Posted on November 17, 2020 at 2:08 PM
The company behind Animal Jam, the popular educational kid’s game, has confirmed that its portal was recently hacked.
According to the report, hackers stole more than 46 million records of gamers on the platform, and some of the records have already been posted on the darknet.
As a result, the parent company WildWorks is advising parents of the kids whose details may have been exposed on actions to take for security.
WildWorks didn’t know its data has been compromised until details about the data start appearing on darknet forums on November 13. About 7 million records have already been offered for sale, and many more could still be sold on other darknet forums as well.
Hackers acquired the key to the server database
The hacking method the hackers used has also been shared by WildWorks. Based on the report, the hackers acquired a key to one of the server databases for intra-company communications through a third-party.
However, the third-party vendor was not named in the report.
“We believe our vendor’s server was compromised sometime between October 10 and 12,” WildWorks revealed in an official statement.
The company has also shared a tweet to inform users of the said hack. It has also tried to be very open with the breach to help users protect themselves against subsequent phishing attacks. As a result, it launched a FAQ webpage where users can get answers to questions they may have about the type of records stolen and how to protect their accounts.
No real names of users were exposed
Wildworks also confirmed that the stolen data doesn’t contain real names of users, who are mostly kids.
The company has sent emails to users who are affected. It has also advised the users who are affected to change their “Animal Jam” passwords as soon as possible.
Senior sales engineer at Synopsys, Boris Cipot, informed that cybercriminals who get hold of the data can launch an attack in the future. One of the attack methods could include a phishing attack.
As a result, Cipot has advised parents who signed up for the game for their kids to be careful about replying to suspicious emails. They should be particularly wary of emails warning them to update their passwords to prevent account takeover.
On a similar note, the security awareness advocate at KnowBe4, Javvad Malik, also advises parents to understand the risk behind kid’s toys and games. He said in the past, the gaming industry was considered to be low-risks when it comes to cyber-attacks.
But the spate of attacks on companies in the industry has increased tremendously. So, parents and stakeholders in the toys and gaming industry for kids should be more cautious about security.
When “Animal Jam” was launched ten years ago, it was designed for kids between 7 and 11 years. It was meant as an educational method for children to explore the animal kingdom.
There is no fee attached to the game. The users can use their animal avatars, chat with other kids, and understand the animal kingdom better. There is also the section where kids can register for an online competition for in-game rewards.
Presently, there more than 300 million accounts created on the portal from more than 225 countries.
The game is ranking as one of the top 5 games for the 9-11 age category in Apple’s app store.
Details in the stolen data contain records from 10 years ago when the gaming portal was launched, the company stated. That means old users who are no longer using the portal may still be affected.
Although most of the stolen data don’t contain highly sensitive information, other details may be used for a phishing attack. According to the information provided, 5.7 million of the records contain the player’s complete date of birth, 23.9 million records contain the player’s gender, while 32 million had the player’s username.
The good news about the hacking incident is that the real names of the users were not exposed. However, cybercriminals who can get hold of the data may use it for a phishing attack in the future, which is the bad news.