• Home
  • Games
  • Games News
  • Hacker Puts Millions of Usernames, Passwords From Webkinz World Online: Report

Hacker Puts Millions of Usernames, Passwords From Webkinz World Online: Report

An anonymous hacker reportedly uploaded a 1GB file containing over two crore pairs of usernames and passwords of Webkinz World users.

Hacker Puts Millions of Usernames, Passwords From Webkinz World Online: Report

Webkinz World was launched as an online children’s game back in 2005

  • Webkinz World was a popular title amongst kids
  • The hacker gained access to database using an SQL injection
  • Webkinz World archives inactive user accounts

A hacker has compromised the credentials of nearly 2.3 crore users of online children's game Webkinz World, according to a report. The game was launched back in April 2005 and was once popular amongst kids, thanks to its gameplay that revolves around stuffed animals. The anonymous hacker has said to have posted the database of the online game on a reputed hacking forum earlier this month. It is also believed that the security breach took place using an SQL injection attack.

The hacker uploaded a 1GB file that included over two crore pairs of usernames and passwords, reports ZDNet. The passwords leaked online, however, were encrypted with the MD5-Crypt algorithm.

It is reported that the vulnerability existed within the Webkinz World database circulated online for some time, and its team did detect the intrusion and patch some loopholes. However, the Canadian company behind the game, Ganz, wasn't able to fix the flaw completely.

“Webkinz has never asked for last names, phone numbers, or addresses and all transactions happen through our eStore, which has its own servers and accounts, which are in no way accessible through Webkinz,” a Ganz spokesperson was quoted as saying in the report. “So even if some was to decrypt a password, there is no information of value on the accounts beyond the game data itself.”

As per the details available on a Webkinz support page, accounts that have been inactive for more than 18 months get archived by the company. It is also claimed to have a practice of removing all information associated with the account “other than the User Name and Password” while archiving accounts.

“Please note that if an account remains inactive for a period of 7 years, Ganz will then delete that account,” the support page reads.

The statement provided by the company to the site highlights that Ganz is currently reviewing the security loopholes to “ensure that a similar attack won't work elsewhere.” It would also force password changes from the backend if it sees that “any player accounts are actually at risk.”

Webkinz World was once next to Disney's Club Penguin in terms of its popularity. However, the game received an upgrade as Webkinz X in 2015.


For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Jagmeet Singh writes about consumer technology for Gadgets 360, out of New Delhi. Jagmeet is a senior reporter for Gadgets 360, and has frequently written about apps, computer security, Internet services, and telecom developments. Jagmeet is available on Twitter at @JagmeetS13 or Email at jagmeets@ndtv.com. Please send in your leads and tips. More
Oppo A52 With Quad Rear Cameras, 8GB RAM Launched: Price, Specifications
Read in: हिंदी
Share on Facebook Tweet Snapchat Share Reddit Comment




© Copyright Red Pixels Ventures Limited 2021. All rights reserved.
Listen to the latest songs, only on JioSaavn.com