad has been integrated into a broader content and IP strategy alongside Naver's webtoon operations, reflecting the parent company's interest in global digital storytelling platforms. The company has continued developing its paid content and story monetization features. Wattpad Studios, the division that adapts platform stories into produced content, has remained active.

Data Points Exposed

11 verified field types
Date of Birth High
Email Address
Full Name High
Gender
Geographic Location
IP Address
Password Critical
Profile Bio
Social Media Profile
Username
Website URL

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:Critical
Primary downstream threats:
  • Credential stuffing against reused passwords across other platforms
  • Identity verification bypass using name + date of birth combination
  • Targeted phishing campaigns using exposed email addresses
  • Doxxing risk from physical address exposure
  • Social media account targeting and impersonation
Threat vectors:
  • Identity verification bypass
  • Phishing, credential stuffing & account takeover
  • Name-based social engineering
  • Profile enrichment
  • Pattern-of-life analysis & physical surveillance
  • Geolocation & account flagging
  • Credential stuffing & account takeover
  • Social engineering context
  • Account impersonation & social graph harvesting
  • Cross-platform tracking & credential stuffing
  • Account linkage

Recommended Actions

If you believe your information may be included:

Change Reused Passwords
Update this account and anywhere you reused the password; use a manager.
Password manager guide
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the Wattpad breach?

Wattpad, the Toronto-based storytelling platform popular with teens and young adults, suffered a data breach in June 2020 that exposed approximately 268.8 million user records. An unauthorized party accessed and exfiltrated the data through a misconfiguration. The stolen database was initially sold…

What data was exposed?

Verified fields include Date of Birth, Email Address, Full Name, Gender, Geographic Location, IP Address, Password, Profile Bio, Social Media Profile, Username, Website URL.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
Have I Been Pwned
Record & field corroboration
Breach Index
DataBreach.com
Record & field corroboration
Cross-source
9ghz
Independent catalogue listing
Cross-source
Keeper
Independent catalogue listing
Cross-source
leakfind
Independent catalogue listing
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation