ShellCodeX Breach Report
piZap Data Breach
pizap.com
Verified breach
Passwords exposed
Accounts exposed
41,817,893
Breach date
07 Dec 2017
Added to tracker
16 Jul 2019
Data classes
8
What happened
In approximately December 2017, the online photo editing site piZap suffered a data breach. The data was later placed up for sale on a dark web marketplace along with a collection of other data breaches in February 2019. A total of 42 million unique email addresses were included in the breach alongside names, genders and links to Facebook profiles when the social media platform was used to authenticate to piZap. When accounts were created directly on piZap without using Facebook for authentication, passwords stored as SHA-1 hashes were also exposed.
Exposed data
Email addresses
Genders
Geographic locations
Names
Passwords
Social media profiles
Usernames
Website activity
Recommended actions
- Change your piZap password immediately, and update it anywhere you reused the same password.
- Enable two-factor authentication on the affected account and on your critical services (email, banking).
- Watch for targeted phishing emails referencing piZap — attackers weaponise breach data quickly.
- Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP