piZap
  • Total Records60,831,806
  • Unique Emails41,384,605
  • Unique Email Providers110,263
  • Unique Usernames60,450,132
  • Unique First Names48,720,477
  • Unique Cryptocurrency Addresses4,819,342

What Happened in the piZap Data Breach? Everything You Need To Know

piZap, a popular online photo editing service, suffered a significant data breach in December 2017. This breach led to the exposure of more than 60 million user records, making it one of the larger incidents in this sector. The compromised data included email addresses, full names, country information, and social media accounts connected to Facebook. For those users who registered directly through piZap, even hashed passwords and usernames were affected. The breach remained largely under the radar until February 2019, when the stolen data surfaced on a dark web marketplace, highlighting the scale and scope of information that had been compromised more than a year earlier.

Background on piZap and the Breach

piZap provides users with simple online photo editing tools, attracting millions worldwide who want to create, edit, and share visual content. In December 2017, threat actors gained unauthorized access to piZap's user database. As a result, sensitive data—including about 42 million unique email addresses and a total of over 60 million user accounts—was stolen. The breach not only affected those who signed up directly but also users who connected their accounts via Facebook.

What Information Was Exposed?

  • Email addresses: A major portion of the compromised data consisted of unique emails.
  • Full names: Users’ real names were also included in the dump.
  • Geographic locations: Country-level address information was revealed.
  • Social media profiles: Information related to Facebook-linked accounts was breached.
  • Usernames: Handles and usernames from piZap accounts were among the leaked fields.
  • Hashed passwords: For direct signups, passwords hashed with SHA-1 were exposed.

The combination of this information can be highly valuable on underground markets, as it covers both personal identifiers and account credentials.

Timeline of Events

  • December 2017: piZap experiences the breach, resulting in unauthorized access to user data.
  • 2018: The incident remained mostly unknown to the public and unreported by media outlets.
  • February 2019: The entire breached dataset was put up for sale on a dark web marketplace, bringing the incident to widespread attention.

Scope and Impact

In total, 60,831,807 records were compromised. The release of this information had potential repercussions for both the privacy and online security of millions of piZap users. While not all records included every compromised field, the presence of email addresses, names, and hashed passwords increased the risk for affected individuals, especially those who may have reused their credentials elsewhere.

Frequently Asked Questions

What caused the piZap data breach?

The piZap data breach was caused by unauthorized access to the site's user database, leading to the exposure of millions of user records.

How many users were affected in the piZap breach?

Over 60 million records were compromised in the piZap breach, with around 42 million unique email addresses affected in total.

What specific information was leaked in the piZap data breach?

The data breach exposed email addresses, full names, usernames, country of residence, social media profiles linked to Facebook, and hashed passwords for direct piZap signups.

When was the piZap breach data sold or made public?

The stolen user data from piZap was listed for sale on a dark web marketplace in February 2019, more than a year after the initial breach took place in December 2017.

How can I check if I'm in the piZap data breach?

You can check if your information was part of the piZap breach by utilizing the DeHashed search engine.