VRChat Denies Data Breach Claims
VRChat Denies Data Breach Claims đźš«
A data breach notice has been filed with the Maine Attorney General, claiming that over 2.4 million users of VRChat may have had their data compromised. However, a VRChat representative stated on Reddit: “VRChat did not submit this Notice of Data Incident, and we have no reason to believe that our systems have been compromised. We are in the process of contacting the Maine Attorney General’s office to have this removed.”
The breach notice indicates that unauthorized access to some account data occurred between May 10 and May 12, 2026. This access reportedly happened in VRChat’s cloud environment and involved user profile and login-related data. The exposed information varied by account but may have included:
- VRChat username
- Email address associated with the VRChat account
- VRChat+ subscription status
- Login history, including device information, hardware identifiers, and IP addresses.
Importantly, the notice confirms that no passwords or payment card data were exposed.
Despite the absence of sensitive information, there are still potential risks associated with the breached data. Cybercriminals may exploit usernames and email addresses in targeted phishing attempts. For instance, a scammer could send tailored messages like “billing issue with your subscription” or refund scams, which often have higher click-through rates among paying users. Additionally, cybercriminals may combine usernames and email addresses from this breach with passwords stolen from other breaches, employing a technique known as credential stuffing.
To protect yourself, consider these steps:
- Be cautious of emails, texts, or calls claiming to be from VRChat or related gaming platforms, as cybercriminals often exploit breaches with phishing scams.
- If you’ve used your VRChat password elsewhere, change those accounts immediately.
- Set up two-factor authentication (2FA) on your VRChat account if you haven’t already.
For more details, Read full article!