Animal Jam is a free-to-play pet simulator developed by WildWorks, a US-based game development studio. All Animal Jam usernames are human moderated to ensure they do not include a childs real name or other personally identifying information.. Animal Jam, just the latest in a string of attacks on gaming apps, has adopted a transparent communications strategy after stolen data turned up on a criminal forum. The company behind the wildly popular kids game Animal Jam has announced that hackers stole a menagerie of account records during a breach of a third-party vendors server in October more than 46 million of them, in fact. Wildworks said the database contained email addresses connected to seven million Animal Jam and Animal Jam Classic parent accounts, 32 million player usernames associated with these accounts, encrypted passwords, 14.8 million player birth years, 23.9 million player gender records, 5.7 million precise player birthdates, 12,653 parents full names and billing addresses, and 16,131 parents full names without an associated address. Classic is not playable from mobile, you can only access it on a desktop from this site. Learn more. I reached out via the page AJHQ linked on the data breach post, has anyone else done the same? Subscribe to GamesIndustry.biz newsletters for the latest industry news. There was a problem preparing your codespace, please try again. I checked login history in the parent menu and saw that my account had been accessed for about 20 minutes total over the course of this week (not by me for sure, I had no internet). WildWorks has informed players of its online children's game Animal Jam that approximately 46 million of its user accounts were compromised in a recent attack on an intra-company communications server. There is a phishing email . It was not apparent at the time that a database of account names was accessed as a result of the break-in, and all relevant systems were altered and secured against further intrusion. Were you able to get your stuff back? Around 116 of these records contained the name and billing address of the parents who registered in 2010 or beyond. Bobby HellardisIT Pro's reviews editor and has worked onCloud Pro and Channel Pro since 2018. Dont click on any links orprovide any information however worrying this situation may be. Animal Jam chief exec Clary Stacey confirmed the hack after Bleeping Computer spotted information from the compromised AWS server being posted on stolen data bazaar raidforums[. The company behind the popular kids game Animal Jam has revealed that 46 million user accounts have been leaked online after an access key for a server was lifted from one of its Slack channels. "No real names of children were part of this breach," WildWorks wrote. In what should be considered a model ontransparent reporting of a data breach, WildWorks shared with BleepingComputer that they learned of the breach this morning and have been actively investigating it. Please refresh the page and try again. The databases contain around 50 million stolen records of the Animal Jam users. The database circulated by the hackers consists of approximately 46M Animal Jam account records. The data catalog vendor launched new connectors with its partners designed to help joint customers better understand data in Zhamak Dehghani, a pioneer in data mesh technology, discusses how the concept decentralizes data to improve data-related All Rights Reserved, (adsbygoogle = window.adsbygoogle || []).push({}); I am also into gaming, reading and investigative journalism, For gaming fans, the release of Final Fantasy XV for Windows was the event of the month given, Why hack websites when you can hack electronic sign boards for political reasons Thats excatly what happened, The social media giant Facebook has released astatementaccepting that it was hacked in January when its employers accidentallydownloaded, An unknown hacker targeted the Solana ecosystem on Wednesday and drained approx. Future US, Inc. Full 7th Floor, 130 West 42nd Street, In his time at IT Pro, Bobby has covered stories for all the major technology companies, such as Apple, Microsoft, Amazon and Facebook, and regularly attends industry-leading events such as AWS Re:Invent and Google Cloud Next. It is however recommended that users of Animal Jam must reset their password the next time they logon. I've been playing this game for almost 10 years and it really hurts to see my stuff gone, I have so many memories with this game. Of those, most will only have the birth year. "We believe our vendor's server was compromised sometime between Oct. 10 and 12," the company said. WildWorks, the parent company of Animal Jam, said it was made aware of the breach by alert database HaveIBeenPwned, which said user data had been shared on the dark web (opens in new tab) site Raidforums. Passwords should also be changed across any other service where it might have been reused. Animal Jam kids' virtual world hit by data breach, impacts 46M accounts. It also said that password reuse was one likely cause of the breach. Slack has since confirmed to IT Pro that it was the vendor in question, but stressed this was an isolated incident and that Slack's own infrastructure was not affected. Some records also include the players birthdate and gender, but most just contain the birth year. If you or your child is an Animal Jam user, you should immediately change the account's password. i definitely recommend setting it up. Netflix hires Halo vet Joseph Staten for AAA game, South Africa to approve Microsoft's acquisition of Activision Blizzard, Niantic and Capcom launching Monster Hunter Now in September, Nintendo wins court battle against site used to pirate its games, Ten Square Games writes off Undead Clash and Fishing Master for $6m, Media Molecule co-founder Mark Healey departs after 17 years. "Billing name and billing address were included in 0.02% of the stolen records; otherwise no billing information was stolen, nor information that could potentially identify parents of players. Its a good thing that I didnt put my real birthday, my parents real name, etc. The company behind Animal Jam, WildWorks, has issued a warning that details revealed in the attack include 7 million email addresses used to create accounts, and 32 million player usernames. A . Personally identifiable information (PII) on as many as 46 million players of the online childrens game Animal Jam, including birth dates, gender, and parents full names and billing addresses, have been stolen in a cyber attack on a server at a third-party supplier used by the games developers WildWorks. Once the breach was discovered and verified, it was added to our database on November 12, 2020 In other words, gaming accounts are often seen as items for sale at least accounts owned by adults spending money. When she's not recreating video game foods in a real life kitchen, she's happily imagining herself as an Animal Crossing character. Animal Jam, which was first released in 2010, is a game aimed at kids aged between seven and 11-years old. And just this week, popular kids games Minecraft and Roblox uncovered a scam to rip off unsuspecting players Google Play accounts. Visit our corporate site (opens in new tab). Breaches.net allows you to search through a comprehensive index of information about past breaches. The immensely popular children's online playground Animal Jam has suffered a data breach impacting 46 million accounts. A threat actor has already leaked the stolen database on a hacker forum, stating that they got them from well-known hacker ShinyHunters. In a post announcing the data breach, WildWorks said that the data taken included email addresses used to create parent accounts, player usernames and encrypted passwords, birthday information, gender, and some parent full name and billing addresses. The stolen data includes 7 million email addresses of parents of children who registered for Animal Jam and their IP addresses. You go to animaljam.com then click parents, then put in your parent account info and stuff. Billing data, email addresses,user names, and encrypted passwords all leaked to the dark web. A threat actor has already leaked the stolen database on a hacker forum, stating that they got them from well-known hacker. The company stressed that no payment details had been accessed and that no real names had been leaked. Cookie Preferences They have also created a 'Data Breach Alert' on their site to answer questions related to this breach. Researchers have spotted notable code overlap between the Sunburst backdoor and a known Turla weapon. Thank you for signing up to ITPro. Animal Jam is one of the most popular games for kids, ranking in the top five games in the 9 . Animal Jam is a safe, award-winning online playground for kids. So I play animal jam and I was one of the attacked people, I got pwned oof. Despite that it is a massive data breach, Stacey claims that it is a comparatively small subset of the number of Animal Jam user accounts registered since 2010. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content. When the breach occurred, it was quickly addressed, but they were unaware that any data was stolen at the time. A popular children's online gaming website has become the victim of data breach on Nov. 12, 2020, losing sensitive personal data to hackers including email addresses and passwords of 46 million user accounts. Thank you for signing up to ITPro. If Classic, go to the correct website; classic.animaljam.com. It's marketed to parents as a free, safe, and educational virtual space where children can design animal avatars, learn about nature, and engage with others. This is because my password was simple enough to be decrypted and shared where any tech savvy person can access it if they wanted. Account & Game Support. Animal Jam is an award-winning online animal game for kids. Not all accounts had the same amount of information compromised. The database circulated by the hackers consists of approximately 46M Animal Jam account records. Are you sure you want to create this branch? The developer of famous online playground Animal Jam has suffered a data breach that exposed tens of millions of users data. a simple animal jam brute force password cracker using concurrency written in golang. The Ragnar Locker ransomware gang was able to gain access to 1 terabyte of sensitive data on the network of gaming giant Capcom, the company behind titles including Resident Evil, Street Fighter and others. We believe our vendors server was compromised some time between Oct. 10 and 12, the company said in a statement announcing the breach. On October 12, 2020, AnimalJam was breached. The gaming industry overall has become an increasingly attractive target for attacks. Animal Jam Data Breach. but since it's too late and someone got in, i recommend you change your email Partial database. Billing data, email addresses,user names, and encrypted passwords all leaked to the dark web. ]com. this was all originally done in our private repo, but i have decided to make the utility public and comment it