However, because many users had multiple accounts (spare "sparables"), the total number of unique usernames and their associated plain text passwords was estimated to be .
If the database leaked with usernames, emails, and plain text passwords, the hacker doesn't need to crack anything. They can immediately log into any Animal Jam account they want—and worse, they will try those same email/password pairs on other websites like Roblox, YouTube, or even your banking portal. How Many Accounts Were Affected? The numbers are staggering. While the official breach notification to regulators (sent to the Wyoming Attorney General) claimed approximately 46 million accounts were affected, security analysts and Have I Been Pwned (HIBP) founder Troy Hunt analyzed the data and suggested the number of unique email addresses was closer to 32 million . Animal Jam Data Breach Passwords
Because the leaked file was a backup database, the passwords were stored in a readable, raw format. However, because many users had multiple accounts (spare
If you have an Animal Jam account — even if you haven't logged in for years — log in today. Not to play, but to delete the account or change the password to a unique, 128-bit random string. How Many Accounts Were Affected
Published: October 2023 (Updated with latest security insights)
For millions of children and parents worldwide, Animal Jam (developed by WildWorks) is more than just a game. It is a vibrant digital ecosystem where kids learn about zoology, trade rare items, and build dens. However, in the fall of 2020, the platform became a case study in cybersecurity failures. The "Animal Jam Data Breach" remains one of the most significant breaches affecting a younger demographic, and at the center of the chaos were two words: .
Furthermore, because the data included parent emails, phishing campaigns skyrocketed. Parents received emails stating: "Your child’s Animal Jam account has been banned for fraud. Click here to verify payment details." Because the scammers knew the parent’s real email address and child’s username from the breach, these phishing attempts were highly convincing. The Animal Jam data breach of 2020 serves as a textbook example of why security defaults matter. For the average parent, the lesson is brutal: Do not trust any company, no matter how friendly or child-oriented, to protect your password.