Contact us
Contact us

News

About

Home Crypto News VRChat breach exposed emails and device data for 2.4M

VRChat breach exposed emails and device data for 2.4M

Author Whitewallet Research
Posted: 11 June 2026, 12:02 CET 2 min read

Unauthorized access to VRChat’s cloud May 10–12 exposed usernames, emails, VRChat+ status and login/device data for 2.4M users; passwords and payment data were not exposed.

VRChat disclosed unauthorized access to its cloud environment between May 10 and May 12 that involved profile and login-related data for more than 2.4 million users. Exposed fields may have included VRChat usernames, the email address linked to an account, VRChat+ subscription status and parts of login history such as device information, hardware identifiers and IP addresses. Passwords, credit card numbers and government ID documents used for age verification were not exposed.

The company filed a breach notice after detecting the access and reported that the specific information exposed varied by account. VRChat implemented additional security controls and engaged external professionals to monitor for ongoing threats and potential misuse of the data.

The exposed combination of usernames and email addresses can be used in targeted phishing and impersonation attempts that reference VRChat or platform stores. Knowledge of a user’s VRChat+ subscription status can make fraudulent messages that mention billing, refunds or subscription issues more persuasive.

Attackers may attempt credential stuffing by trying passwords stolen from other breaches against VRChat accounts where users reused credentials. Account takeover can lead to resale of accounts or their use in scams and other malicious activity.

Identifiers tied to Steam or Meta accounts, together with IP addresses and device data, can be used to link a user’s identity across gaming and social platforms or to build tracking profiles. VRChat noted the incident occurred within its cloud environment and that it is monitoring for signs of misuse.

VRChat is a social platform designed primarily for virtual reality headsets that lets users interact through user-created 3D avatars and worlds. The app is available on Steam for PC, the Meta Quest Store and as an Android app.

The company urged affected users to be alert for suspicious emails, texts or in‑platform messages, to change any passwords reused on other sites and to enable two-factor authentication on VRChat accounts. Security experts recommend monitoring linked accounts for unusual activity and avoiding unexpected links or requests for credentials.

Whitewallet Research
Author

Articles by this author

Malware in Pirated PC Games Steals Passwords and Crypto
Malware in Pirated PC Games Steals Passwords and Crypto
jun 8
Armstrong: Energy and Compute, Not Models, Will Cap AI Growth
Armstrong: Energy and Compute, Not Models, Will Cap AI Growth
jun 8
Custodial vs non-custodial wallet
Custodial vs non-custodial wallet
may 30
What is a crypto seed phrase
What is a crypto seed phrase
may 25
Seed phrase vs private key
Seed phrase vs private key
may 21

Latest News

MORE
Adam Back: Bitcoin won’t fire miners; Dashjr readies fork

Adam Back: Bitcoin won’t fire miners; Dashjr readies fork

jun 12 2 min read
Coinbase Lets AI Agents Trade Inside User-Controlled Limits

Coinbase Lets AI Agents Trade Inside User-Controlled Limits

jun 12 2 min read
Hackers Impersonate ChatGPT, Claude and DeepSeek

Hackers Impersonate ChatGPT, Claude and DeepSeek

jun 11 2 min read
Delaware advances bill to ban crypto ATMs after scam surge

Delaware advances bill to ban crypto ATMs after scam surge

jun 11 2 min read
MORE