ShellCodeX
Tools โ€ข Events โ€ข News โ€ข Insights
ShellCodeX Breach Report

The Club Penguin Experience Data Breach

thecpexperience.com
Limited exposure
Verified breach Passwords exposed
Accounts exposed 6,342
Breach date 14 Oct 2024
Added to tracker 26 Oct 2024
Data classes 5

What happened

In October 2024, The Club Penguin Experience (TCPE) suffered a data breach. The incident exposed over 6k subscribers' email addresses alongside usernames, age groups, passwords stored as bcrypt hashes and in some cases, plain text password hints. TCPE sent prompt disclosure notices to impacted customers following the breach.

Exposed data

Age groups Email addresses Password hints Passwords Usernames

Recommended actions

  • Change your The Club Penguin Experience password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing The Club Penguin Experience โ€” attackers weaponise breach data quickly.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP