Children’s online virtual world Animal Jam suffers a data breach exposing data of 46 million user accounts on the dark web.
Children’s online virtual world Animal Jam suffers a data breach exposing data of 46 million user accounts on the dark web.
According to BeepingComputer, the database was likely stolen on October 12, 2020.
Hackers shared two databases for free on a hacker forum belonging to Animal Jam. The threat actors stated that they obtained by ShinyHunters, a well-known website hacker.
The stolen databases are titled as `game_accounts’ and `users’ comprising approximately 46 million user records parents/children who signed up for the game.
As part of the free release, threat actors shared only a part of the database containing around 7 million user records.
Clark Stacey, CEO of WildWorks, reported that the threat actor obtained the company's key after compromising the Slack server. Even though the breach was quickly addressed, they were unaware of any data stolen during that time.
The investigation revealed that the threat actors gained access to databases that contained:
- Forty-six million player usernames, which are human moderated to make sure they do not contain a child's proper name.
- Forty-six million SHA1 hashed passwords. Though there are claims that 13 million passwords have been cracked, WildWorks has not been able to confirm if this is right and that passwords are salted and hashed.
- Approximately 7 million email addresses of parents have included whose children registered for Animal Jam accounts.
- The IP addresses used by the parent or player when they signed up for an account.
- Seven million email addresses that are associated with accounts.
- One hundred sixteen of these records (all from 2010) also include the parent’s name and billing address, but no other credit card info.
- A small subset of the records may comprise the gender and date of birth the player entered when creating their account. Of those, most will only have the birth year.
Currently, Animal Jam has over 130 million registered players and 3.3 million monthly active users. Even though the amount of stolen data is large, it is a small subset when compared to the total number of Animal Jam users.
“WildWorks is a small company, but we take player security very seriously. We are deeply concerned to learn of this breach, albeit relieved that no sensitive information such as plaintext passwords or real names of children were exposed in this theft. " Stacey shared with BleepingComputer.
Animal Jam users should immediately change their account password, and if the password is used at any other site, it should also be changed.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?