The Gvatwn Breach Happened in 2021. 225,286 Records Still Circulate.

HEROIC analysts flagged a database breach affecting Gvatwn, an internet services provider based in Taiwan. The incident, dated April 2021, exposed 225,286 user records. The breach occured as a structured database dump containing email addresses and plaintext passwords, and the data was subsequently observed circulating in breach forums where credentials are traded and used in automated attack campaigns.

Internet Service Credentials With No Encryption: The Threat to Users

With 225,286 plaintext email-password pairs in the wild, attackers can run automated credential stuffing tools against email providers, banking apps, and social platforms without any cracking step. Gvatwn users who recieved no breach notification and did not change their passwords remain at risk of account takeover across every service where those credentials were reused.

What Was Exposed in the Gvatwn Breach

• Email Address
• Plaintext Password

Why a 2021 Gvatwn Breach Is Still a Risk Today

Credential datasets do not expire. The Gvatwn dump, first appearing in April 2021, continues to be accessable in criminal markets. Each time it is shared or included in a new aggregated compilation, a fresh wave of credential stuffing attacks is partcularly likely. Affected users face account takeover, identity theft, and financial fraud until they change every password tied to that email address.

How a Database Breach Works

A database breach occurs when an attacker gains unauthorized access to a platform's backend database. Common entry points include unpatched software vulnerabilities, weak or reused admin passwords, and misconfigured database permissions. Once inside, user tables can be exported in bulk within seconds. In the Gvatwn case, passwords were stored with no hashing or encryption, meaning the entire credential set was readable and usable the moment the database was accessed.

Check If Your Data Was Exposed

HEROIC's free breach scanner covers more than 400 billion records, including the Gvatwn dataset. Enter your email to instantly check whether your credentials appeared in this breach or any other known incident, and take action to secure your accounts before attackers do.