Animal Jam data breach – Hacker leaks database with millions of accounts

The developer of famous online playground Animal Jam has suffered a data breach that exposed tens of millions of users’ data.

The developer of famous online playground Animal Jam has suffered a data breach exposing tens of millions of users’ data, especially children.

Animal Jam is an online playground for children developed by the Utah-based WildWorks. It is targeted towards children between 7 and 11 years of age and boasts over 300 million animal avatars created by kids.

The virtual playground receives registration from a new user every 1.4 seconds. It has 3.3 million monthly active members and over 130 million registered players.

Now, Animal Jam has suffered a data breach in which millions of user accounts have been leaked.  A threat actor has already leaked the stolen database on a hacker forum, stating that they got them from well-known hacker ShinyHunters.

The databases contain around 50 million stolen records of the Animal Jam users. The threat actor has shared a partial database, which shows approx. 7 million records of children or their parents. An analysis of the timestamps on these records reveals that the database was stolen and dumped last month.

Here’s what the hacker had to say about the partial database leak:

Animal Jam data breach - Hacker leaks 7M accounts from stolen 46M

WildWorks, on the other hand, has acknowledged the breach and shared information about the breach. Its CEO Clary Stacey stated that the threat actors compromise Wild Works’ Slack server to obtain the AWS keys. The company quickly addressed the data breach as soon as it occurred. However, they were unaware of the fact that some data was stolen.

Further investigation revealed that the 50 million player usernames were stolen, which were human moderated to hide the child’s full name, and 50 million SHA1 hashed passwords. The threat actors claim that they have cracked 13 million passwords, but WildWorks didn’t confirm whether it is true and stated that the passwords were salted and hashed.

The stolen data includes 7 million email addresses of parents of children who registered for Animal Jam and their IP addresses. Around 116 of these records contained the name and billing address of the parents who registered in 2010 or beyond.

Some records also include the player’s birthdate and gender, but most just contain the birth year. However, credit card information wasn’t included in the database.

Animal Jam data breach - Hacker leaks 7M accounts from stolen 46M
Animal Jam database (Image: Hackread.com)

Despite that it is a massive data breach, Stacey claims that it is a comparatively small subset of the number of Animal Jam user accounts registered since 2010.

It is however recommended that users of Animal Jam must reset their password the next time they logon.

WildWorks is preparing a report of the incident to share with the FBI Cyber Task Force and notifying all impacted email IDs. Moreover, they have created a Data Breach Alert on their website to answer user queries related to the data breach.

As for ShinyHunters; Animal Jam breach is another addition to their “portfolio.” In the last few months, the hacker leaked dozens of databases stolen from prominent companies including:

WattPad – 271 million accounts leaked

Dunzo – 11GB worth of data leaked

Dave.com – 7 million accounts leaked

Bhinneka – 1 million+ accounts leaked

Minted – 5 million accounts leaked

ProctorU – 444,267 accounts leaked

Tokopedia – 91 million accounts leaked

Couchsurfing – 17 million accounts leaked

Mashable – 5.22GB worth of database leaked

Did you enjoy reading this article? Do like our page on Facebook and follow us on Twitter.

Total
2
Shares
5 comments
  1. Oh no. I play animal jam (I am not an adult, I am 11) and I think it is a very fun and educational game, that allows other kids to learn about nature and the environment. It is so sad that this happened. Animal Jam holds such precious memories for me. According to Instagram, @animaljam made a post about it and is forcing Jammers to change their passwords. It’s a good thing that I didn’t put my real birthday, my parent’s real name, etc. but still, it is good to change the passwords. I have changed the password for my AJ account, parent account and I have disabled my AJ account through the parent dashboard. I’m a dedicated fan of a Jambassador (famous AJ player), Snowyclaw’s blog which is called the Animal Jam Archives. I heard that they are planning to post article(s) on it, and I am so sad that this happened. If they take items, that’ll mean precious memories stolen for me.

  2. So I play animal jam and I was one of the attacked people, I got pwned oof. But none the less, I suggest immediately changing your password to a stronger one, as an example: fgrjhbgrebim2647f. (No this isnt my password, i just mashed my keyboard.) It sucks that this has happened to AJ, and a lot of people are scared. The best thing you can do is change your password and then chill out, most of the passwords released were encrypted, and unless you used word that are in the dictionary it will be hard to unencrypt. Remember to keep calm, panicking might just make matters worse, for example, say you are really panicked about your account, you quickly try to type your password and get in, your password is supposedly incorrect. What you do then is calm down, look for spelling errors in your password, and if there aren’t any request a change of passwords. Don’t worry, WildWorks has everything under control.

  3. Hi, everything is going fine here and ofcourse every one is sharing facts, that’s genuinely excellent, keep up writing.

Comments are closed.

Related Posts