46M accounts were impacted in the Animal Jam data breachSecurity Affairs

The popular Animal Jam children’s playground has had to deal with data breaches affecting more than 46 million accounts.

Animal Jam is a safe, award-winning online playground for children, developed by WildWorks.

Children aged 7 to 11 can play games, adapt their favourite animal, learn fun facts and much more. Animal Jam currently has over 130 million registered players and 3.3 million active users per month.

Animal Jam suffered a data breach that affected 46 million accounts of children and parents who signed up for the game.

This week an anti-threat agent published two free databases on a hacker forum called Game_accounts and users of the popular gaming portal. A huge amount of data was obtained by a hacker wearing a black ShinyHunters hat, known for leaking multiple data.

The threat actor did not share complete databases, he only revealed a memory dump with 7 million user records. The information displayed includes the email addresses of the parents who manage the player accounts and other information.

According to the dormant computer that analysed the sample data, the database was created around day 12 of the test. October 2020, based on the time stamp on the landfill.

WildWorks immediately began investigating the security breach. The company seems to have hacked into an external server that WildWorks uses for internal communication. The attackers were given a key that gave them access to the database.

WildWorks has learned that a database containing certain data has been stolen from Animal Jam users as part of a recent attack on the manufacturer’s server that WildWorks uses for internal communications. Some of the stolen data includes the e-mail addresses of the parents who manage the player accounts and other data that can be used to identify the parents of Animal Jam players.

The information identified in the case of a data breach shall include

  • The email addresses used to create about 7 million Animal Jam and Animal Jam Classic parent accounts.
  • There are about 32 million player names associated with these master accounts.
  • Passwords associated with these user accounts, but in encrypted form.
  • 14.8 million entries include the player’s year of birth, which was entered when the account was created.
  • 23.9 million records contain the gender of the player entered when creating the account.
  • 5.7 million accounts contain the Player’s full date of birth, as provided for when the account was registered.
  • 12,653 Parental invoices contain the full name and billing address of the parent (but no other billing details).
  • 16.131 of the parent accounts contain the first and last name of the parent, without billing address.

The company will inform the users concerned. It turned out that all user databases are now protected against such attacks.

WildWorks advises Animal Jam account owners to change their password immediately.

The passwords issued as a result of this offence were encrypted and illegible in the usual manner. However, if your account is initially protected with a weak password (such as a very short password or one that uses words from the dictionary), known hackers may break the encryption and set your password in plain text. As a precaution, we require ALL players to change their password immediately to ensure the security of their account.

Pierluigi Paganini

(Security issues – Hacking, Chrome Zero Day)




Related Tags:

animal jam database,how to change animal jam password,raidforums animal jam,shinyhunters,animal jam instagram,how to delete animal jam account