VRCHAT , Inc. disclosed a data breach affecting over 2.4 million users, revealing unauthorized access to user profile and login data between May 10 and 12, 2026. Exposed information may include usernames, email addresses, login history, and VRChat+ subscription status. However, sensitive information like passwords and payment data remain uncompromised. Users face risks such as phishing attacks using their accounts and possible credential stuffing.
VRChat has enhanced security measures and recommends users remain vigilant against phishing, change reused passwords, and enable two-factor authentication.