While SHA-512 is a strong hashing standard, the hackers managed to reverse-engineer and decrypt millions of these passwords. They accomplished this because many young users chose weak, easily guessable passwords (such as "password123" or "animaljam1"). When passwords are simple, hackers can use automated "brute-force" tools or "rainbow tables" to quickly match the hashes back to the original text. What Other Data Was Stolen?
If the database leaked with usernames, emails, and plain text passwords, the hacker doesn't need to crack anything. They can immediately log into any Animal Jam account they want—and worse, they will try those same email/password pairs on other websites like Roblox, YouTube, or even your banking portal.
The geographical location data linked to the devices used to play the game. Animal Jam Data Breach Passwords
: In response, WildWorks (the developer) forced a mandatory password reset for all players and disabled the old, compromised credentials. Extent of the Compromised Data
Log into the Animal Jam Parent Portal immediately. Update the password to a strong, unique string of characters. Do not reuse old passwords. 2. Update Reused Passwords While SHA-512 is a strong hashing standard, the
Approximately 46 million usernames and their associated encrypted passwords.
The breach went beyond password hashes. The stolen database contained several other pieces of identifiable information, including: What Other Data Was Stolen
In terms of actual damage, WildWorks offered reassurance that the vast majority of the exposed data did not contain billing information, and that the games were designed to avoid storing children's real names — something that may have helped reduce the overall impact of the breach for the youngest users. Nevertheless, the CEO of WildWorks acknowledged that "the profile of our typical threat actor is a bored teenage boy" — and in this case, the company admitted it had faced "a much more sophisticated attack" than it had initially realized.