Wattpad users have been receiving emails today from the company warning them that the storytelling social platform had been hacked Friday, May 29th.
BetaKit was first made aware of the emails via a tweet from tech journalist Mike Isaac.
https://twitter.com/MikeIsaac/status/629359463129083905
After reaching out to Wattpad for comment, they were able to provide the full related statement:
On May 29, we identified an attack against our platform. After subsequent review of the incident, we learned that account details and passwords for some accounts may have been exposed. We are contacting all users who may have been affected and urging them to change their passwords as a precaution. We have also implemented additional security measures to prevent an incident like this from reoccurring.
BetaKit has requested additional information from Wattpad on the number of accounts that may have been exposed, and an explanation on the time gap between initial identification and notification. We’ll update this story once we have it.
Update: Wattpad has provided more context on the time differential between the initial attack and notification. See the below statement, which indicates that Wattpad began updating users as soon as it knew.
While we blocked the attack within hours, we did a thorough technical investigation to determine both the security vulnerability and what, if any, information was accessed. Once the internal investigation concluded that some information, may, in fact, have been exposed, we proceeded immediately to notify users.
Update #2: Wattpad has provided BetaKit with more information on the extent of the hack, stating that “a few million user accounts may have been exposed,” and noting that anyone the company suspects of being hacked is being contacted.
The Wattpad representative also strongly emphasized that any passwords potentially exposed were encrypted.
When asked to comment on any steps Wattpad was taking to ensure such a hack would not happen again, BetaKit was provided with the below statement:
The safety of our users, and the security of the information they entrust to us, is of paramount importance. Since the incident, we have reviewed and improved our internal processes, access control, as well as our systems design and approach to technical operations to ensure this does not happen again. We have implemented processes to continuously improve the standards and best practices we follow with respect to user and data security.