2 min read

Data Breach: Bad actor leaks 23 million account credentials from Webkinz children"s platform

Alina BÎZGĂ

April 22, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Data Breach: Bad actor leaks 23 million account credentials from Webkinz children"s platform

Over the weekend, ZDNet learned that nearly 23 million usernames and hashed passwords of the Webkinz World online children”s game platform were leaked on a popular hacking forum.

Released by Canadian toy company Ganz in 2005, Webkinz World has consistently grown in popularity, allowing little ones to explore a virtual world with their plush toy after entering a special code online.

According to Under the Breach, a bad actor posted 1GB file containing no less than 22,982,319 usernames along with the hashed passwords of players enjoying the Webkinz World variety of online kids” games.

Check now if your personal info has been stolen or made public on the internet, with Bitdefender”s Digital Identity Protection tool.

In a Webkinz tweet on April 19, the platform does not appear to acknowledge the data breach or leak: “We are aware of a story today alleging a data breach,” Webkinz wrote. “Your account security is of utmost importance to us, and we are investigating thoroughly. Please note that we have never asked for addresses, phone numbers or last names, and Webkinz accounts are not connected to eStore account data in any way. If you have any concerns, we encourage you to change your account password using the button on the Webkinz Login Screen.”

However, according to the initial publication, the platform”s staff had already detected the security incident and managed to fix the vulnerability in their system to prevent any further damage.

Unfortunately, it is not clear if the leaked pairings of username and passwords are scraped only from the platform”s active pool of players.

After 18 months of inactivity we will archive an account,” reads the notice on the gaming platform. “For security purposes, during the archiving process, we remove all information associated to the account other than then User Name and Password. Please note that if an account remains inactive for a period of 7 years, Ganz will then delete that account.”

The incident stands to prove that, no matter the industry or online platform, nobody is safe from cyber criminals. Hackers will attempt to penetrate any system and, as with any data breach or leak, users should be aware of the risks.

Even if the passwords are hashed, they are not breach proof. A hacker can still attempt to crack a password through a brute force attack. If he succeeds, and you have used the same email address and password to log in on another platform, he can easily take over other existing accounts.

It”s best to avoid using the same email address and password combination for multiple online accounts. But if you do, try to create a strong password (it can even be a phrase), and enable a multi-factor authentication method.

tags


Author



Right now

Top posts

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

500 million WhatsApp mobile phone numbers are up for grabs on the dark web 500 million WhatsApp mobile phone numbers are up for grabs on the dark web
Alina BÎZGĂ

November 25, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip How to monitor your online privacy during your Thanksgiving trip
Alina BÎZGĂ

November 22, 2022

3 min read
Elasticsearch server actively scraping Mastodon user data; over 150,000 individuals exposed so far Elasticsearch server actively scraping Mastodon user data; over 150,000 individuals exposed so far
Alina BÎZGĂ

November 21, 2022

1 min read