A Hacker Just Stole 46 Million Passwords From Animal Jam Players
Following the cyber attacks against gaming industry giants Activision and Capcom, a new massive hack against a gaming company was reported in mid-November. A bad actor managed to steal a stunning 46 million user records from online children's game Animal Jam.
The attack was disclosed by WildWorks - the company that owns and runs Animal Jam. WildWorks stated that the attack was targeting a third-party server that the company used for "intra-company communication".
The stolen information includes e-mail addresses used by the parents who created the accounts for their young children. The stolen database records also include millions of usernames, year of birth as well as full birthday information, gender records, millions of parent billing addresses and millions of full parent names.
The company further informed users it believes the attack took place sometime in early October. WildWorks was alerted about the theft after security researchers found the user database floating around on a hacker forum.
Thankfully, the company has secured the faulty server and has taken measures to refresh user passwords too. All Animal Jam users have been forced to change their passwords immediately.
Even though the stolen records also contained user passwords, those were stored in encrypted format. However, WildWorks warns that if some users were using very short password strings and were using simple dictionary words may have their passwords decrypted, as the simplicity of the password makes it exponentially easier to crack.
The company's statement urged users to create better passwords, mixing letters, symbols and numbers, but it seems there are no hard restrictions in place that can enforce this sort of stronger password.
This incident once again serves to show that you, as a private user, cannot safeguard against hacks and data breaches. Assuming the service that got hacked had the common sense to store your password in encrypted form, your best bet would be to use a long, complex and well-constructed password that would minimize the chances of it being cracked despite encryption.