3 min read

Hackers Steal 46 Million Animal Jam Account Records, Dating Back 10 Years

Graham CLULEY

November 18, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Hackers Steal 46 Million Animal Jam Account Records, Dating Back 10 Years
  • Hackers circulate database containing millions of players’ details
  • Wildly-popular online game impresses with its response to data breach

Don’t worry if you haven’t heard of Animal Jam.It’s not a game that’s aimed at you – it’s target audience are kids between 7-12 years old.

With more than 300 million registered players, Animal Jam is a wildly popular online game which sees kids adopt their favourite animal guises and explore a brightly-coloured world.

Animal Jam likes to present itself as “safe and fun,” but this week we have learnt that that doesn’t mean it can’t ever suffer a security breach.

WildWorks, the developer of Animal Jam, has confirmed that early last month a hacker broke into its systems and stole 46 million Animal Jam records.

According to the alert posted on the Animal Jam website, the database containing the records was stolen following an attack that saw a hacker break into a third-party communications tool used by WildWorks employees, and steal an access key.

Last week the Animal Jam team became aware that stolen data had been posted on an underground hacking forum.

According to WildWorks, the database circulated by the hackers contains approximately 46 million Animal Jam records, made up as follows:

  • Email addresses used to create approximately 7 million Animal Jam and Animal Jam Classic parent accounts
  • Approximately 32 million player usernames associated with these parent accounts
  • Passwords associated with those user accounts, but in encrypted form
  • 14.8M records include the birth year the player entered at account creation
  • 23.9M records include the gender the player entered at account creation
  • 5.7M accounts include the full birthday the player entered at account registration
  • 12,653 of the parent accounts include a parent”s full name and billing address (but no other billing info)
  • 16,131 of the parent accounts include a parent”s first and last name, without a billing address

Animal Jam may be designed for children, but the information it has shared about the security breach is refreshingly mature.

Not only is WildWorks unafraid to share information about just how many records were exposed by the data breach, but it also puts parents’ minds at rest that their children’s personal details have not been put in peril. Furthermore, virtually no information related to billing was exposed, and even then no payment card details.

“We believe the information stolen was confined to the items listed above. No real names of children were part of this breach. Billing name and billing address were included in 0.02% of the stolen records; otherwise no billing information was stolen, nor information that could potentially identify parents of players. All Animal Jam usernames are human moderated to ensure they do not include a child”s real name or other personally identifying information.”

No-one likes any kind of data breach, but there is some comfort to be found here – especially as it’s young kids who play Animal Jam.

This silver lining on the cloud is made possible because of how Animal Jam was designed in the first place. WildWorks knew there was some information that it didn’t want to store about its young players, and so it put processes in place to ensure that it wasn’t collected in the first place.

There have been plenty of other hacked companies who could learn a lesson from the way Animal Jam is handling its unfortunate hack.

As a precaution, all Animal Jam players are being forced to change their passwords, and are being urged to choose hard-to-crack passwords that will not be easy to guess. I would add to that that you should also ensure you are not using the same password anywhere else on the internet.

WildWorks says it is sharing information about the data breach with law enforcement agencies, and will work closely with the authorities to identify and prosecute those responsible.

tags


Author



Right now

Top posts

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Israeli Authorities Seized Severs of Breached Company for Not Cooperating Israeli Authorities Seized Severs of Breached Company for Not Cooperating
Silviu STAHIE

July 04, 2022

1 min read
FTC warns LGBTQ+ community of extortion scams targeting them on dating apps FTC warns LGBTQ+ community of extortion scams targeting them on dating apps
Graham CLULEY

July 01, 2022

2 min read
OpenSea Breach Exposes 1.8 Million Email Addresses. How does it affect you? OpenSea Breach Exposes 1.8 Million Email Addresses. How does it affect you?
Radu CRAHMALIUC

June 30, 2022

3 min read