WildWorks has informed players of its online children's game Animal Jam that approximately 46 million of its user accounts were compromised in a recent attack on an intra-company communications server.
In a post announcing the data breach, WildWorks said that the data taken included email addresses used to create parent accounts, player usernames and encrypted passwords, birthday information, gender, and some parent full name and billing addresses. Not all accounts had the same amount of information compromised.
"No real names of children were part of this breach," WildWorks wrote. "Billing name and billing address were included in 0.02% of the stolen records; otherwise no billing information was stolen, nor information that could potentially identify parents of players.
"All Animal Jam usernames are human moderated to ensure they do not include a child's real name or other personally-identifying information."
WildWorks said that the server was compromised between October 10 and 12, and that it learned of the issue just yesterday when security researchers found the stolen information uploaded to an online hacker forum.
WildWorks has reset all player passwords, and is working with the FBI and other law enforcement to pursue legal action.