Suffering a breach of data amounting to 46m accounts and countless unforeseen consequences,the platform is in hot soup.
A children’s online gaming platform Animal Jam has just reported a data breach affecting 46 million accounts.
The details were shared on a hacker forum for free, in two databases belonging to Animal Jam. Only a partial database containing approximately 7 million user records for children/parents, with the remaining data being chargeable.
The exposed data includes usernames, passwords, email addresses, IP addresses, and a small fraction of records also contained billing addresses, gender and birth dates of registered players.
The firm behind the platform, WildWorks, is actively investigating the breach and has issued a warning and an FAQ to help users with any related issues. As a precaution, all Animal Jam users’ will be required to reset their password on the next logon. The threat actors are believed to have obtained the firm’s AWS key after compromising a Slack server.
According to one security expert’s observation, gaming player accounts are often high-value assets due to in-app purchases or rewards from levelling up. In other words, gaming accounts are often items for sale. However, we now know that even educational games for children are no longer safe, but are valuable resources for bad actors.
Said Boris Cipot, Senior Security Engineer, Synopsys Software Integrity Group: “In this breach, the attacker was able to access and steal the account information of millions of users. One way the cybercriminals may abuse this data is to carry out a phishing attack. Therefore, users and their parents, need to watch out for any emails asking for personal information. While a password-change process has been enforced on Animal Jam, users should change passwords reused across any other services or websites, as attackers may cross-reference the account information on other services in order to find more services to exploit.”