A hacker reportedly leaked login credentials like username and password of almost 20 million users of an online children’s game, Webkinz World. The hacker uploaded the 1 GB file containing the usernames and passwords in the MD5-Crypt algorithm encrypted format.
Webkinz is an online game launched way back in 2005. Children could enter a code on the website that they would receive while purchasing a real toy. This would enable them to play around with a virtual version of the toy within the Webkinz website. This is one of the most popular online game with a good number of the userbase.
An anonymous hacker has leaked the game’s database with the usernames and passwords on a well-known hacker forum. ZDNet downloaded a copy of the leaked file with the help of ‘Under the Breach’. As per them, the uploaded file contains about 22,982,319 pairs of usernames and passwords. The passwords are encrypted with the MD5-Crypt algorithm. It was told to ZDNet that the hack took place earlier this month.
How the hacker gained access to the data?
It is believed that the hacker gained access to the game’s database using an SQL injection vulnerability which was present in one of the web forms on the website.
If an account on the Webkinz website remains inactive for more than 18 months, then the account will be archived. It takes another 7 years for them to delete the account from their server. It is still unclear if the leaked data contains the data of inactive users or not.
Apart from the username and passwords, hackers also got access to hashed versions of parents’ email addresses, but these data are not leaked online yet.
Webkinz team has found the point through which the hackers gained access and patched the point of entry into their database.