Threatpost editors discuss the SolarWinds hack, healthcare ransomware attacks and other threats that will plague enterprises in 2021. WildWorks, the company behind the popular kids game Animal Jam, reported that approximately 46 million of its users' accounts were compromised in a recent data breach. Animal Jam Data Breach (change your passwords!) The best thing you can do is change your password and then chill out, most of the passwords released were encrypted, and unless you used word that are in the dictionary it will be hard to unencrypt. Stacey stated that they are preparing a report for the FBI Cyber Task Force and notifying all affected emails. WildWorks added that hackers had managed to access the server of a vendor it uses for intra-company communication, without naming that third-party. disclaimer DO NOT ACTUALLY USE THIS UTILITY TO CRACK ACCOUNTS - you will most likely get banished permanently from jamaa and have all your rare long spikes, headdresses, and beta tails stripped away. On October 12, 2020, AnimalJam was breached. All Animal Jam usernames are human-moderated to ensure they do not include a childs real name or other personally identifying information.. Not all accounts had the same amount of information compromised. It is however recommended that users of Animal Jam must reset their password the next time they logon. Scan this QR code to download the app now. And just this week, popular kids games Minecraft and Roblox uncovered a scam to rip off unsuspecting players Google Play accounts. "It was not apparent at the time that a database (opens in new tab) of account names was accessed as a result of the break-in, and all relevant systems were altered and secured against further intrusion.". In a statement, Animal Jam said the hack resulted in the loss of approximately 46 million account records, which included billing data and email addresses for parental accounts, user names, encrypted passwords, and details for birthdays and player genders. "We believe our vendor's server was compromised sometime between Oct. 10 and 12," the company said. A daily dose of IT news, reviews, features and insights, straight to your inbox! When you purchase through links on our site, we may earn an affiliate commission. LockBit ransomware encryptors found targeting Mac devices, Hackers start abusing Action1 RMM in ransomware attacks, NCR suffers Aloha POS outage after BlackCat ransomware attack, Android malware infiltrates 60 Google Play apps with 100M installs, Ex-Conti members and FIN7 devs team up to push new Domino malware, Hackers abuse Google Command and Control red team tool in attacks, New QBot email attacks use PDF and WSF combo to install malware, New Chameleon Android malware mimics bank, govt, and crypto apps, Remove the Theonlinesearch.com Search Redirect, Remove the Smartwebfinder.com Search Redirect, How to remove the PBlock+ adware browser extension, Remove the Toksearches.xyz Search Redirect, Remove Security Tool and SecurityTool (Uninstall Guide), How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo, How to remove Antivirus 2009 (Uninstall Instructions), How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller, Locky Ransomware Information, Help Guide, and FAQ, CryptoLocker Ransomware Information Guide and FAQ, CryptorBit and HowDecrypt Information Guide and FAQ, CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ, How to open a Windows 11 Command Prompt as Administrator, How to make the Start menu full screen in Windows 10, How to install the Microsoft Visual C++ 2015 Runtime, How to open an elevated PowerShell Admin prompt in Windows 10, How to remove a Trojan, Virus, Worm, or other Malware. Animal Jam, which was first released in 2010, is a game aimed at kids aged between seven and 11-years old. However, credit card information wasnt included in the database. If account holders have created accounts at any other online service using the same password, this should also be changed immediately. Bobby mainly covers hardware reviews, but you will also recognise him as the face of many of our video reviews of laptops and smartphones. i originally wrote this application with my daughter @mandarinp to teach her some programming + security basics, and to demonstrate how easy it is to bootstrap useful applications in go. "All Animal Jam usernames are human moderated to ensure they do not include a child's real name or other personally-identifying information.". When you submit a request/question/feedback, a help ticket is created and placed in a digital box called a queue. Visit our corporate site (opens in new tab). But none the less, I suggest immediately changing your password to a stronger one, as an example: fgrjhbgrebim2647f. This is because my password was simple enough to be decrypted and shared where any tech savvy person can access it if they wanted. If nothing happens, download Xcode and try again. The company behind the popular kids game Animal Jam has revealed that 46 million user accounts have been leaked online after an access key for a server was lifted from one of its Slack channels. There was a problem. again, this is purely conjecture, and i could totally be wrong. (adsbygoogle = window.adsbygoogle || []).push({}); Heres how it works. Organizations often implement both technologies to Wireshark is a useful tool for capturing network traffic data. As a precaution, all Animal Jam users' will be required to reset their password on the next logon. Cipot added that gaming breaches like these are continuing to gain value among scammers. Did you enjoy reading this article? WildWorks said that the server was compromised between October 10 and 12, and that it learned of the issue just yesterday when security researchers found the stolen information uploaded to an online hacker forum. AWS plugs leaky S3 buckets with CloudKnox integration What to do in case of a data breach AWS adds default encryption to leaky S3 buckets. Read our posting guidelinese to learn what content is prohibited. US law enforcement has also been notified. Wildworks said the database contained email addresses connected to seven million Animal Jam and Animal Jam Classic parent accounts, 32 million player usernames associated with these accounts, encrypted passwords, 14.8 million player birth years, 23.9 million player gender records, 5.7 million precise player birthdates, 12,653 parents full names and billing addresses, and 16,131 parents full names without an associated address. WildWorks is preparing a report of the incident to share with the FBI Cyber Task Force and notifying all impacted email IDs. The immensely popular children's online playground Animal Jam has suffered a data breach impacting 46 million accounts. Animal Jam holds such precious memories for me. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Updated Child-friendly games website Animal Jam suffered a hack that exposed 46 million user records after a staff Slack channel was compromised by malicious people who discovered a private AWS key.. Of those, most will only have the birth year. Contact him at bobby.hellard@futurenet.com or find him on Twitter: @bobbyhellard, Nearly half of security practitioners told to keep data breaches under wraps. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. AWS plugs leaky S3 buckets with CloudKnox integration What to do in case of a data breach AWS adds default encryption to leaky S3 buckets. In what should be considered a model ontransparent reporting of a data breach, WildWorks shared with BleepingComputer that they learned of the breach this morning and have been actively investigating it. i definitely recommend setting it up. to use Codespaces. The display of third-party trademarks and trade names on the site do not necessarily indicate any affiliation or endorsement of Hackread.com. In 'The Art of War,' Sun Tzu declared, 'All warfare is based on deception.' Their advice to users to change passwords and monitor use for potential phishing attacks is good and should be followed immediately. Once the breach was discovered and verified, it was added to our database on November 12, 2020 Slack has since confirmed to IT Pro that it was the vendor in question, but stressed this was an isolated incident and that Slack's own infrastructure was not affected. In October 2020, the online game for kids Animal Jam suffered a data breach which was subsequently shared through online hacking communities the following month. I checked login history in the parent menu and saw that my account had been accessed for about 20 minutes total over the course of this week (not by me for sure, I had no internet). Animal Jam, just the latest in a string of attacks on gaming apps, has adopted a transparent communications strategy after stolen data turned up on a criminal forum. BreachDirectory - Check If Your Email or Username was Compromised Maintenance Complete - visit deletemydata for removal Breachdirectory. WildWorks told BleepingComputer that they would continue to be transparent about the exposed data, and if any new information is learned from their investigation, it will be disclosed. You go to animaljam.com then click parents, then put in your parent account info and stuff. You will receive a verification email shortly. Please The resource for people who make and sell games. Do Not Sell or Share My Personal Information, Datacentre backup power and power distribution, Secure Coding and Application Programming, Data Breach Incident Management and Recovery, Compliance Regulation and Standard Requirements, Telecoms networks and broadband communications, Data breach incident management and recovery, a vast reduction on the initial 183m penalty, Women looking for new roles want equal progression opportunities, Tech spending in India to grow by 9.6% in 2023, RWTH Aachen looks for educational edge with private 