Webkinz Suffers Data Breach: 23 Million Accounts Compromised

Webkinz is yet another company that has been hacked. An estimated 23 million accounts have been compromised and posted on the dark web.

Children’s online game service Webkinz has become the latest victim of a data breach. A hacker managed to breach the companies security and make off with an estimated 23 million accounts. Those accounts have since been packaged up and placed on the dark web. From ZDNet:

However, today, an anonymous hacker has posted a part of the game’s database on a well-known hacking forum. ZDNet has obtained a copy of the leaked file with the help of data breach monitoring service Under the Breach.

The 1 GB file uploaded online contained 22,982,319 pairs of usernames and passwords, with the passwords being encrypted with the MD5-Crypt algorithm.

Sources familiar with the hack have told ZDNet that the security breach took place earlier this month.

The hacker allegedly gained access to the game’s database using an SQL injection vulnerability present in one of the website’s web forms.

Last month had some interesting flavours of security incidences. It kicked off with Marriott’s third security incident. In all, 5.2 million accounts were compromised. This was followed up by the hacking of the San Francisco International Airport which saw two websites compromised. Aptoide then got added to the growing list of breaches with 39 million accounts compromised. After that was the SBA COVID-19 disaster relief program which saw 8,000 businesses compromised. Then, video game giant Nintendo suffered from a breach which saw 160,000 accounts compromised. April then continued to end with a bang when Usenet providers UseneXT and Usenet.nl suffered from a data breach.

If anything, the fun seems destined to continue with this latest breach. After all, this is a pretty sizable start to the month.

Drew Wilson on Twitter: @icecube85 and Facebook.

%d bloggers like this: