Kids' gaming website Animal Jam breached after miscreants spot private AWS key on pwned Slack channel

2020-11-12 17:28

Child-friendly games website Animal Jam suffered a hack that exposed 46 million user records after a staff Slack channel was compromised by malicious people who discovered a private AWS key.

Animal Jam chief exec Clary Stacey confirmed the hack after Bleeping Computer spotted information from the compromised AWS server being posted on stolen data bazaar raidforums[.

Animal Jam usernames are said to be human-moderated to ensure kids playing games on the site weren't using their own real names.

A leaked AWS private key that same year let other malicious people rack up a $64,000 bill on DXC Technologies' tab after they abused their illicit access to corporate infrastructure.

"Slack got in touch to say:"We can confirm that an unauthorized user gained access to the WildWorks' Slack workspace through compromised WildWorks user credentials.

News URL

https://go.theregister.com/feed/www.theregister.com/2020/11/12/animal_jam_breached/

#AWS #slack