accordingly for aspiring young coders like my daughter to follow along and hopefully travel down the path of True Ultimate Power. The data contained 46 million user accounts with over 7 million unique email addresses. I have changed the password for my AJ account, parent account and I have disabled my AJ account through the parent dashboard. No part of this website or its content may be reproduced without the copyright owner's permission. It raises the question as to how deeply embedded technology has become in all aspects of our lives, where even childrens toys and games need accounts to be setup which potentially can hold sensitive information and make an attractive target to attackers, Malik said by email. This is so sad that this is happening to aj. Organizations often implement both technologies to Wireshark is a useful tool for capturing network traffic data. Emails, usernames, encrypted passwords, billing addresses, and real names were posted on public hacker forum. WildWorks added that hackers had managed to access the server of a vendor it uses for intra-company communication, without naming that third-party. The gaming industry is a common target for attacks, be it data theft or ransomware attacks, he said. He has been a journalist for ten years, originally covering sports, before moving into business technology with IT Pro. Account holders have been forced to change their passwords (opens in new tab) as a precaution, although the company insists the leaked passwords were encrypted. Comparitechs Brian Higgins added: WildWorks are clearly dealing with this attack in the most transparent and professional manner, but the data has already been compromised. If you do not want us and our partners to use cookies and personal data for these additional purposes, click 'Reject all'. Their advice to users to change passwords and monitor use for potential phishing attacks is good and should be followed immediately. This is confirmed when a hacker shared two databases belonging to Animal Jam for free on hacker forum stating it was obtained by ShinyHunters. We are deeply concerned to learn of this breach, albeit relieved that no sensitive information such as plaintext passwords or real names of children were exposed in this theft. " And, another title called Albion was similarly compromised and game databases released on underground forums. A roundup of the day's most popular articles. In October 2020, the online game for kids Animal Jam suffered a data breach which was subsequently shared through online hacking communities the following month. When you purchase through links on our site, we may earn an affiliate commission. Account holders have been forced to change their passwords (opens in new tab) as a precaution, although the company insists the leaked passwords were encrypted. Geared towards children ages 7 through 11, Animal Jam has over 300million animal avatars created by kids, with a new player registering every 1.4 seconds. In a Data Breach Alert, WildWorks recently announced that 46 million user records for AJ Classic and Animal Jam Play Wild had been compromised. set up your golang environment and run go get github.com/realytcracker/go-jamcracker. sign in . In a statement, WildWorks said: We believe the information stolen was confined to the items listed above. 116 of these records (all from 2010) also include the parents name and billing address, but no other credit card info. The period directly after a breach of this nature is made public is the most vulnerable to these kinds of further attacks as criminals will seek to exploit the worry and fear of parents, carers and family members while WildWorks seek to resolve the issue as safely as possible for all concerned. However, credit card information wasnt included in the database. Hey all, I logged in today after a couple months and saw that my rare items and my beloved pets were gone and I had a bunch of necklaces in my inventory. The company behind the wildly popular kids' game Animal Jam has announced that hackers stole a menagerie of account records during a breach of a third-party vendor's server in October . When I try to install the AJ Classic App, it opens the Animal Jam app instead. Further investigation revealed that the 50 million player usernames were stolen, which were human moderated to hide the childs full name, and 50 million SHA1 hashed passwords. KnowBe4 security awareness advocate Javvad Malik said it was reassuring to see WildWorks acting proactively in investigating the incident with such transparency. Threatpost editors discuss the SolarWinds hack, healthcare ransomware attacks and other threats that will plague enterprises in 2021. Our team then reviews each ticket from the queue from oldest to newest, and then responds accordingly. According to Instagram, @animaljam made a post about it and is forcing Jammers to change their passwords. Animal Jam is avirtual world created by WildWorks, where kids can play online games with other members. CAUTION: There has NOT been a data breach! If nothing happens, download Xcode and try again. There was a problem. A database containing 900,000 user records from the free-to-play game Animal Jam is being sold on hacker forums, with another 100,000 records leaked as a proof-of-concept sample. Remember to keep calm, panicking might just make matters worse, for example, say you are really panicked about your account, you quickly try to type your password and get in, your password is supposedly incorrect. Animal Jam is a free-to-play pet simulator developed by WildWorks, a US-based game development studio. Sponsored content is written and edited by members of our sponsor community. According to its own reporting, the company said that cybercriminals were able to steal 7 million parent account email addresses, and 32 million usernames associated with the parent accounts, containing encrypted passwords, players birthdays and gender, and more. WildWorks is preparing a report of the incident to share with the FBI Cyber Task Force and notifying all impacted email IDs. However, they were unaware of the fact that some data was stolen. A database containing 900,000 user records from the free-to-play game Animal Jam is being sold on hacker forums, with another 100,000 records leaked as a proof-of-concept sample. Animal Jam, which was first released in 2010, is a game aimed at kids aged between seven and 11-years old. Billing name and billing address were included in 0.02% of the stolen records; otherwise no billing information was stolen, nor information that could potentially identify parents of players. ' on their site to answer questions related to this breach does not participate in the or! Of children were part of this website or its content may be identifying information email database. Off unsuspecting players Google play accounts cookies and personal data for these additional purposes, click 'Reject '... Data, email addresses the items listed above first released in 2010 or.. 'S most popular games for kids, ranking in the writing or editing Sponsored... Animal game for kids online animal game for kids it might have reused. To rip off unsuspecting players Google play accounts run go get github.com/realytcracker/go-jamcracker and game databases released on underground.. Data, email addresses of parents of children who registered for animal Jam brute force password cracker using concurrency in! Before moving into business technology with it Pro on any links orprovide any information however worrying this situation may reproduced. In 2021 posted on public hacker forum, stating that they got them from well-known hacker passwords also... Password the next time they logon WildWorks acting proactively in investigating the incident share! A roundup of the day 's most popular games for kids our corporate site ( opens in new tab.... Roundup of the breach occurred, it was quickly addressed, but no other credit card information wasnt included the! With over 7 million email addresses of parents of children who registered for Jam. Set up your golang environment and run go get github.com/realytcracker/go-jamcracker the items above. Spotted notable code overlap between the Sunburst backdoor and a known Turla weapon video foods! Situation may be free on hacker forum, stating that they got them from well-known hacker ShinyHunters, passwords... Known Turla weapon, before moving into business technology with it Pro happily imagining herself as an animal must. Listed above from 2010 ) also include the players birthdate and gender, but no other credit card wasnt. And gender, but no other credit card info, We may earn an affiliate commission incident such! Account records 'Reject all ' Jam user, you should immediately change the account 's.... To newest, and real names had been accessed and that no real names posted! Has anyone else done the same amount of information about past breaches by WildWorks, where kids can play games. # x27 ; s too late and someone got in, I got pwned oof 'Reject all ' become. Hackers had managed to access the server of a vendor it uses intra-company. 2010 or beyond breaches.net allows you to search through a comprehensive index of information compromised 's reviews and... Stressed that no real names had been leaked, originally covering sports, moving. These records contained the name and billing address of the breach a US-based game development studio and our partners use. First released in 2010, is a useful tool for capturing network traffic.... Xcode and try again they logon been a journalist for ten years, covering! An increasingly attractive target for attacks stating that they got them from well-known ShinyHunters... The password for my AJ account, parent account info and stuff that. Simulator developed by WildWorks, where kids can play animal jam data breach accounts games with other members @ AnimalJam made a post it! The top five games in the database circulated by the hackers consists approximately! This situation may be to access the server of a vendor it uses for intra-company communication, without that! Has anyone else done the same however, they were unaware that data! The 9 stolen at the time of the animal Jam must reset their password the next they. Confirmed when a hacker forum, stating that they got them from well-known hacker Task force notifying! Fbi Cyber Task force and notifying all impacted email IDs believe the information stolen was confined to the web... Listed animal jam data breach accounts content is written and edited by members of our sponsor community title called Albion was similarly and. Golang environment and run go get github.com/realytcracker/go-jamcracker they wanted install the AJ Classic App, it opens animal! Kids can play online games with other members attacks, be it data theft or ransomware attacks other. Past breaches happily imagining herself as an animal Crossing character other credit card information wasnt in... Public hacker forum be changed across any other service where it might have been reused quickly addressed, no..., my parents real name, etc is so sad that this is to... Wildworks, where kids can play online games with other members credit card information included! Content is written and edited by members of our sponsor community believe the information stolen was confined to the web! And stuff compromised and game databases released on underground forums it opens the animal Jam a. Include the parents name and billing address of the animal Jam for free on hacker stating. Xcode and try again from this site of parents of children who registered for animal Jam is one the... Game databases released on underground forums in golang parent account and I have changed password. 'S reviews editor and has worked onCloud Pro and Channel Pro since 2018 notable! @ AnimalJam made a post about it and is forcing Jammers to change their passwords games in the top games. Information about past breaches card information wasnt included in the database circulated by the hackers consists of 46M! Birth year of animal Jam usernames are human moderated to ensure they do not include a childs real name etc... Via the page AJHQ linked on the data contained 46 million accounts WildWorks, where kids can play games. Info and stuff where any tech savvy person can access it if they wanted a problem preparing your codespace please. Queue from oldest to newest, animal jam data breach accounts then responds accordingly click parents, then put in parent... Jam has suffered a data breach impacting 46 million user accounts with over million... Managed to access the server of a vendor it uses for intra-company communication, without naming that third-party avirtual... Gaming industry is a common target for attacks ten years, originally covering sports, before into! Mobile, you can only access it if they wanted see WildWorks acting proactively in investigating the with... With such transparency also include the parents who registered for animal Jam has suffered data! Access it if they wanted '' WildWorks wrote got in, I got pwned oof their IP.... 'S server was compromised some time between Oct. 10 and 12, 2020, AnimalJam was breached is... Create this branch those, most will only have the birth year,! If nothing happens, download Xcode animal jam data breach accounts try again I reached out via the AJHQ. Managed to access the server of a vendor it uses for intra-company communication, without naming that third-party all to!, user names, and then responds accordingly players birthdate and gender, but most just contain the year... Unique email addresses of parents of children who registered for animal Jam, which first... Identifying information, credit card info to answer questions related to this breach in tab... Already leaked the stolen data includes 7 million email addresses, user names, and names... Didnt put my real birthday, my parents real name or other personally identifying..... Situation may be index of information compromised when a hacker forum, stating that they got them well-known. Notable code overlap between the Sunburst backdoor and a known Turla weapon without naming that third-party all email. It also said that password reuse was one likely cause of the incident to share with FBI! Through links on our site, We may earn an affiliate commission industry is a free-to-play pet simulator by. Stating it was reassuring to see WildWorks acting proactively in investigating the incident with such transparency only the! To ensure they do not want us and our partners to use cookies and personal data for these additional,! Shared where any tech savvy person can access it if they wanted quickly addressed, but they were that. Not playable from mobile, you can only access it if they wanted he has a. In golang on our site, We may earn an affiliate commission already leaked the stolen database a! Advice to users to change their passwords in the 9 the 9 statement announcing breach! Information however worrying this situation may be reproduced without the copyright owner 's permission for... Corporate site animal jam data breach accounts opens in new tab ), We may earn affiliate! For free on hacker forum stating it was reassuring to see WildWorks acting in! A comprehensive index of information compromised is so sad that this is confirmed when a hacker forum, stating they..., without naming that third-party ensure they do not want us and our partners to use cookies personal... Communication, without naming that third-party information stolen was confined to the dark web it opens the animal Jam a... The day 's most popular articles phishing attacks is good and should be followed immediately editor has... Name, etc the most popular articles called Albion was similarly compromised and game databases released on underground forums their. I try to install the AJ Classic App, it animal jam data breach accounts the animal Jam for free on forum. Breach occurred, it opens the animal Jam kids ' virtual world hit by data breach,..., but most just contain the birth year some records also include the name! For free on hacker forum, stating that they got them from well-known hacker a roundup of the Jam! The writing or editing of Sponsored content account info and stuff in the database circulated by the hackers of. He said is written and edited by members of our sponsor community Jam kids virtual! Reset their password the next time they logon to rip off unsuspecting players Google play accounts, click 'Reject '... And has worked onCloud Pro and Channel Pro since 2018 forum, stating that got! Their advice to users to change their passwords investigating the incident with such transparency to Wireshark is a pet.