Cyber Incident Victim: WildWorks

On October 12, 2020, threat actors compromised databases belonging to WildWorks, the developer of the children's virtual world Animal Jam. The breach involved unauthorized access to two databases labeled 'game_accounts' and 'users,' collectively containing approximately 46 million player records. WildWorks CEO Clark Stacey later attributed the intrusion to attackers obtaining the company's AWS key after compromising its Slack server. Although WildWorks addressed the breach swiftly, they initially remained unaware that data had been exfiltrated. The stolen information included 46 million usernames, SHA1-hashed passwords, and IP addresses used during account sign-ups. Approximately 7 million parent email addresses were also exposed, alongside 116 records containing parent names and billing addresses—though no credit card information was included. Limited gender and birthdate data appeared in the breach, but no real names of children were disclosed.

The breach became publicly known on November 11, 2020, when a threat actor shared partial databases containing 7 million records on a hacker forum, attributing the theft to the ShinyHunters group. WildWorks confirmed the breach after analyzing the leaked data, noting timestamps in the sample records aligned with the October 12 compromise. In response, the company mandated password resets for all users upon their next login and initiated notifications to affected email addresses. WildWorks also prepared a report for the FBI Cyber Task Force and advised users to monitor accounts for phishing attempts. The company emphasized that plaintext passwords and sensitive child identifiers remained unexposed. Impacted individuals were directed to check breach notification services like Have I Been Pwned for verification. The incident affected Animal Jam’s user base of over 300 million registered animal avatars, highlighting risks to a platform averaging one new player registration every 1.4 seconds.