An online gaming platform cum toymaker, Webkinz has a part of its database breached and leaked in a famous hacking forum today. Itโs said that the leaked database contained records of around 23 million users, whoโre mostly kids that purchased the Webkinz toys. While the breach was reported to happen earlier this month, the hacker had dumped the database today, with usernames and hashed passwords of users.
Breached โ Stolen โ Leaked
Ganz, the company behind Webkinz is a Canadian you maker and cleverly engaged its purchasers by linking their plush toys to online counterparts. Here, it manufactures toys with unique codes on them, where buyers can enter them on the Webkinz World website to raise and manage the virtual version of their toy. Buyers do so and even sell their grown pets for money. This game is so popular in Canada and the US in the last decade, after Disneyโs Club Penguin.
And now, an unknown hacker has leaked a database worth 1GB, which contained 22,982,319 records of usernames and passwords encrypted by the MD5-Crypt algorithm. Ganz reports there has been an intrusion detected in their systems earlier this month, and from where the hacker couldโve obtained these records. He claims to obtain the database by an SQL injection vulnerability found in Webkinzโs web forms.
Moreover, news about this leaked database has been circulating in many IM chat groups and hacking forums even before todayโs publishing. Besides the user account credentials, the hacker has also been able to obtain hashed versions of their parentโs email but didnโt leak them. While Ganz hasnโt made any official comment yet, it says to be archiving inactive accounts (18 months) and deleting (7 years of inactivity) few too. Itโs unclear which accounts have been breached and posted now.
Via: ZDNet
