In January 2018, the children’s gaming site Club Penguin Rewritten (CPRewritten) suffered a data breach (note: CPRewritten is an independent recreation of Disney’s Club Penguin game). The incident exposed almost 1.7 million unique email addresses alongside IP addresses, usernames and passwords stored as bcrypt hashes. When contacted, CPRewritten advised they were aware of the breach and had “contacted affected users”.

Source