5G, Auto-tech series - Lacework: More automation + more code = more vulnerable, Percona engineering lead: Into the open database universe, 2019 data breach disclosures: 10 more of the biggest. Sponsored Content is paid for by an advertiser. "It was not apparent at the time that a database (opens in new tab) of account names was accessed as a result of the break-in, and all relevant systems were altered and secured against further intrusion.". KnowBe4 security awareness advocate Javvad Malik said it was reassuring to see WildWorks acting proactively in investigating the incident with such transparency. It's marketed to parents as a free, safe, and educational virtual space where children can design animal avatars, learn about nature, and engage with others. Launched in 2010 as an exciting and safe online playground for kids who love animals and the outdoors, Animal Jam has approximately 130 million users and over 300 million individual avatars. but still, it is good to change the passwords. It is also an excellent time to introduce your child to a password manager so that they get into the habit of using unique and robust passwords at every site they use. Bobby HellardisIT Pro's reviews editor and has worked onCloud Pro and Channel Pro since 2018. A small subset of the records may include the gender and birthdate the player entered when creating their account. "No real names of children were part of this breach," WildWorks wrote. This practice will save them a lot of headaches in the future. We believe our vendors server was compromised some time between Oct. 10 and 12, the company said in a statement announcing the breach. Do like our page on, LockBit Ransomware Expands Attack Spectrum to Mac Devices, QuaDream, Israeli iPhone hacking spyware firm, to shut down. You will almost certainly make it worse.. Its CEO Clary Stacey stated that the threat actors compromise Wild Works Slack server to obtain the AWS keys. The database, seen circulating online in underground forums, is believed to have been stolen by a malicious actor using the alias ShinyHunters, and according to Bleeping Computer, which first reported the story, was likely taken in mid-October 2020. Geared towards children ages 7 through 11, Animal Jam has over 300 million animal avatars created by kids, with a new . I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. In a post announcing the data breach, WildWorks said that the data taken included email addresses used to create parent accounts, player usernames and encrypted passwords, birthday information, gender, and some parent full name and billing addresses. Oh no. If you do not want us and our partners to use cookies and personal data for these additional purposes, click 'Reject all'. This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository. Notice any errors/mistakes in this breach entry? According to Instagram, @animaljam made a post about it and is forcing Jammers to change their passwords. The company behind Animal Jam, WildWorks, has issued a warning that details revealed in the attack include 7 million email addresses used to create accounts, and 32 million player usernames. The company, WildWorks, said that it was unaware that the data had been compromised, until 7 million records turned up on an underground forum used by malicious actors to distribute lifted data, on Nov. 11. Thank you for signing up to ITPro. Thank you for signing up to ITPro. Children's online virtual world Animal Jam suffers a data breach exposing data of 46 million user accounts on the dark web. A . Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. "WildWorks is a small company, but we take player security very seriously. Moreover, they have created a Data Breach Alert on their website to answer user queries related to the data breach. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content. Portions of data displayed are obtained from Have I Been Pwned and Vigilante.pw. It is targeted towards children between 7 and 11 years of age and boasts over 300 million animal avatars created by kids. CAUTION: There has NOT been a data breach! Hey all, I logged in today after a couple months and saw that my rare items and my beloved pets were gone and I had a bunch of necklaces in my inventory. 2023 Gamer Network Limited, Gateway House, 28 The Quadrant, Richmond, Surrey, TW9 1DN, United Kingdom, registered under company number 03882481. Some records also include the players birthdate and gender, but most just contain the birth year. 10 Best Zippyshare Alternatives Best File Sharing Services, Hackers crack Final Fantasy XV Windows edition before its launch, Road Sign in Modesto Hacked with Anti-Trump Message, Facebook Hacked but User Data Remains Safe, 8,000 Solana Wallets Drained Millions Worth of Crypto in Cyberattack. Approximately 7 million email addresses of parents whose children registered for Animal Jam accounts are included. NY 10036. This is confirmed when a hacker shared two databases belonging to Animal Jam for free on hacker forum stating it was obtained by ShinyHunters. And, another title called Albion was similarly compromised and game databases released on underground forums. The breach exposed 32 million player accounts and 7 million parent dashboard email addresses along with their associated PBKDF2 password hash and IP address (at the time of account creation). The immensely popular children's online playground Animal Jam has suffered a data breach impacting 46 million accounts. The developer of famous online playground Animal Jam has suffered a data breach that exposed tens of millions of users data. Billing data, email addresses,user names, and encrypted passwords all leaked to the dark web. So I play animal jam and I was one of the attacked people, I got pwned oof. No part of this website or its content may be reproduced without the copyright owner's permission. It did not name the vendor. The registered address is 85 Great Portland Street, London, England, W1W 7LT The company stressed that no payment details had been accessed and that no real names had been leaked. This website was created as a replacement for the now unmaintained Vigilante.pw project. WildWorks said it was first made aware of the breach on 11 November and is now working with the FBI and international enforcement agencies. While no one approach will be able to prevent all breaches, its important that data isnt collected unless necessary, and the data that is collected is done for legitimate purposes and secured properly, said Malik. Partial database. Founded in 2011, HackRead is based in the United Kingdom. Researchers have spotted notable code overlap between the Sunburst backdoor and a known Turla weapon. Servers, storage and professional services all saw decreases in the U.S. government's latest inflation update. Regardless of the perceived exposure, Boris Cipot, senior sales engineer with Synopsys warned users to update their passwords immediately. 11, 2020, when security researchers monitoring a public hacker forum saw the data posted there and alerted us.. The data contained 46 million user accounts with over 7 million unique email addresses. The Ragnar Locker ransomware gang was able to gain access to 1 terabyte of sensitive data on the network of gaming giant Capcom, the company behind titles including Resident Evil, Street Fighter and others. If Classic, go to the correct website; classic.animaljam.com. set up your golang environment and run go get github.com/realytcracker/go-jamcracker. Digging into the Dark Web: How Security Researchers Learn to Think Like the Bad Guys, Cyberattackers Serve Up Custom Backdoor for Oracle Restaurant Software, source code for Watch Dogs: Legion, ahead of its release, SolarWinds Hack Potentially Linked to Turla APT, A Look Ahead at 2021: SolarWinds Fallout and Shifting CISO Budgets, Why Physical Security Maintenance Should Never Be an Afterthought, Contis Reign of Chaos: Costa Rica in the Crosshairs, Rethinking Vulnerability Management in a Heightened Threat Landscape. Its creator, WildWorks, confirmed the breach and already investigating the extent of the data loss. New York, I play animal jam (I am not an adult, I am 11) and I think it is a very fun and educational game, that allows other kids to learn about nature and the environment. 7 million records of children or their parents. In other words, gaming accounts are often seen as items for sale at least accounts owned by adults spending money. A tag already exists with the provided branch name. A threat actor has already leaked the stolen database on a hacker forum, stating that they got them from well-known hacker ShinyHunters. AWS plugs leaky S3 buckets with CloudKnox integration, AWS adds default encryption to leaky S3 buckets, OpenAI to pay up to $20k in rewards through new bug bounty program, Microsoft angers admins as April Patch Tuesday delivers password feature without migration guidance, UK to spend 100m on 6G research centres in bid for sector dominance, Kaspersky could face another round of US punishments on national security grounds, Global PC shipment decline continues as Apple, Lenovo feel the pinch, CBI director general sacked following misconduct probe, WatchGuard appoints HoJin Kim as new SVP and chief revenue officer, UK criminal records office suffers two-month "cyber security incident", Why the likes of Shopify are bringing web designers to an end, Pax8 names SaaS veteran David Powell as new sales strategy chief, Former TSB CIO fined 81,000 for botched IT migration, AWS Bedrock distances firm from Microsoft, Google in generative AI race, The best tech tutorials and in-depth reviews, Try a single issue or save on a subscription, Issues delivered straight to your door or device. Databases belonging to Animal Jam has suffered a data breach impacting 46 million accounts data contained 46 accounts... Be changed immediately, when security researchers monitoring a public hacker forum stating it was released!, senior sales engineer with Synopsys warned users to change their passwords may. Service using the same password, this should animal jam data breach accounts be changed immediately example: fgrjhbgrebim2647f to a one. Obtained from have I Been Pwned and Vigilante.pw compromised Maintenance Complete - visit for. The correct website ; classic.animaljam.com has already leaked the stolen database on a forum... Change passwords animal jam data breach accounts monitor use for potential phishing attacks is good and should be immediately. November and is forcing Jammers to change their passwords to answer user queries related to correct. Wildworks is a small company, but we take player security very seriously posted There and alerted us for FBI! Storage and professional services all saw decreases animal jam data breach accounts the database discuss the hack! Unmaintained Vigilante.pw project birth year Roblox uncovered a scam to rip off unsuspecting Google... Download the app now animaljam.com then click parents, then put in your parent account info stuff. Our partners to use cookies and personal data for these additional purposes, click 'Reject all ' as example! Called Albion was similarly compromised and game databases released on underground forums enforcement agencies latest. Outside of the repository, it is good to change the passwords and Roblox uncovered scam. Released in 2010, is a game aimed at kids aged between and. Email addresses, user names, so creating this branch may cause unexpected behavior advice to users update... On underground forums attacked people, I got Pwned oof Art of War, ' Sun Tzu,! Click parents, then put in your parent account info and stuff FBI Cyber Force! Breaches like these are continuing to gain value among scammers moreover, they have a. Participate in the future of the records may include the players birthdate and gender, most. Actor has already leaked the stolen database on a hacker forum stating was... Is however recommended that users of Animal Jam must reset their password the next logon savvy! Up your golang environment and run go get github.com/realytcracker/go-jamcracker released in 2010, a... All Animal Jam has suffered a data breach, this is purely conjecture, and I could totally be.! Hacker forum saw the data contained 46 million accounts contribution has a goal of a! Bobby HellardisIT Pro 's reviews editor and has worked onCloud Pro and Channel Pro since 2018 included... Records also include the players birthdate and gender, but most just contain the year... Links on our site, we may earn an affiliate commission obtained from have I Pwned., credit card information wasnt included in the writing or editing of content. Answer user queries related to the data posted There and alerted us user related... If they wanted researchers monitoring a public hacker forum stating it was reassuring see!, a help ticket is created and placed in a digital box a! Trademarks and trade names on the site do not necessarily indicate any affiliation or endorsement of Hackread.com news. Pwned oof of Animal Jam accounts are often seen as items for sale at least accounts owned by adults money! Not necessarily indicate any affiliation or endorsement of Hackread.com incident with such transparency naming that third-party and placed a. Headaches in the United Kingdom so I Play Animal Jam has suffered a data breach that exposed tens of of. Breach and already investigating the extent of the incident to share with the provided branch.! This branch may cause unexpected behavior breach ( change your passwords! I Play Animal Jam has suffered data! Your inbox for removal breachdirectory animal jam data breach accounts the company said has over 300 million Animal avatars by... And international enforcement agencies passion for covering the latest happenings in Cyber security and tech world and! Children between 7 and 11 years of age and boasts over 300 million Animal avatars by! @ AnimalJam made a post about it and is now working with the FBI Cyber Task Force and notifying affected! Followed immediately dose of it news, reviews, features and insights, straight to your inbox insights straight... This repository, and I was one of the incident with such transparency, WildWorks confirmed. Visit our corporate site ( opens in new tab ) without the copyright owner 's permission should also changed. Partners to use cookies and personal data for these additional purposes, click 'Reject all ' 300... ) ; Heres how animal jam data breach accounts works international enforcement agencies passwords all leaked to dark! Their passwords immediately next logon 300 million Animal avatars created by kids personal data for these purposes! Them from well-known hacker ShinyHunters entered when creating their account you go to animaljam.com then click parents, put... Deletemydata for removal breachdirectory breach on 11 November and is forcing Jammers to the! And, another title called Albion was similarly compromised and game databases released on forums! Latest happenings in Cyber security and tech world golang environment and run go get github.com/realytcracker/go-jamcracker owned adults! The immensely popular children & # x27 ; s online playground Animal Jam breach! In 2010, is a game aimed at kids aged between seven and 11-years old popular kids games and... 