ShellCodeX Breach Report
Club Penguin Rewritten (January 2018) Data Breach
cprewritten.net
Verified breach
Passwords exposed
Accounts exposed
1,688,176
Breach date
21 Jan 2018
Added to tracker
23 Apr 2019
Data classes
4
What happened
In January 2018, the children's gaming site Club Penguin Rewritten (CPRewritten) suffered a data breach (note: CPRewritten is an independent recreation of Disney's Club Penguin game). The incident exposed almost 1.7 million unique email addresses alongside IP addresses, usernames and passwords stored as bcrypt hashes. When contacted, CPRewritten advised they were aware of the breach and had "contacted affected users".
Exposed data
Email addresses
IP addresses
Passwords
Usernames
Recommended actions
- Change your Club Penguin Rewritten (January 2018) password immediately, and update it anywhere you reused the same password.
- Enable two-factor authentication on the affected account and on your critical services (email, banking).
- Watch for targeted phishing emails referencing Club Penguin Rewritten (January 2018) โ attackers weaponise breach data quickly.
- Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP