Animal Jam Data Breach Passwords 90%

The most critical element of the breach was the exposure of player passwords. Key technical facts include:

The leak included usernames, 7 million unique email addresses , and encrypted passwords . It also included parental information, such as billing addresses for players with memberships. Were Passwords Stolen?

For younger players, the exposure of birthdates and email addresses is particularly alarming, as it can be used to piece together real-world identities. Animal Jam Data Breach Passwords

Usernames, 7 million unique email addresses , IP addresses, dates of birth, billing addresses, and parent names.

The initial breach occurred in when an unauthorized user accessed a private Slack channel used by WildWorks for internal communication. This channel contained a private Amazon Web Services (AWS) key . With this key, the hackers were able to bypass security measures and access the game's main user database. The company was alerted to the theft on November 11, 2020 , when security researchers saw a sample of the stolen data posted on the hacker forum RaidForums. The most critical element of the breach was

WildWorks published a detailed FAQ detailing exactly what data was taken, earning praise from cybersecurity experts for their swift and honest communication. Crucial Lessons in Password Security

Not necessarily. Animal Jam remains a relatively safe, moderated space for kids. But any online account with personal information is a target. The key is : Were Passwords Stolen

By 2020 standards, SHA-1 was considered cryptographically broken and obsolete for password storage.

Once a hacker has an email and a cracked password, they don’t just log into Animal Jam . They try that same email and password combination on like Roblox, Discord, or even a parent’s Amazon account. This is called credential stuffing .