[BreachExchange] 23 million Webkinz login credentials found on the dark web

Destry Winant destry at riskbasedsecurity.com
Wed Apr 22 10:24:06 EDT 2020


The popular children’s website Webkinz suffered a massive data breach
earlier this month that saw about 23 million user login credentials
exposed on a dark web forum.

The data was spotted by Under the Breach which found 1GB of data
containing usernames and encrypted passwords, according to ZDNet.
Reportedly, the attackers exploited a SQL injection vulnerability
found in a Webkinz form

On April 19 a  Webkinz tweet referenced the attack but did not
categorically say whether or not it actually happened.

Even though some of the compromised details are encrypted Irfahn
Khimji, country manager, Canada for Tripwire, said the information may
still prove dangerous.

“It is paramount that the involved parties take all the necessary
steps to mitigate the consequences of this incident, which include
changing all their passwords, especially if they were used on accounts
other than Webkinz, and even if Webkinz itself hasn’t yet issued a
forced password change for its users,” he said.

SC Media has emailed Webkinz parent company Ganz for further
information but has not yet received a response.

More information about the BreachExchange mailing list