WildWorks, the gaming company that makes the popular kids game Animal Jam, has confirmed a data breach.
Animal Jam is one of the most popular games for kids, ranking in the top five games in the 9-11 age category in Apple’s App Store in the U.S., according to data provided by App Annie. But while no data breach is ever good news, WildWorks has been more forthcoming about the incident than most companies would be, making it easier for parents to protect both their information and their kids’ data.
Here’s what we know.
WildWorks said in a detailed statement that a hacker stole 46 million Animal Jam records in early October but that it only learned of the breach in November.
The company said someone broke into one of its systems that the company uses for employees to communicate with each other, and accessed a secret key that allowed the hacker to break into the company’s user database. The bad news is that the stolen data is known to be circulating on at least one cybercrime forum, WildWorks said, meaning that malicious hackers may use (or be using) the stolen information.
The stolen data dates back to over the past 10 years, the company said, so former users may still be affected.
Much of the stolen data wasn’t highly sensitive, but the company warned that 32 million of those stolen records had the player’s username, 23.9 million records had the player’s gender, 14.8 million records contained the player’s birth year and 5.7 million records had the player’s full date of birth.
But, the company did say that the hacker also took 7 million parent email addresses used to manage their kids’ accounts. It also said that 12,653 parent accounts had a parent’s full name and billing address, and 16,131 parent accounts had a parent’s name but no billing address.
Besides the billing address, the company said no other billing data — such as financial information — was stolen.
WildWorks also said that the hacker stole players’ passwords, prompting the company to reset every player’s password. (If you can’t log in, that’s probably why. Check your email for a link to reset your password.) WildWorks didn’t say how it scrambled passwords, which leaves open the possibility that they could be unscrambled and potentially used to break into other accounts that have the same password as used on Animal Jam. That’s why it’s so important to use unique passwords for each site or service you use, and use a password manager to store your passwords safely.
The company said it was sharing information about the breach with the FBI and other law enforcement agencies.
So what can parents do?
- Troy Hunt, a security researcher and owner of Have I Been Pwned, a website that helps you find out if you’re a victim of a data breach, has already obtained a copy of the stolen data. That means anyone can go to Have I Been Pwned and check to see if they are a victim of the Animal Jam breach.
- Thankfully the data associated with kids accounts is limited. But parents, if you have used your Animal Jam password on any other website, make sure you change those passwords to strong and unique passwords so that nobody can break into those other accounts.
- If you need help safely and securely storing or generating strong passwords, use a password manager.
- Keep an eye out for scams related to the breach. Malicious hackers like to jump on recent news and events to try to trick victims into turning over more information or money in response to a breach.