Jul 20, 2020
I received an email from haveibeenpawned:
You’re one of 268,765,495 people pwned in the Wattpad data breach
268,765,495. My head spins. What was leaked this time?
Bios, Dates of birth, Email addresses, Genders, Geographic locations, IP addresses, Names, Passwords, Social media profiles, User website URLs, Usernames
It seems that passwords are at least hashed according to this article.
Fortunatelly for me, I only provided minimal or fake information. But I was just lucky.
What I don’t appreciate: I had to learn via haveibeenpawned. If you have more than 250 millions account, you should carefully plan for data breach, and be ready to notify all your users swiftly.
At any rate I hadn’t used that account for a while, so this was a good occasion to close it. Switching back to static blog generation was a sound move. The risk of being hacked is low(er), the risk of leaking personal data beyond what you published inexistent. Remember to always use different passwords, preferably a randomly generated sequence, in combination with a password manager.