Combo-lists are typically used as input for automated authentication requests in various malicious activities, such as credential stuffing attacks.įortunately, the data found in the leaked file does not contain deeply sensitive information like document scans or credit card numbers.
Such combinations of decrypted user credentials are also known as combo-lists, giving attackers ready-made, machine-readable strings. The file posted on the hacker forum contains what appears to be 100,000 Animal Jam user records, including email addresses and presumably de-hashed passwords stored in plain text. To see if your email address has been exposed in this or other security breaches, use our personal data leak checker. It seems that it took about a week for a second hacker to de-hash about a million passwords from the previous database and put the plain-text data for sale on another hacker forum: the user records stored in the file that was posted on the hacker forum on November 17 include the players’ email addresses and passwords in plain text. Recently, the game suffered a data breach where a database containing more than 50 million stolen player records, including email addresses and hashed passwords, has been leaked on a hacker forum. The game is available on iOS, Android, PC, and Mac, and has over 130 million registered accounts across all supported platforms. Stacey adds that "the decrypted passwords - if real - would not have been able to compromise Animal Jam accounts by the time they appeared."Ī database containing 900,000 user records from the free-to-play game Animal Jam is being sold on hacker forums, with another 100,000 records leaked as a proof-of-concept sample.Īnimal Jam is a free-to-play pet simulator developed by WildWorks, a US-based game development studio. UPDATE (12-11-2020): According to WildWorks CEO Clark Stacey, the company "forced a password change on all Animal Jam accounts, notified users by email, and published FAQ" about the breach immediately after its discovery.
0 kommentar(er)
