Hacker Puts Millions of Usernames, Passwords From Webkinz World Online: Report

Gaming

A hacker has compromised the credentials of nearly 2.3 crore users of online children’s game Webkinz World, according to a report. The game was launched back in April 2005 and was once popular amongst kids, thanks to its gameplay that revolves around stuffed animals. The anonymous hacker has said to have posted the database of the online game on a reputed hacking forum earlier this month. It is also believed that the security breach took place using an SQL injection attack.

The hacker uploaded a 1GB file that included over two crore pairs of usernames and passwords, reports ZDNet. The passwords leaked online, however, were encrypted with the MD5-Crypt algorithm.

It is reported that the vulnerability existed within the Webkinz World database circulated online for some time, and its team did detect the intrusion and patch some loopholes. However, the Canadian company behind the game, Ganz, wasn’t able to fix the flaw completely.

“Webkinz has never asked for last names, phone numbers, or addresses and all transactions happen through our eStore, which has its own servers and accounts, which are in no way accessible through Webkinz,” a Ganz spokesperson was quoted as saying in the report. “So even if some was to decrypt a password, there is no information of value on the accounts beyond the game data itself.”

As per the details available on a Webkinz support page, accounts that have been inactive for more than 18 months get archived by the company. It is also claimed to have a practice of removing all information associated with the account “other than the User Name and Password” while archiving accounts.

“Please note that if an account remains inactive for a period of 7 years, Ganz will then delete that account,” the support page reads.

The statement provided by the company to the site highlights that Ganz is currently reviewing the security loopholes to “ensure that a similar attack won’t work elsewhere.” It would also force password changes from the backend if it sees that “any player accounts are actually at risk.”

Webkinz World was once next to Disney’s Club Penguin in terms of its popularity. However, the game received an upgrade as Webkinz X in 2015.

Articles You May Like

Epic Games Battles to Get Fortnite Back in App Store
Apple Buys Cherry From Avengers: Endgame Directors, the Russo Brothers
US DoJ Asks Judge to Allow WeChat Ban on US App Stores
Redmi 9 Review
Samsung Galaxy A72 Will be Company’s First Penta-Camera Phone: Report

Leave a Reply

Your email address will not be published. Required fields are marked *