RSS

VRChat says somebody faked a breach notice with the Maine AG's office

Bender3 pts0 comments

2.4M+ VRChat users’ data accessed following cloud breach

Jump to main content

Search

REG AD

security

VRChat says somebody faked a breach notice with the Maine AG's office

'We have no reason to believe that our data or systems have been compromised. We are in the process of contacting the Maine Attorney General's office to have this removed.'

Connor Jones

Connor<br>Jones

Cybersecurity reporter

Published<br>thu 11 Jun 2026 // 17:01 UTC

UPDATED Following notes from several readers, we followed up directly with VRChat on Thursday at 1945 GMT and they told us that the Maine Attorney General's office apparently posted a fake breach report.<br>According to an email from VRChat's head of community, Charles Tupper, "VRChat did not submit this Notice of Data Incident, and the employee/email cited does not exist. We have no reason to believe that our data or systems have been compromised. We are in the process of contacting the Maine Attorney General's office to have this removed."<br>In an effort to get to the bottom of this, The Register dialed the phone number on the report as well, but it connected to a line that is not in service. We also tried emailing the address on the report and got no reply. We could find no record of a Scott Caruso affiliated with VRChat.

REG AD

REG AD

We apologize for the error, but generally speaking, government data breach reports are considered reliable. The fakers apparently even created a false notice that VRChat ostensibly sent to customers!<br>If anybody knows who filed this apparently fake report and why, get in touch through our contact page, or through our secure tipline.<br>The original story is below:<br>Online chat platform VRChat says a recent cyberattack compromised the data belonging to nearly 2.5 million users. It confirmed the “data security incident” in a report filed with Maine’s attorney general, but has not disclosed it via public channels.<br>The company’s report confirmed that its cloud environment was accessed between May 10-12, with the unauthorized intruder making off with information concerning 2,436,782 users.<br>This included VRChat usernames, email addresses, whether a user was a VRChat+ subscriber, login histories (including device, hardware identifiers, and IP addresses), and Steam or Meta user IDs.<br>It does not believe passwords, credit cards or other payment information, or government IDs used for age verification were affected.<br>“VRChat sincerely regrets that this security incident occurred,” the company stated in its disclosure. “We understand that trust between our platform and its community is earned through consistent action, and we take full responsibility for the concern this event has caused.

REG AD

“The security and privacy of our players' information remain our highest priority, and we are committed to doing everything within our power to protect it.”

MORE CONTEXT

The only technology that died more times than VR is AI, and that seems to have worked out

Meta retreats from metaverse after virtual reality check

Head-mounted VR hardware will never happen, says Neal Stephenson - who coined the term ‘metaverse’

Microsoft mops up Mesh after another metaverse misfire

VRChat said that after it was made aware of the intrusion, it contained the threat and implemented additional security controls, as well as engaging outside security experts.<br>And in an unusual move for US breaches, the San Francisco-based company did not offer identity theft or credit monitoring services.<br>Offering these kinds of services is not a legal requirement, but doing so is highly common, especially regarding attacks that affect so many individuals.<br>VRChat does not publish the total number of registered users that it has on its books, but its documentation states that “the platform has grown to millions of users,” who have collectively published tens of millions of unique pieces of content for it since its first release in 2014.<br>The part game, part chat platform is an online, open-world chatroom where people walk around interacting with one another via their 3D avatars.<br>It has been compared to Second Life in that users explore other users' worlds, play mini-games, and partake in casual chit-chat, with support for both virtual reality headsets and conventional PCs.<br>You can also think of it as something similar to Meta’s vision for the metaverse, just without all the coworking and KPI meetings, and with way more users. ®

cloud<br>cybercrime<br>data breach<br>metaverse<br>security<br>vrchat

REG AD

OFFBEAT

US Army picks out Vampire to fill a gap in its layered drone defenses

L3Harris supplies system that can down incoming drones with laser-guided rockets

AI AND ML

AI is code – and can't be prompted into being smarter

From Java tests to Shai-Hulud, bots keep proving they'll swallow anything you feed them

ZTE wins three Selular Award 2026 honors for AI-powered network innovation

PARTNER CONTENT: Recognized for breakthrough achievements in FWA, Network Ecosystem, and Native AI Baseband, ZTE...

vrchat users data security breach maine

Related Articles

The Newest Instagram "Exploit" Is the Goofiest I've Seen

ssiddharth34 ptsaccount attacker email instagram seen like

Apple WWDC 2026 Livestream

nextstep32 ptsapple stream video event live feed

Claude Fable 5

Philpax30 ptsfable claude mythos model models capabilities

US Government directive to suspend access to Fable 5 and Mythos 5

Dylan131224 ptsfable government anthropic jailbreak access mythos

It's Not Just X. It's Y

mooreds21 ptslanguage model writing like grammarly human
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.