VRChat Data Breach Impacts 2.4 Million Users in 2026
On July 8, 2026, VRChat a popular online virtual world platform disclosed a data breach affecting approximately 2.4 million users. The incident, which the company has since contained, prompted a forensic investigation and the implementation of enhanced security measures. VRChat collaborated with cybersecurity experts to monitor further threats and assess the breach’s scope.
According to the organization’s notice, compromised data may include:
- User IDs linked to external platforms (e.g., Steam or Meta)
- Login histories, such as devices, hardware identifiers, and IP addresses
VRChat confirmed that no evidence suggests the exposure of passwords, payment details, credit card information, or government identification documents. The company also warned users to remain vigilant against unsolicited messages posing as official communications from the platform.
The breach underscores the growing risks in today’s threat landscape, particularly for platforms handling user authentication and cross-service integrations. VRChat’s response included a webinar scheduled for July 8, 2026, where security leaders planned to discuss insights from the incident and strategies for improving organizational security maturity.
Source: https://www.securitymagazine.com/articles/102365-24m-impacted-by-vrchat-breach
VRChat Inc. cybersecurity rating report: https://www.rankiteo.com/company/vrchat
"id": "VRC1781196380",
"linkid": "vrchat",
"type": "Breach",
"date": "7/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '2.4 million',
'industry': 'Technology/Gaming',
'name': 'VRChat',
'type': 'Online Virtual World Platform'}],
'customer_advisories': 'Users warned to remain vigilant against unsolicited '
'messages posing as official communications from the '
'platform.',
'data_breach': {'number_of_records_exposed': '2.4 million',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'Moderate',
'type_of_data_compromised': ['User IDs linked to external '
'platforms',
'Login histories',
'Devices',
'Hardware identifiers',
'IP addresses']},
'date_publicly_disclosed': '2026-07-08',
'description': 'On July 8, 2026, VRChat disclosed a data breach affecting '
'approximately 2.4 million users. The incident was contained, '
'and a forensic investigation was conducted. Compromised data '
'may include user IDs linked to external platforms, login '
'histories, devices, hardware identifiers, and IP addresses. '
'No passwords, payment details, credit card information, or '
'government identification documents were exposed. Users were '
'warned to remain vigilant against phishing attempts.',
'impact': {'data_compromised': 'User IDs linked to external platforms, login '
'histories, devices, hardware identifiers, IP '
'addresses',
'identity_theft_risk': 'High',
'payment_information_risk': 'None'},
'investigation_status': 'Ongoing',
'lessons_learned': 'The breach underscores the growing risks in today’s '
'threat landscape, particularly for platforms handling '
'user authentication and cross-service integrations.',
'post_incident_analysis': {'corrective_actions': 'Enhanced security measures '
'implemented'},
'recommendations': 'Improve organizational security maturity, remain vigilant '
'against phishing attempts, and enhance monitoring for '
'threats.',
'references': [{'source': 'VRChat Public Notice'}],
'response': {'communication_strategy': 'Public disclosure, webinar for '
'security insights',
'containment_measures': 'Yes',
'enhanced_monitoring': 'Yes',
'incident_response_plan_activated': 'Yes',
'remediation_measures': 'Enhanced security measures',
'third_party_assistance': 'Cybersecurity experts'},
'stakeholder_advisories': 'Webinar scheduled for July 8, 2026, to discuss '
'insights and strategies for improving security.',
'title': 'VRChat Data Breach Impacts 2.4 Million Users in 2026',
'type': 'Data Breach'}