WildWorks, the creator of the widely-played children’s game Animal Jam, has announced that it experienced a data security incident.

Animal Jam consistently ranks among the top five games for children aged 9-11 within the U.S. Apple App Store, as indicated by App Annie’s data. While data breaches are always concerning, WildWorks has demonstrated a commendable level of transparency regarding this event, which can assist parents in safeguarding their personal details and their children’s information.

Here’s a summary of the situation.

According to a comprehensive statement released by WildWorks, a hacker successfully accessed 46 million Animal Jam user records in early October, though the breach wasn’t discovered until November.

The company explained that the unauthorized access occurred through a compromised internal communication system, allowing the hacker to obtain a key that unlocked the company’s user database. WildWorks has confirmed that the stolen data is currently available on at least one online cybercrime forum, suggesting potential misuse of the compromised information by malicious actors.

The data in question spans a period of more than ten years, meaning that individuals who no longer actively use the game may still be impacted.

While a significant portion of the stolen data isn’t considered highly sensitive, WildWorks has cautioned that 32 million records included usernames, 23.9 million contained gender information, 14.8 million held birth years, and 5.7 million featured complete dates of birth.

Furthermore, the company disclosed that 7 million email addresses belonging to parents who manage their children’s accounts were also compromised. Additionally, 12,653 parent accounts contained both a parent’s full name and billing address, while 16,131 accounts included a parent’s name but lacked billing address details.

The company assures that no financial information, beyond billing addresses, was taken during the incident.

WildWorks also reported that player passwords were stolen, prompting a mandatory password reset for all users. If you are currently unable to log in, this is likely the reason; please check your email for a password reset link. The company did not specify the method used to protect passwords, raising the possibility that they could be deciphered and potentially used on other accounts utilizing the same credentials. This underscores the importance of employing unique passwords for each online service and utilizing a password manager for secure storage.

The company has stated that it is collaborating with the FBI and other law enforcement authorities regarding this matter.

What steps can parents take?

• Troy Hunt, a security researcher and the founder of Have I Been Pwned – a website designed to help individuals determine if their data has been involved in a data breach – has already acquired a copy of the stolen data. This allows users to visit Have I Been Pwned and check if their information was compromised in the Animal Jam breach.

• Fortunately, the data linked to children’s accounts is limited in scope. However, parents should change passwords on any other websites where they have used the same password as their Animal Jam account, opting for strong and unique alternatives to prevent unauthorized access to those accounts.

• For assistance with securely storing or generating robust passwords, consider using a password manager.

• Remain vigilant for scams related to this breach. Cybercriminals often exploit recent events to deceive individuals into divulging further information or funds.

https://techcrunch.com/2018/12/26/cybersecurity-101-security-guides-protect-privacy/