Data Breach Notice: piZap – 41,817,893 breached accounts

In approximately December 2017, the online photo editing site piZap suffered a data breach. The data was later placed up for sale on a dark web marketplace along with a collection of other data breaches in February 2019. A total of 42 million unique email addresses were included in the breach alongside names, genders and links to Facebook profiles when the social media platform was used to authenticate to piZap. When accounts were created directly on piZap without using Facebook for authentication, passwords stored as SHA-1 hashes were also exposed. The data was provided to HIBP by a source who requested it be attributed to “[email protected]”.