Animal Jam was created by WildWorks and allows children to play online games with other members. Aimed at ages 7 to 11 and has over 300 million animal avatars created by children. According to company, a new player registers every 1,4 seconds.
The day before yesterday, a cyber criminal published two databases data, which he says belong to Animal Jam. The databases leaked into one hacking forum and is said to have been obtained from ShinyHunters, a hacking group known for breaching sites.
The two stolen databases are titled "game_accounts" and "users" and contain about 46 million stolen user files.
Based on samples seen by BleepingComputer, the theft most likely took place on October 12, 2020.
Full transparency from WildWorks
WildWorks told BleepingComputer that it learned of the leak yesterday morning and immediately launched an investigation into the incident.
According to the CEO of WildWorks, Clary Stacey, attackers most likely received WildWork AWS key after breaching its Slack server company.
- 46 million Animal Jam player names (which are checked to make sure no child information is used).
- 46 million SHA1 hashed passwords. It has been reported that 13 million passwords have been hacked, but WildWorks has not yet found evidence.
- About 7 million email addresses of parents (whose children were registered in Animal Jam accounts).
- IP addresses used by the parent or player when signing up for an account (There was an IP address in the samples seen by BleepingComputer).
- 7 million addresses e-mail related to accounts.
- 116 of these data (all from 2010) include the name and billing address of the parent (others have not leaked credit card information).
- Information such as gender and date of birth may also have been leaked.
The number of stolen items is quite large, but according to Stacey, it is only a small part of the total number of accounts in Animal Jam (based on users who have registered since 2010). Animal Jam has over 130 million registered players and 3,3 million monthly users.
As a precaution, all users of Animal Jam should reset the password access their.
Stacey said she was preparing a report for the FBI. Also, on the company site there is a “Data breach warningWhere questions related to this infringement can be answered.
"WildWorks is a small company, but we take player safety seriously. We are very concerned about this breach, although we were relieved as no sensitive information such as plain text passwords or real child names were exposed.Said Stacey on BleepingComputer.
The company behind Animal Jam said that transparency in such matters is very important and that it will continue to provide information, based on her research.
What should Animal Jam users do?
The users of Animal Jam (adults or children), they should change their account password immediately. In addition, if the same code is used on another site or application, a change must be made there as well. It is important that they are used unique and strong passwords to prevent violations.
It is also a good idea to use one password manager (the child must also learn this).
Finally, these data breaches can lead to Phishing attacks. Therefore, the users should check their (and their children's) accounts for suspicious emails.