Animal: Jam Data Breach Passwords

For parents, the lesson is broader: . A child’s virtual pet game can be the gateway to your banking logins. Treat game accounts with the same password discipline as financial accounts.

In the world of online gaming for children, few platforms have achieved the longevity and popularity of Animal Jam . Created by WildWorks (formerly Smart Bomb Interactive) in collaboration with National Geographic, this virtual world has attracted over 160 million registered users since its launch in 2010. However, with massive popularity comes massive risk. In late 2020, details emerged of a catastrophic data breach that exposed millions of Animal Jam accounts—including one of the most sensitive pieces of digital information: passwords . Animal Jam Data Breach Passwords

By storing millions of children’s birthdates, email addresses, and passwords using insecure MD5 hashing, WildWorks potentially violated COPPA’s security provisions. In 2021, a class-action lawsuit was filed against WildWorks in the U.S. District Court for the Western District of Washington, alleging negligence and breach of implied contract. The lawsuit sought damages for affected families and mandated security audits. (As of 2025, the case has seen partial settlements, with ongoing monitoring requirements.) For game developers, the lesson is clear: Never roll your own security . Use modern, salted hashing algorithms like bcrypt, Argon2, or PBKDF2. And never store any password—even for a children’s game—using MD5 or SHA-1. For parents, the lesson is broader: