Online environment for children Animal Jam reports data breach of 46 million accounts
The ‘virtual world’ for children Animal Jam has to do with a data breach involving 46 million accounts, developer WildWorks reports. In addition to login names and password hashes, it concerns several million e-mail addresses of parents.
WildWorks reports that it found out about the data breach on Wednesday because a database was offered on the hackers forum raidforums.com. The database is estimated to have been stolen around October 10-12. On the Animal Jam site, the developer lists which data has been stolen. It concerns 32 million usernames associated with parent accounts, and 7 million email addresses of those parent accounts. The sha1 password hashes have also been stolen. According to BleepingComputers, the hashes have been canceled, but there are also reports that 13 million passwords have been cracked, although WildWorks could not confirm that.
The names and billing addresses of 12,653 parent accounts are also on the street and the dates of birth and sex of several million accounts are also part of the database. The CEO of WildWorks tells BleepingComputer that he thinks that the criminals managed to access the database via a stolen AWS key. They would have obtained this key by gaining access to the Slack server. The CEO also reports that it concerns a part of the total number of Animal Jam accounts that have been registered since 2010.
Animal Jam is an online environment with games that is popular with children. The service has more than 130 million registered accounts and 3.3 million monthly active players. WildWorks advises users to check with Haveibeenpwned if their email address was in the stolen database.