Connect with us
SOFTSWISS

Latest News

Animal Jam data breach: 100,000 de-hashed user records leaked, 900,000 more sold on hacker forum

Published

on

Animal Jam data breach: 100,000 de-hashed user records leaked, 900,000 more sold on hacker forum
Reading Time: 3 minutes

A database containing 900,000 user records from the free-to-play game Animal Jam is being sold on hacker forums, with another 100,000 records leaked as a proof-of-concept sample.

Animal Jam is a free-to-play pet simulator developed by WildWorks, a US-based game development studio. The game is available on iOS, Android, PC, and Mac, and has over 130 million registered accounts across all supported platforms.
Recently, the game suffered a data breach where a database containing more than 50 million stolen player records, including email addresses and hashed passwords, has been leaked on a hacker forum.

It seems that it took about a week for a second hacker to de-hash about a million passwords from the previous database and put the plain-text data for sale on another hacker forum: the user records stored in the file that was posted on the hacker forum on November 17 include the players’ email addresses and passwords in plain text.
To see if your email address has been exposed in this or other security breaches, use our personal data leak checker.

What data is contained in the leak?
The file posted on the hacker forum contains what appears to be 100,000 Animal Jam user records, including email addresses and presumably de-hashed passwords stored in plain text.

Such combinations of decrypted user credentials are also known as combo-lists, giving attackers ready-made, machine-readable strings. Combo-lists are typically used as input for automated authentication requests in various malicious activities, such as credential stuffing attacks.

What’s the impact of the leak?
Fortunately, the data found in the leaked file does not contain deeply sensitive information like document scans or credit card numbers. However, it can still be used against Animal Jam players in a variety of ways, such as:

  • Carrying out credential stuffing attacks in order to hack players’ accounts in other games
  • Holding players’ Animal Jam accounts ransom
  • Spamming the victims’ email inboxes with malicious emails

Animal Jam is a free-to-play game that is targeted towards children and incorporates microtransactions. This means that selling stolen game accounts with unlocked premium features and cosmetics back to the affected players or their parents could net malicious actors a lot of money.

What to do if you have been affected?
If you (or your child) have an Animal Jam account and your data has been leaked on this hacker forum, we recommend you:
Change your Animal Jam and email passwords immediately and consider using a password manager to create long, complex passwords
If you have been using an identical password for any other games or online services, change it there as well.
Watch out for potential phishing emails. Do not click on anything suspicious or respond to anyone you don’t know.
Enable two-factor authentication (2FA) on all your online accounts.

De-hashing: The danger of using weak passwords
Judging from the Animal Jam combo-list sample posted on the hacker forum, the vast majority of the de-hashed passwords were weak and contained commonly used words and word-number combinations. While hashing is similar to encryption in that it scrambles input data into semi-randomized output data, there’s a significant difference: hashing is a one-way process.

Competent threat actors are able to de-hash weak passwords by taking acquired lists of password hashes and comparing them with hashes of known weak hash combinations. This is because of the difference between hashing and encryption: identical combinations of symbols will have the same hash value. This means that if a certain commonly used password has been de-hashed once, every other identical password can be de-hashed using the same value.

In fact, there are software tools that are designed specifically for these kinds of tasks. An attacker only needs to upload two text files (called “dictionaries”). The first dictionary is typically composed of hashed password column entries from a hacked database. In this case, it would be the hashed passwords from the previous Animal Jam breach.

The second column contains commonly used passwords or combinations of words, symbols and numbers. These combinations, when joined together, form the second dictionary.

The de-hashing tool takes the second dictionary and the hashes already known by the attacker and compares it with the first dictionary hashes. If any of the hashes match, the password is identified by the program and is associated with the plain text value, giving the attacker all the de-hashed passwords in plain text.

This might be how the threat actor who is selling the Animal Jam combo-list acquired a million passwords in a relatively short amount of time since the Animal Jam data breach.
Which brings us to the moral of the story: never use weak passwords. And if you’re as bad at creating and remembering strong passwords as we are… please, for the love of all that is holy, use a password manager.

 

Source

Continue Reading
Advertisement




MARE BALTICUM Gaming & TECH Summit 2024

Click to comment

Asia

FBM Foundation elevates schools in Laguna and Cavite with donations to boost digital educational progress

Published

on

Reading Time: 2 minutes

The two solidarity gestures executed by FBM Foundation in May prove once again the project’s commitment to nurturing future digital leaders and empowering communities through education.

This significant donation to Mabato National High School included 15 computer sets, tables, chairs, and 300 FBM Foundation backpacks. FBM Foundation conducted a turnover ceremony at Mabato National High School, on May 17th, attended by Pepe Costa, FBM’s Country Manager for the Philippines, and six volunteers. The ceremony highlighted the contributions of Gareth M. Prondoza, the School Head, and the teaching and non-teaching staff for their coordination.

In Dr. Jose P. Rizal Senior High School, FBM Foundation donated 35 computer sets, tables, chairs, 2 split-type air conditioners, and 800 FBM Foundation backpacks. This second social effort had a final turnover ceremony at Dr. Jose P. Rizal Senior High School. Renato Almeida, Director at FBM, Pepe Costa, and Alex Studart, Head Operation Manager at MEMO, attended the ceremony together with 15 volunteers.

During the event, special acknowledgments were given to Ms. Maria Lalaine M. Barrameda, Assistant School Principal II, Mr. Sandy U. Mera, ASP Coordinator, Mr. Robert John Dela Cruz, and the teaching and non-teaching staff for their invaluable contributions.

Alongside the computer donations, FBM Foundation facilitated the renovation of the computer laboratory and faculty room at Mabato National High School and at Dr. Jose P. Rizal Senior High School. These renovations were supported by a dedicated team of volunteers who worked tirelessly to make the learning spaces safer and more comfortable, promoting holistic development and the welfare of the entire school community. FBM Foundation’s motto, “Building a Champion by a Champion: Shaping Digital Leaders Tomorrow,” reflects its vision and impact. Through education, the corporate social responsibility project of the FBM® Group uplifts communities, drives innovation, and nurtures future leaders. The Foundation’s initiatives and partnerships are designed to catalyze positive change, inspiring students to achieve their dreams.

In total, 27 volunteers participated in the renovation and turnover ceremonies, showcasing the collective effort and dedication towards making this project a success.

Continue Reading

Latest News

SkillOnNet Hooks Up with Spinomenal for Global Content Deal

Published

on

Reading Time: < 1 minute

Global entertainment powerhouse SkillOnNet has teamed up with leading iGaming content provider Spinomenal in a new slots content deal. The multi-jurisdictional partnership means SkillOnNet’s international collection of brands are now showcasing Spinomenal’s top-performing titles, such as like Baba Yaga Tales, Demi Gods II and Queen of Ice.

SkillOnNet operates more than 40 online casino brands in numerous regulated markets. These include household names like PlayOJO in the UK and Ontario; PlayUZU in Spain, Mexico, and Buenos Aires City; BacanaPlay in Portugal, and DrueckGlueck in Germany.

Founded in 2014, Spinomenal is one of the fastest-growing iGaming suppliers in the industry. with more than richly themed 300 game releases licensed in over 25 licensed casino jurisdictions worldwide.

The revolutionary Spinomenal Universe has also now been unveiled on the SkillOnNet network which invites players to embark on a journey through an expansive world where beloved characters from various titles intertwine in fresh narratives.

Jani Kontturi, Head of Games at SkillOnNet said: “At SkillOnNet, we want partners that create games that really stand out from the crowd. Spinomenal’s portfolio is bursting with strong ideas, powerful stories, cool mathematical models and games that push the boundaries of creativity. We’re delighted to welcome them to our network.”

Lior Shvartz, CEO for Spinomenal commented: “SkillOnNet is a fantastic tier-one operator and we’re proud that our games are now available on its platform. We expect this to be the beginning of a long and mutually beneficial partnership.”

Continue Reading

Latest News

SIS and RAS combine to deliver premium Live Racing offering to global operator Stake.com

Published

on

Reading Time: 2 minutes

Sports Information Service (SIS) will provide Stake.com with its extensive library of global Live Racing content, along with early pricing and derivative markets supplied by Racing and Sports (RAS), to offer its bettors a best-in-class service.

SIS is the leading muti-content supplier of 24/7 live betting opportunities and is set to deliver its round-the-clock portfolio of horse and greyhound racing to Stake. To maximise engagement for Stake bettors, RAS will provide its vast range of early pricing and derivative markets to allow for longer trading windows.

This integration will allow Stake, in partnership with SIS and RAS, to present an array of wagering opportunities in a more accessible and relatable format.

Stake is a leading global betting operator boasting an online sportsbook and casino platform. It has secured high-profile sponsorships with Everton Football Club, UFC, the Stake F1 team and many more.

SIS’ Live Racing offering consists of over 36,000 live horse races annually from over 170 racecourses across six continents. This content includes live streaming, on-screen graphics and commentary, providing a unique and comprehensive experience. In addition, the greyhound racing portfolio of SIS offers a further 26,000 races annually to Stake.

RAS will provide enhanced data for the entire portfolio of content, enabling bettors to have all the necessary “easy to read” data and live comprehensive pricing available at a fingertip.

Andy Kelly, Head of Commercial Partnerships at SIS, said: “Stake has a huge footprint across the world and this deal is a major one for us, as we seek to expand the appeal of racing products. By providing our full range of racing content, we are confident this will enrich the customer experience.”

Jarrod Febbraio, Director of Commercial at Stake, said: “It remains our goal to continually strive to enhance our product portfolio to our customers. Partnering with RAS as our platform provider and SIS providing their racing content, with their long-standing reputations, speaks for itself.”

Stephen Crispe, Chief Executive Officer at RAS, said: “Our primary focus is to provide a best-in-class service to our customers. The extensive content available through SIS, together with the enhanced data, in several different languages provides RAS with an exciting opportunity to showcase our offering.”

Continue Reading

Trending (Top 7)

Get it on Google Play

EuropeanGaming.eu is a premier online platform that serves as a leading information hub for the gaming and gambling industry. This industry-centric media outlet reaches over 200,000 readers monthly, providing them with compelling content, the latest news, and deep-dive insights.

Offering comprehensive coverage on all aspects of the gaming sector, EuropeanGaming.eu includes online and land-based gaming, betting, esports, regulatory and compliance updates, and technological advancements. Regular features encompass daily news articles, press releases, exclusive interviews, and insightful event reports.

The platform also hosts industry-relevant virtual meetups and conferences, and provides detailed reports, making it a one-stop resource for anyone seeking information about operators, suppliers, regulators, and professional services in the European gaming market. The portal's primary goal is to keep its extensive reader base updated on the latest happenings, trends, and developments within the gaming and gambling sector, with an emphasis on the European market while also covering pertinent global news. It's an indispensable resource for gaming professionals, operators, and enthusiasts alike.

Contact us: [email protected]

Editorial / PR Submissions: [email protected]

Copyright © 2015 - 2024 - European Gaming is part of HIPTHER. Registered in Romania under Proshirt SRL, Company number: 2134306, EU VAT ID: RO21343605. Office address: Blvd. 1 Decembrie 1918 nr.5, Targu Mures, Romania

We are constantly showing banners about important news regarding events and product launches. Please turn AdBlock off in order to see these areas.