FAQs on the Recent Wattpad Security Incident

Filipino

Español

Português

Bahasa Indonesia

 

What happened? 

Earlier this month, we were made aware that limited customer data may have been improperly accessed. We took immediate action to contain and remediate the issue. We also retained external security experts to assist in our active investigation into the issue. 

 

What type of information was exposed? 

The investigation, to date, indicates that the following types of information may have been involved:

  • Email address
  • Date of birth and gender (if provided)
  • IP address upon sign up, if signed up before 2017 
  • Profile display name
  • Account name and salted and cryptographically hashed passwords
  • Responses provided to surveys distributed in 2015 or earlier
  • List of Paid Stories and chapter titles purchased by a user
  • Any third-party account IDs, such as Google or Facebook. Passwords associated with third-party accounts are not stored on our systems and are unaffected.

 

We want to stress that Wattpad does not store plain text passwords; all Wattpad passwords are encrypted. User stories, private messages, and phone numbers were NOT part of this incident. 

 

Was any financial information accessed? What about financial information to process payments for Paid Stories?

We do not store financial information on the affected system, so no financial information was accessed as a result of this incident. Paid Stories purchases are processed through third-party vendors and were also not part of this incident.

 

Is there any potential impact on users?

Given the type of information that we have about our users, we think it’s unlikely that this will meaningfully affect our users. Wattpad does not store plain text passwords, and Wattpad passwords use encryption. However, out of an abundance of caution, we are enhancing our password requirements for all accounts and asking our users to change their passwords. 

User stories, private messages, and phone numbers were NOT part of this incident. Additionally, our investigation has not identified any signs that financial or payment information was involved. Wattpad does not maintain financial information on the affected system. Paid Stories purchases are processed through third-party vendors that were not part of this incident.

 

Is it safe for users to continue using their accounts?

Yes. Out of an abundance of caution, we are suggesting that our users change their passwords.

 

What can users do to protect accounts? 

Although we use encryption to store passwords, as a precaution, we are enhancing standards required for passwords on our platform and recommending users change their passwords on Wattpad and any other third-party accounts where they use the same passwords. 

 

Why did Wattpad reset passwords? 

Encrypted passwords were accessed as part of this incident. As a precaution, and as is common in these situations, we are recommending users change their passwords and advising users to change passwords on other sites where they used the same passwords. The plain text data was encrypted and not visible; however, because the security of our users is a top priority we felt it was important to proactively inform our users and prompt them to change their passwords out of an abundance of caution.

 

Should users also reset passwords for their other accounts?

As a matter of practice, users should change passwords on a regular basis, not use the same password more than once, and use a password manager. In line with practicing password hygiene, we recommend users change their passwords on other sites they may have re-used the same password that they used on our platform. 

 If you changed your password after July 21, you do not need to change your password again.

 

Has this issue been resolved? What has Wattpad done to fix it? 

As soon as this incident was discovered, our teams worked urgently to identify, contain, and remediate the issue and perform an extensive security investigation. We also engaged third- party security experts to run a forensic security audit. While our investigation continues, we will be reviewing ways in which we can bolster the security of our corporate infrastructure technology to help protect against similar incidents in the future.

 

Has Wattpad reported this incident to law enforcement?

Yes, as the security of our community and user data is our highest priority, we notified law enforcement. We have also engaged third-party security experts to assist in our investigation.

Why didn’t Wattpad tell users sooner?

Once we became aware that there might be an issue, we immediately began investigating and have been urgently working to understand the depth of this security incident. At the same time, our team members were working to confirm that our systems and user data was secured. Containing and remediating the incident were a matter of foremost priority. 

 

 

 

 

 

 

Ano ang nangyari?

Aming napag-alaman kamakailan na ang ilan sa aming user data ay maaaring na-access nang walang pahintulot. Maagap namin itong tinugunan upang mapigil at maiayos ang isyu. Patuloy pa namin itong sinusuri katulong ang mga external security expert.

 

Anong uri ng impormasyon ang nailagay sa kompromiso?

Ayon sa pinakahuling pagsisiyasat, lumabas na ang mga sumusunod na uri ng impormasyon ay maaaring nailagay sa kompromiso:

  • Email address
  • Petsa ng kapanganakan at kasarian (kung ibinigay)
  • IP address, kung nakapag-sign up bago ang 2017
  • Profile display name
  • Ang pangalan sa account at salted and cryptographically hashed na mga password
  • Ang mga sagot na ibinigay sa mga survey na ipinamahagi noong 2015 o mas maaga
  • Listahan ng Paid Stories at pamagat ng mga kabanata na binili ng isang user
  • Anumang third-party account IDs gaya ng Google o Facebook. Ang mga password na nauugnay sa mga third-party account ay hindi naka-imbak sa aming system at hindi apektado.

 

Nais naming bigyang diin na ang Wattpad ay hindi nag-iimbak ng mga plain text password, at ang lahat ng mga password sa Wattpad ay encrypted. Ang mga kwento ng mga user, pribadong mensahe, at mga phone number ay HINDI bahagi ng pangyayaring ito. 

 

May mga na-access bang financial information? Paano naman ang financial information para sa pagproseso ng mga bayad sa Paid Stories?

Hindi kami nag-iimbak ng financial information sa naapektuhang system, kaya walang financial information na na-access bilang resulta sa insidente na ito. Ang mga biniling Paid Stories ay pinoproseso gamit ang mga third-party vendors at hindi rin parte ng insidenteng ito.

 

Mayroon ba itong potensyal na epekto sa mga user?

Sa uri ng impormasyong mayroon kami tungkol sa aming mga user, sa palagay namin ay hindi ito masyadong makaaapekto sa aming mga user. Ang Wattpad ay hindi nag-iimbak ng mga plain text passwords, at gumagamit ng encryption ang Wattpad passwords. Gayunpaman, bilang higit na pag-iingat, pinagbubuti namin ang aming password requirements para sa lahat ng accounts at hinihiling sa aming mga user na magpalit ng kanilang mga password.

Ang mga kwento ng mga user, pribadong mensahe, at mga phone number ay HINDI bahagi ng pangyayaring ito. Bilang karagdagan, ang aming imbestigasyon ay hindi nakakita ng kahit anong palatandaang nasangkot ang financial o payment information. Ang Wattpad ay hindi nag-iimbak ng financial information sa naapektuhang system. Ang mga biniling Paid Stories ay pinoproseso gamit ang mga third-party vendors na hindi parte ng insidenteng ito.

 

Ligtas ba para sa mga user na patuloy na gamitin ang kanilang mga account?

Oo. Para sa higit na pag-iingat, iminumungkahi namin sa mga user na palitan ang kanilang mga password.

 

Ano ang maaaring gawin ng mga user upang maprotektahan ang mga account?

Bagaman gumagamit kami ng malakas na encryption upang mag-imbak ng mga password, bilang pag-iingat, inirerekumenda naming agad ninyong baguhin ang inyong password sa Wattpad, pati na sa ibang mga third-party account kung saan ginagamit ninyo ang parehong password. 

 

Bakit nag-reset ang Wattpad ng mga passwords?

Ang mga encrypted passwords ay natukoy na kabilang sa insidenteng ito. Bilang pag-iingat, inrirekumenda namin ang pagbabago ng inyong mga passwords pati na rin sa ibang mga websites kung saan ang parehong password ang inyong ginamit. Ang plain text data ay encrypted at hindi nakikita; subalit, dahil prayoridad namin ang seguridad ng aming mga users, importante sa aming maipaalam sa kanila ang nangyari at masabihan silang palitan ang kanilang mga passwords bilang pag-iingat. 

 

Kailangan din bang i-reset ng mga user ang passwords sa iba pa nilang mga account?

Nirerekumenda naming sanayin nating gawin ang password hygiene, tulad ng regular na pagpapalit ng mga password, ang hindi pag-uulit ng iisang password, at paggamit ng password manager. 

 

Naayos na ba ang isyu? Ano ang ginawa ng Wattpad para maayos ito?

Sa sandaling natuklasan ang pangyayaring ito, ang aming mga team ay agad na nagtrabaho upang malaman, mapigil at maisayos ang isyu at magsagawa ng malawakang imbestigasyon sa seguridad. Nakipagtulungan din kami sa mga third-party security experts para magsagawa ng forensic security audit. Habang nagpapatuloy ang aming imbestigasyon, susuriin namin ang mga paraan kung paano namin mapalalakas ang seguridad ng aming corporate infrastructure technology upang makatulong sa pagprotekta laban sa mga insidenteng katulad nito sa hinaharap.

 

Iniulat ba ng Wattpad ang insidente sa law enforcement?

Oo, bilang ang seguridad ng aming komunidad at user data ang aming pinakamataas na prayoridad, ipinaalam namin ito sa law enforcement. Nakipagtulungan din kami sa mga third-party security experts upang matulungan kami sa aming imbestigasyon.

 

Bakit hindi ito agad ipinagbigay-alam ng Wattpad sa mga user?

Nang napag-alaman naming maaaring may isyu, nagsimula agad kaming mag-imbestiga at agarang nagtrabaho upang maintidihan ang lalim ng insidenteng ito sa seguridad. Kasabay nito, ang aming mga team member ay nagtatrabaho upang makumpirmang ang aming systems at user data ay na-secure. Ang pagpigil at pagsasaayos sa insidente ang aming pinakamahalagang prayoridad.

 

 

 

 

 

 

Was this article helpful?
12 out of 18 found this helpful

Comments

Article is closed for comments.