Animal Jam Data Breach
Animal Jam Children's Online Game Breach (2020): 7 Million Young Player Records Including DOB, Home Address & Passwords Exposed
Online multiplayer game for children.
Risk Interpretation
High sensitivity because minors are involved. Exposure enables account takeover, grooming-adjacent abuse, harassment, fraud, and family-linked targeting.
Impact & Downstream Threats
In November 2020 an attacker posted details of the breach on a hacking forum. WildWorks confirmed it. The company reset passwords and notified users. Where parental email addresses were on file, it contacted parents directly. No payment card data was involved. But the exposed records included children's birth dates, parent email addresses, home addresses, usernames, and IP addresses. The platform's design meant family data was part of the breach. A class-action complaint followed, citing failure
- Credential stuffing against reused passwords across other platforms
- Identity verification bypass using name + date of birth combination
- Targeted phishing campaigns using exposed email addresses
- Doxxing risk from physical address exposure
Threat Vectors
Breach Intelligence
Executive Summary
WildWorks, the Utah studio behind the children's online game Animal Jam, suffered a data breach in October 2020 that exposed records tied to approximately 46 million accounts, including over 7 million unique email addresses. An attacker posted details of the breach on a hacking forum in November 2020. WildWorks confirmed the incident and identified the breach pathway as direct, though the specific method of intrusion has not been disclosed publicly. The exposed data included usernames, IP addresses, email addresses, and passwords stored as PBKDF2 hashes. For a subset of records, the breach also exposed dates of birth, physical home addresses, and parent names. Because Animal Jam is designed for children aged 7 to 12, and parents create accounts alongside their children, family data was embedded in the platform by design. That structure meant the breach reached beyond individual users to expose household-level information, including details that could be used to physically identify minors. WildWorks reset affected passwords and notified users directly. Where parental email addresses were on file, the company contacted parents as well. No payment card data was involved. A class-action complaint followed, citing failures under the Children's Online Privacy Protection Act (COPPA), the federal law governing data collection from minors. Affected families should treat any reused passwords as compromised and change them across other accounts. The combination of children's birthdates, home addresses, and parent contact details creates meaningful risk of targeted fraud, harassment, or other harm directed at families.
About Animal Jam
Animal Jam is an online game for children. Players adopt animal avatars and explore a nature-themed virtual world. WildWorks, a Utah studio, runs the platform. It is designed for children aged 7 to 12 and operates under COPPA, the federal law governing data collection from minors. Parents create accounts alongside their children. That design decision matters for understanding what the breach exposed.
Why They Hold Your Data
Children’s online games collect player accounts, usernames, parental contact information, device data, gameplay activity, and payment-adjacent records tied to youth-oriented virtual worlds.
Recent Developments
Animal Jam continues to operate under WildWorks. The company has maintained the platform through content updates and seasonal events. No major organizational or ownership changes have been widely reported since the 2020 breach.
Data Points Exposed
Exposure Categories
Canonical Fields
date_of_birth, email_address, full_name, gender, ip_address, password, physical_address, username
Dark Web Verification
- Dataset containing ~7.1M records identified in breach intelligence sources
- Data indexed and searchable across breach notification platforms
- Source: animaljam.com-2020;Animal Jam Data Breach
Recommended Actions
⚠️ Do not assume this is low sensitivity.
Protect Yourself
Check If You’re Affected
Enter your email to check if your data appears in this breach.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed.
High-Risk? Get an Exposure Audit
Full-spectrum exposure audits for executives and public figures.
ObscureIQ Advisory
We combine proprietary dark web access with commercial and restricted breach intelligence to verify exposure and assess real-world risk.
- A public-facing individual
- A high-profile executive
- A customer of Animal Jam
- Or concerned about credential reuse
Powered by the ObscureIQ Breach Intelligence Database
© 2026 ObscureIQ · All Rights Reserved · Data Licensing
Latest from ObscureIQ
What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.
Sextortion Spam