ShellCodeX Breach Report
The Club Penguin Experience Data Breach
thecpexperience.com
Verified breach
Passwords exposed
Accounts exposed
6,342
Breach date
14 Oct 2024
Added to tracker
26 Oct 2024
Data classes
5
What happened
In October 2024, The Club Penguin Experience (TCPE) suffered a data breach. The incident exposed over 6k subscribers' email addresses alongside usernames, age groups, passwords stored as bcrypt hashes and in some cases, plain text password hints. TCPE sent prompt disclosure notices to impacted customers following the breach.
Exposed data
Age groups
Email addresses
Password hints
Passwords
Usernames
Recommended actions
- Change your The Club Penguin Experience password immediately, and update it anywhere you reused the same password.
- Enable two-factor authentication on the affected account and on your critical services (email, banking).
- Watch for targeted phishing emails referencing The Club Penguin Experience โ attackers weaponise breach data quickly.
- Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP