Popular Webkinz World online children’s game hacked, 23M credentials leaked

ZDNet reported that a hacker has leaked 23 million credentials from the Webkinz World online children’s game.

Webkinz are stuffed animals that have a playable online counterpart, www.webkinz.com, in “Webkinz World.” Webkinz were originally released by the Canadian toy company Ganz on April 29, 2005. Each Webkinz toy has an attached tag with a unique “Secret Code” printed on it that allows you to play with your pet in the “Webkinz World” website. On Webkinz World, the Secret Code allows the user to own a virtual version of the pet for online play. 

A hacker has leaked the usernames and passwords of nearly 23 million players of Webkinz World on a well-known hacking forum. 

ZDNet has obtained the data dump with the help of experts from the data breach monitoring service Under the Breach who also noticed the data leak.

“ZDNet has learned that details about the vulnerability have been circulating online before today’s leak for months, both on hacking forums and on online IM chat groups.” reported ZDNet.

According to Under the Breach, the incident impacted 22,000,000 users, which is likely just a part of the full database stolen by attackers.

The database has a size of 1 GB, it contained 22,982,319 credentials, with the passwords being encrypted with the MD5-Crypt algorithm.

According to ZDNet, the incident took place earlier this month, threat actors exploited a SQL injection issue affecting one of the website’s web forms.

At the time of writing, the Webkinz staff had discovered the breach and addressed the flaw exploited by hackers.

ZDNet reported the incident to Ganz that has yet to reply.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Webkinz World, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]