An online gaming platform cum toymaker, Webkinz has a part of its database breached and leaked in a famous hacking forum today. It’s said that the leaked database contained records of around 23 million users, who’re mostly kids that purchased the Webkinz toys. While the breach was reported to happen earlier this month, the hacker had dumped the database today, with usernames and hashed passwords of users.
Breached – Stolen – Leaked
Ganz, the company behind Webkinz is a Canadian you maker and cleverly engaged its purchasers by linking their plush toys to online counterparts. Here, it manufactures toys with unique codes on them, where buyers can enter them on the Webkinz World website to raise and manage the virtual version of their toy. Buyers do so and even sell their grown pets for money. This game is so popular in Canada and the US in the last decade, after Disney’s Club Penguin.
And now, an unknown hacker has leaked a database worth 1GB, which contained 22,982,319 records of usernames and passwords encrypted by the MD5-Crypt algorithm. Ganz reports there has been an intrusion detected in their systems earlier this month, and from where the hacker could’ve obtained these records. He claims to obtain the database by an SQL injection vulnerability found in Webkinz’s web forms.
Moreover, news about this leaked database has been circulating in many IM chat groups and hacking forums even before today’s publishing. Besides the user account credentials, the hacker has also been able to obtain hashed versions of their parent’s email but didn’t leak them. While Ganz hasn’t made any official comment yet, it says to be archiving inactive accounts (18 months) and deleting (7 years of inactivity) few too. It’s unclear which accounts have been breached and posted now.