A hacker has compromised the credentials of almost 2.3 million users of online kid’s game Webkinz World: report. The game was started back in April 2005 and was once famous amongst children, thanks to its gameplay that revolves around stuffed animals. The unnamed hacker has said to have shared the database of the online game on a reputed hacking webpage earlier this month. It is also believed that the security breach took place using an SQL injection attack.
The hacker uploaded a 1GB file that added more than two crore pairs of usernames and passwords, tells ZDNet. However, leaked online passwords had been encrypted with the MD5-Crypt algorithm.
The vulnerability is reported to exist within the Webkinz World database circulated online for a while, and its crew did detect the intrusion and patched some loopholes. However, the Canadian firm behind the game, Ganz, was not in a position to repair the flaw utterly.
Webkinz assures of no loss to customers.
“Webkinz has never asked for phone numbers, last names, or addresses, and all transactions happen via our eStore, which has its own servers & accounts, which are in no way accessible via Webkinz,” a Ganz spokesperson was quoted as a statement within the report. “So even if some were to decrypt a password, there is no information of value on the accounts beyond the game data itself,” the spokesperson further said.
Based on the details available on a Webkinz assist forum, accounts that have been idle for more than 18 months get the file by the corporate. It can also be claimed to have a follow of eradicating all data related to the account “other than the User Name & Password” whereas archiving accounts.
“Please note that if an account remains idle for seven years, Ganz will then delete that account,” the assist web page reads.
The assertion supplied by the corporate to the location highlights that Ganz is at present reviewing the safety loopholes to “ensure that a similar attack won’t happen elsewhere.” It will additionally power password modifications from the backend if it sees that “any player accounts are actually at risk.”
Webkinz World was immediately behind Disney’s Club Penguin in its reputation. However, the sport acquired an improve as Webkinz X in 2015.