back to article Kids' gaming website Animal Jam breached after miscreants spot private AWS key on pwned Slack channel

Child-friendly games website Animal Jam suffered a hack that exposed 46 million user records after a staff Slack channel was compromised by malicious people who discovered a private AWS key. Animal Jam chief exec Clary Stacey confirmed the hack after Bleeping Computer spotted information from the compromised AWS server being …

  1. tiggity Silver badge


    “The passwords released in this breach were encrypted and unreadable by normal means. However, if your account was secured with a weak password to begin with (for example, a very short password, or one using dictionary words), it would be possible for knowledgable hackers to break the encryption and expose your password as plain text,”

    Except that there are plenty of SHA-1 rainbow tables around, so even a "good" password could be compromised if it was in the tables used to drive tests against the data.

    1. Lee D

      Re: cracked

      Almost like every security recommendation for the last 20 years has said to salt your password hashes...

  2. hoola Silver badge

    Deletion of stale/dormant accounts

    One would hope that they have a process to disable and then delete accounts that have not been used for a significant time, maybe a year. The trouble with loads of these sites that are targeted at kids is they use them for a bit and then stop. There is nothing wrong with this but it is easy to forget that there is a login lurking out there, particularly if there are no emails being sent.

    I somehow think that it is wishful thinking to believe they zapped accounts that had not been used for 12 or 24 months. This reminded me that my daughter has/had a login for Animal Jam some years ago. I have no recollection of it ever being closed.

  3. Lotaresco

    What... How.. Why... Oh I despair.

    Someone put a private key on a third party messaging system. There's no point fussing about salts, hashes, rainbow tables or account decluttering if you're just going to throw your private keys around.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like