Animal Jam Data Breach Passwords

Animal Jam supports 2FA via email or an authenticator app. This is your best defense. Even if a hacker steals the password, they cannot log in without the one-time code.

Published: [Current Date] Reading Time: 4 minutes

If your child loves online gaming, you’ve likely heard of Animal Jam. The vibrant world of animals, dens, and adventures has been a staple for kids for over a decade. But behind the colorful screen, a serious security issue has resurfaced in conversations: the Animal Jam data breach and leaked passwords.

While the breach isn’t new (it primarily occurred in late 2020 and became public in 2021), stolen credentials are still actively circulating on hacker forums today. Here is exactly what happened, why passwords are the main target, and how to protect your family.

This is the most important technical detail for anyone affected by the breach. In the worst-case scenario, a company stores passwords in plain text (readable, unencrypted strings). In a better scenario, they use hashing (converting a password into a fixed-length string of characters). In the best scenario, they use salted hashing (adding random data to each password before hashing it).

What actually happened with Animal Jam? According to analysis by cybersecurity firm Safety Detectives and the breach notification site Have I Been Pwned (HIBP) , the passwords in the Animal Jam database were hashed using the MD5 algorithm—and crucially, many were unsalted.

The 2020 Animal Jam data breach exposed 46 million account records, including hashed passwords and parent emails, after hackers accessed a third-party tool used by WildWorks. Users must now utilize the Parent Dashboard to reset passwords, as the breach necessitated mandatory updates and introduced risks of credential stuffing. For official information, visit Animal Jam

The Animal Jam data breach occurred in October 2020 and impacted approximately 46 million user accounts . While the developer, WildWorks, has since secured their databases, the leaked information remains a significant security risk for long-term players . Breach Overview Total Accounts Impacted: ~46 million . Animal Jam Data Breach Passwords

Cause: Hackers obtained an AWS access key by compromising an intra-company Slack server .

Circulated Data: The database was discovered on a cyber-criminal forum, raidforums.com . Data Compromised

The breach exposed a variety of personal and account-specific details: Animal Jam Data Breach - Have I Been Pwned

In October 2020, Animal Jam experienced a major data breach involving approximately 46 million user records. While the passwords themselves were cryptographically hashed (meaning they were not stored in plain text), hackers were able to access the following information: 

Email addresses: Over 7 million unique email addresses associated with parent accounts.

Usernames: Player names for both Animal Jam and Animal Jam Classic.

IP addresses: Used at the time of account creation or login. Animal Jam supports 2FA via email or an authenticator app

Personal details: Full names and billing addresses for a subset of accounts.  Was your password leaked? 

Because the passwords were encrypted (hashed), they were not immediately readable. However, if you used a weak or simple password, it could potentially be "cracked" by hackers using automated tools. 

If you have not changed your password since late 2020, you should do so immediately: 

Request a Reset: Use the Animal Jam Password Reset page. You will need the parent email associated with the account.

Create a Strong Password: Use at least four random words and include numbers and symbols to reach at least 12–14 characters.

Check Your Status: You can verify if your email was part of this or other breaches by using the Have I Been Pwned tool.  Important Note on Account Deletion 

If you are trying to recover an old account and the reset link isn't working, be aware that Animal Jam may delete free accounts that have been inactive for over one year to maintain server space.  Not necessarily

The Animal Jam data breach occurred between October 10 and 12, 2020, impacting approximately 46 million user accounts. The leak was discovered on November 11, 2020, after stolen data was posted on a cybercrime forum known as RaidForums. Impact on Passwords

While the passwords were not leaked in plain text, they were stored as salted PBKDF2 hashes.

Decryption Risk: Although PBKDF2 is a strong hashing algorithm, weak passwords—such as short ones or those using common dictionary words—could be "de-hashed" or cracked by hackers using automated tools.

De-hashed Leaks: By December 2020, reports emerged that attackers had successfully de-hashed approximately 1 million passwords and were selling them in plain-text "combo-lists".

Mandatory Reset: In response, WildWorks (the developer) forced a mandatory password reset for all players and disabled the old, compromised credentials. Extent of the Compromised Data

The breach involved 46 million account records, which included varying levels of detail: Animal Jam Data Breach - Have I Been Pwned

Not necessarily. Animal Jam remains a relatively safe, moderated space for kids. But any online account with personal information is a target. The key is good security hygiene:

Go to Have I Been Pwned (haveibeenpwned.com) and enter your child’s email address. This will tell you if the Animal Jam data breach specifically included that email.