Hacker leaks 23 million usernames and passwords from Webkinz children's game

[LASER_oneXM]

Content source

https://www.zdnet.com/article/hacker-leaks-23-million-usernames-and-passwords-from-webkinz-childrens-game/

Exclusive: Webkinz security breach occurred earlier this month, sources have told ZDNet.

A hacker has leaked today the usernames and passwords of nearly 23 million players of Webkinz World, an online children's game managed by Canadian toy company Ganz.
The Webkinz game launched in 2005 as the online counterpart of a line of Ganz plush toys. Users could enter a code from their plush toy on the Webkinz website where they could play and manage a version of their toy in the form of a virtual pet.

The game has been one of the most successful online children's games of the past decade next to Disney's Club Penguin.
However, today, an anonymous hacker has posted a part of the game's database on a well-known hacking forum. ZDNet has obtained a copy of the leaked file with the help of data breach monitoring service Under the Breach.

The 1 GB file uploaded online contained 22,982,319 pairs of usernames and passwords, with the passwords being encrypted with the MD5-Crypt algorithm.
... ...

 

[Antus67]

Parents need to be more attentive and proative on this issue especially with children online. A close watch and making sure their PC is patched and updated.

 

[Azure]

Parents need to be more attentive and proative on this issue especially with children online. A close watch and making sure their PC is patched and updated.

In this case, the best parents can do is to make sure their children don't put any sensitive information. Because once it's out there it is out of their control.

 

[MacDefender]

In this case, the best parents can do is to make sure their children don't put any sensitive information. Because once it's out there it is out of their control.

An interesting anecdote: My younger sibling grew up in the WebKinz era, and she still uses her WebKinz password as her "favorite" go to password. Of course she knows better but old habits die hard. She is now college aged and soon to manage her own financial accounts, etc etc etc.

Children who might have been affected by these leaks may now be adults using those passwords for far more sensitive things.

 

[blackice]

An interesting anecdote: My younger sibling grew up in the WebKinz era, and she still uses her WebKinz password as her "favorite" go to password. Of course she knows better but old habits die hard. She is now college aged and soon to manage her own financial accounts, etc etc etc.

Children who might have been affected by these leaks may now be adults using those passwords for far more sensitive things.

And this is why this breach matters. As soon as people stop reusing passwords these things won’t even matter, and they aren’t a big deal now if you don’t. Unless...you know...it’s a bank that gets their database hacked.

 

[MacDefender]

And this is why this breach matters. As soon as people stop reusing passwords these things won’t even matter, and they aren’t a big deal now if you don’t. Unless...you know...it’s a bank that gets their database hacked.

Yep and some of this is on "us" (as in the computer and infosec industry) -- until password managers are both ubiquitous AND make you trust them, we will still have humans who want to pick their own passwords (poorly).

Unfortunately, it's difficult to explain to the average person how a password manager is more secure and why they should trust one, especially when a lot of the free options either seriously lack features, only work on a subset of platforms, or don't even let you easily export all your passwords, leaving you feeling like you're trapped into their ecosystem.