The breach occurred in when a hacker managed to penetrate a database used by WildWorks , the developer behind Animal Jam. According to the official data breach alert from WildWorks, the attacker gained access through a third-party vendor's communication tool. The scale of the breach was massive: 46 million user accounts were compromised. 7 million unique email addresses were exposed.
Let’s say your child uses the password FluffyPanda99 for Animal Jam. Because the breacher has the plain text, they write a bot. That bot attempts to log into:
A smaller subset of the data contained more sensitive details:
While no new massive breach has been confirmed recently, users frequently report "waves" of unauthorized login attempts and sophisticated phishing: Data Breach Alert - Animal Jam Animal Jam Data Breach Passwords
The stolen data was later circulated within online hacking communities in November 2020. Were Animal Jam Passwords Stolen?
The major Animal Jam data breach occurred in , though reports and phishing attempts related to leaked data continue to surface as recently as 2024–2026 . Breach Overview (2020) Total Accounts Affected: Approximately 46 million records.
Animal Jam, the popular online game for kids, has unfortunately been impacted by data security incidents, leaving many users and parents concerned about and personal information. Understanding the scope of these breaches and knowing how to secure your accounts is crucial. The breach occurred in when a hacker managed
Additionally, for some accounts, IP addresses at the time of account creation were included in the breach. Fortunately, WildWorks had a policy of manually reviewing usernames, and no real names of children were part of the breach — at least according to the company's official statement.
The Animal Jam data breach serves as a stark reminder of the importance of password security and the need for constant vigilance in the digital age. Data breach alert - Animal Jam
Among the stolen data, the treatment of sparked intense scrutiny from cybersecurity experts. While the database was stored using encryption hashes, malicious actors quickly began a process known as "de-hashing" to uncover the plain-text passwords of over a million players. Years later, the fallout of this breach continues to impact players who reuse old passwords or maintain unmonitored legacy accounts. Anatomy of the Attack: How the Hackers Got In 7 million unique email addresses were exposed
No platform is immune to attacks. But by following cybersecurity best practices and staying informed, players and parents can significantly reduce the risk posed by the Animal Jam data breach — and by all the other breaches that have followed.
The October 2020 Animal Jam data breach, stemming from a compromised third-party vendor, exposed 46 million user records containing personal data such as usernames, birth years, and parent email addresses. While WildWorks initiated a mandatory password reset following the theft, subsequent de-hashing efforts by attackers exposed approximately 1 million plain-text credentials, presenting lasting risks from credential stuffing and phishing. For a detailed breakdown of the breach, visit DeHashed . 46M accounts were impacted in the Animal Jam data breach
An analysis of the exposed passwords reveals some concerning trends:
: If you used the same password for Animal Jam and other websites, change those passwords immediately.
WildWorks published a detailed FAQ detailing exactly what data was taken, earning praise from cybersecurity experts for their swift and honest communication. Crucial Lessons in Password Security