3 min read

Hackers Steal 46 Million Animal Jam Account Records, Dating Back 10 Years

Graham CLULEY

November 18, 2020

Hackers Steal 46 Million Animal Jam Account Records, Dating Back 10 Years
  • Hackers circulate database containing millions of players’ details
  • Wildly-popular online game impresses with its response to data breach

Don’t worry if you haven’t heard of Animal Jam.It’s not a game that’s aimed at you – it’s target audience are kids between 7-12 years old.

With more than 300 million registered players, Animal Jam is a wildly popular online game which sees kids adopt their favourite animal guises and explore a brightly-coloured world.

Animal Jam likes to present itself as “safe and fun,” but this week we have learnt that that doesn’t mean it can’t ever suffer a security breach.

WildWorks, the developer of Animal Jam, has confirmed that early last month a hacker broke into its systems and stole 46 million Animal Jam records.

According to the alert posted on the Animal Jam website, the database containing the records was stolen following an attack that saw a hacker break into a third-party communications tool used by WildWorks employees, and steal an access key.

Last week the Animal Jam team became aware that stolen data had been posted on an underground hacking forum.

According to WildWorks, the database circulated by the hackers contains approximately 46 million Animal Jam records, made up as follows:

  • Email addresses used to create approximately 7 million Animal Jam and Animal Jam Classic parent accounts
  • Approximately 32 million player usernames associated with these parent accounts
  • Passwords associated with those user accounts, but in encrypted form
  • 14.8M records include the birth year the player entered at account creation
  • 23.9M records include the gender the player entered at account creation
  • 5.7M accounts include the full birthday the player entered at account registration
  • 12,653 of the parent accounts include a parent”s full name and billing address (but no other billing info)
  • 16,131 of the parent accounts include a parent”s first and last name, without a billing address

Animal Jam may be designed for children, but the information it has shared about the security breach is refreshingly mature.

Not only is WildWorks unafraid to share information about just how many records were exposed by the data breach, but it also puts parents’ minds at rest that their children’s personal details have not been put in peril. Furthermore, virtually no information related to billing was exposed, and even then no payment card details.

“We believe the information stolen was confined to the items listed above. No real names of children were part of this breach. Billing name and billing address were included in 0.02% of the stolen records; otherwise no billing information was stolen, nor information that could potentially identify parents of players. All Animal Jam usernames are human moderated to ensure they do not include a child”s real name or other personally identifying information.”

No-one likes any kind of data breach, but there is some comfort to be found here – especially as it’s young kids who play Animal Jam.

This silver lining on the cloud is made possible because of how Animal Jam was designed in the first place. WildWorks knew there was some information that it didn’t want to store about its young players, and so it put processes in place to ensure that it wasn’t collected in the first place.

There have been plenty of other hacked companies who could learn a lesson from the way Animal Jam is handling its unfortunate hack.

As a precaution, all Animal Jam players are being forced to change their passwords, and are being urged to choose hard-to-crack passwords that will not be easy to guess. I would add to that that you should also ensure you are not using the same password anywhere else on the internet.

WildWorks says it is sharing information about the data breach with law enforcement agencies, and will work closely with the authorities to identify and prosecute those responsible.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands
Graham CLULEY

July 23, 2021

3 min read
Homoglyph domains used in BEC scams shut down by Microsoft Homoglyph domains used in BEC scams shut down by Microsoft
Graham CLULEY

July 22, 2021

3 min read
China Sets Up New Worrying Vulnerability Disclosure Rules China Sets Up New Worrying Vulnerability Disclosure Rules
Silviu STAHIE

July 20, 2021

1 min read