According to official statements from WildWorks management, the initial point of failure did not lie within the core gaming engine or the database firewalls. Instead, a threat actor—later identified as part of the prolific hacking group —targeted a vendor tool used for internal corporate communication. Animal Jam Data Breach - Have I Been Pwned
While WildWorks, the developer of Animal Jam, stored passwords in an encrypted format (PBKDF2), the breach remains dangerous for several reasons: Animal Jam Data Breach - Have I Been Pwned Animal Jam Data Breach Passwords
The security breach occurred between October 10 and October 12, 2020. At first, WildWorks believed no data had been taken and considered the incident low-risk. However, security researchers alerted the company on November 11 that a massive database was being circulated on hacker forums. After confirming the breach, WildWorks publicly announced the incident and began notifying affected users. At first, WildWorks believed no data had been
Even though passwords were stored in a scrambled format (bcrypt hashing), many players—especially children—use weak or common passwords. Hackers can run automated tools to guess simple passwords like “password123,” “jammer2020,” or a pet’s name in seconds. Even though passwords were stored in a scrambled
Unlike many corporate breaches driven by financial fraud, this breach appeared to be driven by "clout" within the hacker community. The attacker, reportedly a known figure in data breach circles, initially teased the leak and then released the data (minus the billing info) publicly on a hacking forum for anyone to download.
Additionally, for some accounts, IP addresses at the time of account creation were included in the breach. Fortunately, WildWorks had a policy of manually reviewing usernames, and no real names of children were part of the breach — at least according to the company's official statement.
Identify any other websites where you used the same password and change them immediately.