Animal Jam — Data Breach Passwords

Usernames, 7 million unique email addresses , IP addresses, dates of birth, billing addresses, and parent names.

This was the most dangerous byproduct of the breach. Hackers took the cracked passwords and parent email addresses and tried them on other platforms, such as Amazon, Netflix, banking apps, and email providers. Users who reused their Animal Jam password elsewhere found their external accounts compromised.

While the passwords were encrypted (hashed), they were part of the released database. Personal Identifiers: Animal Jam Data Breach Passwords

Hackers logged into cracked accounts to steal rare in-game items, currency, and virtual pets. Many long-time players lost years of digital progress overnight.

Drop a comment below or check out our Parent’s Guide to Gaming Security . Usernames, 7 million unique email addresses , IP

However, security experts criticized several aspects of WildWorks’ response:

Intellectual property tags, player gender choice, and birth years. Users who reused their Animal Jam password elsewhere

Credential stuffing bots can run through millions of username/password pairs in minutes. A single exposed Animal Jam password can lead to:

The breach was quickly cataloged by Have I Been Pwned (HIBP), the widely respected breach notification service, on November 12, 2020 — just one day after researchers alerted WildWorks to the data theft.