Online children's game Webkinz suffered a security breach earlier this month that rendered details of over 23 million users out by an anonymous hacker. Webkinz World by the Canadian toy company Ganz was launched back in 2005 and is considered one of the most popular children’s games of all time.
According to a report by ZDNet, an anonymous hacker gained access to Webkinz database containing usernames and passwords of over 23 million users and leaked it on a popular internet forum. ZDNet further reports that it was able to get access to the leaked database and confirms that over 22,982,319 sets of usernames and passwords were stolen in the security breach.
The hacker used an SQL injection vulnerability on the Webkinz website to gain access to the database of registered users. The vulnerability on the website has been doing rounds of various hacker forums on the internet for quite some time now. The individuals responsible for the breach have also gained access to email addresses of parents, but this database hasn’t been leaked publically as yet. It is also unclear whether hackers have been able to access details of archived accounts as well.
However, Webkinz detected the vulnerability and has patched it to prevent further attacks on its database. In a statement, the company says, “Webkinz has never asked for last names, phone numbers or addresses and all transactions happen through our eStore, which has its own servers and accounts, which are in no way accessible through Webkinz. So even if someone was to decrypt a password, there is no information of value on the accounts beyond the game data itself."
The company is also improving its encryption techniques and is reviewing all points of entry into their system. While Webkinz hasn’t asked its users to change passwords in the wake of the security lapse, the company is currently assessing the risk and will contact users in case password changes are required.