Greetings from pixiv.
Thank you for using our service.
In order to strengthen security, pixiv has implemented a reward program for discovering vulnerabilities, information leaks, and the risks associated with them.
Through this reward program, we got to know that there’s a list with login information that is being illegally passed around, and some pixiv accounts are also present on this list.
However, we did not find any vulnerabilities in our system that could lead to password leaks. This is not a direct leak from pixiv.
Although the exact cause is unknown, the following may be possible.
・Logging in using a browser with an unsafe extension installed
・Logging into a fake or proxy site pretending to be an official service
・Reusing a password that might have been leaked from the other sites
After checking the validity of the login information that has been circulating, pixiv has reset the password for accounts that have valid passwords listed on the circulating document.
Please rest assured that unauthorized login to pixiv accounts using the information that was circulating will no longer be possible.
■ An e-mail has been sent to all those whose password has been reset
Said users will receive an e-mail in May 2024 with the subject "Passwords reset"
If you receive this e-mail, you will not be able to log in using your old password, so please reset your password.
If you do not receive this e-mail, you have not been affected by this issue, but please read the following information to prevent any future unauthorized login.
We will continue to conduct surveys to strengthen our security. Please note that if we discover a similar list of login information with pixiv account details mentioned, we will reset the password for all the listed accounts.
FAQ on this matter
■ How did the login information for pixiv accounts get leaked and circulated on a list?
Although the exact cause is unknown, the following may be possible.
・Logging in using a browser with an unsafe extension installed
・Logging into a fake or proxy site pretending to be an official service
・Reusing a password that might have been leaked from the other sites
■ Login information of how many pixiv accounts was being circulated?
・57205 pixiv accounts were found on the list
・Out of those, passwords for 41722 accounts have been reset because the login information on the list was still valid
pixiv has checked the validity of the login information that has been circulating. We have not reset passwords for accounts with invalid login information, as it is not possible to illegally log in using that information.
■ How did you find out there is a list with login information that is being circulated?
In order to strengthen security, pixiv has implemented a reward program for discovering vulnerabilities, information leaks, and the risks associated with them.
Through this reward program, we got to know that there’s a list with login information that is being illegally passed around, and some pixiv accounts are also present on this list.
■ How did you find out that the login information was actually being used?
pixiv used the passwords on the list to check the validity of the login information that has been circulating.
■ Is pixiv security secure? (I would like to know the technical background)
At pixiv, we use salted-hashed passwords to prevent the reversal of encryption.
Therefore, it is not possible to know the actual password based on the password hash stored in the database.
Since the leaked list contains actual passwords, it is safe to assume that this is not a direct leak from pixiv's database, but rather an information leak from other sites as explained above.
No vulnerabilities that could lead to password leaks have been found in pixiv's system, and no passwords or any other login information has been leaked from pixiv.
Preventing unauthorized logins
■ How can I check if anyone has logged into my account?
You can check the latest login date and time or IP address from your login history.
Please check if there is login history that you do not recognize.
■ What should I do to avoid falling victim to unauthorized login?
When using pixiv or other services, please be sure to take the following basic measures.
・Don't reuse passwords for multiple services
・Avoid installing suspicious browser extensions
・Use the official website or app
・Enable two-factor authentication
For information on how to enable two-factor authentication on pixiv, please check this help section.
If you have any questions or concerns regarding this matter, please contact us using the contact form below.
Thank you for your continued patronage with pixiv.