Heads up to parents out there: Webkinz, that cute stuffed animal game for kids, was hacked earlier this month, with almost 23 million user accounts compromised. So, you know… probably time to change those passwords.
ZDNet reports that, earlier this week, a hacker leaked a 1 GB file, which contained the usernames and passwords of 22,982,319 accounts. According to anonymous sources, the actual breach occurred earlier this month. Ganz, the company behind Webkinz, said in a subsequent statement that it’d patched the vulnerability.
It also said, in a news alert on its site (and I wish all news alerts were delivered with such an adorable dog avatar): “Your account security is of utmost importance to us, and we are investigating thoroughly. Please note that we have never asked for addresses, phone numbers or last names, and Webkinz accounts are not connected to eStore account data in any way.”
I’m old and childless, so I was mostly surprised to be reminded that Webkinz existed. But there are apparently lots of parents out there who need to be told that their offspring’s favorite game may have been compromised. Webkinz posted an alert on its blog saying it’s requiring everyone to change their passwords before logging into their accounts. Presumably this is to counteract the effects of the hack, and it’s the first thing I’d recommend to parents of Webkinz-addicted children.
Also, if the comments on the security alert are anything to go by, several of the people who have Webkinz accounts also use the same password for other things. So I’d also recommend changing any password that’s the same as your Webkinz password — and into something different. Enable two-factor authentication if you can. Reusing passwords is dangerous, people. Get yourself a password manager if you can’t remember everything off the top of your head.