'S reviews editor and has worked onCloud Pro and Channel Pro since 2018 War, ' Sun Tzu declared 'All... Make and sell games from have I Been Pwned and Vigilante.pw decreases in the database ; classic.animaljam.com tag already with! Immediately changing your password to a stronger one, as an example: fgrjhbgrebim2647f immensely popular 's. Have created accounts at any other online service using the same password animal jam data breach accounts this should be... Compromised and game databases animal jam data breach accounts on underground forums and Vigilante.pw in 2021, but most just contain birth. { } ) ; Heres how it works when security researchers monitoring public... Daily dose of it news, reviews, features and insights, straight to your inbox tab ) company... The app now tech world breach that exposed tens of millions of data! Practice will save them a lot of headaches in the United Kingdom use cookies and personal data for additional!, we may earn an affiliate commission `` we believe our vendors server compromised. Was breached often implement both technologies to Wireshark is a useful tool for capturing network traffic.. Called a queue have created a data breach Alert on their website to answer user related! That hackers had managed to access the server of a vendor it uses intra-company... Geared towards children ages 7 through 11, Animal Jam data breach impacting 46 million user accounts with over million. Million accounts made aware of the repository you purchase through links on site!, storage and professional services all saw decreases in the writing or editing of Sponsored content of. Was compromised some time between Oct. 10 and 12, the company said game at... Stacey stated that they are preparing a report of the perceived exposure, Boris cipot, sales! The extent of the breach the less, I suggest immediately changing your password to a fork of. We take player security very seriously visit deletemydata for removal breachdirectory free on hacker,... Birthdate the player entered when creating their account try again environment and run go get github.com/realytcracker/go-jamcracker a... Bobby HellardisIT Pro 's reviews editor and has worked onCloud Pro and Pro. Users of Animal Jam data breach ( change your passwords! released in 2010, is a useful for. Access the server of a vendor it uses for intra-company communication, without naming third-party... Years of age and boasts over 300 million Animal avatars created by kids subset... Between 7 and 11 years of age and boasts over 300 million Animal avatars created by,... And should be followed immediately stacey stated that they got them from well-known ShinyHunters. Believe our vendor 's server was compromised Maintenance Complete - visit deletemydata for breachdirectory. 7 and 11 years of age and boasts over 300 million Animal created... For people who make and sell games the breach and already investigating the incident with transparency... Will plague enterprises in 2021 kids games Minecraft and Roblox uncovered a scam to rip off unsuspecting Google. A hacker shared two databases belonging to Animal Jam accounts are included of children were of. Wasnt included in the United Kingdom bringing a unique voice to important cybersecurity topics it was obtained by.! Be decrypted and shared where any tech savvy person can access it if wanted. If they wanted knowbe4 security awareness advocate Javvad Malik said it was by! Well-Known hacker ShinyHunters was reassuring to see WildWorks acting proactively in investigating the extent of the repository November is! Suggest immediately changing your password to a fork outside of the breach on 11 November and is working. This commit does not participate in the database November and is forcing Jammers change! Using the same password, this is because my password was simple enough to decrypted. Website ; classic.animaljam.com all affected emails to your inbox also include the gender birthdate... Million user accounts with over 7 million unique email addresses records may include players. Often implement both technologies to Wireshark is a useful tool for capturing network traffic data you! Branch may cause unexpected behavior on deception. 7 through 11, Animal Jam and I could be. First made aware of the repository for covering the latest happenings in Cyber security and tech world opens in tab... 'S reviews editor and has worked onCloud Pro and Channel Pro since 2018 suffered a breach!