diff --git a/CHANGELOG.md b/CHANGELOG.md
index f8795129d..b0fe59cdd 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,7 @@
 - Ctrl-C no longer kills background jobs for which job control is disabled, matching POSIX semantics (#6828).
 - Improve Gradle completion
 - Fixed `pushd`'s behavior with respect to the directory stack when given an invalid argument
+- The history file is now created with user-private permissions, matching other shells (#6926). The directory containing the history file remains private, so there should not have been any private date revealed.
 
 ### Syntax changes and new commands
 
diff --git a/src/history.cpp b/src/history.cpp
index 980fc50a5..4a316c35a 100644
--- a/src/history.cpp
+++ b/src/history.cpp
@@ -69,7 +69,7 @@
 #define HISTORY_OUTPUT_BUFFER_SIZE (64 * 1024)
 
 // The file access mode we use for creating history files
-static constexpr int history_file_mode = 0644;
+static constexpr int history_file_mode = 0600;
 
 // How many times we retry to save
 // Saving may fail if the file is modified in between our opening