Security: Animal Jam warns of hack affecting 46 million accounts
The popular game Animal Jam, enjoyed by millions of children around the world, has advised parents of a hack which has exposed the personal details of 46 million account records.
The company behind Animal Jam, WildWorks, has issued a warning that details revealed in the attack include 7 million email addresses used to create accounts, and 32 million player usernames. A proportion of the 46 million accounts affected have had full name and billing address details exposed.
In a post on the Animal Jam website, Wildworks says that it: "has learned that a database containing some Animal Jam user data was stolen in connection with a recent attack on the server of a vendor WildWorks uses for intra-company communication. A subset of the stolen records include the email addresses of the parents managing the player accounts and other data that could be used to identify the parents of Animal Jam players".
The company stresses that the names of children have not been exposed and that the number of users for whom billing names and addresses were leaked is very small (just 0.02 percent). This is unlikely to be of much comfort to the thousands of people whose billing data was revealed.
The full list of exposed data looks like this:
- Email addresses used to create approximately 7 million Animal Jam and Animal Jam Classic parent accounts
- Approximately 32 million player usernames associated with these parent accounts
- Passwords associated with those user accounts, but in encrypted form
- 14.8M records include the birth year the player entered at account creation
- 23.9M records include the gender the player entered at account creation
- 5.7M accounts include the full birthday the player entered at account registration
- 12,653 of the parent accounts include a parent’s full name and billing address (but no other billing info)
- 16,131 of the parent accounts include a parent’s first and last name, without a billing address
WildWorks also says:
We believe our vendor’s server was compromised some time between October 10-12, 2020. It was not apparent at the time that a database of account names was accessed as a result of the break-in, and all relevant systems were altered and secured against further intrusion. The database theft most likely occurred in the same October 10-12, 2020 time window.
The company says that is it working with the FBI and international law enforcement agencies to determine what happen. It also offers the following advice to concerned customers:
- Search for any email address you’ve used in the past several years at the https://haveibeenpwned.com website to see if it was among those in the compromised database.
- If your email address WAS included in the breach, as a precaution you should change your email account password immediately -- especially if it’s a password you also use for other online accounts.
- Never share your Animal Jam password with anyone, for any reason. Not even your best friend. Never enter your username or password into websites promising free Sapphires or Pack memberships. These sites exist solely to steal your login credentials.
- If you believe your Animal Jam account was accessed illegally, contact the security team via email at [email protected] or click here. They will investigate and secure your account.