Hacker attacks children’s online game, leaks data of 23 million players

By: Tech Desk | New Delhi |

Published: April 21, 2020 1:16:43 pm

Webkinz World user data leaked online. (Image: Ganz)

Webkinz World, an online children’s game managed by Canadian toy company Ganz has become a victim of a cyber attack. As per a report by ZDNet, a hacker leaked the usernames and passwords of nearly 23 million players of the game.

The publication reported that the hacker posted a part of the database on a hacking forum, which they obtained with the help of data breach monitoring service Under the Breach. The 1GB file contained 22,982,319 pairs of usernames and passwords where the passwords have been encrypted with the MD-5Crypt algorithm.

Webkinz World is the online counterpart of a line of Ganz plush toys launched as early as 2005. The game has been reportedly one of the most successful online children’s games of the past decade next to Dinsey’s Club Penguin. To play Webkinz World, users need to enter a code from their plush toy. It allows them to manage a virtual version of their toy in the virtual world as a pet.

Also read | Fake Netflix, Disney+ websites stealing user information, credit card details

According to the publication, the Webkinz security breach took place earlier this month when the hacker allegedly gained access to the game’s database using an SQL injection vulnerability present in one of the web forms of the website.

As per the report, the vulnerability had been circulating online for months on hacking forums and on online IM chat groups. Also, besides the username and passwords, hackers were also successful in obtaining hashed versions of parents’ email address, which as per the publication has not been leaked.

Express Tech is now on Telegram. Click here to join our channel (@expresstechnology) and stay updated with the latest tech news

ZDNet reported that the Webkinz staff had detected the intrusion and patched the hacker’s point of entry into their system. A Webkinz spokesperson told the publication that they were aware of an attack against its website but did not know that it had succeeded. The company said that since they detected the attack, they added more security to the Parents Area.

The spokesperson also told ZDNet that Webkinz never asked for last names, phone numbers, or addresses so even if someone was to decrypt a password, there is no information value on the accounts beyond the game data itself. All transactions happen through their eStore which has its own servers and accounts and cannot be accessed through Webkinz, hence, that data is safe.

📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines

For all the latest Technology News, download Indian Express App.

© IE Online Media Services Pvt Ltd



Please enter your comment!
Please enter your name here