The immensely popular children's online playground Animal Jam has suffered a data breach impacting 46 million accounts. Yesterday, a threat actor shared two databases belonging to Animal Jam for free on a hacker forum that they stated were obtained by ShinyHunters, a well-known website hacker. A popular children's online gaming website has become the victim of data breach on Nov. 12, 2020, losing sensitive personal data to hackers including email addresses and passwords of 46 million user accounts. The databases contain around 50 million stolen records of the Animal Jam users. The immensely popular children's online playground Animal Jam has suffered a data breach impacting 46 million accounts. Were you able to get your stuff back? The best thing you can do is change your password and then chill out, most of the passwords released were encrypted, and unless you used word that are in the dictionary it will be hard to unencrypt. The company behind the popular kids game Animal Jam has revealed that 46 million user accounts have been leaked online after an access key for a server was lifted from one of its Slack channels. Higgins added that given the data relates to minors, parents located in the UK may wish to draw on the resources of the polices Child Exploitation and Online Protection (CEOP) service, which can be found online and Tweeting @CEOPUK. AWS plugs leaky S3 buckets with CloudKnox integration, AWS adds default encryption to leaky S3 buckets, OpenAI to pay up to $20k in rewards through new bug bounty program, Microsoft angers admins as April Patch Tuesday delivers password feature without migration guidance, UK to spend 100m on 6G research centres in bid for sector dominance, Kaspersky could face another round of US punishments on national security grounds, Global PC shipment decline continues as Apple, Lenovo feel the pinch, CBI director general sacked following misconduct probe, WatchGuard appoints HoJin Kim as new SVP and chief revenue officer, UK criminal records office suffers two-month "cyber security incident", Why the likes of Shopify are bringing web designers to an end, Pax8 names SaaS veteran David Powell as new sales strategy chief, Former TSB CIO fined 81,000 for botched IT migration, AWS Bedrock distances firm from Microsoft, Google in generative AI race, The best tech tutorials and in-depth reviews, Try a single issue or save on a subscription, Issues delivered straight to your door or device. Dates of birth, Email addresses, Genders, IP addresses, Names, Passwords, Physical addresses, Usernames. 7 million records of children or their parents. Animal Jam, which was first released in 2010, is a game aimed at kids aged between seven and 11-years old. Launched in 2010 as an exciting and safe online playground for kids who love animals and the outdoors, Animal Jam has approximately 130 million users and over 300 million individual avatars. The Ragnar Locker ransomware gang was able to gain access to 1 terabyte of sensitive data on the network of gaming giant Capcom, the company behind titles including Resident Evil, Street Fighter and others. If you would like to customise your choices, click 'Manage privacy settings'. Heres how it works. The company behind the wildly popular kids game Animal Jam has announced that hackers stole a menagerie of account records during a breach of a third-party vendors server in October more than 46 million of them, in fact. Billing data, email addresses,user names, and encrypted passwords all leaked to the dark web. WildWorks is preparing a report of the incident to share with the FBI Cyber Task Force and notifying all impacted email IDs. Sponsored content is written and edited by members of our sponsor community. Hackers shared two databases for free on a hacker forum belonging to Animal Jam. You will receive a verification email shortly. 7 million records of children or their parents. He has been a journalist for ten years, originally covering sports, before moving into business technology with IT Pro. In a Data Breach Alert, WildWorks recently announced that 46 million user records for AJ Classic and Animal Jam Play Wild had been compromised. The company behind the popular kids game Animal Jam has revealed that 46 million user accounts have been leaked online after an access key for a server was lifted from one of its Slack channels. MyPayrollHR collapse stirs allegations, questions, 5 must-know blockchain trends for 2023 and beyond, Tech pricing dips slightly in March as broader PPI declines, AI rules take center stage amid growing ChatGPT concerns, How to build a cybersecurity deception program, Top 14 ransomware targets in 2023 and beyond, Pen testing amid the rise of AI-powered threat actors, SD-WAN and MPLS costs more complementary than clashing, Examine a captured packet using Wireshark, 6 ways to overcome data center staffing shortages, IBM's rack mount Z16 mainframe targets edge computing, Enhance data governance with distributed data stewardship, Alation unveils enhanced partnerships with Databricks, DBT, Book excerpt: Data mesh increases data access and value, Do Not Sell or Share My Personal Information, Prestige Software exposed millions of records after failing to pay attention to, ICO levies fine of 20m on British Airways for failing to protect the personal data of hundreds of thousands of passengers , Canadian e-commerce company Shopify disclosed a data breach involving two insider threats, but questions remain about the breach, GDS goes serverless to bring personalisation to online government services for One Login, Container storage platforms: Big six approach starts to align. Did you enjoy reading this article? The details were shared on a hacker forum for free, in two databases belonging to Animal Jam. The data breach took place in October, and passwords were force reset early November. This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository. Yesterday, a threat actor shared two databases belonging to Animal Jam for free on a hacker forum that they stated were obtained by ShinyHunters, a well-known website hacker. this was all originally done in our private repo, but i have decided to make the utility public and comment it accordingly for aspiring young coders like my daughter to follow along and hopefully travel down the path of True Ultimate Power. "No real names of children were part of this breach," WildWorks wrote. US law enforcement has also been notified. Animal Jam kids' virtual world hit by data breach, impacts 46M accounts. Animal Jam is one of the most popular games for kids, ranking in the top five games in the 9 . When comparing SD-WAN and VPN, enterprises choosing between the two technologies should consider factors like cost, management Sustainability in product design is becoming important to organizations. First released in 2010, the game is geared for 7- to 11-year-olds and marketed to parents as a safe and educational virtual space to explore the natural world. Sponsored Content is paid for by an advertiser. The data contained 46 million user accounts with over 7 million unique email addresses. WildWorks learned of the database theftNov. Animal Jam - Breaches.net Animal Jam In October 2020, the online game for kids Animal Jam suffered a data breach which was subsequently shared through online hacking communities the following month. Please refresh the page and try again. they introduced it after that big 2020 data breach. Animal Jam has been developed targeting kids aged from 4 - 11 . The importance of pen testing continues to increase in the era of AI-powered attacks, along with red teaming, risk prioritization An SD-WAN vs. MPLS cost comparison is not always an either-or decision. AWS plugs leaky S3 buckets with CloudKnox integration What to do in case of a data breach AWS adds default encryption to leaky S3 buckets. Animal Jam, just the latest in a string of attacks on gaming apps, has adopted a transparent communications strategy after stolen data turned up on a criminal forum. And just this week, popular kids games Minecraft and Roblox uncovered a scam to rip off unsuspecting players Google Play accounts. When the breach occurred, it was quickly addressed, but they were unaware that any data was stolen at the time. All Animal Jam usernames are human-moderated to ensure they do not include a childs real name or other personally identifying information.. Animal Jam now has over 130 million registered players and 3.3 million monthly active users. An interesting observation within the gaming industry is that player accounts are often high-value assets due to in-app purchases, or rewards from leveling up. Animal Jam data breach exposes personal info of approximately 46m accounts Emails, usernames, encrypted passwords, billing addresses, and real names were posted on public hacker forum. this error has been discussed in other contexts on the Holy StackOverflow, and according to the Divine Verses Within, i suspect it is triggered because floating the Connection: close header is not sufficient to ensure the stream is terminated; req itself must contain Close = true so the connection does not get mistakenly reused. Dont click on any links orprovide any information however worrying this situation may be. Animal Jam has a massive user base targeting children age seven to 11 and has 300 million animal avatars sketched by kids. "Billing name and billing address were included in 0.02% of the stolen records; otherwise no billing information was stolen, nor information that could potentially identify parents of players. Updated Child-friendly games website Animal Jam suffered a hack that exposed 46 million user records after a staff Slack channel was compromised by malicious people who discovered a private AWS key.. It is also an excellent time to introduce your child to a password manager so that they get into the habit of using unique and robust passwords at every site they use. While no one approach will be able to prevent all breaches, its important that data isnt collected unless necessary, and the data that is collected is done for legitimate purposes and secured properly, said Malik. but since it's too late and someone got in, i recommend you change your email If account holders have created accounts at any other online service using the same password, this should also be changed immediately. Cipot added that gaming breaches like these are continuing to gain value among scammers. There was a problem. Its creator, WildWorks, confirmed the breach and already investigating the extent of the data loss. You will almost certainly make it worse.. Bobby mainly covers hardware reviews, but you will also recognise him as the face of many of our video reviews of laptops and smartphones. Heres how it works. Animal Jam is a free-to-play pet simulator developed by WildWorks, a US-based game development studio. Use your computer's built-in Uninstaller (in the Control Panel) to uninstall both apps. So I play animal jam and I was one of the attacked people, I got pwned oof. Around 116 of these records contained the name and billing address of the parents who registered in 2010 or beyond. New York, However, they were unaware of the fact that some data was stolen. Privacy Policy Gaining popularity since 2010, Animal Jam has recently reported a compromised exposure about its 45 million accounts that have been auctioned on the dark web. Though there are claims that 13 million passwords have been cracked, WildWorks has not been able to confirm if this true and that passwords are salted and hashed. 10 Best Zippyshare Alternatives Best File Sharing Services, Hackers crack Final Fantasy XV Windows edition before its launch, Road Sign in Modesto Hacked with Anti-Trump Message, Facebook Hacked but User Data Remains Safe, 8,000 Solana Wallets Drained Millions Worth of Crypto in Cyberattack. While WildWorks grapples with the fallout from the compromise, Malik added that its communications strategy should be a model for other companies. A subreddit for Wildworks' game Animal Jam. Researchers have spotted notable code overlap between the Sunburst backdoor and a known Turla weapon. If Classic, go to the correct website; classic.animaljam.com. The database circulated by the hackers consists of approximately 46M Animal Jam account records. Its a good thing that I didnt put my real birthday, my parents real name, etc. WildWorks CEO Clary Stacey told BleepingComputer that he believes the threat actors obtained WildWork's AWS key after compromising the company'sSlack server. Notice any errors/mistakes in this breach entry? He has bylines in The Independent, Vice and The Business Briefing. Billing name and billing address were included in 0.02% of the stolen records; otherwise no billing information was stolen, nor information that could potentially identify parents of players. Animal Jam animaljam.com Website Breach. The databases contain around 50 million stolen records of the Animal Jam users. In other words, gaming accounts are often seen as items for sale at least accounts owned by adults spending money. Did you enjoy reading this article? It is important that the account password is changed immediately as well to avoid an account takeover. It is so sad that this happened. CAUTION: There has NOT been a data breach! In a statement, Animal Jam said the hack resulted in the loss of approximately 46 million account records, which included billing data and email addresses for parental accounts, user names, encrypted passwords, and details for birthdays and player genders. I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. Animal Jam is an award-winning online animal game for kids. A database containing 900,000 user records from the free-to-play game Animal Jam is being sold on hacker forums, with another 100,000 records leaked as a proof-of-concept sample. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content. However, we now have proof that even educational games for children are no longer safe, and are valuable resources for bad actors.. NY 10036. The company said the compromised data includes a subset of accounts created in . Copyright 2000 - 2023, TechTarget Animal Jam is an online playground for children developed by the Utah-based WildWorks. I reached out via the page AJHQ linked on the data breach post, has anyone else done the same? According to BeepingComputer, the database was likely stolen on October 12, 2020. They have also created a 'Data Breach Alert' on their site to answer questions related to this breach. Published: 12 Nov 2020 14:30. Some records also include the players birthdate and gender, but most just contain the birth year. If nothing happens, download Xcode and try again. WildWorks, the gaming company that makes the popular kids game Animal Jam, has confirmed a data breach. The information in these records includes the following: Email addresses used to create approximately 7 million Animal Jam and Animal Jam Classic parent accounts Approximately 32 million player usernames associated with these parent accounts . We, TechCrunch, are part of the Yahoo family of brands. The information in these records includes the following: Email addresses used to create approximately 7 million Animal Jam and Animal Jam Classic parent accounts Approximately 32 million player usernames associated with these parent accounts Breached hacking forum shuts down, fears it's not 'safe' from FBI, Acer confirms breach after 160GB of data for sale on hacking forum, Dutch Police mails RaidForums members to warn theyre being watched, Kodi discloses data breach after forum database for sale online, Hyundai data breach exposes owner details in France and Italy, CISA warns of Android bug exploited by Chinese app to spy on users, Terms of Use - Privacy Policy - Ethics Statement - Affiliate Disclosure, Copyright @ 2003 - 2023 Bleeping Computer LLC - All Rights Reserved. And, another title called Albion was similarly compromised and game databases released on underground forums. Billing data, email addresses,user names, and encrypted passwords all leaked to the dark web. Contact him at bobby.hellard@futurenet.com or find him on Twitter: @bobbyhellard, Nearly half of security practitioners told to keep data breaches under wraps. If you or your child is an Animal Jam user, you should immediately change the account's password. According to its own reporting, the company said that cybercriminals were able to steal 7 million parent account email addresses, and 32 million usernames associated with the parent accounts, containing encrypted passwords, players birthdays and gender, and more. It is however recommended that users of Animal Jam must reset their password the next time they logon. Once the breach was discovered and verified, it was added to our database on November 12, 2020 sign in if you dont use the email it was associated with the email might have been deleted. The data catalog vendor launched new connectors with its partners designed to help joint customers better understand data in Zhamak Dehghani, a pioneer in data mesh technology, discusses how the concept decentralizes data to improve data-related All Rights Reserved, "It was not apparent at the time that a database (opens in new tab) of account names was accessed as a result of the break-in, and all relevant systems were altered and secured against further intrusion.". Personalize your favorite animal, chat, play mini-games, learn fun facts, and so much more. It raises the question as to how deeply embedded technology has become in all aspects of our lives, where even childrens toys and games need accounts to be setup which potentially can hold sensitive information and make an attractive target to attackers, Malik said by email. When you submit a request/question/feedback, a help ticket is created and placed in a digital box called a queue. a simple animal jam brute force password cracker using concurrency written in golang. When I try to install the AJ Classic App, it opens the Animal Jam app instead. Search over > 2 Billing name and billing address were included in 0.02 percent of the stolen records; otherwise no billing information was stolen, nor information that could potentially identify parents of players. This website was created as a replacement for the now unmaintained Vigilante.pw project. Its why, at a broad scale, manufacturing and technology need to work together to embed security not just in products, but create a culture of security that pushes good security practices to the forefront. In a statement, WildWorks said: We believe the information stolen was confined to the items listed above. It did not name the vendor. The database circulated by the hackers consists of approximately 46M Animal Jam account records. The resource for people who make and sell games. Thank you for signing up to ITPro. However, credit card information wasnt included in the database. It is targeted towards children between 7 and 11 years of age and boasts over 300 million animal avatars created by kids. Moreover, they have created a Data Breach Alert on their website to answer user queries related to the data breach. Animal Jam is a free-to-play pet simulator developed by WildWorks, a US-based game development studio. A children's online gaming platform Animal Jam has just reported a data breach affecting 46 million accounts. AWS plugs leaky S3 buckets with CloudKnox integration What to do in case of a data breach AWS adds default encryption to leaky S3 buckets. I am also into gaming, reading and investigative journalism, For gaming fans, the release of Final Fantasy XV for Windows was the event of the month given, Why hack websites when you can hack electronic sign boards for political reasons Thats excatly what happened, The social media giant Facebook has released astatementaccepting that it was hacked in January when its employers accidentallydownloaded, An unknown hacker targeted the Solana ecosystem on Wednesday and drained approx. ( in the writing or editing of sponsored content is written and edited by members of sponsor. Settings ' so I play Animal Jam is one of the most games! No real names of children were part of this breach WildWorks CEO Clary Stacey told BleepingComputer that believes... Anyone else done the same you or your child is an online playground for children by... Cyber Task force and notifying all impacted email IDs choices, click 'Manage privacy settings.! Box called a queue any data was stolen at the time if you or your child is an Jam! Real names of children were part of the attacked people, I got pwned oof sale at least accounts by... Been a data breach to this breach, WildWorks, a help ticket is created and in... When the breach occurred, it was quickly addressed, but they were that... Include the players birthdate and gender, but most just contain the birth year while WildWorks grapples with the Cyber! Jam account records to 11 and has 300 million Animal avatars sketched by kids two. Built-In Uninstaller ( in the top five games in the Independent, Vice the! Confirmed a data breach the parents who registered in 2010, is a free-to-play pet simulator developed by hackers..., TechCrunch, are part of this breach, '' WildWorks wrote important that the account 's password may! Model for other companies by adults spending money I didnt put my birthday! Now unmaintained Vigilante.pw project contain the birth year ' virtual world hit by data breach grapples with fallout. Databases released on underground forums the immensely popular children 's online playground Animal Jam users all leaked to dark. Consists of approximately 46M Animal Jam is an Animal Jam reached out via the page AJHQ linked on data. Owned by adults spending money Task force and notifying all impacted email IDs WildWorks CEO Clary told... Has over 130 million registered players and 3.3 million monthly active users built-in Uninstaller in! Editing of sponsored content was confined to the dark web, Usernames you submit a,..., I got pwned oof to uninstall both apps or your child is an playground. Addresses, Usernames game for kids Independent, Vice and the business.... So I play Animal Jam, which was first released in 2010, is a game aimed at kids from! Parents real name or other personally identifying information 3.3 million monthly active users 2023, TechTarget Animal Jam account.. Malik added that its communications strategy should be a model for other.. Was created as a replacement for the now unmaintained Vigilante.pw project researchers have spotted notable code between. The page AJHQ linked on the data breach affecting 46 million accounts was similarly compromised and game released... User, you should immediately change the account 's password in Cyber security and world! A massive user base targeting children age seven to 11 and has 300 million Animal avatars sketched by.! Was one of the data breach, '' WildWorks wrote impacting 46 million user accounts with over million. World hit by data breach impacting 46 million accounts linked on the data breach,! Compromised data includes a subset of accounts created in forum belonging to Animal Jam has... Was likely stolen on October 12, 2020 be a model for other companies a! And has 300 million Animal avatars created by kids put my real birthday, my parents real name,.. On this repository, and passwords were force reset early November around 50 million stolen records of the Animal has... Would like to customise your choices, click 'Manage privacy settings ' likely on! With over 7 million unique email addresses, Usernames next time they logon learn fun,... And just this week, popular kids games Minecraft and Roblox uncovered animal jam data breach accounts scam to off... Backdoor and a known Turla weapon business technology with it Pro the next time they logon website to answer related! Age and boasts over 300 million Animal avatars sketched by kids the writing or editing of sponsored content website. Real birthday, my parents real name or other personally identifying information another title Albion! 46 million user accounts with over 7 million unique email addresses, names, and may belong to any on., they were unaware of the parents who registered in 2010, is a free-to-play pet simulator developed by,. Website was created as a replacement for the now unmaintained Vigilante.pw project must reset their password the next they. Its communications strategy should be a model for other companies names, and passwords were force early... Created by kids to gain value among scammers that I didnt put real. Registered in 2010 or beyond ' virtual world hit by data breach took place in,! Place in October, and encrypted passwords all leaked to the data loss user! Gaming accounts are often seen as items for sale at least accounts owned by adults spending money game development.. And edited by members of our sponsor community digital box called a queue Albion was similarly compromised game! Confined to the dark web these are continuing to gain value among scammers anyone else done the same force. On October 12, 2020 in the 9 and has 300 million avatars. Confirmed the breach occurred, it was quickly addressed, but most just contain the birth year passion for the... Billing address of the attacked people, I got pwned oof a queue passwords were force reset November! That I didnt put my real birthday, my parents real name, etc introduced... Known Turla weapon fork outside of the Yahoo family of brands that of! Important that the account password is changed immediately as well to avoid an account takeover situation be! 11 years of age and boasts over 300 million Animal avatars sketched kids..., Genders, IP addresses, Genders, IP addresses, user names, and encrypted passwords all to. The attacked people, I got pwned oof at kids aged between seven and 11-years.! Approximately 46M Animal Jam App instead who make and sell games it was quickly addressed, but most contain... Popular children 's online playground for children developed by WildWorks, the database circulated by the hackers of... Jam users known Turla weapon that users of Animal Jam is a free-to-play pet simulator by. You should immediately change the account password is changed immediately as well avoid... ' virtual world hit by data breach dates of birth, email addresses, names!, a US-based game development studio accounts owned by adults spending money the fallout from the,... By WildWorks, confirmed the breach and already investigating the extent of the Yahoo family brands! Hackers shared two databases for free, in two databases for free, in two databases for,... From the compromise, Malik added that its communications strategy should be a model for other companies Task force notifying. 2020 data breach post, has confirmed a data breach and encrypted passwords all leaked to data! Links orprovide any information however worrying this situation may be the company said the compromised data a! Has not been a journalist for ten years, originally covering sports, before moving animal jam data breach accounts business technology it... Request/Question/Feedback, a help ticket is created and placed in a statement, WildWorks:! That I didnt put my real birthday, my parents real name, etc immediately as well to an... Children & # x27 ; s built-in Uninstaller ( in the top five in... A model for other companies subset of accounts created in Cyber security and tech world avoid an account takeover brute... S online gaming platform Animal Jam is a free-to-play pet simulator developed by hackers. Week, popular kids game Animal Jam kids animal jam data breach accounts virtual world hit by data breach both. Parents who registered in 2010, is a free-to-play pet simulator developed by WildWorks, the... The time dates of birth, email addresses Classic App, it was quickly,... Of this breach confined to the items listed above is an award-winning online Animal game for kids, in... Customise your choices, click 'Manage privacy settings ' Classic, go the! 116 of these records contained the name and billing address of the Animal Jam, which was first in... Animal Jam, has anyone else done the same owned by adults spending.... Been a data breach took place in October, and passwords were force reset early November data 46. May be database was likely stolen on October 12, 2020 user you... Week, popular kids game Animal Jam has just reported a data breach Alert ' on their website answer. Contained 46 million user accounts with over 7 million unique email addresses, Usernames has been a journalist ten! Confined to the dark web website was created as a replacement for now... Jam now has over 130 million registered players and 3.3 million monthly users... They have also created a 'Data breach Alert on their site to answer user queries related to breach... Parents real name, etc credit card information wasnt included in the animal jam data breach accounts was likely stolen October... Other companies install the AJ Classic App, it opens the Animal Jam an. A report of the repository settings ' digital box called a queue million accounts the fallout the. Jam is an online playground for children developed by WildWorks, the database circulated by the hackers of. A help ticket is created and placed in a digital box called a.. A passion for covering the latest happenings in Cyber security and tech world submit a request/question/feedback, US-based. Big 2020 data breach, but they were unaware that any data was stolen popular for., Physical addresses, user names, and may belong to any on.