A popular children's online gaming website has become the victim of data breach on Nov. 12, 2020, losing sensitive personal data to hackers including email addresses and passwords of 46 million user accounts. Animal Jam has a massive user base targeting children age seven to 11 and has 300 million animal avatars sketched by kids. A new account is created every 1.4 seconds, highlighting the humongous audience this gaming website has.
On Nov. 11, an anonymous account shared two Animal Jam databases in a hacker forum, claiming the breach was carried out by a website hacking entity called ShinyHunters. The hacker shared the database samples to prove the claim was genuine; it was also confirmed by Animal Jam using timestamps, which shows the hacker breached the server on Oct. 12, 2020.
Animal Jam identified the breach on Nov. 12 and has been continuously investigating the attack to uncover the full scope of damage to its data. It appears that the hackers obtained the AWS key by compromising Animal Jam's Slack server. When Animal Jam first detected the breach, it wasn't aware of the data theft.
It appears the hackers stole data of 46 million user accounts, including usernames and passwords. Additionally, around 7 million email addresses of parents have also been compromised along with the IP addresses of the devices that were used to create the user accounts.
Animal Jam has notified its users about the breach and requested its entire user base to update their passwords. The data security wing of Animal Jam has also created a Data Breach Alert system to answer user questions. The spokesperson from Animal Jam has also confirmed that no real names of children have been exposed, as they have always been extra cautious about securing this data.
If you or your child has an account with Animal Jam, follow the below steps to secure your data.
The pandemic has accelerated digital transformation, making online education the new normal for many regions in 2020. With children now being locked in a digital world, it's essential for them to learn proper cyber hygiene and for parents to teach their children data security and privacy best practices.