U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

46M accounts were impacted in the data breach of children’s online playground Animal Jam

The popular children’s online playground Animal Jam has suffered a data breach that affected more than 46 million accounts. Animal Jam is a safe, award-winning online playground for kids created by WildWorks. Kids aging 7 through 11 can play games, personalize their favorite animal, learn fun facts, and so much more. Animal Jam currently has […]

Animal Jam

The popular children’s online playground Animal Jam has suffered a data breach that affected more than 46 million accounts.

Animal Jam is a safe, award-winning online playground for kids created by WildWorks.

Kids aging 7 through 11 can play games, personalize their favorite animal, learn fun facts, and so much more. Animal Jam currently has over 130 million registered players and 3.3 million monthly active users.

Animal Jam

Animal Jam has suffered a data breach impacting 46 million accounts belonging to children and parents who signed up for the game. 

This week a threat actor published two databases, titled ‘game_accounts’ and ‘users’, belonging to the popular gaming portal for free on a hacker forum. The huge trove of data was obtained by the black hat hacker ShinyHunters, which is known for several data leaks.

The threat actor did not share the complete databases, it only leaked a dump containing 7 million user records. The exposed data includes the email addresses of the parents managing the player accounts and other info.

According to Bleeping Computer, which analyzed the sample records, the database was stolen around October 12th, 2020 based on the timestamps in the dump.

WildWorks immediately launched an investigation into the security breach, company, it appears that threat actors compromised the server of a third-party vendor WildWorks uses for intra-company communication. The attackers obtained a key that enabled them to access this database.

“WildWorks has learned that a database containing some Animal Jam user data was stolen in connection with a recent attack on the server of a vendor WildWorks uses for intra-company communication. A subset of the stolen records include the email addresses of the parents managing the player accounts and other data that could be used to identify the parents of Animal Jam players.” reads the data breach notification published by the company.

The information exposed in the data breach includes:

  • Email addresses used to create approximately 7 million Animal Jam and Animal Jam Classic parent accounts
  • Approximately 32 million player usernames associated with these parent accounts
  • Passwords associated with those user accounts, but in encrypted form
  • 14.8M records include the birth year the player entered at account creation
  • 23.9M records include the gender the player entered at account creation
  • 5.7M accounts include the full birthday the player entered at account registration
  • 12,653 of the parent accounts include a parent’s full name and billing address (but no other billing info)
  • 16,131 of the parent accounts include a parent’s first and last name, without a billing address

The company is going to notify impacted users, it pointed out that all user databases have now been secured against similar attacks.

WildWorks is recommending owners of Animal Jam accounts to immediately change their password.

“The passwords released in this breach were encrypted and unreadable by normal means. However, if your account was secured with a weak password to begin with (for example, a very short password, or one using dictionary words), it would be possible for knowledgable hackers to break the encryption and expose your password as plain text.” concludes the company. “As a precaution, we are forcing ALL players to change their passwords immediately to ensure the security of their accounts.”

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Chrome zero-day)

[adrotate banner=”5″]

[adrotate banner=”13″]