It’s always deeply upsetting when posts like these need to be made, not just regarding the community affected but also the team who cares so dearly about their game, including its security.
Unfortunately it has now been announced by the Microsoft Regional Director, and confirmed by the Club Penguin Rewritten team, that over four million accounts of the game have been breached, including the 1.7 million accounts from a previous breach.
IP addresses, email addresses, and usernames associated with passwords stored as bcrypt hashes have been breached. Though passwords aren’t possible to be compromised, several risks can occur as a result of this breach, including malicious emails from fake addresses, so please take a moment to familiarise yourself with this information.
UPDATE: Please note that several flaws have since emerged regarding the official announcement; the person who initially announced the breach, the Microsoft Regional Director, has challenged the team’s stance that passwords are “impossible to crack”, stating that they’re merely more difficult and take longer to do so.
- Despite your passwords being impossible to crack, we heavily suggest that you have a different password for every website that you sign-up for; this is a security practice that everybody should be following. If you need to change your password, you can do so here.
- Always be cautious when opening emails because you never know which ones could have malicious intent. If you suspect that the email is from an untrusted address, always report it to your email service.
- It is possible to change your IP address either by contacting your ISP (Internet Service Provider) or restarting your router. Options may vary depending on your ISP.
-Recommendations from the official announcement
I too am disappointed that this happened and had to be initially announced by the Microsoft Regional Director before the Club Penguin Rewritten team, but strongly advocate following the team’s security suggestions. “CPPS Safety tips” can always be found on the sidebar of this website as well.
If anymore information is officially released, I will let you know, but please take a moment to ensure that all your online security is up to date.