ShellCodeX
Tools โ€ข Events โ€ข News โ€ข Insights
ShellCodeX Breach Report

Club Penguin Rewritten (July 2019) Data Breach

cprewritten.net
Significant exposure
Verified breach Passwords exposed
Accounts exposed 4,007,909
Breach date 27 Jul 2019
Added to tracker 30 Jul 2019
Data classes 4

What happened

In July 2019, the children's gaming site Club Penguin Rewritten (CPRewritten) suffered a data breach (note: CPRewritten is an independent recreation of Disney's Club Penguin game). In addition to an earlier data breach that impacted 1.7 million accounts, the subsequent breach exposed 4 million unique email addresses alongside IP addresses, usernames and passwords stored as bcrypt hashes.

Exposed data

Email addresses IP addresses Passwords Usernames

Recommended actions

  • Change your Club Penguin Rewritten (July 2019) password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing Club Penguin Rewritten (July 2019) โ€” attackers weaponise breach data quickly.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP