Hacker Puts Millions of Usernames, Passwords From Webkinz World Online: Report

A hacker has compromised the credentials of nearly 2.3 crore users of online children’s game Webkinz World, according to a report. The game was launched back in April 2005 and was once popular amongst kids, thanks to its gameplay that revolves around stuffed animals. The anonymous hacker has said to have posted the database of the online game on a reputed hacking forum earlier this month. It is also believed that the security breach took place using an SQL injection attack.

The hacker uploaded a 1GB file that included over two crore pairs of usernames and passwords, reports ZDNet. The passwords leaked online, however, were encrypted with the MD5-Crypt algorithm.

It is reported that the vulnerability existed within the Webkinz World database circulated online for some time, and its team did detect the intrusion and patch some loopholes. However, the Canadian company behind the game, Ganz, wasn’t able to fix the flaw completely.

“Webkinz has never asked for last names, phone numbers, or addresses and all transactions happen through our eStore, which has its own servers and accounts, which are in no way accessible through Webkinz,” a Ganz spokesperson was quoted as saying in the report. “So even if some was to decrypt a password, there is no information of value on the accounts beyond the game data itself.”

As per the details available on a Webkinz support page, accounts that have been inactive for more than 18 months get archived by the company. It is also claimed to have a practice of removing all information associated with the account “other than the User Name and Password” while archiving accounts.

“Please note that if an account remains inactive for a period of 7 years, Ganz will then delete that account,” the support page reads.

The statement provided by the company to the site highlights that Ganz is currently reviewing the security loopholes to “ensure that a similar attack won’t work elsewhere.” It would also force password changes from the backend if it sees that “any player accounts are actually at risk.”

Webkinz World was once next to Disney’s Club Penguin in terms of its popularity. However, the game received an upgrade as Webkinz X in 2015.

Source link