ShellCodeX
Tools • Events • News • Insights
ShellCodeX Breach Report

piZap Data Breach

pizap.com
Major exposure
Verified breach Passwords exposed
Accounts exposed 41,817,893
Breach date 07 Dec 2017
Added to tracker 16 Jul 2019
Data classes 8

What happened

In approximately December 2017, the online photo editing site piZap suffered a data breach. The data was later placed up for sale on a dark web marketplace along with a collection of other data breaches in February 2019. A total of 42 million unique email addresses were included in the breach alongside names, genders and links to Facebook profiles when the social media platform was used to authenticate to piZap. When accounts were created directly on piZap without using Facebook for authentication, passwords stored as SHA-1 hashes were also exposed.

Exposed data

Email addresses Genders Geographic locations Names Passwords Social media profiles Usernames Website activity

Recommended actions

  • Change your piZap password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing piZap — attackers weaponise breach data quickly.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP