It’s dismaying enough when hackers manage to steal data on adults, like the recent Capcom ransomware cyberattack that resulted in employee information and details about future projects being leaked. But when the hack involves a popular children’s game, Animal Jam, the news can be even more alarming.
Hackers can pose a serious threat to the security of a company and the account information of users who provided personal details to that company in good faith. Recently, Animal Jam, a National Geographic game whose target demographic is 9 to 11-year old children, was hacked and 46 million records were stolen. This cyber breach occurred sometime between October 10-12, spurring game developer WildWorks to release a statement notifying parents of the attack on November 11.
In the statement, WildWorks reassured parents that no real children’s names were stolen during the hack and only 0.02% of the compromised records contained billing names or billing addresses. This means that the ability for the hackers to potentially identify the parents of players is greatly limited. All of the usernames in Animal Jam, on both mobile and PC, are moderated by real people upon creation to ensure that none of them contain a real name or personally identifying information.
The database of 46 million records stolen in the cyber breach of Animal Jam, dating back to the game’s launch in 2010, is being circulated by the hackers. The WildWorks statement broke down precisely what information was accessed from the hacked accounts:
- the email addresses used to create approximately 7 million parent accounts
- 32 million player usernames associated with these parent accounts
- passwords associated with these accounts in encrypted form
- 14.8 million records that include the player’s birth year
- 23.9 million records that include the player’s gender
- 5.7 million records that include the player’s full birthday
- 12,653 parent accounts, including the parent’s full name and billing address but no other billing information
- 16,131 parent accounts, including the parent’s first and last name but no billing address
Initially, at the time of the break-in sometime between October 10-12, WildWorks believed that only its vendor’s server had been compromised and did not realize that its own database of account information had been accessed. Accordingly, the company worked to proactively increase protections against another security breach. A month later, on November 11, independent security researchers monitoring a hacker forum noticed the Animal Jam database posted there and alerted WildWorks of the theft. WildWorks immediately issued the notification to parents.
The company has taken the additional step of working closely with the FBI and other law enforcement agencies to hopefully identify the people responsible for the hack. In the meantime, all Animal Jam accounts are being required to change their passwords. The WildWorks statement provides additional steps that concerned parents can take to ensure their safety or to check if their information was included in the leak.
Animal Jam is available on mobile and PC.
Source: Animal Jam Press Release (via Cyber Security Hub)
![\"IT電腦補習](\"http://itteacheritfreelance.hk/test/wordpress/wp-content/uploads/2016/05/logo2-2.png\"){kind=logo}
www.itsec.hk
www.itsec.vip
www.itseceu.uk
Leave a Reply