He suggested that a closer partnership between manufacturing and technology could help mitigate risks to kids and their data. “It raises the question as to how deeply embedded technology has become in all aspects of our lives, where even children’s toys and games need accounts to be setup which potentially can hold sensitive information - and make an attractive target to attackers,” Malik said by email. Javvad Malik, security awareness advocate at KnowBe4, meanwhile noted in a statement provided to Threatpost that parents and the broader industry should take a closer look at security risks associated with kids games and toys, once considered low-stakes in terms of threat exposure. The attackers might cross-reference your account information on other services in order to find other exploitable services. Passwords should also be changed across any other service where it might have been reused.
It is important that the account password is changed immediately as well to avoid an account takeover. “Therefore, users, or their parents, need to watch out for any emails asking for personal information. “One way the cybercriminals may abuse this data is to carry out a phishing attack,” Cipot said via email.
Regardless of the perceived exposure, Boris Cipot, senior sales engineer with Synopsys warned users to update their passwords immediately. All Animal Jam usernames are human-moderated to ensure they do not include a child’s real name or other personally identifying information.” “Billing name and billing address were included in 0.02 percent of the stolen records otherwise no billing information was stolen, nor information that could potentially identify parents of players. “No real names of children were part of this breach,” the company’s site explained. More information and the FAQ can be found here: /eqIPvXmDAeĪccording to its own reporting, the company said that cybercriminals were able to steal 7 million parent account email addresses, and 32 million usernames associated with the parent accounts, containing encrypted passwords, players’ birthdays and gender, and more. Please see this statement from WildWorks. In keeping with its safety- and privacy-conscious brand, WildWorks has taken a decidedly transparent approach with its users in the wake of the breach, launching an FAQ site detailing precisely what was stolen, directing users to update their passwords and offering assistance to affected customers. 11, 2020, when security researchers monitoring a public hacker forum saw the data posted there and alerted us.” WildWorks learned of the database theft…Nov.
“It was not apparent at the time that a database of account names was accessed as a result of the break-in, and all relevant systems were altered and secured against further intrusion.
10 and 12,” the company said in a statement announcing the breach. “We believe our vendor’s server was compromised some time between Oct. Hackers were able to obtain a key to a server database maintained by a third-party vendor that WildWorks uses for intra-company communication, according to the company. More than 300 million Animal Jam avatars have been created to date, and there are players across 225 countries, the company reported.
11.įirst released in 2010, the game is geared for 7- to 11-year-olds and marketed to parents as a safe and educational virtual space to explore the natural world. The game is free to play and provides a virtual experience where kids can design their own animal avatars, learn facts about nature, chat with other players and engage in mini-competitions for in-game prizes. The company, WildWorks, said that it was unaware that the data had been compromised, until 7 million records turned up on an underground forum used by malicious actors to distribute lifted data, on Nov. The company behind the wildly popular kids’ game Animal Jam has announced that hackers stole a menagerie of account records during a breach of a third-party vendor’s server in October - more than 46 million of them, in fact.