Latest News
Animal Jam data breach: 100,000 de-hashed user records leaked, 900,000 more sold on hacker forum
![Animal Jam data breach: 100,000 de-hashed user records leaked, 900,000 more sold on hacker forum](https://europeangaming.eu/portal/wp-content/uploads/2020/12/Animal-Jam.jpg)
A database containing 900,000 user records from the free-to-play game Animal Jam is being sold on hacker forums, with another 100,000 records leaked as a proof-of-concept sample.
Animal Jam is a free-to-play pet simulator developed by WildWorks, a US-based game development studio. The game is available on iOS, Android, PC, and Mac, and has over 130 million registered accounts across all supported platforms.
Recently, the game suffered a data breach where a database containing more than 50 million stolen player records, including email addresses and hashed passwords, has been leaked on a hacker forum.
It seems that it took about a week for a second hacker to de-hash about a million passwords from the previous database and put the plain-text data for sale on another hacker forum: the user records stored in the file that was posted on the hacker forum on November 17 include the playersâ email addresses and passwords in plain text.
To see if your email address has been exposed in this or other security breaches, use our personal data leak checker.
What data is contained in the leak?
The file posted on the hacker forum contains what appears to be 100,000 Animal Jam user records, including email addresses and presumably de-hashed passwords stored in plain text.
Such combinations of decrypted user credentials are also known as combo-lists, giving attackers ready-made, machine-readable strings. Combo-lists are typically used as input for automated authentication requests in various malicious activities, such as credential stuffing attacks.
Whatâs the impact of the leak?
Fortunately, the data found in the leaked file does not contain deeply sensitive information like document scans or credit card numbers. However, it can still be used against Animal Jam players in a variety of ways, such as:
- Carrying out credential stuffing attacks in order to hack playersâ accounts in other games
- Holding playersâ Animal Jam accounts ransom
- Spamming the victimsâ email inboxes with malicious emails
Animal Jam is a free-to-play game that is targeted towards children and incorporates microtransactions. This means that selling stolen game accounts with unlocked premium features and cosmetics back to the affected players or their parents could net malicious actors a lot of money.
What to do if you have been affected?
If you (or your child) have an Animal Jam account and your data has been leaked on this hacker forum, we recommend you:
Change your Animal Jam and email passwords immediately and consider using a password manager to create long, complex passwords
If you have been using an identical password for any other games or online services, change it there as well.
Watch out for potential phishing emails. Do not click on anything suspicious or respond to anyone you donât know.
Enable two-factor authentication (2FA) on all your online accounts.
De-hashing: The danger of using weak passwords
Judging from the Animal Jam combo-list sample posted on the hacker forum, the vast majority of the de-hashed passwords were weak and contained commonly used words and word-number combinations. While hashing is similar to encryption in that it scrambles input data into semi-randomized output data, thereâs a significant difference: hashing is a one-way process.
Competent threat actors are able to de-hash weak passwords by taking acquired lists of password hashes and comparing them with hashes of known weak hash combinations. This is because of the difference between hashing and encryption: identical combinations of symbols will have the same hash value. This means that if a certain commonly used password has been de-hashed once, every other identical password can be de-hashed using the same value.
In fact, there are software tools that are designed specifically for these kinds of tasks. An attacker only needs to upload two text files (called âdictionariesâ). The first dictionary is typically composed of hashed password column entries from a hacked database. In this case, it would be the hashed passwords from the previous Animal Jam breach.
The second column contains commonly used passwords or combinations of words, symbols and numbers. These combinations, when joined together, form the second dictionary.
The de-hashing tool takes the second dictionary and the hashes already known by the attacker and compares it with the first dictionary hashes. If any of the hashes match, the password is identified by the program and is associated with the plain text value, giving the attacker all the de-hashed passwords in plain text.
This might be how the threat actor who is selling the Animal Jam combo-list acquired a million passwords in a relatively short amount of time since the Animal Jam data breach.
Which brings us to the moral of the story: never use weak passwords. And if youâre as bad at creating and remembering strong passwords as we are⌠please, for the love of all that is holy, use a password manager.
Latest News
Win tickets to the BLAST Premier Fall Final: GG.BET is running a MEGA BLAST Competition for fans of ĐĄS2
![](https://europeangaming.eu/portal/wp-content/uploads/2024/07/fvfdgsadgareabvaaa.jpg)
From 26 July, all GG.BET users can get involved in the new MEGA BLAST Competition with a âŹ10,000 prize fund. The winner will receive two tickets to the BLAST Premier Fall Final CS2 tournament, taking place from 27-29 September in Copenhagen. To enter, you need to place bets on Counter-Strike 2 matches.
BLAST Premier Fall is a major series of Counter-Strike 2 tournaments which draws in millions of viewers from all over the world every year. The series consists of three stages: Groups, Showdown, and Finals. The Groups stage sees 16 Tier-1 teams duke it out. Only 6 of these can go on to compete in the final, while the rest will battle it out in the Fall Showdown for two additional spots in the final. BLAST Premier Fall Finals will be the concluding stage of the Fall series, and fans can look forward to electrifying action, heart-stopping twists and turns, and an epic $425,000 prize fund.
From 26 July to 4 August, as the Groups stage rages on, GG.BET will be holding its MEGA BLAST Competition. The winner will get their hands on two tickets to attend every day of the BLAST Premier Fall Finals. As well as these tickets, the bookmaker is also giving away a whopping âŹ10,000 prize fund to the top 40 participants in the MEGA BLAST Competition.
How to take part in the MEGA BLAST Competition:
- Register an account with GG.BET or log in to an existing account.
- Go to the tournament page and press âParticipateâ.
- Place bets on Counter-Strike 2 matches. Every bet you place will earn you a certain number of points, based on the odds.
- Rack up points, keep an eye on the leaderboard, and wait for your winnings to roll in.
Bet on your favorites and get ready for some unforgettable fun! Head over to GG.BET right now so you donât miss your chance to enjoy a festival of Counter-Strike action in Copenhagen.
Latest News
MANCHESTER CITY TO MARK GLOBAL PARTNERSHIP WITH SUPER GROUP-OWNED BETWAY AT THE NEW YORK STOCK EXCHANGE
![](https://europeangaming.eu/portal/wp-content/uploads/2024/07/mcyjksadljoisajdasndkl.jpg)
Manchester City has today announced a new multi-year partnership with leading global online betting and gaming brand, Betway.
As part of the clubâs pre-season tour of the United States, and to mark this significant deal, leading figures from Manchester City and Super Group will be on-site for the iconic NYSE bell-ringing ceremony later today. Ferran Soriano, CEO of City Football Group, along with Neal Menashe, Super Group CEO, will ring The Opening Bell at 9:30am EDT.
The agreement will see Betway become the clubâs Official Global Betting Partner from the start of the 2024/25 season, as Manchester City joins the brandâs extensive sports sponsorship portfolio which includes teams from across the Premier League, La Liga, NBA and more.
Ferran Soriano, City Football Group CEO, said: âWe are pleased to announce Betway as our Official Global Betting Partner today. As a globally recognised brand, Betway has a strong pedigree and history of working with high-profile brands within the sports space and weâre excited to work together throughout the partnership.â
Super Group CEO, Neal Menashe, commented: âWe are absolutely delighted to become Manchester Cityâs Official Global Betting Partner. This agreement cements our place in the top tier of Premier League partners, ensuring that our Betway brand reaches fans in all corners of the globe.â
Throughout the duration of the partnership, Manchester City and Betway will collaborate on a number of activations and exclusive content opportunities, in addition to the brand featuring across digital and in-stadia assets.
Manchester City and Betway will also work together to provide all players, coaches, management and staff in-depth, industry leading training on all relevant codes of conduct relating to betting integrity and responsible gambling. This is in addition to the work Manchester City already does to support players and staff in this area.
The Opening Bell ceremony can be viewed live.
Compliance Updates
Acquiring a Curacao Online Gaming License in 2024: Comprehensive Analysis of Financial & Procedural Aspects with Costs & Timelines Detailed
![](https://europeangaming.eu/portal/wp-content/uploads/2024/07/curacaduioapdj.jpg)
The “Acquiring a Curacao Online Gaming License, 2024: Comprehensive Analysis of Financial & Procedural Aspects with Costs & Timelines Detailed” report has been added to ResearchAndMarkets.com’s offering.
This report includes valuable insights into the financial and procedural aspects, including detailed information on costs and timelines associated with acquiring a Curacao license.
In 2023, Curacao introduced the “Landsverordening op de kansspelen” (Ordinance on Games of Chance) to modernize and regulate gambling legislation. Since March 2020, the Gambling Control Board (GCB) has been authorized to regulate offshore gambling games and oversee the issuance of Curacao licenses. As of 2023, there are 16 companies providing legal services for registration and licensing in the territory of Curacao. The license fee, as per GCB regulations, is 36,000 ANG or 19,800 USD, payable upon license issuance.
Research Timeline and Data Relevance
The research was conducted in two stages. The first stage, studying the regulator and Open Data Search, took place in December 2023. The second stage, writing the report and partially updating the data from the first stage, took place from the end of April to the end of May 2024.
Goals and Objectives
- Describe the information about the Curacao license and the issuing regulator.
- Describe the requirements and conditions for obtaining a Curacao license.
- Describe the costs and timelines for obtaining a Curacao license.
- Briefly study the market, find and suggest the following lists:
- Legal companies offering services for company registration and obtaining a Curacao license;
- Communication agents and integrators working with the Curacao license;
- Suppliers and vendors working with the Curacao license;
- Payment systems working with the Curacao license.
Key Topics Covered:
1. Goals and Objectives
2. Research Timeline and Data Relevance
- Document Markup
- Raw and Combined Data
- Terms & Glossary
3. General Information
- The Regulator
- Registration of Operators With Sublicense
- Application for an Online Gaming License
4. Requirements and Conditions for Obtaining a License
License Conditions
- General Prohibitions
- Safe and Secure Environment
- Equipment and Application Software
- Player Registration
- Payment Transactions
- Games
- Terms of Use
- Resolution of Complaints
- Administrative Responsibilities
- Publicly Available Information
- Reports
- Policies and Procedures
- Suspension and Revocation of License
- Additional Conditions
- Supervision
Recommendations or Minimum Requirements for the Business Plan
5. The Cost of the License
6. Decision Term and the Validity of the License
7. Application Method and Forms
8. Contact Information
9. Companies for Registration and Licensing
10. Integration Companies
11. Suppliers and Vendors
12. Payment Systems
13. META
14. Appendix: Terms & Glossary
For more information about this report visit researchandmarkets.com/r/izeo6g
-
Eastern Europe5 days ago
7777 gaming is now available on WINBET Romania
-
Gambling in the USA5 days ago
Gaming Americas Weekly Roundup â July 15-21
-
Gaming5 days ago
MainStreaming Announces Appointment of Nicola Micali as Chief Customer Officer
-
Industry News5 days ago
Safer Gambling Tools Use Hits Record High in 2023 â New Report from EGBA
-
Australia5 days ago
Australian eSports Star Joins Team Liquid
-
eSports5 days ago
INSPIRED LAUNCHES RE-PLAY ESPORTS⢠FEATURING CS:GO IN PARTNERSHIP WITH KAIZEN GAMING
-
eSports5 days ago
NODWIN(R) Gaming ropes in Android as title partner for BGMS Season 3; to be powered by Garnier Men
-
Latest News5 days ago
Spinomenal shines again with Super Wild Fruits release