In June 2020, Wattpad — the online creative writing platform with over 90 million users — suffered a data breach exposing approximately 268 million user records. The data was initially offered for sale on hacker forums for $100,000 before being distributed more widely, eventually appearing on Have I Been Pwned. Stolen data included usernames, email addresses, IP addresses, dates of birth, gender, geographic location, hashed passwords (bcrypt for most accounts), private messages, and other account metadata. The data was first reported by threat intelligence service Under the Breach on 13 July 2020. Wattpad confirmed the breach on 14 July 2020. Wattpad stated they were taking steps to protect accounts and had notified relevant authorities. As a company operating in Canada, the breach was notifiable under PIPEDA. Wattpad was acquired by Naver Corporation (a Korean internet company) in 2021. The exposure of 268 million records made it one of the larger breaches of 2020. The exposure of private messages was particularly concerning given the platform’s predominantly young user base, including teenagers sharing fan fiction and personal stories.