ShellCodeX
Tools โ€ข Events โ€ข News โ€ข Insights
ShellCodeX Breach Report

Club Penguin Rewritten (January 2018) Data Breach

cprewritten.net
Significant exposure
Verified breach Passwords exposed
Accounts exposed 1,688,176
Breach date 21 Jan 2018
Added to tracker 23 Apr 2019
Data classes 4

What happened

In January 2018, the children's gaming site Club Penguin Rewritten (CPRewritten) suffered a data breach (note: CPRewritten is an independent recreation of Disney's Club Penguin game). The incident exposed almost 1.7 million unique email addresses alongside IP addresses, usernames and passwords stored as bcrypt hashes. When contacted, CPRewritten advised they were aware of the breach and had "contacted affected users".

Exposed data

Email addresses IP addresses Passwords Usernames

Recommended actions

  • Change your Club Penguin Rewritten (January 2018) password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing Club Penguin Rewritten (January 2018) โ€” attackers weaponise breach data quickly.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP