A hacker successfully leaks 23 million pairs of username and password from Webkinz children’s game accounts.
A hacker surprised Webkinz World players today with news about a post on one hacking forum. The post contains a part of the game’s database containing almost 23 million players’ usernames and passwords.
The hacker allegedly uploaded the 1GB file of leaked data online, according to the news that surfaced the internet today. It was a list of 22,982,319 Webkinz account usernames each paired with MD5-Crypt algorithm encrypted passwords.
How it all started
Sources say that the breach has been going on for almost a month now. However, people familiar with the issue revealed that rumors about the vulnerability began to spread on various forums a few months ago.
Aside from almost 23 million pairs of usernames and passwords, hackers also managed to acquire a list of email addresses from the players’ parents.
However, they only had the hashed version of the email addresses and failed to leak any of them.
How did they do it
Reports reveal that the hackers used an SQL injection vulnerability to leak the players’ accounts. The said vulnerability can be found through the web forms on Webkinz official website.
Webkinz world players use a unique username and password to access their accounts on the company’s website. There they manage and play with their virtual pets.
The Webkinz database keeps encrypted records of the said usernames and passwords. The database automatically archives all accounts that have not been active for 18 months.
Furthermore, the Canadian toy company deletes any account that is not active for seven years. A company representative assured the public that as early as the archiving process, they remove every data within the account. Ganz leaves only the username and the password.
Questions now arose among Webkinz players.
Owing to the breach, questions have been circulating such as: Are the leaked data posted on a well-known hacker forum just a part of the archived accounts? Could they be the accounts from active players?
Reports reveal that Webkinz detected the leak. As a corrective action, a member of the team immediately patched the hackers’ potential entry points.
About Webkinz World
Webkinz Play is an online game for kids. The platform was produced in 2005 by Ganz, a Canadian toy company. The game is a counterpart of the company’s line of plush toys.
Right from its launch, Webkinz Play has then shown continual progress and became one of the most successful children’s games. For the past few years, the game even came close to the Disney Club Penguin’s success.
Image courtesy of FLORENT/Flickr