Data of 2.4 million VRChat users stolen
ID: 44838a5c-7fa5-55dd-86fd-7685d7f861c0
STIX ID: report--44838a5c-7fa5-55dd-86fd-7685d7f861c0
Feed Name: Malwarebytes Blog
VRChat disclosed that an unauthorized actor accessed account data in its cloud environment from May 10–12, 2026, affecting more than 2.4 million users and potentially exposing usernames, associated email addresses, VRChat+ subscription status, and login history (including device identifiers and IP addresses); VRChat says passwords, payment card data, and government ID documents were not exposed. The notice warns of increased phishing, credential-stuffing account takeover attempts, and identity-correlation risks, and recommends changing reused passwords, enabling two-factor authentication, and exercising caution with communications claiming to be from VRChat.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
