Username and passwords of approximately 23 million players of online children’s game Webkinz World managed by Canadian toy company Ganz were leaked by hackers on the dark web, according to a recent report by ZDNet .
Webkinz is an online children’s game launched in 2005, a virtual counterpart of the line of Ganz’s plush toys. Users get a code with their Ganz plush toys which they can then enter into Webkinz and here they could play and manage a version of the toy depicted as a virtual pet.
An anonymous hacker last week posted a chunk of the game’s user database on a popular hacking forum a copy of which was obtained by ZDNet with the Under the Breach, a data breach monitoring firm.
Hackers had uploaded a 1 GB file containing 22,982,319 pairs of usernames and passwords. The passwords were encrypted with the MD5-Crypt algorithm as per the report.
The data breach must have been carried out earlier this month, the report said. Apart from username and passwords, attackers had also successfully obtained hashed versions of parents' email addresses. However, email addresses have not been leaked.
Webkinz had also released an official statement encouraging users to change their passwords, assuring them that the company database is in no way linked to the Ganz eStore data which contains more detailed user information.
“Your account is of utmost importance to us and we are investigating thoroughly. Please note that we have never asked for addresses, phone numbers or last names, and the Webkinz accounts are not connected to eStore account or data in any way,” Webkinz said in their official statement.
As per the report, Webkinz had detected the point of intrusion and had applied a security patch at the point of entry into their systems.