Children’s email addresses and birthdates stolen by cybercriminals
Online video game Animal Jam has announced a data breach. Sensitive personal information belonging to 46 million Animal Jam and Animal Jam Classic players and their parents was exfiltrated in an October cyber attack. The type of data stolen by the attackers varies but over sixteen million accounts contain parents’ full name and over five million accounts contain children’s gender and birthdate.
It is believed that the cyber attack occurred between October 10 and October 12 according to a press release on the Animal Jam website.
According to a post on Bleeping Computer, the stolen information – one list called titled ‘game_accounts’ and the other ‘users’ – has already appeared on the dark web.
What was stolen in the Animal Jam Data Breach?
The database exfiltrated by the attackers has about 46M Animal Jam account records. The information in these records includes the following:
- Email addresses used to create approximately 7 million Animal Jam and Animal Jam Classic parent accounts
- About 32 million player usernames associated with these parent accounts
- Encrypted passwords associated with these user accounts was taken
- 23.9M records contain the players’ gender
- 14.8M records have the birth year the player entered at account creation
- 5.7M accounts include the player’s full birthdate
- 12,653 of the parent accounts include a parent’s full name and billing address (but no other billing info)
- 16,131 of the parent accounts include a parent’s first and last name, without a billing address
No payment information was exposed in the Animal Jam data breach according to the announcement. Also, the real-life names of children were not exposed to. According to the announcement. all usernames are human moderated so they do not include a child’s real name.
Animal Jam Video Game
Animal Jam Classic (Formerly Animal Jam) Is an online video game for children ages four through eight. It was created by WildWorks in a collaborative effort with the National Geographic Society. WildWorks is a private game development studio based in The United States . Animal Jam classic was launched in 2010 and works on Microsoft Windows, Linux, and Mac OS.
Animal Jam Data Breach How do I protect my child?
Cyber criminals use information stolen in data breaches to launch future cyber attacks including malware, ransomware, and phishing email campaigns. The attackers who stole this personal data have the email addresses, birthdates, and parents’ names. This is plenty to craft convincing emails that contain links to harmful websites. Clicking on these links can damage your computer and result in financial losses. Protect yourself with a reputable anti-malware app to help detect and stop these attacks.
Note: Links to apps may earn a small commission that helps cover expenses
- Even though no payment card numbers were stolen in the Animal Jam data breach, players and their parents are still at risk.
- Change the password of any other online account that uses the same password as your Animal Jam account. People frequently use the same password across multiple online accounts. When an attacker gains access to one password and email combination they can use it to break into more valuable accounts like banks and credit cards
- Use a quality anti-malware subscription app to help protect your child’s email an Internet usage. Anti-malware apps will protect your laptops, computers, phones, and tablets to warn you when you about to go to a malicious website or if an email contains harmful links
Animal Jam recommends that parents check the email addresses associated with their account on https://haveibeenpwned.com/ website. If you find that your email address is listed on the website, then you should consider shutting it down and getting a new email address and starting fresh.
Cyber criminals compromised an AWS key after infiltrating the company’s Slack channel according to Bleeping Computer. The company is working with the Federal Bureau of Investigations (FBI)
