RSS

2.4M+ VRChat users' data accessed following cloud breach

Bender2 pts0 comments

2.4M+ VRChat users’ data accessed following cloud breach

Jump to main content

Search

REG AD

security

2.4M+ VRChat users’ data accessed following cloud breach

No disclosure via official channels, no offer of identity theft monitoring, no problem

Connor Jones

Connor<br>Jones

Cybersecurity reporter

Published<br>thu 11 Jun 2026 // 17:01 UTC

Online chat platform VRChat says a recent cyberattack compromised the data belonging to nearly 2.5 million users. It confirmed the “data security incident” in a report filed with Maine’s attorney general, but has not disclosed it via public channels.<br>The company’s report confirmed that its cloud environment was accessed between May 10-12, with the unauthorized intruder making off with information concerning 2,436,782 users.<br>This included VRChat usernames, email addresses, whether a user was a VRChat+ subscriber, login histories (including device, hardware identifiers, and IP addresses), and Steam or Meta user IDs.

REG AD

It does not believe passwords, credit cards or other payment information, or government IDs used for age verification were affected.

REG AD

“VRChat sincerely regrets that this security incident occurred,” the company stated in its disclosure. “We understand that trust between our platform and its community is earned through consistent action, and we take full responsibility for the concern this event has caused.<br>“The security and privacy of our players' information remain our highest priority, and we are committed to doing everything within our power to protect it.”

MORE CONTEXT

The only technology that died more times than VR is AI, and that seems to have worked out

Meta retreats from metaverse after virtual reality check

Head-mounted VR hardware will never happen, says Neal Stephenson - who coined the term ‘metaverse’

Microsoft mops up Mesh after another metaverse misfire

VRChat said that after it was made aware of the intrusion, it contained the threat and implemented additional security controls, as well as engaging outside security experts.<br>And in an unusual move for US breaches, the San Francisco-based company did not offer identity theft or credit monitoring services.<br>Offering these kinds of services is not a legal requirement, but doing so is highly common, especially regarding attacks that affect so many individuals.<br>VRChat does not publish the total number of registered users that it has on its books, but its documentation states that “the platform has grown to millions of users,” who have collectively published tens of millions of unique pieces of content for it since its first release in 2014.<br>The part game, part chat platform is an online, open-world chatroom where people walk around interacting with one another via their 3D avatars.<br>It has been compared to Second Life in that users explore other users' worlds, play mini-games, and partake in casual chit-chat, with support for both virtual reality headsets and conventional PCs.

REG AD

You can also think of it as something similar to Meta’s vision for the metaverse, just without all the coworking and KPI meetings, and with way more users. ®

cloud<br>cybercrime<br>data breach<br>metaverse<br>security<br>vrchat

REG AD

ai and ml

Google's new open-weights model brings image-generation tricks to AI text generation

Language model builds on diffusion tech to boost output performance by up to 4x, claims Chocolate Factory

Security

Microsoft's worst 'Nightmare' unleashes BitLocker bypass 0-day

Another day, another Windows exploit code

ZTE wins three Selular Award 2026 honors for AI-powered network innovation

PARTNER CONTENT: Recognized for breakthrough achievements in FWA, Network Ecosystem, and Native AI Baseband, ZTE solidifies its role as a key driver of Indonesia’s 5G-Advanced and AI economic growth

offbeat

Hand-cranked AI box lets you get a workout while you wait for answers

We're all familiar with AI cranks by now, but what about crank-powered AIs?

os platforms

Yes! It’s true! Windows 11 is an agentic platform

It always has been, but Microsoft didn’t realize it

PAAS AND IAAS

Graviton 5 impresses, but please, for the love of all that's holy, stop calling them 'AI chips'

AWS better at running chip fabs than their mouths

MOST POPULAR

SECURITY

All the passwords were stored in Active Directory description fields

public sector

GOV.UK goes Dutch on payments as it dumps Stripe

security

GitHub nukes 70+ Microsoft repos, breaks CI/CD pipelines, following suspected worm infections

Security

Signal says UK plan to scan devices for nude images 'endangers us all'

Security

Angry bug hunter with Microsoft beef drops new Windows 0-day

EVENTS

Thriving Through Volatility: The Everpure Advantage in an Uncertain Market

Learn how a consumption-based operating model provides flexibility, improves efficiency, and brings predictability to infrastructure investments.

From Prompt to Exploit: How LLMs Are Changing API Attacks

Modern applications are API-driven, interconnected, and often...

security vrchat users data cloud platform

Related Articles

The Newest Instagram "Exploit" Is the Goofiest I've Seen

ssiddharth34 ptsaccount attacker email instagram seen like

Apple WWDC 2026 Livestream

nextstep32 ptsapple stream video event live feed

Claude Fable 5

Philpax30 ptsfable claude mythos model models capabilities

It's Not Just X. It's Y

mooreds21 ptslanguage model writing like grammarly human

Show HN: GoPeek – open links in live mini browser windows without new tabs

GeorgeWoff2518 ptsgopeek open browser links live mini
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.