IOTW: A Popular Video Game Was Hacked, Compromising 46 Million Records

November 20, 2020

WildWorks, the company that makes the popular children’s video game Animal Jam confirms a data breach with a lengthy and transparent statement to parents.


Animal Jam, a popular online game for 9- to 11-year-olds, released a statement on November 11 notifying parents that 46 million records had been stolen via a cyber breach. The online game was launched in 2010 and has more than 300 million registered users across its Animal Jam and Animal Jam Classic networks.  Stolen records date as far back as 10 years and include 32 million player usernames, email addresses of 7 million parent and their encrypted passwords, and an additional several million compromised player birth years, gender, and birthdays. WildWorks emphasizes that the real names of children were not a part of the breach, thanks to their human vetting system for usernames. Additionally, billing names and addresses accounted for only 0.02% of the breached records.

WildWorks was tipped off to the breach when they were informed by independent security researchers that their customer data was found on a cybercrime forum. The forum is used to collect and disseminate PII for phishing, ransomware, and/or scamming campaigns. After investigating, WildWorks believes the breach occurred on October 10 and 11 and that the data was stolen during the same timeframe.

Related: Email Phishing Overshadows Risk Of Mobile Malware

The source of the breach is connected to an unnamed third-party vendor WildWorks uses for intra-company communications. Once the cyber criminals hacked into that system, they located a key that granted access into Animal Jam databases. The stolen passwords were encrypted, but weak passwords using common words aren’t always safe from decryption. All passwords were automatically reset by WildWorks, but users were encouraged to reset any other passwords that are the same or close to their Animal Jam password.

Cyber security experts have praised WildWorks for its transparency in dealing with this incident. WildWorks is working with the FBI and promises to update its FAQ on the incident with any new information.

Lessons Learned

The WildWorks breach is an excellent reminder to the importance of unique passwords. Cyber criminals have bots that can decrypt simple stolen passwords and rapidly test them out across other sites including banks and utilities. Using a password manager ensures that unique passwords are safe and decreases the reliance on memorable passwords so that passwords can be a truly random set of letters, numbers, and symbols. Additionally, the website haveibeenpwned is an excellent resource to determine whether or not your email is involved in any breaches. It is good cyber security hygiene to check haveibeenpwned on a regular basis, but especially after a breach.

Related: The Role Of Human Factors In Enterprise Cyber Security

As always, in this work-from-home world, it is important to keep work devices and home devices separate. If it is necessary for a phone, tablet, or computer to serve both home and work purposes, using a separate browser for each helps eliminate the likelihood of data theft crossover, keeping employer data safe.  

The gaming industry has been a desirable target for cyber criminals as of late, with popular games and gaming companies like Among Us, Capcom, and Minecraft falling victim to hackers and scammers. Children make easy targets, and the in-app purchase model has increased the value of their accounts to hackers.

Read More: Incident Of The Week

Read the original article and additional information at Cyber Security Hub