Gaining popularity since 2010, Animal Jam has recently reported a compromised exposure about its 45 million accounts that have been auctioned on the dark web. Its creator, WildWorks, confirmed the breach and already investigating the extent of the data loss.
Animal Jam has been developed targeting kids aged from 4 – 11 years old, offering an educational activity that the young can enjoy. Kids can enjoy creating and customizing their avatar animals wherein they can show their artistic side. Also, it involves science and technology activity in building simple projects like making string phones, catapult, creating periscope, and other stuff to suffice their curiosity. They can do coloring activity while learning about animals’ habitat and behavior and a few trivial tasks and information. It also has an interactive feature that players can chat with each other, giving them proper training in communicating with other people while boosting their interpersonal skills. These are few contents that the application offers to children, thus, earning popularity and positive reviews from different Child–Friendly award–giving bodies and reaching over 130 million users.
According to the developer, they created the app not only for the children to develop their skills and learn about science and technology but also to spread awareness and care for the animals and the environment. They believed that inspiring the young can help build a better future in taking care of the planet and its inhabitants.
However, they were saddened by the breach that happened, and securing their customers’ Animal Jam accounts is on their top priority.
The official announcement from Wildworks CEO confirmed that the adversaries could get hold of the information after cracking their AWS key from the company‘s Slack server but have not known that it was already stolen and being posted onto the dark web.
The report affirmed that the adversary that claimed responsibility for this ruckus is the infamous ShinyHunters. Since May of this year, the hacking group is making noise on the dark web by exposing millions of stolen accounts from the company they have victimized. ShinyHunters stolen information is auctioned for a thousand dollars, unlike other adversaries that sell it for a hundred thousand or more. Cybersecurity researchers confirmed that the group stole data that may not be easy to be used for immediate malicious activity as most are hashed information but still can be part and aid other adversaries, to pursue their malicious activity.
Currently, as a mitigation plan, Wildworks are mandating their user to immediately change their account‘s password. They treat this as another educational activity to the user, specifically parents, to teach their child about securing their account and imposing awareness about any data breach’s negative impact. They have already posted on their website about a status update and preparing reports to seek aid from the FBI Cyber Task Force for transparency.