The numbers are staggering. While the official breach notification to regulators (sent to the Wyoming Attorney General) claimed approximately 46 million accounts were affected, security analysts and Have I Been Pwned (HIBP) founder Troy Hunt analyzed the data and suggested the number of unique email addresses was closer to 32 million.
However, because many users had multiple accounts (spare "sparables"), the total number of unique usernames and their associated plain text passwords was estimated to be over 46 million records.
The compromised data included:
To understand the gravity, you need to understand the velocity of a credential stuffing attack.
Let’s say your child uses the password FluffyPanda99 for Animal Jam. Because the breacher has the plain text, they write a bot. That bot attempts to log into: Animal Jam Data Breach Passwords
Because WildWorks failed to hash passwords, the hacker does not need expensive GPU rigs to crack codes. They have the literal key to the digital front door.
On or around October 12, 2020, an unauthorized party gained access to WildWorks’ systems. The breach was later confirmed by the company, but initial public communication was limited. By November 2020, a database containing over 46 million user records was being traded on underground hacking forums. The numbers are staggering
In October 2020, WildWorks, the developer of Animal Jam, suffered a major data breach. A hacker gained access to a backup database containing user information. Initially, the company alerted users about a “security incident.” But by early 2021, it was confirmed that over 46 million user records had been stolen.
The compromised data included: