WildWorks told BleepingComputer that they would continue to be transparent about the exposed data, and if any new information is learned from their investigation, it will be disclosed. We are deeply concerned to learn of this breach, albeit relieved that no sensitive information such as plaintext passwords or real names of children were exposed in this theft.
"WildWorks is a small company, but we take player security very seriously. They have also created a ' Data Breach Alert' on their site to answer questions related to this breach. Stacey stated that they are preparing a report for the FBI Cyber Task Force and notifying all affected emails.
#WELL KNOWSN ANIMAL JAM HACKERS PASSWORD#
Animal Jam now has over 130 million registered players and 3.3 million monthly active users.Īs a precaution, all Animal Jam users' will be required to reset their password on the next logon. Though the amount of records stolen is quite large, Stacey states it is a small subset of the total number of Animal Jam users accounts registered since 2010. Of those, most will only have the birth year. A small subset of the records may include the gender and birthdate the player entered when creating their account.116 of these records (all from 2010) also include the parent’s name and billing address, but no other credit card info.7 million email addresses that are associated with accounts.In the samples seen by BleepingComputer, all records included an IP address. IP addresses used by the parent or player when they signed up for an account.Approximately 7 million email addresses of parents whose children registered for Animal Jam accounts are included.
Though there are claims that 13 million passwords have been cracked, WildWorks has not been able to confirm if this true and that passwords are salted and hashed. 46 million player usernames, which are human moderated to make sure they do not contain a child's proper name.When the breach occurred, it was quickly addressed, but they were unaware that any data was stolen at the time.Īfter learning today of the stolen database, their investigation revealed that the threat actors gained access to databases that contained: WildWorks CEO Clary Stacey told BleepingComputer that he believes the threat actors obtained WildWork's AWS key after compromising the company's Slack server. In what should be considered a model on transparent reporting of a data breach, WildWorks shared with BleepingComputer that they learned of the breach this morning and have been actively investigating it. Based on the timestamps on the sample records seen by BleepingComputer, the database was likely stolen on October 12th, 2020.
0 kommentar(er)
