A popular children's online gaming website has become the victim of data breach on Nov. 12, 2020, losing sensitive personal data to hackers including email addresses and passwords of 46 million user accounts. Animal Jam has a massive user base targeting children age seven to 11 and has 300 million animal avatars sketched by kids. A new account is created every 1.4 seconds, highlighting the humongous audience this gaming website has.

On Nov. 11, an anonymous account shared two Animal Jam databases in a hacker forum, claiming the breach was carried out by a website hacking entity called ShinyHunters. The hacker shared the database samples to prove the claim was genuine; it was also confirmed by Animal Jam using timestamps, which shows the hacker breached the server on Oct. 12, 2020.

Summary of the attack

Animal Jam identified the breach on Nov. 12 and has been continuously investigating the attack to uncover the full scope of damage to its data. It appears that the hackers obtained the AWS key by compromising Animal Jam's Slack server. When Animal Jam first detected the breach, it wasn't aware of the data theft.

It appears the hackers stole data of 46 million user accounts, including usernames and passwords. Additionally, around 7 million email addresses of parents have also been compromised along with the IP addresses of the devices that were used to create the user accounts.

How did Animal Jam respond?

Animal Jam has notified its users about the breach and requested its entire user base to update their passwords. The data security wing of Animal Jam has also created a Data Breach Alert system to answer user questions. The spokesperson from Animal Jam has also confirmed that no real names of children have been exposed, as they have always been extra cautious about securing this data.

How should Animal Jam users respond to this breach?

If you or your child has an account with Animal Jam, follow the below steps to secure your data.

  • Update your Animal Jam account password immediately, and ensure it's much stronger this time by using a combination of alphanumeric and special symbols.
  • If your Animal Jam password isn't unique and has been used for other sites, update the accounts where this password has been used, too.
  • If possible, try to employ a password manager or a vault application to keep your credentials safe from external attacks. Show your children how to use a password management application, so that they can keep their data safe in the future.
  • Monitor your kids' email accounts occasionally to ensure they are safe from cyber bullying, phishing, and anonymous emails.
  • If there are any suspicious emails or emails harassing your child, report it to the email application provider, so that those emails will be scrutinized and blocked from further distribution.
  • It's also possible to restrict kids from downloading attachments, as this is a common means of phishing and malware deployment.

The pandemic has accelerated digital transformation, making online education the new normal for many regions in 2020. With children now being locked in a digital world, it's essential for them to learn proper cyber hygiene and for parents to teach their children data security and privacy best practices.