The wildly popular educational kid's game "Animal Jam" has been hacked, the company behind the game confirmed, with hackers stealing more than 46 million records, with some of them found on a malicious underground forum in the Dark Web.
'Animal Jam' Hacked: Players' Accounts Compromised
According to a report by ThreatPost, WildWorks, the company behind the game, was unaware that the data from the game had been compromised until they have found 7 million records have been found in the forum, which consisted of malicious actors that distribute lifted data.
Based on the report, the company had only found out about the distribution of said records on Wednesday, November 13.
The company shared how the hacking happened, saying that the cybercriminals were able to acquire a key to one of the server database, which they used for intra-company communication, and was maintained by a third-party vendor.
WildWorks did not name the vendor.
"We believe our vendor's server was compromised some time between October 10 and 12," the company said in the official statement announcing the breach. "It was not apparent at the time that a database of account names was accessed as a result of the break-in, and all relevant systems were altered and secured against further intrusion. WildWorks learned of the database theft...November 11, 2020, when security researchers monitoring a public hacker forum saw the data posted there and alerted us."
They have also shared a tweet on Twitter to update their followers of the said breach.
Launching an FAQ Page for Transparency
The company decided to be transparent with the breach, immediately launching an FAQ webpage where people with records on "Animal Jam" can find detailed answers to their questions, specifically which records were stolen.
However, they confirmed that no real names of the children were compromised following the attack.
Furthermore, Wildworks also encourages people to update their "Animal Jam" passwords as soon as they are able.
Boris Cipot, a senior sales engineer from Synopsys, said that one of the ways cybercriminals could use the stolen data is to carry out phishing attacks.
With that Cipot suggested parents who signed up for "Animal Jam" on behalf of their children to be on the lookout for suspicious emails asking for their personal data and that they immediately change their passwords on the game to avoid account takeover.
Considering the Risks of Children's Games and Toys
Meanwhile, Javvad Malik, a security awareness advocate from KnowBe4 noted that parents, as well as the industry, should consider the security risks that are associated with kids' toys and games, which were initially deemed as low-risk when it comes to these attacks.
"Animal Jam" was first launched in 2010 and was marketed towards seven to 11 year-olds and their parents as a "safe and educational virtual space" where they can explore the animal kingdom.
The educational game is free-to-play, where children can create their own animal avatars and learn more about nature as well as chat with other kids and take part in online competitions for in-game prizes.
Up to date, over 300 million "Animal Jam" accounts has been created in over 225 countries worldwide.
This article is owned by Tech Times
Written by: Nhx Tingson